I'm testing new Postfix code to make it easy to extract from Postfix
logging how an email delivery has used Postfix TLS features such
as the TLS security level and the upcoming Postfix 3.11 (non-production)
REQUIRETLS support. This will be achieved by adding a number of
additional features to Postfix SMTP client delivery status logging.
The format of the new information is similar to existing information,
which will make it hopefully easy to update Postfix logfile analyzers.
Hypothetical examples:
Logging for delivery that successfully uses opportunistic TLS without
other TLS features.
Aug 24 09:20:50 wzv postfix/smtp[2009999]: 4c8vgk2lXhzNcrX:
to=<wie...@porcupine.org>, orig_to=<wietse>,
relay=spike.porcupine.org[168.100.3.2]:25,conn_use=2, delay=0.31,
delays=0.06/0.05/0.07/0.12, tls=may, dsn=2.0.0, status=sent
(250 2.0.0 Ok: queued as 4c8vgk3xlZzJrNm)
Logging for delivery that successfully uses the Postfix 3.11
REQUIRETLS extension while relaxing the requirment for server
certificate matching.
Aug 24 09:20:50 wzv postfix/smtp[2009999]: 4c8vgk2lXhzNcrX:
to=<wie...@porcupine.org>, orig_to=<wietse>,
relay=spike.porcupine.org[168.100.3.2]:25,conn_use=2, delay=0.31,
delays=0.06/0.05/0.07/0.12, tls=encrypt/(requiretls), dsn=2.0.0,
status=sent (250 2.0.0 Ok: queued as 4c8vgk3xlZzJrNm)
Above, the (requiretls) indicates that the REQUIRETLS extension was
used in a "relaxed" mode that does not require certifcate matching.
This is pretty-much is the only way that REQUIRETLS can be reasonably
used for general email deliveries at this time.
The underlying concepts and more examples, incuding errors, can be
found in
https://docs.google.com/document/d/1L2decFpFo2CQBXMnq7f6m9htZ53X34N-v5rQDuxcCL0/
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
