On Wed, Dec 10, 2025 at 08:23:24PM +0100, Danjel Jungersen via Postfix-users wrote:
> Can I see in my log if an outgoing mail to an external server was encrypted? > > Like this one for example: > > 2025-12-10T20:02:40.193585+01:00 mail postfix/submission/smtpd[476075]: > 2F21910E0086: client=unknown[185.108.102.222], sasl_method=PLAIN, > [email protected] > 2025-12-10T20:02:40.261265+01:00 mail postfix/cleanup[476079]: > 2F21910E0086: message-id=<[email protected]> > 2025-12-10T20:02:40.966008+01:00 mail postfix/qmgr[148248]: > 2F21910E0086: from=<[email protected]>, size=10067, nrcpt=1 (queue active) > 2025-12-10T20:02:43.217306+01:00 mail postfix/smtp[476081]: > 2F21910E0086: to=<[email protected]>, > relay=mx3.pub.mailpod12-cph3.one.com[104.37.34.248]:25, delay=3.1, > delays=0.87/0.09/1.5/0.71, dsn=2.0.0, status=sent > (250 2.0.0 Ok: queued as cda1ca46-d5fa-11f0-a901-b07b25bf531a) > 2025-12-10T20:02:43.221308+01:00 mail postfix/qmgr[148248]: > 2F21910E0086: removed By searching for the queue-id, you've eliminated some of the log entries that are relevant to that delivery, but don't carry the queue-id. In particular details of TLS connection setup. You need to use the "collate" Perl script (slightly edited to match your log date/time format): https://github.com/vdukhovni/postfix/tree/master/postfix/auxiliary/collate The expected date/time format is "<Mon> <DD> <HH:MM:SS> " https://github.com/vdukhovni/postfix/blob/0baff80091bf38ee6d1bece92653c07f61d1e2e0/postfix/auxiliary/collate/collate.pl#L11 (?:\S+ \s+){3} # Timestamp, adjust for other time formats You'll want to change that "3" to a "1". Below is a privacy-santised example from my server's logs (output from "collate"), with the lines that don't carry a queue-id prefixed with "!", they are not part of the core delivery trace that shows messages accepted and recipients delivered, deferred or bounced. ! Feb 14 00:16:17 amnesiac postfix/submission/smtpd[1241528]: ! connect from client.example[192.0.2.1] ! Feb 14 00:16:18 amnesiac postfix/submission/smtpd[1241528]: ! Anonymous TLS connection established from client.example[192.0.2.1]: ! TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) ! key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Feb 14 00:16:21 amnesiac postfix/submission/smtpd[1241528]: 3880C8DF256: client.example[192.0.2.1], sasl_method=GSSAPI, [email protected] Feb 14 00:16:21 amnesiac postfix/cleanup[1241534]: 3880C8DF256: message-id=<long-nonce> Feb 14 00:16:21 amnesiac postfix/qmgr[1110399]: 3880C8DF256: from=<[email protected]>, size=1187, nrcpt=2 (queue active) ! Feb 14 00:16:21 amnesiac postfix/submission/smtpd[1241528]: ! disconnect from client.example[192.0.2.1] ! ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 Feb 14 00:16:21 amnesiac postfix/virtual[1241536]: 3880C8DF256: to=<[email protected]>, relay=virtual, delay=0.34, delays=0.33/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) ! Feb 14 00:16:27 amnesiac postfix/smtp[1241535]: ! Untrusted TLS connection established to mx1.example.net[192.0.2.2]:25: ! TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Feb 14 00:16:28 amnesiac postfix/smtp[1241535]: 3880C8DF256: to=<[email protected]>, relay=mx1.example.net[192.0.2.2]:25, delay=7.2, delays=0.33/0.01/6.6/0.3, dsn=5.1.1, status=bounced (host mx1.example.net[192.0.2.2] said: 550 5.1.1 User Unknown (in reply to RCPT TO command)) Feb 14 00:16:29 amnesiac postfix/bounce[1241539]: 3880C8DF256: sender non-delivery notification: 41D9F8D0A87 Feb 14 00:16:29 amnesiac postfix/qmgr[1110399]: 3880C8DF256: removed Found by running: $ < /var/log/postfix/log perl collate | perl -ne 'BEGIN{$/="\n\n"} print if (m{/bounce\[})' | less -- Viktor. 🇺🇦 Слава Україні! _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
