Hello, inspecting my logs, I do not see the values, described in https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
1) I see the value "tls=dane-only" for connections to @postfix.org Jan 06 20:58:38 mta postfix/smtp[10827]: 4dm26N1TFcz35x91N: to=<[email protected]>, relay=list.sys4.de[2a03:4000:20:189::195]:25, delay=2.7, delays=0.2/0.05/2.3/0.2, tls=dane-only, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4dm26W4P6HzyVX) 2) I see the value "tls=secure" for connections to @gmail.com Jan 13 15:52:49 mail postfix/smtp[2955]: 4drC0J2JhHz14t5: to=<****@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1a]:25, delay=1.2, delays=0.2/0.03/0.5/0.44, tls=secure, dsn=2.0.0, status=sent (250 2.0.0 OK 1768315969 ffacd0b85a97d-432bd62e50csi32288510f8f.498 - gsmtp) # postconf mail_version smtp_log_tls_feature_status smtp_tls_policy_maps mail_version = 3.11.0-RC3 smtp_log_tls_feature_status = yes smtp_tls_policy_maps = socketmap:unix:/path/to/postfix-tlspol:QUERYwithTLSRPT I'm using https://github.com/Zuplu/postfix-tlspol # root@postfix-tlspol:/# /postfix-tlspol -query postfix.org { "version": "1.8.24", "domain": "postfix.org", "dane": { "policy": "dane-only", "time": "256ms", "ttl": 600 }, "mta-sts": { "policy": "", "report": "", "time": "83ms", "ttl": 0 } } # root@postfix-tlspol:/# /postfix-tlspol -query gmail.com { "version": "1.8.24", "domain": "gmail.com", "dane": { "policy": "", "time": "7ms", "ttl": 0 }, "mta-sts": { "policy": "secure match=gmail-smtp-in.l.google.com:.gmail-smtp-in.l.google.com servername=hostname", "report": "policy_type=sts policy_domain=gmail.com mx_host_pattern=gmail-smtp-in.l.google.com mx_host_pattern=*.gmail-smtp-in.l.google.com { policy_string = version: STSv1 } { policy_string = mode: enforce } { policy_string = mx: gmail-smtp-in.l.google.com } { policy_string = mx: *.gmail-smtp-in.l.google.com } { policy_string = max_age: 86400 }", "time": "56ms", "ttl": 86400 } } To me, it looks like the date/mta-sts policy value get logged as tls=... but this doesn't match the documentation. Can the usage of smtp_tls_policy_maps= be somehow related? Andreas _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
