On Fri, 30 Jan 2026 17:45:38 -0500 (EST)
Wietse Venema via Postfix-users <[email protected]> wrote:
[snip]
>
> Never at the end. Each field is either what Postfix wanted (no
> colon), or what-it-wanted:what-it-got (one colon).
>
> ...tls=none, ... (want: plaintext, got: plaintext)
>
> ..., tls=may, ... (want: opportunistic TLS, got: opportunistic TLS)
>
> ..., tls=may:none, ... (want: opportunistic TLS, got: plaintext)
>
> ..., tls=blah/foo:bar, ... (want: foo, got: bar)
[snip]
So might these fields more accurately be described as "requested" and
"achieved" (or "negotiated") rather than “level” and “policies”?
Either way: The fact that levels can appear alone makes things a bit
tricky for me in pflogsumm's logic, but there's an easy fix: Fake it.
When no policies appear, treat the level itself as policy. Thus a
report might look like:
SMTPD TLS Stats
---------------
may (612)
612 may
dane (149)
149 dane
encrypt (19)
19 encrypt
dane? (19)
2 dane?
using Viktor's numbers for illustration. Or I could...
SMTPD TLS Stats
---------------
may (612)
612 as-requested
dane (149)
149 as-requested
encrypt (19)
19 as-requested
dane? (19)
2 as-requested
Where “as-requested” means “the requested TLS security level was
achieved and no additional policy-feature status was logged,” which
might make that more visible?
Thoughts?
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
