On Mon, 2 Feb 2026 10:14:32 +1100
Viktor Dukhovni via Postfix-users <[email protected]> wrote:
[snip]
>
> You surely mean "smtp", not "smtpd", ...
I surely do. Bit of a brain fart there. Fixed!
>
[snip]
>
> And you're also missing: "fingerprint", "verify" and "secure".
The "levels" and "policies" I have were all I was able to find from
the Postfix docs and what was discussed here.
It really doesn't matter. That output is actually from a run of
pflogsumm with the new code in it. Whatever shows up in
tls=level[/policy[/policy[...]]]
is what will be tabulated in those reports.
But I added the three you noted to my fake log generator, anyway, so
now they show up :)
The question is: Are these accurate descriptions and reasonable/useful
display formats for a summary of Postfix log tls= data?
SMTP TLS Connection Stats
-------------------------
22 dane:encrypt
21 encrypt
20 dane
16 may:none
15 none
14 dane?
14 dane:may
14 may
14 may?
14 secure
13 fingerprint
13 verify
10 dane:halfdane
SMTP TLS Policy Diagnostics
---------------------------
25 !requiretls:noencryption
22 requiretls:none
20 !requiretls:nostarttls
19 requiretls
17 !requiretls:none
16 requiretls?
15 requiretls:nocertmatch
14 requiretls:nostarttls
13 !requiretls:nocertmatch
Obviously, no single host is likely to see all that. Like I said:
Fake log data. Basically designed just to test pflogsumm's parsing of
the new field—which is actually quite straightforward. (Took me
longer to create the artificial logfile generator.)
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
