Re: logging TLS SNI hostname

Arkadiusz Miśkiewicz Tue, 08 Nov 2016 06:42:35 -0800

On Tuesday 08 of November 2016, Aki Tuomi wrote:
> > On November 8, 2016 at 4:08 PM Arkadiusz Miśkiewicz <ar...@maven.pl>
> > wrote:
> > 
> > On Thursday 20 of October 2016, Arkadiusz Miśkiewicz wrote:
> > > On Thursday 20 of October 2016, Aki Tuomi wrote:
> > > > On 20.10.2016 15:52, Arkadiusz Miśkiewicz wrote:
> > > > > > ... -servername something
> > > > 
> > > > If you want to try out, try applying this patch...
> > > 
> > > Works, thanks!
> > 
> > But... it's easy to log fake things
> > 
> > Nov 8 15:04:01 mbox dovecot: pop3-login: Aborted login (no auth attempts
> > in 1 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1,
> > local_name=whitehouse.gov, i_can=put_anything, here=etc, TLS,
> > session=<26rEnMpAPMtb6rD0>
> > 
> > by using
> > 
> > openssl s_client -connect 127.0.0.1:110 -starttls pop3 -servername
> > "whitehouse.gov, i_can=put_anything, here=etc"
> > 
> > so some escaping here would also be needed.
> > 
> > conf:
> > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> > local_name=%{local_name} %c session=<%{session}>
> > 
> > > > From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00
> > > > 2001 From: Aki Tuomi <aki.tu...@dovecot.fi>
> > > > Date: Thu, 20 Oct 2016 16:06:27 +0300
> > > > Subject: [PATCH] login-common: Include local_name in
> > > > login_var_expand_table
> > > > 
> > > > This way it can be used in login_log_format
> 
> There is escaping in the final code in 2.2.26.0.


This is on 2.2.26.0. Escaping was only added to auth code, not logging one, 
right?

-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )

Re: logging TLS SNI hostname

Reply via email to