A. Schulze via Postfix-users:
> Hello,
>
> The postfix SMTP client can offload TLS to the tlsproxy by setting
> "smtp_tls_connection_reuse = yes"
> But in this mode, some logging occur always twice:
>
> Nov 15 22:04:29 mta postfix/tlsproxy[27148]: Trusted TLS connection
> established to nexthop.example[2001:db8::25]:587: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1)
> client-digest SHA384
> Nov 15 22:04:29 mta postfix/smtp[27145]: Trusted TLS connection established
> to nexthop.example[2001:db8::25]:587: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1)
> client-digest SHA384
>
> Nov 13 09:10:47 mta2 postfix/tlsproxy[7724]: Trusted TLS connection
> established to mx.example[192.0.2.25]:25: TLSv1.3 with cipher
> TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519_kyber768
> server-signature RSA-PSS (2048 bits) server-digest SHA256
> Nov 13 09:10:47 mta2 postfix/smtp[7723]: Trusted TLS connection established
> to mx.example[192.0.2.25]:25: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256
> (128/128 bits) key-exchange x25519_kyber768 server-signature RSA-PSS (2048
> bits) server-digest SHA256
>
> This is a regular pattern in my logs I observe already for a long time.
> It's not new, it doesn't hurt but it feels unnecessary. It this
> an expected behavior or are there reasons to log the information
> twice?
The purpose of the SMTP client logging is to provide evidence that it
is given a connection with the "right" connection properties.
The purpose of the tlsproxy logging logging is to provide evidence that
is doing its job.
Wietse
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
