Dirk St?cker via Postfix-users:
> Hello,
>
> for outgoing TLS connections with smtp_tls_loglevel=1 I can see the
> Trusted, Untrusted or Verified lines easily by a grep with " connection
> established to " in the log.
>
> Now I tried to find all remaining unencrypted connections and failed. I
> neither found any specific log line for them nor did I find an option to
> enable a log line. Sadly Google also didn't help me.
>
> Do I overlook something? How can I grep all outgoing (or incoming)
> unencrypted mail sending (or receiving).
Postfix logs TLS status details before it logs delivery status details.
Dec 23 19:32:32 spike postfix/smtp[79203]: Untrusted TLS connection established
to list.sys4.de[2a03:4000:60:db7::138]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
RSA-PSS (2048 bits)
Dec 23 19:32:33 spike postfix/smtp[79203]: 4YHG7M2rQwzJrP3:
to=<postfix-users@postfix.org>, relay=list.sys4.de[2a03:4000:60:db7::138]:25,
delay=1.8, delays=0.13/0.012/1.3/0.31, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 4YHG7N73qDzyRX)
With plaintext delivery, that first line will not be logged.
In both cases the logging shows the SMTP client process name and
process ID, and the remote SMTP server name, IP address, and port.
With all thath information, there should be no confusion about which
TLS status line belongs with which delivery status line.
Even with systemd, the logging ordering should be preserved. However,
systemd may drop logs on a busy server unless some configured systemd
settings.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
