On Sat, Nov 08, 2025 at 07:28:27PM +0200, Edmund Lodewijks via Postfix-users
wrote:
> I am wanting to monitor whether my mail server is successfully using DANE.
>
> Is there another way to monitor whether DANE is functioning other than log
> level 2, which is really rather verbose and making logs hard to read?
With the upcoming Postfix 3.11, assuming the features of recent
"nonprod" releases are deemed mature enough in time to be encluded,
you'd see logs such as:
Sep 30 23:05:35 amnesiac postfix/smtp[793146]:
Verified TLS connection established to list.sys4.de[45.90.5.195]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519 server-signature ECDSA (secp384r1) server-digest
SHA384
Sep 30 23:05:38 amnesiac postfix/smtp[793146]: 01E12901F9D:
to=<[email protected]>, relay=list.sys4.de[45.90.5.195]:25,
delay=5.4, delays=0.08/0.01/3.5/1.9, tls=dane, dsn=2.0.0, status=sent
(250 2.0.0 Ok: queued as 4cbdb56t4MzPjfw)
The "tls=dane" element of the per-recipient delivery record confirms
that DANE was used successfully. My understanding is that This feature
is expected to be included:
https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
...
This feature is available in Postfix 3.11 and later.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
