Hi,
Fortunately, more and more smtp servers offer STARTTLS.
I would like to analyze the certificates used when employing STARTTLS
"opportunistically".
Is there a way to have postfix e.g. insert into a mysql table for every
message sent over TLS the following record:
1) recipient domain name
2) hostname (of MTA as per MX record)
3) host-ip
4) certiciate(-chain) used (e.g. in PEM format)
For efficiency reasons, it would be ok, that after the first insert of a
certifcate only a unique identifier (that would be provided by postfix as
field 5) would be given (besides a unique id given by postfix, it could also
be a sha256 digest of the leaf certificate).
Any hints would be appreciated!
Ralf
