Am Montag, den 04.01.2016, 10:21 -0500 schrieb Wietse Venema: > > > No, but you could use a better stateful logfile analyzer. The TLS > > > session status is always logged with the name of the remote MTA > > > example.com[x.x.x.x]:25, and it is always logged before the > > > status= > > > record. > Consider that an smtp(8) process makes only one connection at a > time. The close is therefore implied when the smtp process logs a > new "TLS established" record, or when it logs any activity with > a different example.com[x.x.x.x]:25.
My log analyser "saftpresse" implements this: https://metacpan.org/release/Log-Saftpresse Theres a commandline interface "saftsumm" which tries to provide the classic pflogsumm inteface. Try '--tls-stats' The saftpresse command implements a non-blocking log anaylser with plugins. It is designed with output to elasticsearch and graphit in mind. The Postfix plugin included is based on the pflogsumm code but heavy refactured and modularized. There currently no packages, but i plan to provide debian packages and a docker image for non-debian users. Markus
