Hello, I am in the need to catch mail clients connecting to port 25 with ssl/tls on my postfix server.
Currently my postfix server is accepting both cleartext and ssl/tls connections on port 25, but my data center is introducing a new rule (perhaps a new firewall) which will drop ssl/tls connections to port 25 while allowing only cleartext connection. (port 465 is also open but that's ignored by the data center's new rule/firewall) Since i have a lot of domains and clients using my postfix server (several thousands), I'd prefer to generate a list instead of calling them all and checking their clients one by one. Do you know if that's possible ? (I'd accept whatever method, also tcpdump / wireshark is an option) I did some simple tests and my logs are basically the same, either using ssl or not. The only difference is an initial: Anonymous TLS connection established from xxx[yyy]: TLSv1.2 with cipher ECDHE-RSA-AE S128-GCM-SHA256 (128/128 bits) but that doesn't help much to determine the exact account involved. Thank you.
