On Mon, 22 Feb 2016 15:55:48 -0500 (EST) wie...@porcupine.org (Wietse Venema) wrote:
> morbi...@rx900.org: > > Anonymous TLS connection established from xxx[yyy]: TLSv1.2 with cipher > > ECDHE-RSA-AE > > S128-GCM-SHA256 (128/128 bits) > > > > but that doesn't help much to determine the exact account involved. > > Would logging the SASL username help? The Postfix SMTP server logs: > > queueid: client=xxx:[yyy], sasl_method=aaa, sasl_username=bbb > > You just need to combine records based on the xxx:[yyy]. > > Wietse Problem is that connections to 465 (with ssl/tls) appears in the logs identical to 25 (with ssl/tls) so that would lead to a lot false positives, if i've understood correctly. Thank you.
