> On Jul 12, 2017, at 10:46 PM, Mal <m...@jetlan.com> wrote:
>
> Wondering if anyone knows if it's possible to log the certificate CN
> presented when Postfix logs "Untrusted TLS connection established from.."
That is not currently possible. Unconditional logging of the peer certificate
metadata is possible, but the interface is not documented, because a more
flexible
logging interface is needed in the long term, and just cluttering the current
logging
interface with more features that have to be supported long-term is not a good
idea,
if we want to overhaul how logging works in the future.
I am somewhat surprised you say "...established from..." since that would the
SMTP
server, and the connection would be from an SMTP client, and these very rarely
have
TLS certificates to present (and most servers do not request client
certificates).
--
Viktor.
