I see.. Would you be able to let me know how to enable the undocumented peer metadata logfile ? If its a seperate logfile, that won't be an issue. I would like to see if that provides the data i am after.
In this case, these "...established from..." entries are the remote party servers. Was that not clear ? Mal On 13/07/2017 2:46 PM, Viktor Dukhovni wrote: > >> On Jul 12, 2017, at 10:46 PM, Mal <m...@jetlan.com> wrote: >> >> Wondering if anyone knows if it's possible to log the certificate CN >> presented when Postfix logs "Untrusted TLS connection established from.." > > That is not currently possible. Unconditional logging of the peer certificate > metadata is possible, but the interface is not documented, because a more > flexible > logging interface is needed in the long term, and just cluttering the current > logging > interface with more features that have to be supported long-term is not a > good idea, > if we want to overhaul how logging works in the future. > > I am somewhat surprised you say "...established from..." since that would the > SMTP > server, and the connection would be from an SMTP client, and these very > rarely have > TLS certificates to present (and most servers do not request client > certificates). >
