On 2 Aug 2017, at 12:20, robg...@nospammail.net wrote:
On Wed, Aug 2, 2017, at 09:11 AM, Viktor Dukhovni wrote:
This is logged at level 1.
Ok. Then I've got this morning's mystery!
If my syslog was 'lossy', it woulnd't log it in the loglevel = 2 case
would it?
Maybe. There's wide variation in syslog implementations
Until I figure out what's going wrong here, just
edit main.cf
- smtpd_tls_loglevel=2
+ smtpd_tls_loglevel=1
postfix reload
make those entries DISappear, and
edit main.cf
- smtpd_tls_loglevel=1
+ smtpd_tls_loglevel=2
postfix reload
gets them to display again.
Something is wrong with your syslog implementation or its config. You
can confirm in the code that what Viktor says is true and I have an
example of it being so in operation. I have not touched the TLS config
on this system for many months (at least) and here's a couple of line
counts from today's log:
bigsky:log root# postconf smtpd_tls_loglevel
smtpd_tls_loglevel = 1
bigsky:log root# grep -c 'postfix/.* TLS connection established from '
mail.log
2070
bigsky:log root# grep -c 'postfix/.*SSL' mail.log
0
i.e.: it's logging connection establishment messages but none of the
negotiation messages (which mostly have 'SSL' function names in them.)
