> On Mar 28, 2019, at 8:35 AM, phoenixsagar <[email protected]> wrote:
>
> For one host certificate verification is failing randomly. I want to monitor
> that particular host.
> Specifically I want that depth and subject of certificate for which it is
> marking certificate expired.
> I have gone through pcaps but all certificates at that time are fine.
If this is outbound SMTP, you can use a separate transport for that MX host's
destination domain (assuming a known, manageable list). For that transport
(say "vsmtp") set:
vsmtp unix ... smtp
-o smtp_tls_loglevel=summary,untrusted,certmatch
and use the transport table to associate this with the destination(s) in
question.
The named log levels are not a stable feature of the smtp_tls_loglevel
public interface, but in the short run you can use them for debugging.
--
Viktor.
