Java mail submission through Postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Java mail submission through Postfix

James B. Byrne
I would like to understand exactly what these postfix log messages tell me
about starttls, if anything:

Dec 24 13:09:32 mx32 postfix-p25/smtpd[25786]: SSL_accept:SSLv3/TLS write
session ticket

Dec 24 13:09:32 mx32 postfix-p25/smtpd[25786]: Anonymous TLS connection
established from accounting-2.internal.harte-lyne.ca[192.168.216.88]: TLSv1.3
with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-256)
server-signature RSA-PSS (4096 bits) server-digest SHA256

Dec 24 13:09:32 mx32 postfix-p25/smtpd[25786]: NOQUEUE:
client=accounting-2.internal.harte-lyne.ca[192.168.216.88], sasl_method=LOGIN,
sasl_username=byrnejb_hll

Dec 24 13:09:33 mx32 postfix/smtpd[36248]: initializing the server-side TLS engine

Dec 24 13:09:33 mx32 postfix/smtpd[36248]: connect from localhost[127.0.32.1]

Dec 24 13:09:33 mx32 postfix/smtpd[36248]: 52DEC3DC1C:
client=localhost[127.0.32.1]

Dec 24 13:09:33 mx32 postfix/cleanup[27823]: 52DEC3DC1C:
message-id=<[hidden email]>
Dec 24 13:09:33 mx32 postfix/smtpd[36248]: disconnect from
localhost[127.0.32.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

Dec 24 13:09:33 mx32 postfix/qmgr[23987]: 52DEC3DC1C:
from=<[hidden email]>, size=1549, nrcpt=1 (queue active)

Dec 24 13:09:33 mx32 postfix-p25/smtpd[25786]: proxy-accept: END-OF-MESSAGE:
250 2.0.0 from MTA(smtp:[localhost]:10025): 250 2.0.0 Ok: queued as 52DEC3DC1C;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<accounting-2.internal.harte-lyne.ca> sasl_username=<byrnejb_hll>

Dec 24 13:09:33 mx32 postfix/smtp[28101]: 52DEC3DC1C:
to=<[hidden email]>,
relay=imap.hamilton.harte-lyne.ca[216.185.71.57]:25, delay=0.15,
delays=0.02/0/0.11/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
72A511C0F8C)

Dec 24 13:09:33 mx32 postfix/qmgr[23987]: 52DEC3DC1C: removed

Dec 24 13:09:37 mx32 postfix-p25/smtpd[25786]: disconnect from
accounting-2.internal.harte-lyne.ca[192.168.216.88] ehlo=2 starttls=1 auth=1
mail=1 rcpt=1 data=1 quit=1 commands=8





--
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply | Threaded
Open this post in threaded view
|

Re: Java mail submission through Postfix

Viktor Dukhovni
On Thu, Dec 24, 2020 at 01:16:58PM -0500, James B. Byrne wrote:

> I would like to understand exactly what these postfix log messages tell me
> about starttls, if anything:

Generally, just the non-verbose "smtpd_tls_loglevel = 1" loggins is
quite sufficient, and the higher log levels in most cases just makes it
harder to find what's important among all the low-level detail.

> Dec 24 13:09:32 mx32 postfix-p25/smtpd[25786]: SSL_accept:SSLv3/TLS write session ticket
>
> Dec 24 13:09:32 mx32 postfix-p25/smtpd[25786]:
>   Anonymous TLS connection established
>   from accounting-2.internal.harte-lyne.ca[192.168.216.88]:
>   TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
>   key-exchange ECDHE (P-256)
>   server-signature RSA-PSS (4096 bits)
>   server-digest SHA256

This TLS handshake was successful, and negotiate TLS 1.3, with all sorts
of parameter details you probably don't care about (but 2048-bit RSA is
probably good enough, and your 4096-bit RSA key is overkill that
needlessly burns CPU-cycles).

The client did not present a client certificate (this is quite normal).

--
    Viktor.