Darrell A. Sullivan, II:
> I am trying to implement TLS on our server for a client requirement. I
> believe I have the TLS settings correct, but I am not certain about what I
> am seeing in the logs and I am uncertain as to how to know if a message was
> delivered using TLS.
> Is there anything in the message headers that would indicate that it was
> delivered using TLS?
Postfix can add TLS message headers while RECEIVING mail.
Postfix currently does not add TLS message headers while delivering
mail. Adding such a header would not be a big deal. The code just
does not exist because no-one has needed it.
> I have the below log entries on some outgoing messages. I am certain that
> the first one is a failure since the group's server is setup with the entry
> "somecomp.com MUST_NOPEERMATCH" is specified in tls_per_site and
> consequently the message is not delivered when TLS fails. Is this because
> they have a self signed certificate and we do not have the CA certificate
> for their root?
> In the second set of log entries, I am not certain if the message is
> delivered over the TLS connection or not. Is there some entry I can search
> my logs for to find out if any messages are being successfully transmitted
> over TLS?
This information is not part of routine logs. you can turn up TLS
logging, but I would not turn up smtp_tls_loglevel all the way, as
that also shows all the protocol negotiation stuff.
On Fri, 22 Aug 2008 10:07:20 -0400 (EDT)
[hidden email] (Wietse Venema) wrote:
> Postfix can add TLS message headers while RECEIVING mail.
> smtpd_tls_received_header = yes
> Postfix currently does not add TLS message headers while delivering
> mail. Adding such a header would not be a big deal. The code just
> does not exist because no-one has needed it.
Personally, I would be in favor of it, if it really is not a big deal
nor going to take up too much of your time.