Merge pull request #188 from whyscream/tls-logging

TLS logging improvements
whyscream · Jan 29, 2024 · 71d6562 · 71d6562
2 parents 85c3ad4 + 8e0b737
commit 71d6562
Show file tree

Hide file tree

Showing 8 changed files with 13 additions and 5 deletions.
diff --git a/50-filter-postfix.conf b/50-filter-postfix.conf
@@ -277,6 +277,7 @@ filter {
             "postfix_size", "integer",
             "postfix_status_code", "integer",
             "postfix_termination_signal", "integer",
+            "postfix_tls_server_signature_size", "integer",
             "postfix_verify_cache_dropped", "integer",
             "postfix_verify_cache_retained", "integer",
 

diff --git a/postfix.grok b/postfix.grok
@@ -23,7 +23,8 @@ POSTFIX_KEYVALUE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_KEYVALUE_DATA:pos
 POSTFIX_WARNING_LEVEL (warning|fatal|info)
 POSTFIX_VERIFY_CLEANUP_TYPE (full|partial)
 
-POSTFIX_TLSCONN (Anonymous|Trusted|Untrusted|Verified) TLS connection established (to %{POSTFIX_RELAY_INFO}|from %{POSTFIX_CLIENT_INFO}): %{DATA:postfix_tls_version} with cipher %{DATA:postfix_tls_cipher} \(%{DATA:postfix_tls_cipher_size} bits\)( key-exchange %{DATA:postfix_tls_key-exchange} server-signature %{DATA:postfix_tls_server-signature} \(%{DATA:postfix_tls_server-signature_size} bits\) server-digest %{DATA:postfix_tls_server-digest})?
+
+POSTFIX_TLSCONN %{DATA:postfix_tls_trustlevel} TLS connection established (to %{POSTFIX_RELAY_INFO}|from %{POSTFIX_CLIENT_INFO}): %{DATA:postfix_tls_version} with cipher %{DATA:postfix_tls_cipher} \(%{DATA:postfix_tls_cipher_size} bits\)( key-exchange %{DATA:postfix_tls_key_exchange} server-signature %{DATA:postfix_tls_server_signature} \(%{DATA:postfix_tls_server_signature_size} bits\) server-digest %{DATA:postfix_tls_server_digest})?
 POSTFIX_TLSVERIFICATION certificate verification failed for %{POSTFIX_RELAY_INFO}: %{GREEDYDATA:postfix_tls_error}
 
 POSTFIX_DELAYS %{NUMBER:postfix_delay_before_qmgr}/%{NUMBER:postfix_delay_in_qmgr}/%{NUMBER:postfix_delay_conn_setup}/%{NUMBER:postfix_delay_transmission}

diff --git a/test/smtp_0003.yaml b/test/smtp_0003.yaml
@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Untrusted TLS connection established to mx4.hotmail.com[65.55.92.136]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Untrusted
     postfix_relay_hostname: mx4.hotmail.com
     postfix_relay_ip: 65.55.92.136
     postfix_relay_port: 25

diff --git a/test/smtp_0004.yaml b/test/smtp_0004.yaml
@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:2525: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Untrusted
     postfix_relay_hostname: 127.0.0.1
     postfix_relay_ip: 127.0.0.1
     postfix_relay_port: 2525

diff --git a/test/smtp_0015.yaml b/test/smtp_0015.yaml
@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Trusted TLS connection established to gmail-smtp-in.l.google.com[74.125.136.26]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)"
 results:
+    postfix_tls_trustlevel: Trusted
     postfix_relay_hostname: gmail-smtp-in.l.google.com
     postfix_relay_ip: 74.125.136.26
     postfix_relay_port: 25

diff --git a/test/smtp_0016.yaml b/test/smtp_0016.yaml
@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Verified TLS connection established to mail.sys4.de[2001:1578:400:111::7]:25: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Verified
     postfix_relay_hostname: mail.sys4.de
     postfix_relay_ip: 2001:1578:400:111::7
     postfix_relay_port: 25

diff --git a/test/smtpd_0010.yaml b/test/smtpd_0010.yaml
@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTPD}$
 data: "Anonymous TLS connection established from julie.example.com[10.163.89.202]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Anonymous
     postfix_client_hostname: julie.example.com
     postfix_client_ip: 10.163.89.202
     postfix_tls_version: TLSv1.2

diff --git a/test/smtpd_0037.yaml b/test/smtpd_0037.yaml
@@ -1,12 +1,13 @@
 pattern: ^%{POSTFIX_SMTPD}$
 data: "Anonymous TLS connection established from julie.example.com[10.163.89.202]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256"
 results:
+    postfix_tls_trustlevel: Anonymous
     postfix_client_hostname: julie.example.com
     postfix_client_ip: 10.163.89.202
     postfix_tls_version: TLSv1.3
     postfix_tls_cipher: TLS_AES_256_GCM_SHA384
     postfix_tls_cipher_size: 256/256
-    postfix_tls_key-exchange: X25519 
-    postfix_tls_server-signature: RSA-PSS 
-    postfix_tls_server-signature_size: 4096
-    postfix_tls_server-digest: SHA256
+    postfix_tls_key_exchange: X25519
+    postfix_tls_server_signature: RSA-PSS
+    postfix_tls_server_signature_size: 4096
+    postfix_tls_server_digest: SHA256