Skip to content

Parse postfix TLS features #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 29, 2025
Merged

Parse postfix TLS features #210

merged 6 commits into from
Nov 29, 2025

Conversation

@whyscream
Copy link
Owner

@whyscream whyscream commented Nov 17, 2025
edited
Loading

In Postfix 3.11, postfix will start logging specific features of the TLS connection.

Details are at: https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status

This adds the following optional fields to a postfix/smtp message:

  • postfix_tls_security_level
  • postfix_tls_downgrade_level (unset when no downgrade occurred)
  • postfix_tls_policy_undecided (true when detected, unset otherwise)
  • postfix_requiretls (true when detected, unset otherwise)
  • postfix_requiretls_policy_violation (true when detected, unset otherwise)
  • postfix_requiretls_downgrade_level (unset when no downgrade occurred)
  • postfix_requiretls_policy_undecided (true when detected, unset otherwise)

Resolves #209

@whyscream whyscream force-pushed the postfix-tls-features branch 2 times, most recently from 66489ec to d6b67bd Compare November 17, 2025 22:48
@whyscream
Update to latest logstash version
c354851
@whyscream
Add new test files that verify extraction of 'tls=...' to key-value data
68cdf46 
These tests merely verify that the syntax used by postfix with separators
like /:?! is transferred correctly to the key-value data.
@whyscream
Add tls features logging in pipeline check example
25934f5
@whyscream whyscream force-pushed the postfix-tls-features branch 2 times, most recently from f5ce9ab to 64fb31e Compare November 18, 2025 23:26
@whyscream whyscream force-pushed the postfix-tls-features branch from 64fb31e to 44172d9 Compare November 29, 2025 14:19
@whyscream
Extract TLS requiretls feature data from 'postfix_tls'
baab2d4 
Also switch to named captures when possible
@whyscream whyscream force-pushed the postfix-tls-features branch from 7b4ceb5 to baab2d4 Compare November 29, 2025 17:04
@whyscream whyscream merged commit adaed13 into main Nov 29, 2025
4 checks passed
@whyscream whyscream deleted the postfix-tls-features branch November 29, 2025 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

add "tls=dane" test for postfix 3.11

2 participants

@whyscream