Re: [Bug-mailfromd] Postfix TLS Macros?

[Mehmet Avcioglu <mehmet@xxxxxxxxxxxxx>]

Hello Sergey,

Thank you for the detailed information.

>  (a) postfix is configured with smtpd_tls_ask_ccert=yes or
>  smtpd_tls_req_ccert=yes and
>  (b) the client sends their certificate during TLS handshake.

I was able to get the values after setting "smtpd_tls_ask_ccert=yes" and testing with openssl (-connect with -key -cert options).

But testing with gmail or office365 I am not able to get anything other than the TLS version. After tuning on "smtpd_tls_received_header=yes", postfix is able to add these values to the Received header, but they are still not available via milter.

Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177])
  (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
  key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
  client-signature RSA-PSS (2048 bits) client-digest SHA256)
  (Client CN "smtp.gmail.com", Issuer "WR4" (not verified))
  by server.domain.com with ESMTPS id 4Xt56d1SpQz11fj
  for <email@xxxxxxxxxx>; Tue, 19 Nov 2024 16:33:28 +0300 (+03)

Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2116.outbound.protection.outlook.com [40.107.103.116])
  (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
  key-exchange ECDHE (P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
  client-signature RSA-PSS (2048 bits) client-digest SHA256)
  (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (not verified))
  by server.domain.com with ESMTPS id 4Xt54K6wxFz11fJ
  for <email@xxxxxxxxxx>; Tue, 19 Nov 2024 16:31:29 +0300 (+03)

I'll continue with the debug options to see if anything is in the milter messages that I am missing.

Regards,

--
Mehmet