summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-03-09 16:41:20 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2014-03-09 21:22:22 +0000
commite45a1c3738f3cec60acf36ae268f8cbf35a2ce7d (patch)
tree1208626db5829d1dbbd23649f858129f31586c99
parent09ae8f9f555a3cfe7c2887d920279d41fb88879c (diff)
Log incoming-TLS details on rejects. Bug 305
-rw-r--r--doc/doc-docbook/spec.xfpt1
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/smtp_in.c48
3 files changed, 39 insertions, 13 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 09220857d..345effd0e 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -34056,6 +34056,7 @@ the following table:
&`R `& on &`<=`& lines: reference for local bounce
&` `& on &`=>`& &`**`& and &`==`& lines: router name
&`S `& size of message
+&`SNI `& server name indication from TLS client hello
&`ST `& shadow transport name
&`T `& on &`<=`& lines: message subject (topic)
&` `& on &`=>`& &`**`& and &`==`& lines: transport name
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 83c255c24..0c51bc393 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -48,6 +48,9 @@ TL/05 Rename SPF condition results err_perm and err_temp to standardized
JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+ selectors, in both main and reject logs.
+
Exim version 4.82
-----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 1d62bab05..9981e8d51 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1163,6 +1163,32 @@ return string_sprintf("SMTP connection from %s", hostname);
+#ifdef SUPPORT_TLS
+static uschar *
+s_tlslog(uschar * s, int * sizep, int * ptrp)
+{
+ int size = sizep ? *sizep : 0;
+ int ptr = ptrp ? *ptrp : 0;
+
+ if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
+ s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
+ if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
+ tls_in.cipher != NULL)
+ s = string_append(s, &size, &ptr, 2, US" CV=",
+ tls_in.certificate_verified? "yes":"no");
+ if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
+ s = string_append(s, &size, &ptr, 3, US" DN=\"",
+ string_printing(tls_in.peerdn), US"\"");
+ if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
+ s = string_append(s, &size, &ptr, 3, US" SNI=\"",
+ string_printing(tls_in.sni), US"\"");
+
+ if (sizep) *sizep = size;
+ if (ptrp) *ptrp = ptr;
+ return s;
+}
+#endif
+
/*************************************************
* Log lack of MAIL if so configured *
*************************************************/
@@ -1195,18 +1221,7 @@ if (sender_host_authenticated != NULL)
}
#ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
-if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- tls_in.cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" CV=",
- tls_in.certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
- s = string_append(s, &size, &ptr, 3, US" DN=\"",
- string_printing(tls_in.peerdn), US"\"");
-if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
- s = string_append(s, &size, &ptr, 3, US" SNI=\"",
- string_printing(tls_in.sni), US"\"");
+s = s_tlslog(s, &size, &ptr);
#endif
sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)?
@@ -2694,8 +2709,13 @@ the connection is not forcibly to be dropped, return 0. Otherwise, log why it
is closing if required and return 2. */
if (log_reject_target != 0)
- log_write(0, log_reject_target, "%s %s%srejected %s%s",
+ log_write(0, log_reject_target, "%s%s %s%srejected %s%s",
host_and_ident(TRUE),
+#ifdef SUPPORT_TLS
+ s_tlslog(NULL, NULL, NULL),
+#else
+ "",
+#endif
sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);
if (!drop) return 0;
@@ -4777,4 +4797,6 @@ while (done <= 0)
return done - 2; /* Convert yield values */
}
+/* vi: aw ai sw=2
+*/
/* End of smtp_in.c */