summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-03-09 16:51:00 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2014-03-09 21:22:23 +0000
commit67d81c106c8dd7da50b57eb5ceeb61d91a2c51e8 (patch)
tree96d6fd68217797140049dfe7e24729ba1ebe152b
parente45a1c3738f3cec60acf36ae268f8cbf35a2ce7d (diff)
Log port and TLS details for a failed delivery
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/deliver.c57
-rw-r--r--src/src/smtp_in.c10
-rw-r--r--test/log/05471
-rw-r--r--test/log/20032
-rw-r--r--test/log/20146
-rw-r--r--test/log/21032
-rw-r--r--test/log/21146
-rw-r--r--test/rejectlog/20032
-rw-r--r--test/rejectlog/20146
-rw-r--r--test/rejectlog/21032
-rw-r--r--test/rejectlog/21146
12 files changed, 65 insertions, 38 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 0c51bc393..493861fec 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -51,6 +51,9 @@ JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
selectors, in both main and reject logs.
+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+ failed delivery.
+
Exim version 4.82
-----------------
diff --git a/src/src/deliver.c b/src/src/deliver.c
index df93a114e..121f7c2e0 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -673,8 +673,36 @@ while (addr->parent != NULL)
+static uschar *
+d_hostlog(uschar * s, int * sizep, int * ptrp, address_item * addr)
+{
+ s = string_append(s, sizep, ptrp, 5, US" H=", addr->host_used->name,
+ US" [", addr->host_used->address, US"]");
+ if ((log_extra_selector & LX_outgoing_port) != 0)
+ s = string_append(s, sizep, ptrp, 2, US":", string_sprintf("%d",
+ addr->host_used->port));
+ return s;
+}
+
+#ifdef SUPPORT_TLS
+static uschar *
+d_tlslog(uschar * s, int * sizep, int * ptrp, address_item * addr)
+{
+ if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
+ s = string_append(s, sizep, ptrp, 2, US" X=", addr->cipher);
+ if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
+ addr->cipher != NULL)
+ s = string_append(s, sizep, ptrp, 2, US" CV=",
+ testflag(addr, af_cert_verified)? "yes":"no");
+ if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
+ s = string_append(s, sizep, ptrp, 3, US" DN=\"",
+ string_printing(addr->peerdn), US"\"");
+ return s;
+}
+#endif
+
/* If msg is NULL this is a delivery log and logchar is used. Otherwise
-this is a nonstandard call; no two-characher delivery flag is written
+this is a nonstandard call; no two-character delivery flag is written
but sender-host and sender are prefixed and "msg" is inserted in the log line.
Arguments:
@@ -767,11 +795,7 @@ else
{
if (addr->host_used != NULL)
{
- s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
- US" [", addr->host_used->address, US"]");
- if ((log_extra_selector & LX_outgoing_port) != 0)
- s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d",
- addr->host_used->port));
+ s = d_hostlog(s, &size, &ptr, addr);
if (continue_sequence > 1)
s = string_cat(s, &size, &ptr, US"*", 1);
@@ -786,15 +810,7 @@ else
}
#ifdef SUPPORT_TLS
- if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher);
- if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- addr->cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" CV=",
- testflag(addr, af_cert_verified)? "yes":"no");
- if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
- s = string_append(s, &size, &ptr, 3, US" DN=\"",
- string_printing(addr->peerdn), US"\"");
+ s = d_tlslog(s, &size, &ptr, addr);
#endif
if (addr->authenticator)
@@ -1239,9 +1255,7 @@ else
if (used_return_path != NULL &&
(log_extra_selector & LX_return_path_on_delivery) != 0)
- {
s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
- }
if (addr->router != NULL)
s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name);
@@ -1249,8 +1263,11 @@ else
s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name);
if (addr->host_used != NULL)
- s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
- US" [", addr->host_used->address, US"]");
+ s = d_hostlog(s, &size, &ptr, addr);
+
+ #ifdef SUPPORT_TLS
+ s = d_tlslog(s, &size, &ptr, addr);
+ #endif
if (addr->basic_errno > 0)
s = string_append(s, &size, &ptr, 2, US": ",
@@ -7168,4 +7185,6 @@ acl_where = ACL_WHERE_UNKNOWN;
return final_yield;
}
+/* vi: aw ai sw=2
+*/
/* End of deliver.c */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 9981e8d51..fbfe1ed7b 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1183,8 +1183,14 @@ s_tlslog(uschar * s, int * sizep, int * ptrp)
s = string_append(s, &size, &ptr, 3, US" SNI=\"",
string_printing(tls_in.sni), US"\"");
- if (sizep) *sizep = size;
- if (ptrp) *ptrp = ptr;
+ if (s)
+ {
+ s[ptr] = '\0';
+ if (sizep) *sizep = size;
+ if (ptrp) *ptrp = ptr;
+ }
+ else
+ s = US"";
return s;
}
#endif
diff --git a/test/log/0547 b/test/log/0547
index 3b86d2bd5..6a5b233e0 100644
--- a/test/log/0547
+++ b/test/log/0547
@@ -1,5 +1,4 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=0s
1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=0s C=QUIT
1999-03-02 09:44:33 H=(x.y.z) [127.0.0.1] rejected VRFY a@b.c
1999-03-02 09:44:33 no MAIL in SMTP connection from (x.y.z) [127.0.0.1] D=0s C=EHLO,VRFY,QUIT
diff --git a/test/log/2003 b/test/log/2003
index f6d0a987d..8c1c5c1ff 100644
--- a/test/log/2003
+++ b/test/log/2003
@@ -1,5 +1,5 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=abc T=local_delivery
diff --git a/test/log/2014 b/test/log/2014
index feaf4be4c..7ed753049 100644
--- a/test/log/2014
+++ b/test/log/2014
@@ -1,8 +1,8 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (rhu7.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/log/2103 b/test/log/2103
index bc6230d0f..e1d7eac9d 100644
--- a/test/log/2103
+++ b/test/log/2103
@@ -1,5 +1,5 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLSv1:AES256-SHA:256
1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=abc T=local_delivery
diff --git a/test/log/2114 b/test/log/2114
index 862f93f1d..09738fd14 100644
--- a/test/log/2114
+++ b/test/log/2114
@@ -1,16 +1,16 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 SSL verify error: depth=0 error=certificate revoked cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 SSL verify error: depth=0 error=CRL signature failure cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
diff --git a/test/rejectlog/2003 b/test/rejectlog/2003
index 04c9f95c3..d495cde10 100644
--- a/test/rejectlog/2003
+++ b/test/rejectlog/2003
@@ -1 +1 @@
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
diff --git a/test/rejectlog/2014 b/test/rejectlog/2014
index fb9f7cd99..e9ccac71c 100644
--- a/test/rejectlog/2014
+++ b/test/rejectlog/2014
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/rejectlog/2103 b/test/rejectlog/2103
index 49eab8415..b505fccbd 100644
--- a/test/rejectlog/2103
+++ b/test/rejectlog/2103
@@ -1 +1 @@
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: unacceptable cipher TLSv1:AES256-SHA:256
diff --git a/test/rejectlog/2114 b/test/rejectlog/2114
index 143828731..c8becde39 100644
--- a/test/rejectlog/2114
+++ b/test/rejectlog/2114
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock