diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-03-09 16:41:20 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-03-09 21:22:22 +0000 |
| commit | e45a1c3738f3cec60acf36ae268f8cbf35a2ce7d (patch) | |
| tree | 1208626db5829d1dbbd23649f858129f31586c99 /src | |
| parent | 09ae8f9f555a3cfe7c2887d920279d41fb88879c (diff) | |
Log incoming-TLS details on rejects. Bug 305
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/smtp_in.c | 48 |
1 files changed, 35 insertions, 13 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 1d62bab05..9981e8d51 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1163,6 +1163,32 @@ return string_sprintf("SMTP connection from %s", hostname); +#ifdef SUPPORT_TLS +static uschar * +s_tlslog(uschar * s, int * sizep, int * ptrp) +{ + int size = sizep ? *sizep : 0; + int ptr = ptrp ? *ptrp : 0; + + if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL) + s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher); + if ((log_extra_selector & LX_tls_certificate_verified) != 0 && + tls_in.cipher != NULL) + s = string_append(s, &size, &ptr, 2, US" CV=", + tls_in.certificate_verified? "yes":"no"); + if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL) + s = string_append(s, &size, &ptr, 3, US" DN=\"", + string_printing(tls_in.peerdn), US"\""); + if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL) + s = string_append(s, &size, &ptr, 3, US" SNI=\"", + string_printing(tls_in.sni), US"\""); + + if (sizep) *sizep = size; + if (ptrp) *ptrp = ptr; + return s; +} +#endif + /************************************************* * Log lack of MAIL if so configured * *************************************************/ @@ -1195,18 +1221,7 @@ if (sender_host_authenticated != NULL) } #ifdef SUPPORT_TLS -if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL) - s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher); -if ((log_extra_selector & LX_tls_certificate_verified) != 0 && - tls_in.cipher != NULL) - s = string_append(s, &size, &ptr, 2, US" CV=", - tls_in.certificate_verified? "yes":"no"); -if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL) - s = string_append(s, &size, &ptr, 3, US" DN=\"", - string_printing(tls_in.peerdn), US"\""); -if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL) - s = string_append(s, &size, &ptr, 3, US" SNI=\"", - string_printing(tls_in.sni), US"\""); +s = s_tlslog(s, &size, &ptr); #endif sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)? @@ -2694,8 +2709,13 @@ the connection is not forcibly to be dropped, return 0. Otherwise, log why it is closing if required and return 2. */ if (log_reject_target != 0) - log_write(0, log_reject_target, "%s %s%srejected %s%s", + log_write(0, log_reject_target, "%s%s %s%srejected %s%s", host_and_ident(TRUE), +#ifdef SUPPORT_TLS + s_tlslog(NULL, NULL, NULL), +#else + "", +#endif sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg); if (!drop) return 0; @@ -4777,4 +4797,6 @@ while (done <= 0) return done - 2; /* Convert yield values */ } +/* vi: aw ai sw=2 +*/ /* End of smtp_in.c */ |