[exim-cvs] Log port and TLS details for a failed delivery

Top Pagina
Delete this message
Reply to this message
Auteur: Exim Git Commits Mailing List
Datum:  
Aan: exim-cvs
Onderwerp: [exim-cvs] Log port and TLS details for a failed delivery
Gitweb: http://git.exim.org/exim.git/commitdiff/67d81c106c8dd7da50b57eb5ceeb61d91a2c51e8
Commit:     67d81c106c8dd7da50b57eb5ceeb61d91a2c51e8
Parent:     e45a1c3738f3cec60acf36ae268f8cbf35a2ce7d
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Mar 9 16:51:00 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Mar 9 21:22:23 2014 +0000


    Log port and TLS details for a failed delivery
---
 doc/doc-txt/ChangeLog |    3 ++
 src/src/deliver.c     |   57 ++++++++++++++++++++++++++++++++----------------
 src/src/smtp_in.c     |   10 +++++++-
 test/log/0547         |    1 -
 test/log/2003         |    2 +-
 test/log/2014         |    6 ++--
 test/log/2103         |    2 +-
 test/log/2114         |    6 ++--
 test/rejectlog/2003   |    2 +-
 test/rejectlog/2014   |    6 ++--
 test/rejectlog/2103   |    2 +-
 test/rejectlog/2114   |    6 ++--
 12 files changed, 65 insertions(+), 38 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 0c51bc3..493861f 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -51,6 +51,9 @@ JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
 JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
       selectors, in both main and reject logs.


+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+      failed delivery.
+
 Exim version 4.82
 -----------------


diff --git a/src/src/deliver.c b/src/src/deliver.c
index df93a11..121f7c2 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -673,8 +673,36 @@ while (addr->parent != NULL)



+static uschar *
+d_hostlog(uschar * s, int * sizep, int * ptrp, address_item * addr)
+{
+  s = string_append(s, sizep, ptrp, 5, US" H=", addr->host_used->name,
+    US" [", addr->host_used->address, US"]");
+  if ((log_extra_selector & LX_outgoing_port) != 0)
+    s = string_append(s, sizep, ptrp, 2, US":", string_sprintf("%d",
+      addr->host_used->port));
+  return s;
+}
+
+#ifdef SUPPORT_TLS
+static uschar *
+d_tlslog(uschar * s, int * sizep, int * ptrp, address_item * addr)
+{
+  if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
+    s = string_append(s, sizep, ptrp, 2, US" X=", addr->cipher);
+  if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
+       addr->cipher != NULL)
+    s = string_append(s, sizep, ptrp, 2, US" CV=",
+      testflag(addr, af_cert_verified)? "yes":"no");
+  if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
+    s = string_append(s, sizep, ptrp, 3, US" DN=\"",
+      string_printing(addr->peerdn), US"\"");
+  return s;
+}
+#endif
+
 /* If msg is NULL this is a delivery log and logchar is used. Otherwise
-this is a nonstandard call; no two-characher delivery flag is written
+this is a nonstandard call; no two-character delivery flag is written
 but sender-host and sender are prefixed and "msg" is inserted in the log line.


 Arguments:
@@ -767,11 +795,7 @@ else
   {
   if (addr->host_used != NULL)
     {
-    s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
-      US" [", addr->host_used->address, US"]");
-    if ((log_extra_selector & LX_outgoing_port) != 0)
-      s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d",
-        addr->host_used->port));
+    s = d_hostlog(s, &size, &ptr, addr);
     if (continue_sequence > 1)
       s = string_cat(s, &size, &ptr, US"*", 1);


@@ -786,15 +810,7 @@ else
     }


   #ifdef SUPPORT_TLS
-  if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
-    s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher);
-  if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
-       addr->cipher != NULL)
-    s = string_append(s, &size, &ptr, 2, US" CV=",
-      testflag(addr, af_cert_verified)? "yes":"no");
-  if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
-    s = string_append(s, &size, &ptr, 3, US" DN=\"",
-      string_printing(addr->peerdn), US"\"");
+  s = d_tlslog(s, &size, &ptr, addr);
   #endif


if (addr->authenticator)
@@ -1239,9 +1255,7 @@ else

   if (used_return_path != NULL &&
       (log_extra_selector & LX_return_path_on_delivery) != 0)
-    {
     s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
-    }


   if (addr->router != NULL)
     s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name);
@@ -1249,8 +1263,11 @@ else
     s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name);


   if (addr->host_used != NULL)
-    s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
-      US" [", addr->host_used->address, US"]");
+    s = d_hostlog(s, &size, &ptr, addr);
+
+  #ifdef SUPPORT_TLS
+  s = d_tlslog(s, &size, &ptr, addr);
+  #endif


   if (addr->basic_errno > 0)
     s = string_append(s, &size, &ptr, 2, US": ",
@@ -7168,4 +7185,6 @@ acl_where = ACL_WHERE_UNKNOWN;
 return final_yield;
 }


+/* vi: aw ai sw=2
+*/
 /* End of deliver.c */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 9981e8d..fbfe1ed 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1183,8 +1183,14 @@ s_tlslog(uschar * s, int * sizep, int * ptrp)
     s = string_append(s, &size, &ptr, 3, US" SNI=\"",
       string_printing(tls_in.sni), US"\"");


-  if (sizep) *sizep = size;
-  if (ptrp) *ptrp = ptr;
+  if (s)
+    {
+    s[ptr] = '\0';
+    if (sizep) *sizep = size;
+    if (ptrp) *ptrp = ptr;
+    }
+  else
+    s = US"";
   return s;
 }
 #endif
diff --git a/test/log/0547 b/test/log/0547
index 3b86d2b..6a5b233 100644
--- a/test/log/0547
+++ b/test/log/0547
@@ -1,5 +1,4 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=0s
 1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=0s C=QUIT
 1999-03-02 09:44:33 H=(x.y.z) [127.0.0.1] rejected VRFY a@???
 1999-03-02 09:44:33 no MAIL in SMTP connection from (x.y.z) [127.0.0.1] D=0s C=EHLO,VRFY,QUIT
diff --git a/test/log/2003 b/test/log/2003
index f6d0a98..8c1c5c1 100644
--- a/test/log/2003
+++ b/test/log/2003
@@ -1,5 +1,5 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@??? H=(rhu.barb) [127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss
 1999-03-02 09:44:33 Start queue run: pid=pppp -qf
 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@???> R=abc T=local_delivery
diff --git a/test/log/2014 b/test/log/2014
index feaf4be..7ed7530 100644
--- a/test/log/2014
+++ b/test/log/2014
@@ -1,8 +1,8 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
 1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 TLS error on connection from (rhu7.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/log/2103 b/test/log/2103
index bc6230d..e1d7eac 100644
--- a/test/log/2103
+++ b/test/log/2103
@@ -1,5 +1,5 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLSv1:AES256-SHA:256
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@??? H=(rhu.barb) [127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss
 1999-03-02 09:44:33 Start queue run: pid=pppp -qf
 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@???> R=abc T=local_delivery
diff --git a/test/log/2114 b/test/log/2114
index 862f93f..09738fd 100644
--- a/test/log/2114
+++ b/test/log/2114
@@ -1,16 +1,16 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
 1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
 1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
 1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
 1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 SSL verify error: depth=0 error=certificate revoked cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
 1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
 1999-03-02 09:44:33 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
 1999-03-02 09:44:33 SSL verify error: depth=0 error=CRL signature failure cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
diff --git a/test/rejectlog/2003 b/test/rejectlog/2003
index 04c9f95..d495cde 100644
--- a/test/rejectlog/2003
+++ b/test/rejectlog/2003
@@ -1 +1 @@
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
diff --git a/test/rejectlog/2014 b/test/rejectlog/2014
index fb9f7cd..e9ccac7 100644
--- a/test/rejectlog/2014
+++ b/test/rejectlog/2014
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
diff --git a/test/rejectlog/2103 b/test/rejectlog/2103
index 49eab84..b505fcc 100644
--- a/test/rejectlog/2103
+++ b/test/rejectlog/2103
@@ -1 +1 @@
-1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 H=[ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 F=<userx@???> rejected RCPT <userx@???>: unacceptable cipher TLSv1:AES256-SHA:256
diff --git a/test/rejectlog/2114 b/test/rejectlog/2114
index 1438287..c8becde 100644
--- a/test/rejectlog/2114
+++ b/test/rejectlog/2114
@@ -1,3 +1,3 @@
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@???> rejected RCPT <userx@???>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock