[exim] $tls_in_cipher in acl_smtp_noquit

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-users
Subject: [exim] $tls_in_cipher in acl_smtp_noquit
Hi!

I try to log all SMTP AUTH sessions which do not send mail actually.

Therefore I mark if a session reaches DATA with
acl_smtp_data:
  warn    set acl_c_datareached = yes


For "acl_smtp_noquit" I use
           logwrite       = H=$sender_fullhost NOQUIT port=$interface_port\
                            ${if ! eq{$tls_in_cipher}{} { X=$tls_in_cipher}}\
                            ${if and {\
                              {! def:$acl_c_datareached}\
                              {! eq{$authenticated_id}{}}\
                         } { A=$sender_host_authenticated:$authenticated_id}}


In acl_smtp_quit I use the same with s/NOQUIT/OKQUIT/.

Since we only allow SMTP AUTH after STARTTLS or on legacy SMTPS/465 I wondered
why I end up with loglines with missing X=<cipher> Tag?

I tcpdump'ed one host with missing cipher. The handshake shows
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)

At the end I see an "Encrypted Alert" packet and finally a RST,ACK packet.
Does this tear down the TLS connection in way that Exim clears $tls_in_cipher
again?

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
Vienna University Computer Center | Austria