On Fri, 22 Mar 2019 03:41:03 +0900 Yasuhiro KIMURA <y...@utahime.org> wrote:
> There is following rule in ignore.d.server/postfix.
>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]:
> ((Anonymous|Trusted|Verified) )?TLS connection established (to|from)
> [^[:space:]]+: (TLSv1(\.[[:digit:]])?|SSLv[23]) with cipher [^[:space:]]+
> \([/[:digit:]]+ bits\)$
>
> This rule is for log message written when TLS connection is established.
> But when TLS 1.3 is used log message is written as following.
>
> Mar 22 03:02:05 mailclient postfix/smtp[12345]: Trusted TLS connection
> established to mailserver.example.org[192.168.0.1]:25: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> RSA-PSS (4096 bits) server-digest SHA256
>
> And it doesn't match with above rule.
> I checked definition of tls_log_summary()(function that write this
> message) in src/tls/tls_misc.c of Postfix 3.4.4.
> According to it the rule should be updated as following.
>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]:
> ((Anonymous|Trusted|Untrusted|Verified) )?TLS connection (established|reused)
> (to|from) [^[:space:]]+( to [^[:space:]]+)?: (TLSv1(\.[[:digit:]])?|SSLv[23])
> with cipher [^[:space:]]+ \([[:digit:]]+/[[:digit:]]+ bits\)( key-exchange
> [^[:space:]]+( \(([^[:space:]]+|[[:digit:]]+ bits)\))?)?( server-signature
> [^[:space:]]+( \(([^[:space:]]+|[[:digit:]]+ bits)\))?( server-digest
> [^[:space:]]+)?)?( client-signature
> [^[:space:]]+(\(([^[:space:]]+|[[:digit:]]+ bits)\))?( client-digest
> [^[:space:]]+)?)?$
>
Is this request from 2019 still valid - it looks close, but eg
according to
https://salsa.debian.org/postfix-team/postfix-dev/-/blob/debian/master/src/tls/tls_misc.c?ref_type=heads#L1216
the first bit is not optional, i struggled to match some of the rest,
eg ([^[:space:]]+|[[:digit:]]+ bits seems a bit odd, since the
"|[[:digit:]]" is not needed
So perhaps this needs updating?
