"smtpd_tls_received_header = yes" is in the postconf. But I appreciate the heads up on what to look for. So many parameters!
I'm going to set up a different mail client as a double check. The Claws people say nothing has changed on their end, but who knows. If I just set up a second imap, there shouldn't be any lost mail issues. On Wed, 9 Nov 2016 10:17:04 -0600 Noel Jones <njo...@megan.vbhcs.org> wrote: > On 11/9/2016 9:32 AM, li...@lazygranch.com wrote: > > I posted the entire header from claws. That is the receive header > > since I sent the message from yahoo. > > > > There are no Received: headers in what you posted. That's where the > TLS information is found. Either your claws is set to hide those > headers or you've configured postfix header_checks to remove them > with an IGNORE statement. Don't do that. > > > > -- Noel Jones > > > > > Original Message > > From: Noel Jones > > Sent: Wednesday, November 9, 2016 6:53 AM > > To: postfix-users@postfix.org > > Reply To: postfix users > > Subject: Re: TLS details not in header as viewed from email client > > (claws) > > > > On 11/9/2016 2:56 AM, li...@lazygranch.com wrote: > >> I no longer see TLS details in the header. I checked maillog and > >> TLS is being established. > >> --------------- > >> From maillog: > >> Nov 8 07:49:44 theranch postfix/smtpd[30627]: Anonymous TLS > >> connection established from > >> nm27.bullet.mail.ne1.yahoo.com[98.138.90.90]: TLSv1.2 with cipher > >> ECDHE-RSA-AES128-GCM-SHA2 56 (128/128 bits) > >> ------------------------ > >> > >> Header (slightly sanitized to stay off of google) > >> ------------------------------------- > >> From: some dude <somed...@yahoo.com> > >> To: "me" <m...@mydomain.com> > >> Subject: from yahoo > >> Date: Tue, 8 Nov 2016 07:49:41 +0000 (UTC) > >> Reply-To: some dude <somed...@yahoo.com> > >> Return-Path: <somed...@yahoo.com> > >> X-Original-To: m...@mydomain.com > >> Delivered-To: m...@mydomain.com > >> X-Virus-Scanned: amavisd-new at mydomain.com > >> Authentication-Results: www.mydomain.com (amavisd-new); > >> dkim=pass (2048-bit key) header.d=yahoo.com > >> DKIM-Filter: OpenDKIM Filter v2.10.3 www.mydomain.com 6AA43EB20F > >> Authentication-Results: mydomain.com; > >> dkim=pass (2048-bit key; unprotected) header.d=yahoo.com > >> header.i=@yahoo.com header.b=trAlWMaE DKIM-Signature: v=1; > >> a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; > >> t=1478591383; bh=cRZGv5wOLgNFzbAfI5tLNkRMXYbHl/vWifDflA5eMtw=; > >> h=Date:From:Reply-To:To:Subject:References:From:Subject; > >> b=trAlWMaE/s+6aINuk6b6ySW6h1CZF6LiKQOfQgoUg4i8JzjySXbgBkAOuH+GAb55+QQHA6A8sjJeK77UvhVUS+BkAyZMiTAMkt8m9kMe77m31MjzWQ4Ig82CXogOA5+SESyKrwZZAuipFGuIq4APO06SM0hCGBmUJYHNuYytxKpTrW5FT8TFXm89vq2+MspXjd1k75qcQ+fF1kwst3n6X28teuV6o65mInGqL9vkrPrwtOGihdQqcrepyEkRnU7RflFRb1rtC0zS9pVuo1/ZcJjKeldeHsYzDzDpdiOiJNXokcRot/X5yidLYkgI5JkSPbFHe+HgQupWXOxdMxI8iQ== > >> X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: > >> 878361.88180...@omp1007.mail.ne1.yahoo.com X-YMail-OSG: > >> nEWp4QsVM1nZt5mFz73vbEgYx.Lt3B_GBcEvOTw0Vp0LtD3J99f0OjdWkUcARg5 > >> fQOYXcuRTpVY9z.FPYba81.F6ZWzTg7R9.2qD4awC6TFWAARiWK43ECrmkWodJuHDdL8gxc3OyX5 > >> LAcxtI9b9TGqh0OfPAU1dWmpLs3sALzDSN3bWIvvbmDfRoJfwshV.Z3NlBRXE0BTRlXIEZ9yTMHP > >> 7hroI1tkmFwOOVOqUs8YFevk0ma39L1OCaZ4tkr2rr0Tv0pkkgrCdXiHJIWrUNNEHrsQsePKlcn7 > >> 3TI.yj5J2Xocsga14Zqbnn6Nkm8QYuTeELAPA5RIb4VUNcptkCZQcyeUF8ikKx9aVKM31kGveMNe > >> ANNorn_lvKSS9u2P95D2V6dsUcZwujC5ctuWOtFZN1qheWGIOXTfP3HkjaVIq9AYQBFX_EA50W1f > >> 3.O5tpuiZsim9J7g6CQxJPkQq4HzhmTNxAQ6iKABKju3ukJKUoFtNlC8V5qzon6y5M4AJEH3B1ep > >> ObjfCt_ERaTcEhRs2wQ_sCyg- > >> > >> from yahoo > >> ----------------------------------------- > > > > > > > > Where are the Received: headers? Don't remove them. > > > > > > > > -- Noel Jones > > > > > >> > >> > >> # postconf -n (sanitized also) > >> > >> > >> broken_sasl_auth_clients = yes > >> command_directory = /usr/local/sbin > >> compatibility_level = 2 > >> content_filter = amavisfeed:[127.0.0.1]:10024 > >> daemon_directory = /usr/local/libexec/postfix > >> data_directory = /var/db/postfix > >> debug_peer_level = 2 > >> debugger_command = > >> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd > >> $daemon_directory/$process_name $process_id & sleep 5 home_mailbox > >> = Maildir/ html_directory = /usr/local/share/doc/postfix > >> inet_interfaces = all inet_protocols = ipv4 > >> lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > >> lmtp_tls_protocols = !SSLv2, !SSLv3 > >> mail_owner = postfix > >> mailbox_command = /usr/local/libexec/dovecot/deliver > >> mailbox_size_limit = 0 > >> mailq_path = /usr/local/bin/mailq > >> manpage_directory = /usr/local/man > >> message_size_limit = 0 > >> milter_default_action = accept > >> milter_protocol = 6 > >> mydomain = somedomain.com > >> myhostname = www.somedomain.com > >> mynetworks_style = host > >> myorigin = $mydomain > >> newaliases_path = /usr/local/bin/newaliases > >> non_smtpd_milters = $smtpd_milters > >> policyd-spf_time_limit = 3600 > >> queue_directory = /var/spool/postfix > >> readme_directory = /usr/local/share/doc/postfix > >> sample_directory = /usr/local/etc/postfix > >> sendmail_path = /usr/local/sbin/sendmail > >> setgid_group = maildrop > >> smtp_tls_ciphers = medium > >> smtp_tls_exclude_ciphers = EXPORT, LOW > >> smtp_tls_loglevel = 2 > >> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 > >> smtp_tls_protocols = !SSLv2, !SSLv3 > >> smtp_tls_security_level = may > >> smtpd_client_restrictions = permit_sasl_authenticated, > >> permit_mynetworks, reject_unauth_destination, check_client_access > >> hash:/usr/local/etc/postfix/spamsources smtpd_milters = > >> inet:127.0.0.1:8891 smtpd_recipient_restrictions = > >> permit_sasl_authenticated, permit_mynetworks, > >> reject_unauth_destination, check_client_access > >> hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client > >> rhsbl.scientificspam.net, reject_rbl_client bl.spamcop.net, > >> reject_rbl_client cbl.abuseat.org, reject_rbl_client > >> b.barracudacentral.org, reject_rbl_client ix.dnsbl.manitu.net, > >> reject_rbl_client rabl.nuclearelephant.com, reject_rbl_client > >> zen.spamhaus.org, check_policy_service unix:private/policyd-spf, > >> permit smtpd_relay_restrictions = permit_sasl_authenticated, > >> permit_mynetworks, reject_unauth_destination > >> smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth > >> smtpd_sasl_security_options = noanonymous smtpd_sasl_type = > >> dovecot smtpd_sender_restrictions = permit_sasl_authenticated, > >> permit_mynetworks, reject_unauth_destination, check_sender_access > >> hash:/usr/local/etc/postfix/spamsources smtpd_tls_auth_only = yes > >> smtpd_tls_cert_file > >> = /usr/local/etc/ipsec.d/certs/somedomain.com.crt > >> smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = EXPORT, LOW > >> smtpd_tls_key_file > >> = /usr/local/etc/ipsec.d/private/somedomain.com.key > >> smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols > >> = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 > >> smtpd_tls_received_header = yes smtpd_tls_security_level = may > >> smtpd_tls_session_cache_timeout = 3600s tls_random_source = > >> dev:/dev/urandom tlsproxy_tls_mandatory_protocols = > >> $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = > >> $smtpd_tls_protocols unknown_local_recipient_reject_code = 550 > >> virtual_alias_maps = hash:/usr/local/etc/postfix/virtual > >> virtual_gid_maps = static:1003 virtual_mailbox_base > >> = /var/mail/vhosts virtual_mailbox_domains > >> = /usr/local/etc/postfix/virtual_domains virtual_mailbox_limit = 0 > >> virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox > >> virtual_minimum_uid = 1003 virtual_uid_maps = static:1003 > >> > >> ------------------------ > >> # uname -a > >> FreeBSD theranch 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon > >> Oct 24 18:49:24 UTC 2016 > >> r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC > >> amd64 > >> > > >
