On Wed, Aug 02, 2017 at 09:20:46AM -0700, robg...@nospammail.net wrote: > On Wed, Aug 2, 2017, at 09:11 AM, Viktor Dukhovni wrote: > > This is logged at level 1. > > Ok. Then I've got this morning's mystery! > > If my syslog was 'lossy', it woulnd't log it in the loglevel = 2 case would > it?
Hard to say why, but the purpose of log level 1 is precisely to log the TLS connection summary message. > > Until I figure out what's going wrong here, just > > edit main.cf > - smtpd_tls_loglevel=2 > + smtpd_tls_loglevel=1 > postfix reload > > make those entries DISappear, and > > edit main.cf > - smtpd_tls_loglevel=1 > + smtpd_tls_loglevel=2 > postfix reload > > gets them to display again. Use the "collate" program (included with recent Postfix source, and posted multiple times to this list) to report the logging from a single session. With loglevel 1, I get (folded for clarity): Aug 2 16:20:56 amnesiac postfix/smtpd[2134]: connect from russian-caravan.cloud9.net[168.100.1.4] Aug 2 16:20:56 amnesiac postfix/smtpd[2134]: Anonymous TLS connection established from russian-caravan.cloud9.net[168.100.1.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits) Aug 2 16:20:57 amnesiac postfix/smtpd[2134]: 0BB317A3302: client=russian-caravan.cloud9.net[168.100.1.4] Aug 2 16:20:57 amnesiac postfix/cleanup[29826]: 0BB317A3302: message-id=<1501690846.517097.1060983904.61149...@webmail.messagingengine.com> Aug 2 16:20:57 amnesiac postfix/qmgr[1735]: 0BB317A3302: from=<owner-postfix-us...@postfix.org>, size=5193, nrcpt=1 (queue active) Aug 2 16:20:57 amnesiac postfix/smtpd[2134]: disconnect from russian-caravan.cloud9.net[168.100.1.4] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Aug 2 16:20:58 amnesiac postfix/virtual[19431]: 0BB317A3302: to=<viktor@virtual.invalid>, orig_to=<postfix-us...@dukhovni.org>, relay=virtual, delay=1.4, delays=0.88/0.01/0/0.54, dsn=2.0.0, status=sent (delivered to maildir) Aug 2 16:20:58 amnesiac postfix/qmgr[1735]: 0BB317A3302: removed The second log entry is the one you're looking for. You're perhaps searching for the queue-id, that's not available to the Postfix TLS layer, (not even possible when receiving mail, because the queue-id is not assigned until later) and so is not part of the log entry. In any case the TLS details are a connection property, not a message property, and if we ever implement outbound TLS connection re-use, then again the TLS stream is not directly associated with a particular queue-id. -- Viktor.