From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id ED85B694D7 for ; Mon, 22 Mar 2021 15:10:50 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DB0AF24AD1 for ; Mon, 22 Mar 2021 15:10:20 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5216A24AC4 for ; Mon, 22 Mar 2021 15:10:20 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 19335426D2 for ; Mon, 22 Mar 2021 15:10:20 +0100 (CET) Date: Mon, 22 Mar 2021 15:10:19 +0100 From: Stoiko Ivanov To: Mira Limbeck Cc: pmg-devel@lists.proxmox.com Message-ID: <20210322151019.3dce61f4@rosa.proxmox.com> In-Reply-To: <20210322122327.24308-1-m.limbeck@proxmox.com> References: <20210322122327.24308-1-m.limbeck@proxmox.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.062 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH v2 log-tracker] close #2106: show outgoing TLS connection in tracking center X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2021 14:10:51 -0000 LGTM now! Tested-By: Stoiko Ivanov Reviewed-By: Stoiko Ivanov On Mon, 22 Mar 2021 13:23:27 +0100 Mira Limbeck wrote: > This is a best effort try to add the outgoing TLS connection information > to the output of pmg-log-tracker. The only thing we can match on is the > PID of the 'smtp' process. In the code we asumme that the TLS log entry > always happens before the actual smtp send entry that has a QID. This means > we save the TLS log entry in a map with the PID as key and then, once the > send entry happens, we look it up and add the log entry to the QEntry's > logs. > > Signed-off-by: Mira Limbeck > --- > v2: > - added 'Untrusted' line match as well > > src/main.rs | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > diff --git a/src/main.rs b/src/main.rs > index 5069252..a186620 100644 > --- a/src/main.rs > +++ b/src/main.rs > @@ -378,6 +378,18 @@ fn handle_qmgr_message(msg: &[u8], parser: &mut Parser, complete_line: &[u8]) { > > // handle log entries for 'lmtp', 'smtp', 'error' and 'local' > fn handle_lmtp_message(msg: &[u8], parser: &mut Parser, complete_line: &[u8]) { > + if msg.starts_with(b"Trusted TLS connection established to") > + || msg.starts_with(b"Untrusted TLS connection established to") > + { > + // the only way to match outgoing TLS connections is by smtp pid > + // this message has to appear before the 'qmgr: : removed' entry in the log > + parser.smtp_tls_log_by_pid.insert( > + parser.current_record_state.pid, > + (complete_line.into(), parser.lines), > + ); > + return; > + } > + > let (qid, data) = match parse_qid(msg, 15) { > Some((q, t)) => (q, t), > None => return, > @@ -393,6 +405,14 @@ fn handle_lmtp_message(msg: &[u8], parser: &mut Parser, complete_line: &[u8]) { > .log > .push((complete_line.into(), parser.lines)); > > + // assume the TLS log entry always appears before as it is the same process > + if let Some(log_line) = parser > + .smtp_tls_log_by_pid > + .remove(&parser.current_record_state.pid) > + { > + qe.borrow_mut().log.push(log_line); > + } > + > let data = &data[2..]; > if !data.starts_with(b"to=<") { > return; > @@ -1668,6 +1688,8 @@ struct Parser { > fentries: HashMap, Rc>>, > qentries: HashMap, Rc>>, > > + smtp_tls_log_by_pid: HashMap, u64)>, > + > current_record_state: RecordState, > rel_line_nr: u64, > > @@ -1705,6 +1727,7 @@ impl Parser { > sentries: HashMap::new(), > fentries: HashMap::new(), > qentries: HashMap::new(), > + smtp_tls_log_by_pid: HashMap::new(), > current_record_state: Default::default(), > rel_line_nr: 0, > current_year: years,