/********************* * Plateforme de test * *********************/ 192.168.204.1 Client de messagerie 192.168.204.55 Serveur mail du domaine zeus.fr Utilisateur : samuel.michel@zeus.fr 192.168.204.56 Serveur mail du domaine diane.fr Utilisateur : isabelle.michel@zeus.fr /*************************** * Remise d'un client local * ***************************/ Oct 11 20:12:18 mail postfix/smtpd[4391]: initializing the server-side TLS engine Oct 11 20:12:18 mail postfix/smtpd[4391]: connect from host[192.168.204.1] Oct 11 20:12:19 mail postfix/smtpd[4391]: setting up TLS connection from host[192.168.204.1] Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:before/accept initialization Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:error in SSLv2/v3 read client hello A Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read client hello B Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read client hello B Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:SSLv3 read client hello B Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:SSLv3 write server hello A Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:SSLv3 write certificate A Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:SSLv3 write certificate request A Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:SSLv3 flush data Oct 11 20:12:19 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read client certificate A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read client certificate A /************************************ * Verification du certificat client * ************************************/ Oct 11 20:12:22 mail postfix/smtpd[4391]: certificate verification depth=2 subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC Racine SMCL Cort - Test Oct 11 20:12:22 mail postfix/smtpd[4391]: verify return: 1 Oct 11 20:12:22 mail postfix/smtpd[4391]: certificate verification depth=1 subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC-SUB Zeus Oct 11 20:12:22 mail postfix/smtpd[4391]: verify return: 1 Oct 11 20:12:22 mail postfix/smtpd[4391]: certificate verification depth=0 subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=Samuel MICHEL/emailAddress=samuel.michel@zeus.fr Oct 11 20:12:22 mail postfix/smtpd[4391]: verify return: 1 Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 read client certificate A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 read client key exchange A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 read certificate verify A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:error in SSLv3 read finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 read finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 write change cipher spec A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 write finished A Oct 11 20:12:22 mail postfix/smtpd[4391]: SSL_accept:SSLv3 flush data Oct 11 20:12:22 mail postfix/smtpd[4391]: subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=Samuel MICHEL/emailAddress=samuel.michel@zeus.fr Oct 11 20:12:22 mail postfix/smtpd[4391]: issuer=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC-SUB Zeus /********************************************* * Empreinte du certificat d'authentification * * KeyUsage, Extended KeyUsage * *********************************************/ Oct 11 20:12:22 mail postfix/smtpd[4391]: fingerprint=C9:94:8F:F6:96:D4:B4:E2:34:11:98:E4:4A:58:B1:85 Oct 11 20:12:22 mail postfix/smtpd[4391]: Verified: subject_CN=Samuel MICHEL, issuer=AC-SUB Zeus /*************************** * Algorithme mis en oeuvre * ***************************/ Oct 11 20:12:22 mail postfix/smtpd[4391]: TLS connection established from host[192.168.204.1]: TLSv1 with cipher AES256-SHA (256/256 bits) /************************************************ * Log du script de delegation de politique SMTP * ************************************************/ Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: START : [policyd-fingerprint.php] v1.4 Michel Samuel Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : request=smtpd_access_policy Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : protocol_state=RCPT Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : protocol_name=ESMTP Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : client_address=192.168.204.1 Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : client_name=host Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : helo_name=[192.168.204.1] Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : sender=samuel.michel@zeus.fr Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : recipient=samuel.michel@zeus.fr Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : queue_id= Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : instance=1127.452d3406.0 Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : size=359 Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : sasl_method= Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : sasl_username= Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : sasl_sender= Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : ccert_subject=Samuel MICHEL Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : ccert_issuer=AC-SUB Zeus Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: STDIN : ccert_fingerprint=C9:94:8F:F6:96:D4:B4:E2:34:11:98:E4:4A:58:B1:85 Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: PARAM : samuel.michel@zeus.fr||C9:94:8F:F6:96:D4:B4:E2:34:11:98:E4:4A:58:B1:85 /***************************** * Action retournee a Postfix * *****************************/ Oct 11 20:12:22 mail policyd-fingerprint.php[4396]: ACTION : action=OK User /********************** * Remise au MDA local * **********************/ Oct 11 20:12:22 mail postfix/smtpd[4391]: D8A8319260: client=host[192.168.204.1] Oct 11 20:12:22 mail postfix/cleanup[4397]: D8A8319260: message-id=<455DA97C.8050004@zeus.fr> Oct 11 20:12:22 mail postfix/qmgr[4377]: D8A8319260: from=, size=537, nrcpt=1 (queue active) Oct 11 20:12:22 mail postfix/smtpd[4391]: disconnect from host[192.168.204.1] Oct 11 20:12:23 mail postfix/pipe[4399]: D8A8319260: to=, relay=cyrus, delay=1, status=sent (mail.zeus.fr) Oct 11 20:12:23 mail postfix/qmgr[4377]: D8A8319260: removed -------------------------------------------------------------------- -------------------------------------------------------------------- /********************** * Remise par un relay * **********************/ Oct 11 20:15:33 mail postfix/smtpd[4449]: initializing the server-side TLS engine Oct 11 20:15:33 mail postfix/smtpd[4449]: connect from mail.diane.fr[192.168.204.56] Oct 11 20:15:33 mail postfix/smtpd[4449]: setting up TLS connection from mail.diane.fr[192.168.204.56] Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:before/accept initialization Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:error in SSLv2/v3 read client hello A Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:error in SSLv2/v3 read client hello B Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:SSLv3 read client hello A Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write server hello A Oct 11 20:15:33 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write certificate A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write key exchange A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write certificate request A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 flush data Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read client certificate A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read client certificate A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read client certificate A /************************************ * Verification du certificat client * ************************************/ Oct 11 20:15:34 mail postfix/smtpd[4449]: certificate verification depth=2 subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC Racine SMCL Cort - Test Oct 11 20:15:34 mail postfix/smtpd[4449]: verify return: 1 Oct 11 20:15:34 mail postfix/smtpd[4449]: certificate verification depth=1 subject=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC-SUB Zeus Oct 11 20:15:34 mail postfix/smtpd[4449]: verify return: 1 Oct 11 20:15:34 mail postfix/smtpd[4449]: certificate verification depth=0 subject=/C=FR/L=PARIS/O=S. MICHEL Corp/OU=www.syntaxe-error.com/CN=mail.diane.fr/emailAddress=root@diane.fr Oct 11 20:15:34 mail postfix/smtpd[4449]: verify return: 1 Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 read client certificate A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read client key exchange A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read client key exchange A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 read client key exchange A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read certificate verify A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read certificate verify A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 read certificate verify A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:error in SSLv3 read finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 read finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write change cipher spec A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 write finished A Oct 11 20:15:34 mail postfix/smtpd[4449]: SSL_accept:SSLv3 flush data Oct 11 20:15:34 mail postfix/smtpd[4449]: subject=/C=FR/L=PARIS/O=S. MICHEL Corp/OU=www.syntaxe-error.com/CN=mail.diane.fr/emailAddress=root@diane.fr Oct 11 20:15:34 mail postfix/smtpd[4449]: issuer=/C=FR/L=PARIS/O=S. MICHEL Corp ;-)/OU=www.syntaxe-error.com/CN=AC-SUB Zeus Oct 11 20:15:34 mail postfix/smtpd[4449]: fingerprint=1D:80:3D:71:24:20:74:93:B5:00:70:A6:D3:A1:F4:96 Oct 11 20:15:34 mail postfix/smtpd[4449]: Verified: subject_CN=mail.diane.fr, issuer=AC-SUB Zeus /********************************************* * Empreinte du certificat d'authentification * * KeyUsage, Extended KeyUsage * *********************************************/ Oct 11 20:12:22 mail postfix/smtpd[4391]: fingerprint=C9:94:8F:F6:96:D4:B4:E2:34:11:98:E4:4A:58:B1:85 Oct 11 20:12:22 mail postfix/smtpd[4391]: Verified: subject_CN=Samuel MICHEL, issuer=AC-SUB Zeus /******************************************************************************************************* * Algorithme mis en oeuvre. On notera que l'algorithme est different * * Dans le cas precedent le client de messagerie avait ete configure pour n'utiliser que RSA-AES256-SHA * *******************************************************************************************************/ Oct 11 20:15:34 mail postfix/smtpd[4449]: TLS connection established from mail.diane.fr[192.168.204.56]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) /************************************************ * Log du script de delegation de politique SMTP * ************************************************/ Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: START : [policyd-fingerprint.php] v1.4 Michel Samuel Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : request=smtpd_access_policy Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : protocol_state=RCPT Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : protocol_name=ESMTP Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : client_address=192.168.204.56 Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : client_name=mail.diane.fr Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : helo_name=mail.diane.fr Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : sender=isabelle.michel@diane.fr Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : recipient=samuel.michel@zeus.fr Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : queue_id= Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : instance=1161.452d34c6.0 Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : size=535 Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : sasl_method= Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : sasl_username= Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : sasl_sender= Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : ccert_subject=mail.diane.fr Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : ccert_issuer=AC-SUB Zeus Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: STDIN : ccert_fingerprint=1D:80:3D:71:24:20:74:93:B5:00:70:A6:D3:A1:F4:96 Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: PARAM : isabelle.michel@diane.fr||1D:80:3D:71:24:20:74:93:B5:00:70:A6:D3:A1:F4:96 /***************************** * Action retournee a Postfix * *****************************/ Oct 11 20:15:34 mail policyd-fingerprint.php[4451]: ACTION : action=OK Relay /********************** * Remise au MDA local * **********************/ Oct 11 20:15:34 mail postfix/smtpd[4449]: 57BED1915C: client=mail.diane.fr[192.168.204.56] Oct 11 20:15:34 mail postfix/cleanup[4452]: 57BED1915C: message-id=<455DAA3F.2050902@diane.fr> Oct 11 20:15:34 mail postfix/smtpd[4449]: disconnect from mail.diane.fr[192.168.204.56] Oct 11 20:15:34 mail postfix/qmgr[4377]: 57BED1915C: from=, size=721, nrcpt=1 (queue active) Oct 11 20:15:34 mail postfix/pipe[4454]: 57BED1915C: to=, relay=cyrus, delay=0, status=sent (mail.zeus.fr) Oct 11 20:15:34 mail postfix/qmgr[4377]: 57BED1915C: removed