[SOLVED] Can zimbra/postfix show encryption levels in Received: header?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
liverpoolfcfan
Elite member
Elite member
Posts: 1105
Joined: Sat Sep 13, 2014 12:47 am

[SOLVED] Can zimbra/postfix show encryption levels in Received: header?

Post by liverpoolfcfan »

When emails are received by zimbra from our external scanning service - Proofpoint- the header just shows "with ESMPTS"

Code: Select all

Received: from dispatch1-eu1.ppe-hosted.com (dispatch1-eu1.ppe-hosted.com [185.132.181.7])
	by mail.mydomain.com (Postfix) with ESMTPS id 9C01E1027CAA0
	for <joebloggs@mydomain.com>; Tue, 13 Apr 2021 09:14:29 +0100 (BST)
whereas the header when Proofpoint receives the mail from the sender contains "(using TLSv1.3 with cipher ...)"

Code: Select all

Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1-eu1.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTPS id 3A0CE80071
	for <joebloggs@mydomain.com>; Tue, 13 Apr 2021 08:14:27 +0000 (UTC)
Is it possible for zimbra/postfix to show the encryption level that was used in the same way as other mail servers do? It is important for some clients to be able to show them the encryption levels end-to-end for their mail delivery.

EDIT: Marked as solved
Last edited by liverpoolfcfan on Tue Apr 13, 2021 11:34 am, edited 1 time in total.
Top
liverpoolfcfan
Elite member
Elite member
Posts: 1105
Joined: Sat Sep 13, 2014 12:47 am

Re: Can zimbra/postfix show encryption levels in Received: header?

Post by liverpoolfcfan »

Answering my own question in case anyone else needs it. The short answer is YES

zimbra has an LDAP configuration setting (zimbraMtaSmtpdTlsReceivedHeader) to control it. The default is set to no. To enable the TLS details in the header, as the zimbra user set the value to yes, and reload postfix.

Code: Select all

zmprov mcf zimbraMtaSmtpdTlsReceivedHeader yes
postfix reload
The resulting Received: header will be something like this (depending on your TLS protocol/cipher configuration settings)

Code: Select all

Received: from dispatch1-eu1.ppe-hosted.com (dispatch1-eu1.ppe-hosted.com [185.183.29.32])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mail.mydomain.com (Postfix) with ESMTPS id 191CF109CEC94
	for <joebloggs@mydomain.com>; Tue, 13 Apr 2021 12:23:19 +0100 (BST)
Top
Post Reply

Return to “Administrators”