When a connection is made or received and STARTTLS is initiated, sendmail updates the value of several macros, among which is this ${tls_version} macro. ${tls_version} stores the TLS version used for the connection. The possible versions are text values that include TLSv1 , SSLv3 , and SSLv2 . The ${tls_version} is used in the standard configuration file as part of the definition of the Received : header: HReceived: $?sfrom $s $.$?_($?s$from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) $.by $j ($v/$Z)$?r with $r$. id $i $?{tls_version} (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$. $?u for $u; $; $.$b If ${tls_version} has a value, the following is included in the Received : header's text: (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify}) If ${tls_version} lacks a value, the preceding text is not included, meaning that a STARTTLS session was not used. ${tls_version} is transient. If it is defined in the configuration file or in the command line, that definition is ignored by sendmail . Note that a $& prefix is necessary when you reference this macro in rules (that is, use $&{tls_version} , not ${tls_version} ). |