Save TLS connection trustlevel as variable

postfix.grok

@@ -23,7 +23,8 @@ POSTFIX_KEYVALUE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_KEYVALUE_DATA:pos
 POSTFIX_WARNING_LEVEL (warning|fatal|info)
 POSTFIX_VERIFY_CLEANUP_TYPE (full|partial)
 
-POSTFIX_TLSCONN (Anonymous|Trusted|Untrusted|Verified) TLS connection established (to %{POSTFIX_RELAY_INFO}|from %{POSTFIX_CLIENT_INFO}): %{DATA:postfix_tls_version} with cipher %{DATA:postfix_tls_cipher} \(%{DATA:postfix_tls_cipher_size} bits\)( key-exchange %{DATA:postfix_tls_key_exchange} server-signature %{DATA:postfix_tls_server_signature} \(%{DATA:postfix_tls_server_signature_size} bits\) server-digest %{DATA:postfix_tls_server_digest})?
+
+POSTFIX_TLSCONN %{DATA:postfix_tls_trustlevel} TLS connection established (to %{POSTFIX_RELAY_INFO}|from %{POSTFIX_CLIENT_INFO}): %{DATA:postfix_tls_version} with cipher %{DATA:postfix_tls_cipher} \(%{DATA:postfix_tls_cipher_size} bits\)( key-exchange %{DATA:postfix_tls_key_exchange} server-signature %{DATA:postfix_tls_server_signature} \(%{DATA:postfix_tls_server_signature_size} bits\) server-digest %{DATA:postfix_tls_server_digest})?
 POSTFIX_TLSVERIFICATION certificate verification failed for %{POSTFIX_RELAY_INFO}: %{GREEDYDATA:postfix_tls_error}
 
 POSTFIX_DELAYS %{NUMBER:postfix_delay_before_qmgr}/%{NUMBER:postfix_delay_in_qmgr}/%{NUMBER:postfix_delay_conn_setup}/%{NUMBER:postfix_delay_transmission}

test/smtp_0003.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Untrusted TLS connection established to mx4.hotmail.com[65.55.92.136]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Untrusted
     postfix_relay_hostname: mx4.hotmail.com
     postfix_relay_ip: 65.55.92.136
     postfix_relay_port: 25

test/smtp_0004.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:2525: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Untrusted
     postfix_relay_hostname: 127.0.0.1
     postfix_relay_ip: 127.0.0.1
     postfix_relay_port: 2525

test/smtp_0015.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Trusted TLS connection established to gmail-smtp-in.l.google.com[74.125.136.26]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)"
 results:
+    postfix_tls_trustlevel: Trusted
     postfix_relay_hostname: gmail-smtp-in.l.google.com
     postfix_relay_ip: 74.125.136.26
     postfix_relay_port: 25

test/smtp_0016.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTP}$
 data: "Verified TLS connection established to mail.sys4.de[2001:1578:400:111::7]:25: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Verified
     postfix_relay_hostname: mail.sys4.de
     postfix_relay_ip: 2001:1578:400:111::7
     postfix_relay_port: 25

test/smtpd_0010.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTPD}$
 data: "Anonymous TLS connection established from julie.example.com[10.163.89.202]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)"
 results:
+    postfix_tls_trustlevel: Anonymous
     postfix_client_hostname: julie.example.com
     postfix_client_ip: 10.163.89.202
     postfix_tls_version: TLSv1.2

test/smtpd_0037.yaml

@@ -1,6 +1,7 @@
 pattern: ^%{POSTFIX_SMTPD}$
 data: "Anonymous TLS connection established from julie.example.com[10.163.89.202]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256"
 results:
+    postfix_tls_trustlevel: Anonymous
     postfix_client_hostname: julie.example.com
     postfix_client_ip: 10.163.89.202
     postfix_tls_version: TLSv1.3