Wietse Venema:
> Lars Kollstedt:
> > On Montag, 29. April 2019 16:26:45 CEST Wietse Venema wrote:
> > > To really fix this requires some research and field testing.
> >
> > Hi Wietse,
> >
> > that's the reason why I also mentioned, the option to only change
> > the behavior in case of enforced TLS. By ignoring the disable_esmtp
> > option in the case TLS is enforced.
>
> STARTTLS is not the only problem; with disable_esmtp, the ASA breaks
> delivery between MTAs that implement CHUNKING (see my quote from the
> CISCO website). Replacing one problem with another problem is not good.
>
> Time planning:
>
> 1 - Add a disable_chunking workaround, so that CHUNKING does not
> break when disable_esmtp is turned off. This would be needed
> for Postfix 3.4.
The Postfix SMTP client does not send BDAT commands at this time,
but that may change. It's relatively easy to implement, just don't
fold long lines, and don't prepend '.'.
> 2 - Find out what other Postfix features are enabled by default and
> that would break with disable_esmtp turned off. This may be
> needed for Postfix 3.4.
Given the PIX/ASA propensity to screw up (for example breaking mail
from Microsoft servers that send BDAT commands), I am not confident
that turning off 'disable_esmtp' would be safe, because it introduces
potential failure modes that do not exist now.
Instead it would be safe say what ESMTP features may be used, for
example
smtp_pix_esmtp_enable =
starttls, pipelining, dsn, 8bitmime, size, smtputf8
Over time we'll find out what is safe to use.
> 3 - Figure out some way to make disable_esmtp context-sensitive,
Wietse
