Ole Laursen:
> I got a report that our Postfix server wasn't using TLS on outbound
> connections, and looking in the log, it seems like I get a lot of PIX
> workarounds with both gmail.com and Microsoft's service:
>
> postfix/smtp[1243304]: 7BDFA6B7: enabling PIX workarounds: disable_esmtp
> for aspmx.l.google.com[74.125.205.27]:25
>
> I have not followed Postfix history, but it looks to me that the PIX code
> is more than 20 years old and was introduced to handle old Cisco firewalls.
> Surely that's not the the case for gmail.com and Microsoft? If I try
> telnetting the gmail.com server, I get:
>
> telnet aspmx.l.google.com 25
> Trying 74.125.205.26...
> Connected to aspmx.l.google.com.
> Escape character is '^]'.
> 220
> ******************************************************************************
Should have looked like:
Connected to 74.125.205.26.
Escape character is '^]'.
220 mx.google.com ESMTP
c10-20020a2ea78a000000b0024f3b903d0asi6691935ljf.119 - gsmtp
You are talking to a box-in-the-middle. Good luck doing TLS with that.
Wietse
