On 2022-05-02 04:42, Ole Laursen wrote:
I got a report that our Postfix server wasn't using TLS on outbound
connections, and looking in the log, it seems like I get a lot of PIX
workarounds with both gmail.com [1] and Microsoft's service:
postfix/smtp[1243304]: 7BDFA6B7: enabling PIX workarounds:
disable_esmtp for aspmx.l.google.com [2][74.125.205.27]:25
I have not followed Postfix history, but it looks to me that the PIX
code is more than 20 years old and was introduced to handle old Cisco
firewalls. Surely that's not the the case for gmail.com [1] and
Microsoft? If I try telnetting the gmail.com [1] server, I get:
It is not the case for Google and Microsoft. It is the case for YOU.
telnet aspmx.l.google.com [2] 25
Trying 74.125.205.26...
Connected to aspmx.l.google.com [2].
Escape character is '^]'.
220
******************************************************************************
At the moment, I'm working around this by excluding disable_esmtp:
The only workaround is to get rid of or fix the PIX/ASA.
If your provider is doing this to you, complain.
--
http://rob0.nodns4.us/
