Hi, log shows:
enabling PIX workarounds: disable_esmtp delay_dotcrlf for mx0.esb.de But the specific workaround 'disable_esmtp' looks like to be the reason for downgrading to plain smtp and disallowing any STARTTLS right? Am Mo., 26. Nov. 2018 um 10:20 Uhr schrieb Patrick Ben Koetter <p...@sys4.de>: > * Stefan Bauer <cubew...@googlemail.com>: > > Dear Users, > > > > we trying to deliver mail to remote party with enforced encrcyption. > > > > 63FFB80805: TLS is required, but was not offered by host mx0.esb.de > > [194.77.230.138] > > > > But looks like, remote device is announcing TLS and can handle it: > > > > # telnet mx0.esb.de 25 > > Trying 194.77.230.138... > > Connected to mx0.esb.de. > > Escape character is '^]'. > > 220 **************** > > ehlo test > > 250-mx0.esb.de > > 250-8BITMIME > > 250-SIZE 52428800 > > 250 STARTTLS > > starttls > > 220 Go ahead with TLS > > > > But the minus "-" is missing in STARTTLS correct? > > Look into your log and you will very likely find something that says: > > Cisco PIX enabled? > > > > Is there a known workaround available? > > > > Maybe some rewrite-voodoo? > > Something – quite likely a Cisco ASA/PIX – manipulates the SMTP server > banner > and the STARTTLS capability announcement. This is what it should look like: > > 220 mail.sys4.de ESMTP Submission > EHLO foo.sys4.de > 250-mail.sys4.de > 250-PIPELINING > 250-SIZE 40960000 > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-DSN > 250 SMTPUTF8 > QUIT > > The $something removes the "ESMTP" in den server banner. Without the string > "ESMTP" the mail client (read: Your Postfix smtp client) cannot know the > remote server supports any of the Enhanced SMTP features, which includes > STARTTLS. It *must* assume the server speak rudimentary SMTP only. > > Thus it uses rudimentary SMTP only, which excludes STARTTLS. And that's > why it > fails in the first. The missing minus "-" just adds to the dilemma. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief > Aufsichtsratsvorsitzender: Florian Kirstein > >
