Wietse Venema:
> Thomas Z?ch:
> > Hi All,
> >
> > when attempting to enforce TLS with a remote server i saw it failing.
> > The reason turned out to be with the remote server-banner consisting
> > of '*'-characters only. The local postfix-smtp in this case insisted
>
> The server is behind a CISCO PIX (or CISCO ASA) device with smtp
> fixup enabled. That will replace text with *.
>
> > I'ld like to understand if i can override/force postfix-smtp to send
> > "EHLO" in all cases instead (... postfix configured with
>
> Please show evidence it does NOT send EHLO.
I just remember from years ago that some CISCOS in fixup mode will
reject EHLO, and some will reject STARTTLS, depending on configuration.
On the upside, one does not have to worry about TLS downgrade atttacks.
Wietse
