Bug 30043 - Allow Message Submission via port 587
Allow Message Submission via port 587
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail
UCS 3.1
Other Linux
: P5 enhancement (vote)
: UCS 4.0-1-errata
Assigned To: Daniel Tröder
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-16 15:02 CET by Janis Meybohm
Modified: 2015-05-07 17:44 CEST (History)
6 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-01-16 15:02:17 CET
We should allow message submission (from mail-clients) via port 587

<http://tools.ietf.org/html/rfc6409>
<http://en.wikipedia.org/wiki/Mail_submission_agent>
Comment 1 Dirk Ahrnke 2015-01-19 12:04:53 CET
also requested in http://forum.univention.de/viewtopic.php?f=28&t=3702
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-01-19 12:06:02 CET
also requested by an additional customer
Comment 3 Daniel Tröder univentionstaff 2015-04-14 17:13:47 CEST
Modified /etc/postfix/master.cf to open the submission port (587). TLS is mandatory for connecting to this port.

Adds UCR variable mail/postfix/mastercf/options/submission/ with default values of
* mail/postfix/mastercf/options/submission/smtpd_sasl_auth_enable=yes
* mail/postfix/mastercf/options/submission/smtpd_enforce_tls=yes

Commit: r72734
Package: mail/univention-mail-postfix
YAML: 2015-04-16-univention-mail-postfix.yaml

Not fixed yet: firewall port must be opened.
Comment 4 Daniel Tröder univentionstaff 2015-04-15 12:45:43 CEST
Packet filter opens TCP/587 now, adds UCR variables:
* security/packetfilter/package/univention-mail-postfix/tcp/587/all="ACCEPT"
* security/packetfilter/package/univention-mail-postfix/tcp/587/all/en="SMTP/submission"

Commit: r59813
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2015-05-06 17:00:30 CEST
sschwardt@dave:~$ ssh 10.200.18.40 ucr get domainname
nstx.local
sschwardt@dave:~$ swaks -s 10.200.18.40 -p 587 -tls -t user1@nstx.local  | grep queued
<~  250 2.0.0 Ok: queued as AAB8512237B
sschwardt@dave:~$ swaks -s 10.200.18.40 -p 587 -tls -t user1@univention.de  | grep denied
<~* 554 5.7.1 <user1@univention.de>: Relay access denied

OK: config change
OK: firewall change
REOPEN: UCR variable description
OK: functional test (see above)
OK: YAML

univention-mail-postfix.univention-config-registry-variables contains a typo within the new EN variable description:
s/submssion/submission/
→ REOPEN
Comment 6 Daniel Tröder univentionstaff 2015-05-07 11:11:31 CEST
Fixed UCR variable description in r60506
Comment 7 Florian Best univentionstaff 2015-05-07 12:40:34 CEST
(In reply to Daniel Tröder from comment #6)
> Fixed UCR variable description in r60506
OK
Comment 8 Janek Walkenhorst univentionstaff 2015-05-07 17:44:27 CEST
<http://errata.univention.de/ucs/4.0/183.html>