Bug 30043 - Allow Message Submission via port 587
Allow Message Submission via port 587
Product: UCS
Classification: Unclassified
Component: Mail
UCS 3.1
Other Linux
: P5 enhancement (vote)
: UCS 4.0-1-errata
Assigned To: Daniel Tröder
Florian Best
Depends on:
  Show dependency treegraph
Reported: 2013-01-16 15:02 CET by Janis Meybohm
Modified: 2015-05-07 17:44 CEST (History)
6 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-01-16 15:02:17 CET
We should allow message submission (from mail-clients) via port 587

Comment 1 Dirk Ahrnke 2015-01-19 12:04:53 CET
also requested in http://forum.univention.de/viewtopic.php?f=28&t=3702
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2015-01-19 12:06:02 CET
also requested by an additional customer
Comment 3 Daniel Tröder univentionstaff 2015-04-14 17:13:47 CEST
Modified /etc/postfix/master.cf to open the submission port (587). TLS is mandatory for connecting to this port.

Adds UCR variable mail/postfix/mastercf/options/submission/ with default values of
* mail/postfix/mastercf/options/submission/smtpd_sasl_auth_enable=yes
* mail/postfix/mastercf/options/submission/smtpd_enforce_tls=yes

Commit: r72734
Package: mail/univention-mail-postfix
YAML: 2015-04-16-univention-mail-postfix.yaml

Not fixed yet: firewall port must be opened.
Comment 4 Daniel Tröder univentionstaff 2015-04-15 12:45:43 CEST
Packet filter opens TCP/587 now, adds UCR variables:
* security/packetfilter/package/univention-mail-postfix/tcp/587/all="ACCEPT"
* security/packetfilter/package/univention-mail-postfix/tcp/587/all/en="SMTP/submission"

Commit: r59813
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2015-05-06 17:00:30 CEST
sschwardt@dave:~$ ssh ucr get domainname
sschwardt@dave:~$ swaks -s -p 587 -tls -t user1@nstx.local  | grep queued
<~  250 2.0.0 Ok: queued as AAB8512237B
sschwardt@dave:~$ swaks -s -p 587 -tls -t user1@univention.de  | grep denied
<~* 554 5.7.1 <user1@univention.de>: Relay access denied

OK: config change
OK: firewall change
REOPEN: UCR variable description
OK: functional test (see above)

univention-mail-postfix.univention-config-registry-variables contains a typo within the new EN variable description:
Comment 6 Daniel Tröder univentionstaff 2015-05-07 11:11:31 CEST
Fixed UCR variable description in r60506
Comment 7 Florian Best univentionstaff 2015-05-07 12:40:34 CEST
(In reply to Daniel Tröder from comment #6)
> Fixed UCR variable description in r60506
Comment 8 Janek Walkenhorst univentionstaff 2015-05-07 17:44:27 CEST