Bug 39615 - Password reset self service needs a SMTP relay
Password reset self service needs a SMTP relay
Status: RESOLVED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 4.1
Other Linux
: P5 minor (vote)
: ---
Assigned To: Bugzilla Mailingliste
: interim-2
Depends on: 37890 39613
Blocks: 39461 39489 39597
  Show dependency treegraph
 
Reported: 2015-10-22 11:46 CEST by Daniel Tröder
Modified: 2015-10-23 14:33 CEST (History)
7 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Release Goal
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2015-10-22 11:46:15 CEST
+++ This bug was initially created as a clone of Bug #37890 +++

When a token should be sent via email to the external address of a user, a SMTP server that is registered in the domain is searched () and contacted. Then happens:
---
test@example.com': (554, '5.7.1 : Relay access denied')
---
Because relaying a mail for a SMTP client on an external IP without authentication is forbidden - correct.

Problem: we cannot authenticate, because the password is unknown.
Solutions:
* allow all UCS servers to relay without auth: half-open relay - bad!
* use localhost: would work, no auth needed, but the server would have to have a relay path configured. This is well documented. Can we expect this from customers? May include the next point.
* create a user on the mail server for relaying: raises user-count (license)?
Comment 1 Daniel Tröder univentionstaff 2015-10-23 14:33:30 CEST
We decided to expect the administrator to make sure the server the backend runs on can send mails away (r64800).