Created attachment 538755 [details] Trivial patch for submission port Description of problem: Enabling the SMTP port in the firewall is typically not by itself adequate; the Submission port (TCP 587) also needs to be enabled so that local clients may hand off messages to their mailhub for outbound delivery. Version-Release number of selected component (if applicable): 1.2.29-4 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 538770 [details] Redux of patch with 'submission' and 'ntp' Two birds with one stone... adding submission (tcp/587) and ntp (udp/123).
Created attachment 538773 [details] Redux of patch with 'submission' and 'ntp'
Created attachment 538777 [details] Redux of patch with 'submission' and 'ntp' Remembering to set flags, etc. this time.
Is anything else needed from me to unblock this bug?
Still hoping for some movement...
Just happy to do whatever it takes to move this along...
What do you think about this additional service entry? _Service("msa", _("Mail Submission Agent"), [ ("587", "tcp"), ], _("This option allows a mail user agent to submit mails to the MSA for further delivery. The use of an MSA is in common more secure, because a MUA need to be authorized and authenticated to use the mail submission service.")), It might also be possible to add this to the smtp service entry, but this way both ports are always open even if only one is needed.
(In reply to comment #7) > What do you think about this additional service entry? That text is fine. What about adding NTP, as per my last patch? > _Service("msa", _("Mail Submission Agent"), [ ("587", "tcp"), ], > _("This option allows a mail user agent to submit mails to the MSA > for further delivery. The use of an MSA is in common more secure, because a > MUA need to be authorized and authenticated to use the mail submission > service.")), > > It might also be possible to add this to the smtp service entry, but this > way both ports are always open even if only one is needed. If you have outbound email only, then you'll have the machine accepting local 587 connections, but not smtp connections. On the other hand, if it's either a relay or a machine that handles inbound mail delivery only, then it will accept incoming smtp only but not msa.
This is coming up on a year soon. Can we please get closure on this?
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
I'm anticipating pushing an update in a week/2 weeks.
I have added msa and ntp services for version 1.2.29-11.
Fixed in rawhide in package system-config-firewall-1.2.29-11.fc21.