Bug 758826 - system-config-firewall should include 'submission' in list of known ports
system-config-firewall should include 'submission' in list of known ports
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: system-config-firewall (Show other bugs)
rawhide
All Linux
unspecified Severity low
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
: EasyFix
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-30 14:24 EST by Philip Prindeville
Modified: 2013-11-26 11:37 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-26 11:37:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Trivial patch for submission port (2.83 KB, patch)
2011-11-30 14:24 EST, Philip Prindeville
no flags Details | Diff
Redux of patch with 'submission' and 'ntp' (2.83 KB, patch)
2011-11-30 14:55 EST, Philip Prindeville
no flags Details | Diff
Redux of patch with 'submission' and 'ntp' (3.09 KB, patch)
2011-11-30 14:57 EST, Philip Prindeville
no flags Details | Diff
Redux of patch with 'submission' and 'ntp' (3.09 KB, patch)
2011-11-30 14:59 EST, Philip Prindeville
philipp: review? (twoerner)
Details | Diff

  None (edit)
Description Philip Prindeville 2011-11-30 14:24:19 EST
Created attachment 538755 [details]
Trivial patch for submission port

Description of problem:

Enabling the SMTP port in the firewall is typically not by itself adequate; the Submission port (TCP 587) also needs to be enabled so that local clients may hand off messages to their mailhub for outbound delivery.

Version-Release number of selected component (if applicable):

1.2.29-4

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Philip Prindeville 2011-11-30 14:55:45 EST
Created attachment 538770 [details]
Redux of patch with 'submission' and 'ntp'

Two birds with one stone... adding submission (tcp/587) and ntp (udp/123).
Comment 2 Philip Prindeville 2011-11-30 14:57:41 EST
Created attachment 538773 [details]
Redux of patch with 'submission' and 'ntp'
Comment 3 Philip Prindeville 2011-11-30 14:59:54 EST
Created attachment 538777 [details]
Redux of patch with 'submission' and 'ntp'

Remembering to set flags, etc. this time.
Comment 4 Philip Prindeville 2012-01-05 20:22:51 EST
Is anything else needed from me to unblock this bug?
Comment 5 Philip Prindeville 2012-03-11 17:52:08 EDT
Still hoping for some movement...
Comment 6 Philip Prindeville 2012-04-17 21:45:49 EDT
Just happy to do whatever it takes to move this along...
Comment 7 Thomas Woerner 2012-07-30 07:42:57 EDT
What do you think about this additional service entry?

_Service("msa", _("Mail Submission Agent"), [ ("587", "tcp"), ],
         _("This option allows a mail user agent to submit mails to the MSA for further delivery. The use of an MSA is in common more secure, because a MUA need to be authorized and authenticated to use the mail submission service.")),

It might also be possible to add this to the smtp service entry, but this way both ports are always open even if only one is needed.
Comment 8 Philip Prindeville 2012-07-30 23:56:49 EDT
(In reply to comment #7)
> What do you think about this additional service entry?

That text is fine. What about adding NTP, as per my last patch?

> _Service("msa", _("Mail Submission Agent"), [ ("587", "tcp"), ],
>          _("This option allows a mail user agent to submit mails to the MSA
> for further delivery. The use of an MSA is in common more secure, because a
> MUA need to be authorized and authenticated to use the mail submission
> service.")),
> 
> It might also be possible to add this to the smtp service entry, but this
> way both ports are always open even if only one is needed.

If you have outbound email only, then you'll have the machine accepting local 587 connections, but not smtp connections.

On the other hand, if it's either a relay or a machine that handles inbound mail delivery only, then it will accept incoming smtp only but not msa.
Comment 9 Philip Prindeville 2012-09-26 19:20:15 EDT
This is coming up on a year soon. Can we please get closure on this?
Comment 10 Fedora End Of Life 2013-04-03 15:46:42 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 11 Thomas Woerner 2013-11-06 14:50:23 EST
I'm anticipating pushing an update in a week/2 weeks.
Comment 12 Thomas Woerner 2013-11-26 11:30:24 EST
I have added msa and ntp services for version 1.2.29-11.
Comment 13 Thomas Woerner 2013-11-26 11:37:29 EST
Fixed in rawhide in package system-config-firewall-1.2.29-11.fc21.

Note You need to log in before you can comment on or make changes to this bug.