Feature #2919
mail-server: configure IP-based access policy from UI
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-mail-common | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
The /etc/postfix/access
template can be changed only by custom-template fragments. Implement a server-manager page to change it from UI.
Related issues
Associated revisions
Added access.cidr table to check client access. Refs #2919
SmtpAccess page: access policy whitelist based on client IP address. Refs #2919
Admin manual: new Email > SMTP access page. Refs #2919
Added `Enable authentication on port 25` option. Refs #2919
Fixed RST formatting. Refs #2919
Merge pull request #70 from DavidePrincipi/master
Admin manual: new Email > SMTP access page. Refs #2919
History
#1 Updated by Davide Principi over 6 years ago
- Target version set to v6.6-beta1
#2 Updated by Giacomo Sanchietti over 6 years ago
- Target version changed from v6.6-beta1 to ~FUTURE
#3 Updated by Filippo Carletti over 6 years ago
- Target version changed from ~FUTURE to v6.6
#4 Updated by Giacomo Sanchietti about 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#5 Updated by Davide Principi about 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#6 Updated by Davide Principi about 6 years ago
- Category changed from nethserver-mail-server to nethserver-mail-common
#7 Updated by Davide Principi about 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
MODIFIED
- Added new "SMTP access" tab under Email page.
- Updated online help file.
- Added i18n strings
Execute the following test cases, in order.
Test case 1
- upgrade to modified version
- configure a client to send mail on port 25 without SMTP/AUTH
- sending a message (relay) should be denied
- add your client IP address to
Allow relay from IP addresses
andSave
- relay should now be allowed
Test case 2
- Proceed from test case 1, remove all IP entries and enable
Allow relay from trusted networks
. - If your client is in a trusted network relaying must continue to work.
- By disabling the checkbox the relay is forbidden again.
Test case 3
- Proceed form test case 2, set
Enable authentication on port 25
checkbox andsave
- Enable SMTP auth on your mail client
- relaying a message on port 25 must work.
#8 Updated by Davide Principi about 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-mail-common-1.4.5-1.7.g9c51723.ns6.noarch.rpm
nethserver-mail-common-1.4.5-1.8.g488d4ac.ns6.noarch.rpm
PACKAGER NOTE
- Push translations to Transifex
- Merge admin manual pull request https://github.com/NethServer/nethserver-docs/pull/70
#9 Updated by Vasco Castelo Branco about 6 years ago
- Assignee set to Vasco Castelo Branco
#10 Updated by Vasco Castelo Branco about 6 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Vasco Castelo Branco) - % Done changed from 70 to 20
Test case 2
Is not possible to relay if the trusted network is the openvpn network
I was able to relay with the openvpn client IP configured in Allow relay from IP addresses (test case 1)
#11 Updated by Davide Principi about 6 years ago
- Status changed from TRIAGED to MODIFIED
- % Done changed from 20 to 60
Vasco Castelo Branco wrote:
Test case 2
Is not possible to relay if the trusted network is the openvpn network
Thanks for pointing it out. I can't fix this problem in nethserver-mail-common; it is a bug (or missing feature, still unimplemented!) in NetworksDB::local_access_spec
, see #3195.
If there are no other issues, please set status to VERIFIED.
#12 Updated by Davide Principi about 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee set to Vasco Castelo Branco
- % Done changed from 60 to 70
#13 Updated by Davide Principi about 6 years ago
- Related to Enhancement #3195: Event trusted-networks-modify added
#14 Updated by Vasco Castelo Branco about 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Vasco Castelo Branco) - % Done changed from 70 to 90
#15 Updated by Davide Principi about 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-mail-common-1.5.0-1.ns6.noarch.rpm