Feature #2919

mail-server: configure IP-based access policy from UI

Added by Davide Principi almost 5 years ago. Updated over 4 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-common
Target version:v6.6
Resolution: NEEDINFO:No

Description

The /etc/postfix/access template can be changed only by custom-template fragments. Implement a server-manager page to change it from UI.


Related issues

Related to NethServer 6 - Enhancement #3195: Event trusted-networks-modify CLOSED

Associated revisions

Revision bf467fd5
Added by Davide Principi over 4 years ago

Added access.cidr table to check client access. Refs #2919

Revision 52e9830e
Added by Davide Principi over 4 years ago

SmtpAccess page: access policy whitelist based on client IP address. Refs #2919

Revision 00763a74
Added by Davide Principi over 4 years ago

Admin manual: new Email > SMTP access page. Refs #2919

Revision 488d4acd
Added by Davide Principi over 4 years ago

Added `Enable authentication on port 25` option. Refs #2919

Revision d17c7680
Added by Davide Principi over 4 years ago

Fixed RST formatting. Refs #2919

Revision ef11a254
Added by Davide Principi over 4 years ago

Merge pull request #70 from DavidePrincipi/master

Admin manual: new Email > SMTP access page. Refs #2919

Revision df8a318d
Added by Davide Principi over 4 years ago

Updated Italian translation for mail.rst. Refs #2990 #2919

Revision 199843d0
Added by Davide Principi over 4 years ago

Inline help: updated Italian translations for Email page. Refs #2990 #2919

History

#1 Updated by Davide Principi almost 5 years ago

  • Target version set to v6.6-beta1

#2 Updated by Giacomo Sanchietti almost 5 years ago

  • Target version changed from v6.6-beta1 to ~FUTURE

#3 Updated by Filippo Carletti over 4 years ago

  • Target version changed from ~FUTURE to v6.6

#4 Updated by Giacomo Sanchietti over 4 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#5 Updated by Davide Principi over 4 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#6 Updated by Davide Principi over 4 years ago

  • Category changed from nethserver-mail-server to nethserver-mail-common

#7 Updated by Davide Principi over 4 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

MODIFIED

  • Added new "SMTP access" tab under Email page.
  • Updated online help file.
  • Added i18n strings

Execute the following test cases, in order.

Test case 1

  • upgrade to modified version
  • configure a client to send mail on port 25 without SMTP/AUTH
  • sending a message (relay) should be denied
  • add your client IP address to Allow relay from IP addresses and Save
  • relay should now be allowed

Test case 2

  • Proceed from test case 1, remove all IP entries and enable Allow relay from trusted networks.
  • If your client is in a trusted network relaying must continue to work.
  • By disabling the checkbox the relay is forbidden again.

Test case 3

  • Proceed form test case 2, set Enable authentication on port 25 checkbox and save
  • Enable SMTP auth on your mail client
  • relaying a message on port 25 must work.

#8 Updated by Davide Principi over 4 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-common-1.4.5-1.7.g9c51723.ns6.noarch.rpm
nethserver-mail-common-1.4.5-1.8.g488d4ac.ns6.noarch.rpm

PACKAGER NOTE

#9 Updated by Vasco Castelo Branco over 4 years ago

  • Assignee set to Vasco Castelo Branco

#10 Updated by Vasco Castelo Branco over 4 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Vasco Castelo Branco)
  • % Done changed from 70 to 20

Test case 2
Is not possible to relay if the trusted network is the openvpn network

I was able to relay with the openvpn client IP configured in Allow relay from IP addresses (test case 1)

#11 Updated by Davide Principi over 4 years ago

  • Status changed from TRIAGED to MODIFIED
  • % Done changed from 20 to 60

Vasco Castelo Branco wrote:

Test case 2
Is not possible to relay if the trusted network is the openvpn network

Thanks for pointing it out. I can't fix this problem in nethserver-mail-common; it is a bug (or missing feature, still unimplemented!) in NetworksDB::local_access_spec, see #3195.

If there are no other issues, please set status to VERIFIED.

#12 Updated by Davide Principi over 4 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee set to Vasco Castelo Branco
  • % Done changed from 60 to 70

#13 Updated by Davide Principi over 4 years ago

#14 Updated by Vasco Castelo Branco over 4 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Vasco Castelo Branco)
  • % Done changed from 70 to 90

#15 Updated by Davide Principi over 4 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-mail-common-1.5.0-1.ns6.noarch.rpm

Also available in: Atom PDF