ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0020391ClearCenterapp-clearglass - ClearGLASS Enginepublic2018-06-20 01:202018-06-20 07:51
ReporterNickH 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionduplicate 
PlatformOSOS Version
Product Version7.4.0 Updates 
Target VersionFixed in Version 
Summary0020391: Handle the SMTP Trusted Network in a user friendly and mainatinable way
DescriptionCurrently to enable ClearGLASS to send e-mails, ClearGLASS just adds the subnet 172.16/12 to the mynetworks parameter in /etc/postfix/main.cf when only a /16 subnet is needed. Also, from the way it is done, it appears to the sysop in the Webconfig SMTP Trusted Networks as a normal subnet he may have added and it risks deletion by the sysop. Added to this, the ClearOS recommended SMTP security model is to use user/pass authentication and not use Trusted networks, yet here we have suddenly trusted the whole 172.16/12 address space which may also cover some of the normal LAN subnets. The subnet is not programatically maintainable as it may also have been added by the sysop.

There is a very simple alternative. Add a parameter to /etc/postfix/main.cf e.g. clearglassnetwork and set it to the ClearGlass subnet which can be derived from the br-????? interface. Then append ", $clearglassnetwork" to mynetworks in /etc/postfix/main.cf and reload postfix. This way clearglassnetwork is programatically maintainable. It also shows in the webconfig as "$clearglassnetwork" so it is clear to the sysop that it is a special parameter and the webconfig still functions without any modification (I have tested it).

This change can be taken one step further. Currently the SMTP Webconfig hides the loopback subnets. It could also be made to hide any parameter beginning with $
TagsNo tags attached.
Attached Files

- Relationships
duplicate of 0019311closeddloper ClearOS Integrate outbound mail settings with Postfix 

-  Notes
(0007581)
user2
2018-06-20 07:51

This overlaps with the feature request in 0019311. Ultimately, any app - not just ClearGLASS - should be able to request outbound mail services from the Postfix SMTP mail system.

The 0019311 implementation will likely mimic the SDN infrastructure for mail services. Due to the nature of constantly changing IPs in a cloud environment, the SDN implementation is based on service accounts (username/password) instead of IP addresses .

- Issue History
Date Modified Username Field Change
2018-06-20 01:20 NickH New Issue
2018-06-20 07:51 user2 Note Added: 0007581
2018-06-20 07:51 user2 Relationship added duplicate of 0019311
2018-06-20 07:51 user2 Status new => resolved
2018-06-20 07:51 user2 Resolution open => duplicate
2018-06-20 07:51 user2 Assigned To => user2
2018-06-20 07:51 user2 Status resolved => closed
2018-06-20 07:51 user2 Assigned To user2 =>