Anonymous | Login | 2024-12-21 23:43 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0000714 | ClearOS | app-smtp - SMTP Server | public | 2012-08-17 11:39 | 2018-03-07 10:23 | ||||
Reporter | bchambers | ||||||||
Assigned To | user2 | ||||||||
Priority | normal | Severity | feature | Reproducibility | always | ||||
Status | closed | Resolution | no change required | ||||||
Platform | OS | OS Version | |||||||
Product Version | 6.3.0 | ||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0000714: Local subnet not a trusted network by default | ||||||||
Description | In 5.x, some automagic happened (I think) where you did not have to specify your local LAN subnet as trusted. In 6, this is not the case, and will *get* a lot of people when they find they can't send mail through the server without first adding their subnet. Some similar auto-magic should happen as in 5.x or overwrite default main.cf file (mynetworks_style = subnet?) so that sending from LAN is permitted by default. | ||||||||
Additional Information | If you install 6 and receive "Relay access denied" from your mail client while sending from the LAN, navigate to "Server --> Mail --> SMTP" and add your local subnet. For example, if your server's LAN IP is 192.168.1.1, the trusted network would be: 192.168.1.0/24 | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0000550) timb80 (developer) 2012-08-17 15:37 |
Just to clarify behaviour observed in 5.2 - you must setup a trusted network range if you don't use SMTP authentication to allow mail to be sent. However Mail can be sent normally with SMTP authentication and no trusted networks. Mail originating from a trusted network will bypass the authentication check completely, so having both configured can result in a false sense of security... |
(0000551) user2 2012-08-20 07:00 |
The default of trusting the local network is not best practices, so it was dropped in ClearOS 6. I just updated the documentation on the topic. We may want to add a simple on/off option for allowing unauthenticated connections from the LAN, but I would still vote to leave this disabled. Or, just adding a "tooltip" in the sidebar might be better? |
(0000681) user2 2013-02-02 11:55 |
And... if a "mail server" wizard of some kind is created, highlighting this policy would be a good idea. |
Issue History | |||
Date Modified | Username | Field | Change |
2012-08-17 11:39 | bchambers | New Issue | |
2012-08-17 11:39 | bchambers | Status | new => assigned |
2012-08-17 11:39 | bchambers | Assigned To | => user2 |
2012-08-17 15:37 | timb80 | Note Added: 0000550 | |
2012-08-20 07:00 | user2 | Note Added: 0000551 | |
2012-08-20 07:00 | user2 | Severity | minor => feature |
2012-08-20 07:00 | user2 | Description Updated | View Revisions |
2012-08-20 12:34 | user2 | Target Version | 6.3.0 Updates => |
2013-02-02 11:55 | user2 | Note Added: 0000681 | |
2018-03-07 10:23 | user2 | Status | assigned => resolved |
2018-03-07 10:23 | user2 | Resolution | open => no change required |
2018-03-07 10:23 | user2 | Status | resolved => closed |