[Bug 247352] New: sendmail - Ports for SuSEfirewall added via packages
https://bugzilla.novell.com/show_bug.cgi?id=247352 Summary: sendmail - Ports for SuSEfirewall added via packages Product: openSUSE 10.3 Version: Alpha 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: werner@novell.com ReportedBy: locilka@novell.com QAContact: qa@suse.de There is a new feature: FATE #300687: Ports for SuSEfirewall2 added via packages implemented in SuSEfirewall2 and YaST2-Firewall. This functionality offers to define needed ports for particular package. The definition is then transparently used in Firewall. Please, add such definition into the package mentioned in $subject by following steps in this article: http://en.opensuse.org/SuSEfirewall2/Service_Definitions_Added_via_Packages Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 locilka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 werner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |locilka@novell.com ------- Comment #1 from werner@novell.com 2007-02-21 08:26 MST ------- AFAIK the port 25 (SMTP) and port 587 (Message Submission if used) and maybe port 113 (for Authentication) are closed for any external device. Why should I open this now? See SMTPD_LISTEN_REMOTE in /etc/sysconfig/mail which defaults to "no" ... and there is _NO_ explanation how this open ports are controlled (aka closed) by the sendmail/postfix configuration. IMHO such a configuration file should only used if the user is asked about. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 locilka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|locilka@novell.com |security-team@suse.de ------- Comment #2 from locilka@novell.com 2007-02-21 08:28 MST ------- Reassigning need~info to security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 werner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|security-team@suse.de |locilka@novell.com ------- Comment #3 from werner@novell.com 2007-02-21 08:32 MST ------- The variable SMTPD_LISTEN_REMOTE forbidds or allow any remote port connection of the local host. If it is set to "no" sendmail and also postfix listen on port 25 from 127.0.0.0 only. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 werner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|locilka@novell.com |security-team@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #4 from locilka@novell.com 2007-02-21 09:00 MST ------- Actually, adding a service-definition into the package doesn't open any port. User needs to run YaST Firewall and select the service to be allowed from the selected firewall zone (or to edit /etc/sysconfig/SuSEfirewall2 manually). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de ------- Comment #5 from meissner@novell.com 2007-02-21 09:05 MST ------- This is to a large degree a UI issue in the YAST Mail module, where you need to both open the firewall port and enable remote listening to get mails from the outside. It also is an issue if you do configuration by hand, where ysou have to touch 2 files (/etc/sysconfig/SuSEfirewall2 and /etc/sysconfig/mail). will need more review/discussion. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #6 from locilka@novell.com 2007-02-21 09:11 MST ------- If the mail service is configured by YaST, YaST can also modify the sendmail-service configuration file. This will be probably handled the very same way for YaST HTTP Server where YaST allows to setup apache2 to listen on several ports (and turning https (443) port on and off). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 lnussel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|security-team@suse.de | ------- Comment #7 from lnussel@novell.com 2007-02-22 02:35 MST ------- The files are not config files from rpm's point of view and reside in /usr, ie you need to consider them read only and cannot modify them. If modifying those files is desireable then we should move them to /etc. Wrt the need to modify two files in order to actually allow remote access: you can just add a note about that in the description. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #8 from locilka@novell.com 2007-02-22 02:45 MST ------- Ludwig, maybe it would make sense to modify that file externally because it actually might be kind of configuration... Having it static is similar to the static list in SuSEFirewallServices YCP module which didn't work well just because of the need to turn on/off some ports sometimes (cups, http server, squid, everywhere you can configure ports). Consider that, please. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #9 from werner@novell.com 2007-02-22 06:47 MST ------- Which files are considered to be configurations files? AFAIK all sendmail configurations file are located in /etc and /etc/mail. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #10 from lnussel@novell.com 2007-02-22 08:39 MST ------- Werner, I was not referring to files from the sendmail package but to the SuSEfirewall2 files in /usr/share/SuSEfirewall2/services. Having yast modify them would be bad style. We need to find a place in /etc if we wanted to allow that. We could introduce /etc/SuSEfirewall2/services or /etc/sysconfig/network/firewall/services for example. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #11 from locilka@novell.com 2007-02-22 09:59 MST ------- See the discussion in bug #247352 before fixing, please ;) The location of that requested file might be different from the current one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 mrueckert@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |247748 nThis| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #13 from lnussel@novell.com 2007-03-01 08:46 MST ------- per discuission with Lukas in IRC let's use /etc/sysconfig/SuSEfirewall2.d/services -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 mmarek@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #14 from mmarek@novell.com 2007-03-08 07:18 MST ------- done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 mmarek@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #15 from mmarek@novell.com 2007-03-08 07:18 MST ------- sorry! wrong browser window. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #16 from werner@novell.com 2007-04-24 10:44 MST ------- This has to be fixed for postfix, currently /usr/share/SuSEfirewall2/services/postfix instead of /etc/sysconfig/SuSEfirewall2.d/services/postfix is used. Beside this, how do I enable an other port if the user has choosen an other port within sendmail configuration (e.g. not 25 and not 465)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #17 from mrueckert@novell.com 2007-04-24 10:48 MST ------- another question from my side: http://en.opensuse.org/SuSEfirewall2/Service_Definitions_Added_via_Packages shows unused values as "" e.g. for RPC. is this required? or do we only need to mention the actually used parts? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 werner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Comment #18 from werner@novell.com 2007-04-24 10:49 MST ------- Added /etc/sysconfig/SuSEfirewall2.d/services/sendmail which is identical to those file of postfix. For the wrong location of /usr/share/SuSEfirewall2/services/postfix a new bug should be opened. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #19 from locilka@novell.com 2007-04-24 11:42 MST ------- IMHO empty values are not needed, they are probably empty by default but to be sure... I'd leave also the empty one -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247352 ------- Comment #20 from lnussel@novell.com 2007-04-25 01:46 MST ------- The template file lists all variables for reference. You may or may not remove unused ones in your files, doesn't matter. Empty values are ignored anyways. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com