Majic Projects ~ [CLOSED] MAR-105 - Ability to disable opening SMTP port to SMTP relay in mail

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

Majic Ansible Roles / Closed Feature request MAR-105 Ability to disable opening SMTP port to SMTP relay in mail_forwarder role

Votes

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Feature request Unknown issue type
Issue label

No label set
Category

Not determined
Targetted for

1.7.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

May 07, 2017
Last updated

Jul 20, 2017
Estimated time

3 hours Not estimated
Time spent

2 hours No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

Current implementation of mail_forwarder role provides ability for SMTP relay host to connect to local SMTP server, allowing delivery of bounced messages to local accounts.

This scenario works pretty well in case of servers or workstations with static IPs, but does not make much sense for machines which are behind NAT, or machines that often change the IP (such as laptops). In particular:

Anything behind NAT will normally not be accessible for SMTP delivery anyway.
Since firewall is configured using hostname, in case a temporary offline machine (laptop) is booted, and network is not available at a time when firewall is coming up, firewall will fail to deploy completely if the SMTP relay host name cannot be resolved.

It would be beneficial if it were possible to explicitly disable opening-up the firewall for external SMTP connections.

The following should be done:

Implement tests for new functionality.
Add parameter smtp_from_relay_allowed to mail_forwarder role, defaulting the value to yes.
Parameter should control whether the incoming connections (via firewall) will be allowed from the SMTP relay or not.
Update role reference documentation.
Update usage instructions.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password