Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51

    Installing Alternate SMTP Server leaves Alternate Port (Rec: 587) firewalled

    After installing the Alternate SMTP Server, typically on port 587, a manual extra step of opening the port in the firewall is necessary, because NodeWorx does not open it automatically.

    I cannot think of a reason to install the secondary SMTP service without wanting the outside world to talk to it, so I think this should be considered a control panel bug.

  2. #2
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    This issue is still happening with the latest version: 5.0.15.

  3. #3
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi jimp

    I hope you don't mind, but none of our systems have this issue.

    Are you on a cluster

    We are setting up a new test server, so when ready I'll check this and let you know

    Many thanks

    John

  4. #4
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    Quote Originally Posted by d2d4j View Post
    Hi jimp

    I hope you don't mind, but none of our systems have this issue.

    Are you on a cluster

    We are setting up a new test server, so when ready I'll check this and let you know

    Many thanks

    John
    I might not have explained it well, but I also haven't tried it with the latest version. I will be setting up a new InterWorx box soon and I will confirm as well. I have seen this issue many times, where I enable the alternate port 587 service, setup the first customer, instruct them to use the alternate port if their ISP intercepts 25, and then they calback saying it doesn't work. After a little debugging I always find the firewall ("on") doesn't have port 587 open (or even in the list). I have to add it manually.

    Perhaps it has been fixed already and I'm not aware. I haven't setup a new box in the last month. (None of mine are clustered.)

  5. #5
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi jimp

    Sorry, do you mean in IW firewall status, or homepage for nodeworx displays 587 running, and firewall page displays port open, but if you ssh into server, run open port check, it's not listed.

    Many thanks

    John

  6. #6
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    The InterWorx Firewall. Starting from the moment the "Alternate SMTP Server" is installed, I'm suggesting it's broken because it says "Service installed, Service started" but the reality is it's all running with a default Firewall config that blocks out. I think it should open the port the alternate SMTP service is installed on automatically. "Service installed, Service started, Opening Firewall TCP Incoming Port 587."

  7. #7
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi jimp

    Many thanks, so to clarify,does the firewall show as port 587 open, but your saying it is not when checking using ssh for open port list

    Many thanks

    John

  8. #8
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    The firewall shows the port is closed because all unopened ports are closed from the CLI. From InterWorx firewall doesn't list it at all. I have to open the port manually. Once it's added to the InterWorx firewall and TCP Incoming is Open, it works fine.

    That's the step I argue the "Alternate SMTP Server" installer should handle automatically. Otherwise it is like enabling Apache but having to manually open ports 80 and 443 before any pages can be served.

  9. #9
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi jimp

    Many thanks, I'll check tommorow as it's nearly midnight here, but I have never seen this, but I will check on our test server which is been setup

    I'll post tommorow if alright

    Many thanks

    John

  10. The Following User Says Thank You to d2d4j For This Useful Post:


  11. #10
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi Jimp

    I hope you don't mind, but I thought I'd check before finishing.

    Please see 2 pics for port 587, as it was a test server, it was not activated, 1st pic, then after activating port 587.

    Is this what your seeing, and if so, do you mean your sirewall is not opening port 587, even when IW status shows as open.

    Many thanks

    John
    Attached Images Attached Images   

  12. #11
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    Correct. If you look in the Firewall now, which I see is enabled, if I'm correct you will find no entry for the "Submission" port (587). You will have to open port 587 manually for the "Alt. Inbound SMTP Server" to really work. I think the InterWorx product would be improved if the "Install Alt Inbound SMTP" feature automatically adds an "Open port 587 TCP (In)" firewall rule.
    Last edited by jimp; 10-20-2014 at 08:13 PM.

  13. The Following User Says Thank You to jimp For This Useful Post:


  14. #12
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi Jimp

    You are correct, it was not open as you posted, and as a test, I tried telnet from another computer, no response, manually added to iptables for port 587, retried telnet and it responded.

    I'll open a bug report and list this post, so you have full credit for bug found

    I hope that's alright

    Many thanks

    John

  15. #13
    Join Date
    Mar 2005
    Location
    Louisiana, USA
    Posts
    200
    Points
    13,801
    Level
    51
    Sure. It sounds like you've already done it, so I wouldn't want to duplicate your efforts. I haven't been on the forums in a while, so I forgot some of these issues I should probably just be opening a ticket anyway. Thanks for confirming and getting it reported to the coders.

  16. #14
    Join Date
    May 2004
    Location
    Miami
    Posts
    1,279
    Points
    23,139
    Level
    66
    This is would really be a helpful addition!

    On 3 hours of sleep after a pretty successful move over to a new server last night and start getting emails and text from people saying they can't send any email. After checking one out in more detail i realized they were setup on 587 and then decided to check the firewall. Luckily it was an easy fix, but would have been awesome not to have to even deal with that.

    I've made sure to take lots of notes on this move so next time around I know what to look out for though.
    [ JUSTIN ]
    [ OFF unit ]
    [ WEB DESIGN / DEVELOPMENT, GRAPHIC DESIGN, OTHER STUFF
    ]

  17. #15
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi Justec

    Many thanks, and I am sure it will be addressed, as it will catch a lot of users out.

    I know when we moved our systems to another Cidr, we had to make some changes, so you may want to check your namevirtualhost.conf to make sure all is correct (/etc/httpd/conf.d). I'm sure it is correct though, as we only moved Cidr range.

    Many thanks

    John

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •