Announcement

Collapse
No announcement yet.

Installing Alternate SMTP Server leaves Alternate Port (Rec: 587) firewalled

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Installing Alternate SMTP Server leaves Alternate Port (Rec: 587) firewalled

    After installing the Alternate SMTP Server, typically on port 587, a manual extra step of opening the port in the firewall is necessary, because NodeWorx does not open it automatically.

    I cannot think of a reason to install the secondary SMTP service without wanting the outside world to talk to it, so I think this should be considered a control panel bug.
    My small technology blog
    [translocator.ws]

    Stack Overlap - Web Hosting and Development
    [www.stackoverlap.com]

    Mealsite
    [www.mealsite.com]

  • #2
    This issue is still happening with the latest version: 5.0.15.
    My small technology blog
    [translocator.ws]

    Stack Overlap - Web Hosting and Development
    [www.stackoverlap.com]

    Mealsite
    [www.mealsite.com]

    Comment


    • #3
      Hi jimp

      I hope you don't mind, but none of our systems have this issue.

      Are you on a cluster

      We are setting up a new test server, so when ready I'll check this and let you know

      Many thanks

      John

      Comment


      • #4
        Originally posted by d2d4j View Post
        Hi jimp

        I hope you don't mind, but none of our systems have this issue.

        Are you on a cluster

        We are setting up a new test server, so when ready I'll check this and let you know

        Many thanks

        John
        I might not have explained it well, but I also haven't tried it with the latest version. I will be setting up a new InterWorx box soon and I will confirm as well. I have seen this issue many times, where I enable the alternate port 587 service, setup the first customer, instruct them to use the alternate port if their ISP intercepts 25, and then they calback saying it doesn't work. After a little debugging I always find the firewall ("on") doesn't have port 587 open (or even in the list). I have to add it manually.

        Perhaps it has been fixed already and I'm not aware. I haven't setup a new box in the last month. (None of mine are clustered.)
        My small technology blog
        [translocator.ws]

        Stack Overlap - Web Hosting and Development
        [www.stackoverlap.com]

        Mealsite
        [www.mealsite.com]

        Comment


        • #5
          Hi jimp

          Sorry, do you mean in IW firewall status, or homepage for nodeworx displays 587 running, and firewall page displays port open, but if you ssh into server, run open port check, it's not listed.

          Many thanks

          John

          Comment


          • #6
            The InterWorx Firewall. Starting from the moment the "Alternate SMTP Server" is installed, I'm suggesting it's broken because it says "Service installed, Service started" but the reality is it's all running with a default Firewall config that blocks out. I think it should open the port the alternate SMTP service is installed on automatically. "Service installed, Service started, Opening Firewall TCP Incoming Port 587."
            My small technology blog
            [translocator.ws]

            Stack Overlap - Web Hosting and Development
            [www.stackoverlap.com]

            Mealsite
            [www.mealsite.com]

            Comment


            • #7
              Hi jimp

              Many thanks, so to clarify,does the firewall show as port 587 open, but your saying it is not when checking using ssh for open port list

              Many thanks

              John

              Comment


              • #8
                The firewall shows the port is closed because all unopened ports are closed from the CLI. From InterWorx firewall doesn't list it at all. I have to open the port manually. Once it's added to the InterWorx firewall and TCP Incoming is Open, it works fine.

                That's the step I argue the "Alternate SMTP Server" installer should handle automatically. Otherwise it is like enabling Apache but having to manually open ports 80 and 443 before any pages can be served.
                My small technology blog
                [translocator.ws]

                Stack Overlap - Web Hosting and Development
                [www.stackoverlap.com]

                Mealsite
                [www.mealsite.com]

                Comment


                • #9
                  Hi jimp

                  Many thanks, I'll check tommorow as it's nearly midnight here, but I have never seen this, but I will check on our test server which is been setup

                  I'll post tommorow if alright

                  Many thanks

                  John

                  Comment


                  • #10
                    Hi Jimp

                    I hope you don't mind, but I thought I'd check before finishing.

                    Please see 2 pics for port 587, as it was a test server, it was not activated, 1st pic, then after activating port 587.

                    Is this what your seeing, and if so, do you mean your sirewall is not opening port 587, even when IW status shows as open.

                    Many thanks

                    John
                    Attached Files

                    Comment


                    • #11
                      Correct. If you look in the Firewall now, which I see is enabled, if I'm correct you will find no entry for the "Submission" port (587). You will have to open port 587 manually for the "Alt. Inbound SMTP Server" to really work. I think the InterWorx product would be improved if the "Install Alt Inbound SMTP" feature automatically adds an "Open port 587 TCP (In)" firewall rule.
                      Last edited by jimp; 10-20-2014, 08:13 PM.
                      My small technology blog
                      [translocator.ws]

                      Stack Overlap - Web Hosting and Development
                      [www.stackoverlap.com]

                      Mealsite
                      [www.mealsite.com]

                      Comment


                      • #12
                        Hi Jimp

                        You are correct, it was not open as you posted, and as a test, I tried telnet from another computer, no response, manually added to iptables for port 587, retried telnet and it responded.

                        I'll open a bug report and list this post, so you have full credit for bug found

                        I hope that's alright

                        Many thanks

                        John

                        Comment


                        • #13
                          Sure. It sounds like you've already done it, so I wouldn't want to duplicate your efforts. I haven't been on the forums in a while, so I forgot some of these issues I should probably just be opening a ticket anyway. Thanks for confirming and getting it reported to the coders.
                          My small technology blog
                          [translocator.ws]

                          Stack Overlap - Web Hosting and Development
                          [www.stackoverlap.com]

                          Mealsite
                          [www.mealsite.com]

                          Comment


                          • #14
                            This is would really be a helpful addition!

                            On 3 hours of sleep after a pretty successful move over to a new server last night and start getting emails and text from people saying they can't send any email. After checking one out in more detail i realized they were setup on 587 and then decided to check the firewall. Luckily it was an easy fix, but would have been awesome not to have to even deal with that.

                            I've made sure to take lots of notes on this move so next time around I know what to look out for though.
                            [ JUSTIN ]
                            [ OFF unit ]
                            [ WEB DESIGN / DEVELOPMENT, GRAPHIC DESIGN, OTHER STUFF
                            ]

                            Comment


                            • #15
                              Hi Justec

                              Many thanks, and I am sure it will be addressed, as it will catch a lot of users out.

                              I know when we moved our systems to another Cidr, we had to make some changes, so you may want to check your namevirtualhost.conf to make sure all is correct (/etc/httpd/conf.d). I'm sure it is correct though, as we only moved Cidr range.

                              Many thanks

                              John

                              Comment

                              Working...
                              X