Installing Alternate SMTP Server leaves Alternate Port (Rec: 587) firewalled

After installing the Alternate SMTP Server, typically on port 587, a manual extra step of opening the port in the firewall is necessary, because NodeWorx does not open it automatically.

I cannot think of a reason to install the secondary SMTP service without wanting the outside world to talk to it, so I think this should be considered a control panel bug.

This issue is still happening with the latest version: 5.0.15.

Hi jimp

I hope you don’t mind, but none of our systems have this issue.

Are you on a cluster

We are setting up a new test server, so when ready I’ll check this and let you know

Many thanks

John

[QUOTE=d2d4j;26541]Hi jimp

I hope you don’t mind, but none of our systems have this issue.

Are you on a cluster

We are setting up a new test server, so when ready I’ll check this and let you know

Many thanks

John[/QUOTE]
I might not have explained it well, but I also haven’t tried it with the latest version. I will be setting up a new InterWorx box soon and I will confirm as well. I have seen this issue many times, where I enable the alternate port 587 service, setup the first customer, instruct them to use the alternate port if their ISP intercepts 25, and then they calback saying it doesn’t work. After a little debugging I always find the firewall (“on”) doesn’t have port 587 open (or even in the list). I have to add it manually.

Perhaps it has been fixed already and I’m not aware. I haven’t setup a new box in the last month. (None of mine are clustered.)

Hi jimp

Sorry, do you mean in IW firewall status, or homepage for nodeworx displays 587 running, and firewall page displays port open, but if you ssh into server, run open port check, it’s not listed.

Many thanks

John

The InterWorx Firewall. Starting from the moment the “Alternate SMTP Server” is installed, I’m suggesting it’s broken because it says “Service installed, Service started” but the reality is it’s all running with a default Firewall config that blocks out. I think it should open the port the alternate SMTP service is installed on automatically. “Service installed, Service started, Opening Firewall TCP Incoming Port 587.”

Hi jimp

Many thanks, so to clarify,does the firewall show as port 587 open, but your saying it is not when checking using ssh for open port list

Many thanks

John

The firewall shows the port is closed because all unopened ports are closed from the CLI. From InterWorx firewall doesn’t list it at all. I have to open the port manually. Once it’s added to the InterWorx firewall and TCP Incoming is Open, it works fine.

That’s the step I argue the “Alternate SMTP Server” installer should handle automatically. Otherwise it is like enabling Apache but having to manually open ports 80 and 443 before any pages can be served.

Hi jimp

Many thanks, I’ll check tommorow as it’s nearly midnight here, but I have never seen this, but I will check on our test server which is been setup

I’ll post tommorow if alright

Many thanks

John

Hi Jimp

I hope you don’t mind, but I thought I’d check before finishing.

Please see 2 pics for port 587, as it was a test server, it was not activated, 1st pic, then after activating port 587.

Is this what your seeing, and if so, do you mean your sirewall is not opening port 587, even when IW status shows as open.

Many thanks

John

Correct. If you look in the Firewall now, which I see is enabled, if I’m correct you will find no entry for the “Submission” port (587). You will have to open port 587 manually for the “Alt. Inbound SMTP Server” to really work. I think the InterWorx product would be improved if the “Install Alt Inbound SMTP” feature automatically adds an “Open port 587 TCP (In)” firewall rule.

Hi Jimp

You are correct, it was not open as you posted, and as a test, I tried telnet from another computer, no response, manually added to iptables for port 587, retried telnet and it responded.

I’ll open a bug report and list this post, so you have full credit for bug found

I hope that’s alright

Many thanks

John

Sure. It sounds like you’ve already done it, so I wouldn’t want to duplicate your efforts. I haven’t been on the forums in a while, so I forgot some of these issues I should probably just be opening a ticket anyway. Thanks for confirming and getting it reported to the coders.

This is would really be a helpful addition!

On 3 hours of sleep after a pretty successful move over to a new server last night and start getting emails and text from people saying they can’t send any email. After checking one out in more detail i realized they were setup on 587 and then decided to check the firewall. Luckily it was an easy fix, but would have been awesome not to have to even deal with that.

I’ve made sure to take lots of notes on this move so next time around I know what to look out for though.

Hi Justec

Many thanks, and I am sure it will be addressed, as it will catch a lot of users out.

I know when we moved our systems to another Cidr, we had to make some changes, so you may want to check your namevirtualhost.conf to make sure all is correct (/etc/httpd/conf.d). I’m sure it is correct though, as we only moved Cidr range.

Many thanks

John

Yeah, this was just a regular move from old server to new server. So had to redo all the NodeWorx settings (Hmm… maybe that would be a good feature request, along with SiteWorx mass transfer, be able to move NodeWorx settings to a new server), like enabled the smtp2 on 587. I’m sure there is some reason that it hasn’t been added in yet, maybe some security reason, I’m not sure…but maybe it can just open the firewall for port 587 and if you pick another port number just give you a little warning when installing the secondary smtp to open that up in the firewall. Honestly, just a little warning to open in the firewall without actually opening anything would be good enough. It’s a quick fix, just don’t really think about it when you click install really quick to set that up.