[LBBS-37] Restrict outgoing port 25 from containers while allowing other traffic

PHREAKSCRIPT-60
phreak script install failed without --version 22
PHREAKSCAN-2
Improve automation
PHREAKSCAN-1
Raw data upload restricted to 15M
DAHLIN-9
DAHDI Linux: Build failure against next kernel
LBBS-47
Email enhancements
PHREAKSCRIPT-59
Add PhreakScript option to enable EMPULSE
LBBS-80
mod_mimeparse: Occasional segfault when running tests
LBBS-78
node.c: node->ip can be NULL
LBBS-77
test_terminals: Test is now flaky
LBBS-79
Makefile: cp -n is deprecated
PHREAKNET-53
Change in IP address for hosted lines
LBBS-70
mod_smtp_delivery_external: Use SRS for externally forwarded messages
PHREAKSCRIPT-58
sig_analog: Allow hearpulsing gain to be adjusted
PHREAKSCRIPT-57
res_alarmsystem: Segfault due to calling ast_dtmf_stream on NULL channel
ASTERISK-122
res_pjsip_device_features: Excessive refcount on endpoint object
ASTERISK-135
Mutex errors on FreeBSD
LBBS-75
net_smtp: Allow plain text delivery if requirestarttls is false
PHREAKSCRIPT-55
dahdi_tool not installed
ASTERISK-134
chan_dahdi: Improve configuration validation
PHREAKSCRIPT-52
res_alarmsystem: IP loss reported even if no outage
LBBS-76
net_imap: Remote MOVE/COPY operations fail in some circumstances
PHREAKNET-46
Polycom IP phones not provisioning
PHREAKSCRIPT-43
Add spanconfig command
PHREAKSCRIPT-56
DAHDI Tools: Apply unmerged patches
ASTERISK-131
chan_dahdi: Automatically update time when DST starts/ends
ASTERISK-130
Verify that res_xmpp can compile and be used
WSSMAIL-5
Add full attachment support
DAHTOOL-5
Disabling span auto-assignment implodes kernel
PHREAKNET-52
Cisco end of CSR signing support
LBBS-74
net_ssh: Sessions persist even when they no longer exist
LBBS-18
net_ssh: High CPU trying to end SSH session
ASTERISK-106
chan_pjsip: Modify From header appropriately for unavailable presentation
ASTERISK-124
app_mixmonitor: Allow cancelling in-progress recording/recipients
ASTERISK-129
core: Add ref/unref for ast_moh callbacks
PHREAKSCRIPT-54
Replace LOAD_STR_INT with ast_yesno
ASTERISK-128
Rename ast_sip_presence_xml_ functions
ASTERISK-127
func_codecs: view/update codecs
DAHLIN-8
Readd native SF support
ASTERISK-126
chan_iax2: Add fixed jitterbuffer
PHREAKNET-49
ML model for 3-slot coin detection
ASTERISK-125
app_voicemail: Warning when hanging up during playback
ASTERISK-48
func_devstate: Delete empty from AstDB
ASTERISK-108
config.c: Investigate and fix various config file rewrite bugs
LBBS-25
mod_mail_trash: Attempts to open files as directories
PHREAKSCRIPT-53
app_george: Cancel in-progress recording if nobody said anything
LBBS-30
net_nntp: Complete overhaul/rewrite to use maildirs
INTERLINKED-20
Closing multiple issues simultaneously doesn't work
PHREAKNET-47
Add automation for bill mailings
PHREAKSCRIPT-51
Add 32-bit/ARM builds
DAHLIN-7
Mega-issue to upstream out-of-tree DAHDI patches
ASTERISK-123
app_voicemail: Add ability to disable "thank-you" when ending voicemail
PHREAKSCRIPT-50
app_acts: Finish fine tuning and bug fixes
LBBS-2
module.c: Improve module loading process
SLACK-4
Slack client exits due to SSL_ERROR_ZERO_RETURN
ASTERISK-83
res_pjsip_device_features: Add forwarding and DND synchronization
PHREAKSCRIPT-42
Syntax Error on chan_dahdi
PHREAKSCRIPT-48
res_alarmsystem.conf.sample: Config is not commented by default
WSSMAIL-10
Can scroll down past bottom of page on larger screens
PHREAKSCRIPT-49
wanpipe doesn't compile above 6.1 kernel
LBBS-21
net_imap: Proxy clients orphaned without associated IMAP session
LBBS-73
net_imap: Invalid memory access client->imap->tag
LBBS-19
tls.c: Occasional SEGV at shutdowns of TLS connections
DAHLIN-6
Frame relay broken
PHREAKSCRIPT-47
make webvmail
PHREAKSCRIPT-46
menuselect
PHREAKSCRIPT-45
TDMoIP driver module
PHREAKSCRIPT-44
Finish ADSI applications
DAHTOOL-4
dahdi_genconf: Hangs when run initially after span assignment
WSSMAIL-6
Add option to auto-reconnect if disconnected
PHREAKSCRIPT-41
Create virtual modem application using softmodem
PHREAKNET-41
Allow for more granular billing based on switch ZIP code
PHREAKNET-33
Finish TSPS web console
ASTERISK-121
Upstream PhreakScript patches
ASTERISK-82
app_queue: Allow queue strategy to be manipulated externally
ASTERISK-101
func_tonedetect: 2600 Hz detection not working or suboptimal
LBBS-72
mod_webdav: Add WebDAV support
LBBS-71
Limit registrations from same IP within a certain amount of time
LBBS-57
Occasional 100% CPU usage on SSH session termination
ASTERISK-120
app_senddtmf: SendDTMF failure if not answering channel
ASTERISK-119
app_dial: Progress timeout doesn't cause Dial to exit
TEST-1
Test issue
ASTERISK-117
app_voicemail: Pager email generation is broken
LBBS-31
mod_sieve: Major Sieve filtering overhaul and improvements
ASTERISK-118
chan_iax2: Improve encryption support
LBBS-60
Prevent clients from monopolizing nodes (DOS)
DAHTOOL-3
Compilation warnings on 32-bit (i686)
LBBS-14
net_imap: SEGV in strncmp
WSSMAIL-11
Use accurate hyperlinks for folders
WSSMAIL-1
Preview pane doesn't take up allotted space
WSSMAIL-2
Implicitly mark messages read when deleting
LBBS-12
mod_webmail: client_flush_pending_output infinite loop
LBBS-50
mod_chanserv: NULL dereference when joining IRC channel
LBBS-68
scripts: Improve backup script error reporting
LBBS-26
server_setup.sh: Autocreate all default directories
LBBS-54
mod_mailscript: Add RECIPIENT condition
LBBS-55
net_telnet: Don't use strerror if res is 0
LBBS-67
net_ftp: Set node protocol to FTPES if using Explicit TLS
ASTERISK-116
app_dial: Strange/broken behavior with 'U' option
LBBS-62
net_imap: IMAP client frequently fails for Microsoft accounts
LBBS-53
Assertion when forwarding to external recipient
PHREAKSCRIPT-40
res_msp: Indentation messed up
PHREAKSCRIPT-32
app_alarmsystem: Add alarm system application
INTERLINKED-13
Comment and Close doesn't close issue
PHREAKSCRIPT-31
phreaknet config does not update verify.conf
PHREAKSCRIPT-27
res_msp not patched in during install
PHREAKSCRIPT-26
format_mp3 prereqs not always available
SLACK-1
slack-client: Deadlock when relaying messages
SLACK-5
Failed to receive reply... when message sent
LBBS-69
net_ssh: SFTP uploads fail with WinSCP
WSSMAIL-15
Allow navigating messages using arrow keys
DAHLIN-4
Improve manual span assignment process
ASTERISK-115
chan_iax2: Some pattern matches ignored if included in incoming context
DAHLIN-5
FXO rings off hook when rotary dialing on the line
ASTERISK-114
chan_iax2: DP cache warning when using switch
ASTERISK-113
app_disa: Unrecognized option when providing context
ASTERISK-15
chan_dahdi: Allow sending SDMF Caller ID
ASTERISK-104
Improve dahdi show channels output
ASTERISK-112
chan_dahdi: Raw power ring audible on recall ring from IAX2 to DAHDI
ASTERISK-22
general: Fix various typos
ASTERISK-111
chan_dahdi: MWI while off-hook when hung up on after recall ring
ASTERISK-64
chan_dahdi: autoreoriginate doesn't work if caller hung up on
ASTERISK-105
chan_dahdi: Add CLI command to display line voltages
ASTERISK-88
chan_dahdi: Add ADSI on-hook download support
ASTERISK-110
chan_iax2: Implement MWI
PHREAKSCRIPT-29
res_phreaknet: Don't try making API requests if not a PhreakNet node
ASTERISK-109
voicemail.conf.sample: Clarify misnamed option behavior
INTERLINKED-17
Blog: Issues with tag editing and viewing
LBBS-15
smtp: Locking errors, deadlock when queue runs during delivery
ASTERISK-68
res_pjsip_sca: Segfaults on startup with SCA
PHREAKSCRIPT-39
Add optional flag to not update system first
PHREAKSCRIPT-38
res_phreaknet: Increase cURL timeouts
LBBS-32
mod_spamassassin: Improve default spam handling
PHREAKSCRIPT-37
app_softmodem: Support speeds higher than 2400bps
LBBS-59
Add HTTP endpoint for updating IRC presence automatically
PHREAKSCRIPT-36
app_audichron: Tone not working after announcements
PHREAKSCRIPT-35
app_mail: SendMail returns SUCCESS
LBBS-66
logger: Add rate limiting of log messages
INTERLINKED-15
Improve paging API
ASTERISK-107
indications.conf.sample: Add confirmation tone
LBBS-65
net_smtp: Allow internal trusted hosts to be exempt from protocol violation checks
INTERLINKED-16
Add option to not be notified about user's own issues
LBBS-16
io_compress: Occasional memory corruption on shutdown
WSSMAIL-14
Checkbox range selection doesn't always work reliably
PHREAKSCRIPT-34
app_verify: Check additional headers for STIR/SHAKEN attestation
PHREAKSCRIPT-33
verify.conf: Flag invalid NXXs as illegitimate for NANPA calls
LBBS-64
mod_operator: Crash with more than 64 options?
ASTERISK-19
chan_dahdi: Remove sig_analog paths
LBBS-61
net_imap: Soft assertion in parse_flags_string
LBBS-63
net_imap, io_compress: Spurious warnings if quota exceeded
ASTERISK-93
chan_dahdi: DSP optimizations
PHREAKSCRIPT-30
MD5/RSA authenticated calls frequently fail
PHREAKNET-45
Operator system PSPs are outdated
LBBS-46
Block malicious mail servers after repeated failures
WSSMAIL-13
Improve multi-INBOX navigation
WSSMAIL-12
Add one-click "Not junk" button
LBBS-22
mod_mail_trash: Eliminate bbs_pthread_cancel_kill
LBBS-6
Add menu system scripting engine
LBBS-58
net_irc: Make ping interval adjustable
ASTERISK-103
GitHub Issue 661 was not autoclosed by PR
PHREAKSCRIPT-28
app_predial: Failure to retrieve user agent property
PHREAKNET-44
Show only sum of message units used per month on bills
ASTERISK-96
asterisk.adsi: Add Call Waiting Deluxe integration to resident script
LBBS-56
net_snpp: Add Simple Network Paging Protocol support
ASTERISK-102
app_voicemail: Play RDNIS if present when listening to envelope
ASTERISK-46
dsp.c: Remove ast_ prefixes for static functions
ASTERISK-52
dsp.c: Add ast_freq_reset
PHREAKSCRIPT-20
dsp.c: coin DSP patch breaks faxing
WSSMAIL-9
Sent email uploads can fail due to relative host difference
SLACK-3
examples: Add example program to log everything to a CSV
LBBS-52
net_smtp: Add limited support for VRFY and EXPN
PHREAKNET-42
Provisioning fails for lines with certain features
ASTERISK-100
chan_dahdi: PRI lock held at module unload
LBBS-51
General TDD improvements
PHREAKNET-39
Splice Fred Covington prompts for speaking clock
PHREAKSCRIPT-25
chan_sccp no longer compiles
PHREAKNET-40
Recent Change provisioning bug increments device name by 1
ASTERISK-99
pjsip: Add Cisco CUCM patch functionality
ASTERISK-98
Add hangup callbacks
ASTERISK-97
func_groupcount: Add group vars
LBBS-49
Add functionality expected of a traditional BBS package
LBBS-48
net_irc: Support multi-server networks
WSSMAIL-8
Add NNTP support and IRC integration
EVERGREEN-3
Add NNTP support for newsgroups
PHREAKSCRIPT-24
DAHDI builds in GitHub CI occasionally fail due to IPv6
PHREAKSCRIPT-23
res_phreaknet: Increase cURL timeout
PHREAKSCRIPT-22
Add framehook to display dialed digits
PHREAKSCRIPT-21
app_looparound: Add LoopAround application
ASTERISK-95
testsuite README: Update outdated references
ASTERISK-94
app_chanspy: Fix bad audio with single direction operation
LBBS-45
Use isoexec whenever possible
CAMI-1
Action Originate Returns -1
EVERGREEN-2
Navigation breaks when requirefromhelomatch=no in LBBS
ASTERISK-92
config.c: ast_variable_update doesn't update all instances
PHREAKSCRIPT-19
app_verify: Double free
PHREAKSCRIPT-18
Add better test coverage for 32-bit systems
PHREAKSCRIPT-17
res_phreaknet: iax.conf, et. al. are truncated when there is no disk space left
LBBS-44
io_tls: TLS errors when no certs are defined
LBBS-43
mod_discord: Improve handling of in-thread replies
LBBS-42
mod_discord: Actions not relayed properly from IRC
LBBS-41
socket.c: SEGV in bbs_node_readline
ASTERISK-91
features.c: Add warning to not set BRIDGE_NOANSWER as global variable
ASTERISK-90
chan_iax2: Add log message for rejected calls
ASTERISK-89
app_stack: Print proper exit location for PBXless channels
ASTERISK-87
asterisk.c: Prevent creation of duplicate Asterisk processes
ASTERISK-86
app_confbridge: Channel can join wrong bridge due to race condition
ASTERISK-85
chan_pjsip: Add channel encryption integration
ASTERISK-84
Add 'core show variables' command
ASTERISK-81
format_lame: MP3 read and write with LAME library
ASTERISK-80
app_record: Add RECORD_TIME function
ASTERISK-79
config.c: Make ast_variable_retrieve return last match
ASTERISK-78
sig_analog: Add Last Number Redial
ASTERISK-77
sig_analog: Add Call Waiting Deluxe support
LBBS-40
net_smtp: Add additional loop avoidance mechanisms
LBBS-39
net_smtp: Occasional memory corruption on email delivery
LBBS-38
mod_smtp_mailing_lists: Allow dynamic membership
LBBS-37
Restrict outgoing port 25 from containers while allowing other traffic
LBBS-36
net_telnet: Improve protocol support
LBBS-35
net_acap: Add ACAP protocol support
LBBS-34
net_xmpp: Add XMPP protocol support
LBBS-33
net_imap: Add/standardize commands to modify or purge keywords
ASTERISK-76
app_dial: Allow MOH until progress received
ASTERISK-75
chan_dahdi: Add Call Hold feature
ASTERISK-74
chan_dahdi: Add AMI event for callwaiting
ASTERISK-73
chan_dahdi: Hunt to next trunk in group if busy
ASTERISK-72
chan_dahdi: Move documentation to separate file
PHREAKNET-38
Send reminder emails if requests are pending
WSSMAIL-7
Add ability for zero-trust type authentication
LBBS-29
net_irc: Add reminder bot
LBBS-28
mod_discord: Warn users if IRC users are not online
LBBS-27
mod_irc_relay: Allow relaying of away/here status
PHREAKSCRIPT-16
app_selective: Missing pause after add/delete/instructions prompt
ASTERISK-71
app_if: ElseIf executed even if If is true
ASTERISK-70
loader.c: Print module build opt sums if they differ
ASTERISK-69
res_cli_originate: Allow specifying Caller ID on CLI
DAHTOOL-2
dahdi_cfg: Compiler warnings
DAHLIN-3
build: Compiler warnings
PHREAKSCRIPT-15
app_dialtone: t option should exclude matches that include #
LBBS-24
build: Pre-reqs don't compile on Fedora
LBBS-23
net_smtp: DMARC reports not sent due to rejection of localhost
LBBS-20
node.c: Occasional race conditions during node shutdown cause deadlock
LBBS-17
Temporary files not always cleaned up
LBBS-13
pty.c: Attempt to lock previously destroyed mutex
ASTERISK-67
voicemail.conf.sample: maxsilence/minsecs trigger warning
ASTERISK-66
app_sf: ReceiveSF not detecting incoming SF
PHREAKNET-37
Chirp should be audible upon on-hook of calls on a 2600 trunk
ASTERISK-65
sig_analog: Allow simple switch to time out to dialplan
LBBS-11
door_evergreen: Use isonetexec instead of exec
EVERGREEN-1
Use default identity per folder
SLACK-2
README: Add missing pre-reqs
WSSMAIL-4
Add PHPMailer support for format=flowed

← All Issues || New Issue →

Sort Normal || Priority

Details

Category: LBBS
Type: New Feature
Severity: Minor
Priority: Low
Resolution Effort: Unknown
Visibility: Public
Topic:
Milestone:
External Link:
Reported: 6/28/2024 5:00 PM
Last Active: 6/28/2024 5:00 PM
Status: Open
Reporter: InterLinked
Watching: InterLinked
Assigned To: Nobody

The isonetexec execution mode launches programs inside a container with networking. The problem with this is that this is done as simply as possible, so all outbound connections are possible, in theory. A skilled user can connect to a mail server and send mail impersonating other BBS users or traffic that the BBS itself is authorized to send but not that particular user.

There is no good reason to allow any connections to port 25 from within any container environments - ideally, these should always be blocked, much the same way that residential ISPs block outgoing port 25. However, this will involve more complex network arrangements than those assumed so far. This should be figured out and incorporated in the defaults/templates for containers so that a known-secure configuration is available as a starting point.

Informative References:

Comments

You must be logged in to leave a comment.