Comments (9)
(connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1a]:25: Cannot assign requested address
Try with IPv4 only. Maybe an IPv6 isssue?
For the other issues: Try to disable fail2ban (if enabled) and check if a connection is possible afterwards.
from docker-mailserver.
Thanks @casperklein ! It works now!
I changed both POSTFIX_INET_PROTOCOLS and DOVECOT_INET_PROTOCOLS to ipv4 and now I can send and receive emails as before.
About roundcube error this was misconfiguration of container network.
Now I'm going to uncomment fail2ban and other modules one by one. Closing this ticket. Thanks a lot!!!
from docker-mailserver.
env_file: mailserver.env
You have a config issue, this is not helpful. Neither is the full file copy/paste, please only share what you actually changed from defaults.
I assume you've configured TLS based on information from our docs, so please share how you've done so with ENV.
IMAP Error: Login failed for [email protected] against mail.mydomain.com from 172.24.0.1. Could not connect to mail.mydomain.com:143: Connection refused
I can see from here that you have an IP 172.24.0.1
, this is coming from outside that docker network and being routed through the gateway IP, you want to avoid that where possible.
cap_add: - NET_ADMIN - SYS_PTRACE
Where are you seeing the SYS_PTRACE
? have we still got that documented somewhere? You shouldn't need that AFAIK. Since you have NET_ADMIN
, do you also have Fail2Ban enabled?
That's only going to cause problems for you right now, you don't want your local troubleshooting to be affected by F2B blocking your client(s) connections from failures. This will be more likely with that gateway IP issue if all clients now share the same internal IP instead of their real IP, since any failure from any client will then ban access to everyone.
from docker-mailserver.
OK, I created new docker-compose.yaml:
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mail.mydomain.com
ports:
- '25:25' # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- '143:143' # IMAP4 (explicit TLS => STARTTLS)
- '465:465' # ESMTP (implicit TLS)
- '587:587' # ESMTP (explicit TLS => STARTTLS)
- '993:993' # IMAP4 (implicit TLS)
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- /etc/letsencrypt:/etc/letsencrypt
restart: always
stop_grace_period: 1m
environment:
- SSL_TYPE=letsencrypt
- PERMIT_DOCKER=network
- ENABLE_FAIL2BAN=0
- ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=0
- SPOOF_PROTECTION=0
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
Now I'm able to connect from Apple Mail, and I can read my messages, but I cannot send and receive messages.
Here is what I got in logs when I try to send an email:
connect frommydomain.com[xxx.xxx.xxx.xxx]
Anonymous TLS connection established from mydomain.com[xxx.xxx.xxx.xxx]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
NOQUEUE: reject: RCPT from mydomain.com[xxx.xxx.xxx.xxx]: 554 5.7.1 <mydomain.com[xxx.xxx.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]> to=<other_user@other_domain.com> proto=ESMTP helo=<smtpclient.apple>
If I try to log in with rouncube (which is running in other container, that's why I put PERMIT_DOCKER=network) I'm still getting:
IMAP Error: Login failed for [email protected] against mail.mydomain.com from 172.24.0.1. Could not connect to mail.mydomain.com:143: Connection refused
Also I found that
SSL_accept error from mydomain.com[xxx.xxx.xxx.xxx]: -1
comes from Monit. I turned Monit off for now.
Where are you seeing the SYS_PTRACE?
I saw some examples in other issues. And I forgot to remove it.
from docker-mailserver.
Now I'm able to connect from Apple Mail, and I can read my messages, but I cannot send and receive messages.
What did you change differently to get your TLS connection to work correctly?
Can you try on port 465? This is pure TLS like HTTPS, skips the STARTTLS thing which complicates it a little bit.
If you can connect to the Dovecot ports to retrieve mail, then it might be an issue with sending mail for Postfix to deliver. Postfix delegates auth to Dovecot, and without LDAP/SASLAuthd involved this shouldn't be any different for login logic 🤔
If I try to log in with roundcube (which is running in other container, that's why I put
PERMIT_DOCKER=network
) I'm still getting
Try PERMIT_DOCKER=connected-networks
option instead? That will use any networks that are connected to the DMS container.
PERMIT_DOCKER=network
presently should allow for any network in the entire 172.16.0.0/12
subnet (that should cover your 172.24.0.1
too). PERMIT_DOCKER
has some bugs though that need to be resolved: #3478
You shouldn't need either though AFAIK. These ENV are to establish trust without credentials. For authenticated ports where you're expected to provide your username and password, when those are valid it should be sufficient AFAIK. PERMIT_DOCKER
bypasses some security restrictions, intended for trusted clients, although I'm not sure of scenarios where you should need it in real deployments.
At least with Postfix (ports 587/465/25) I'm aware of those restrictions being relaxed for PERMIT_DOCKER
. I'm not sure if we relax them much for Dovecot ports (110,143,993,995,4190).
NOQUEUE: reject: RCPT from mydomain.com[xxx.xxx.xxx.xxx]: 554 5.7.1 <mydomain.com[xxx.xxx.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]> to=<other_user@other_domain.com> proto=ESMTP helo=<smtpclient.apple>
Which port were you trying to send mail through? 587?
The user you've used for login and are sending from, is it configured in DMS via setup email add [email protected] password-here
?
IMAP Error: Login failed for [email protected] against mail.mydomain.com
Could not connect to mail.mydomain.com:143: Connection refused
So Apple Mail can connect successfully to mail.mydomain.com:143
and retrieve your mail but for some reason not the Roundcube container running on the same VPS as DMS? Is the failed login for the same user?
- ./docker-data/dms/mail-state/:/var/mail-state/
Perhaps try without this volume? Temporarily comment it out and docker compose up --force-recreate
afterwards.
Also I found that
SSL_accept error from mydomain.com[xxx.xxx.xxx.xxx]: -1
comes from Monit. I turned Monit off for now.
How is that related to DMS?
Your TLS certificate should be for mail.mydomain.com
, matching the hostname
FQDN you configured for DMS. Mail accounts like [email protected]
do not need to have a TLS certificate, for mail servers they will check TLS against the mail server being connected to, so you must make sure you have correct certificate configured for DMS to use with connections.
from docker-mailserver.
What did you change differently to get your TLS connection to work correctly?
I'm not using mailserver.env file. Differences in .env file was:
- OVERRIDE_HOSTNAME=mail.mydomain.com
- LOG_LEVEL=debug
- PERMIT_DOCKER=network
- ENABLE_FAIL2BAN=1
Can you try on port 465? This is pure TLS like HTTPS, skips the STARTTLS thing which complicates it a little bit.
I can't connect to 465 port with Apple Mail. It works on 993.
# ufw status verbose
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
25 ALLOW IN Anywhere
465 ALLOW IN Anywhere
587 ALLOW IN Anywhere
995 ALLOW IN Anywhere
143 ALLOW IN Anywhere
993 ALLOW IN Anywhere
also
# ss -tulpn | grep :465
tcp LISTEN 0 4096 0.0.0.0:465 0.0.0.0:* users:(("docker-proxy",pid=47555,fd=4))
# ps aux | grep 47555
root 47555 0.0 0.0 1229748 3284 ? Sl Mar05 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 465 -container-ip 172.26.0.2 -container-port 465
# docker ps -q | xargs -n 1 docker inspect --format '{{ .Name }} {{range .NetworkSettings.Networks}} {{.IPAddress}}{{end}}' | sed 's#^/##';
mailserver 172.26.0.2
roundcube_nginx 172.24.0.4
roundcube_mail 172.24.0.3
roundcube_db 172.24.0.2
It seams that this port is open and DMS listen on it.
Try PERMIT_DOCKER=connected-networks option instead?
Changed PERMIT_DOCKER=connected-networks, restarted DMS (with docker-compose down) but I still can't connect. Still getting:
IMAP Error: Login failed for [email protected] against mail.mydomain.com from 172.24.0.1. Could not connect to mail.mydomain.com:143: Connection refused
Which port were you trying to send mail through? 587?
Yes. But I found that autoconfig of Apple Mail was set "Authentication" to none. I changed it to password and now I'm getting different error:
325378135E: to=<[email protected]>, relay=none, delay=61, delays=0.06/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1a]:25: Cannot assign requested address)
I don't know if this is related but I found also this:
mail opendkim[636]: F075D8135B: no signing table match for '[email protected]'
mail opendkim[636]: F075D8135B: no signature data
The user you've used for login and are sending from, is it configured in DMS via setup email add [email protected] password-here?
Yes.
So Apple Mail can connect successfully to mail.mydomain.com:143 and retrieve your mail but for some reason not the Roundcube container running on the same VPS as DMS? Is the failed login for the same user?
Yes, I have only one user for now.
Perhaps try without this volume?
I commented
# - ./docker-data/dms/mail-state/:/var/mail-state/
but still getting Connection refused
How is that related to DMS?
Monit is tying to connect with DMS. But I turned it off for now and after everything works I'll tun it on and if I still get errors, I'll let you know.
Your TLS certificate should be for mail.mydomain.com, matching the hostname FQDN you configured for DMS.
Yes I have correct certificate for mail.mydomain.com and hostname = mail.mydomain.com.
from docker-mailserver.
Changed PERMIT_DOCKER=connected-networks, restarted DMS (with docker-compose down) but I still can't connect. Still getting:
You are trying to send mail to another MTA (Gmail) via DMS from your VPS on port 25.
This is often blocked (as our docs explain), you will probably need to look at our relay host docs to route mail through a service like SendGrid (DMS supports port 587 for relay host feature, not 465 yet).
Yes. But I found that autoconfig of Apple Mail was set "Authentication" to none. I changed it to password and now I'm getting different error:
Yes, that is another common config mistake for users.
from docker-mailserver.
You are trying to send mail to another MTA (Gmail) via DMS from your VPS on port 25.
Perhaps you are talking about this log:
325378135E: to=<[email protected]>, relay=none, delay=61, delays=0.06/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1a]:25: Cannot assign requested address)
As I can see from the docs:
Outbound traffic on this port is often blocked by service providers (eg: VPS, ISP) to prevent abuse by spammers. If the port cannot be unblocked, you will need to relay outbound mail through a service to send on your behalf.
I need to use relay host if my port 25 is blocked by service provider. But my port 25 is not blocked. I've been using it with my previous email stack. Which is the same as DMS but not dockerized. So I should be able to use port 25 with DMS.
What about that error when I'm trying to connect with Apple Mail:
325378135E: to=<[email protected]>, relay=none, delay=61, delays=0.06/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c00::1a]:25: Cannot assign requested address)
I'm still unable to use DMS to send emails.
I still can't connect to DMS with Roundcube:
IMAP Error: Login failed for [email protected] against mail.mydomain.com from 172.24.0.1. Could not connect to mail.mydomain.com:143: Connection refused
even with PERMIT_DOCKER=connected-networks
from docker-mailserver.
Close
from docker-mailserver.
Related Issues (20)
- other: how to build docker-mailserver with PostgreSQL HOT 3
- feature request: storage limit for a email account HOT 2
- bug report: relay map does not take effect HOT 5
- question: Why does my mail client show a certificate for an FQDN I do not know? HOT 10
- feature request: Does Docker Mailserver support the jmap protocol HOT 4
- fetchmail SMTP error "Sender address rejected: Domain not found" HOT 9
- bug report: forwarded emails are not sent via relay HOT 4
- Your DKIM signature is not valid - opendkim HOT 4
- bug report: `SSL_TYPE=none` should not disable STARTTLS for outbound SMTP connections HOT 8
- Sender dependent relay should NOT require RELAY_HOST env HOT 6
- question: Why does `SMTP_ONLY=1` still allow to receive mail locally? HOT 5
- bug report: [Windows] No difference after call to 'sed' in 'sedfile' HOT 3
- feature request: Support per-user SASL authentication when used as a relay HOT 3
- Question: How to merge 2 servers into 1? HOT 3
- other: Question lost connection after BDAT / DATA in postfix HOT 3
- How to send email by java-smpt/pop3,how to get auth-code HOT 2
- Userdb alias dummy accounts use wrong home directory HOT 2
- Feature request: Replace Redis HOT 4
- question: Why does LetsEncrypt certificate from `nginxproxy/acme-companion` fail to send mail with TLS? HOT 4
- Rspamd rejects `asciinema` e-mails HOT 45
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-mailserver.