When I try to view the DNS records for my newly added domain, all of the records of type TLSA show 110: Operation timed out under the Correct Data field. Looking at the logs for the nginx and php-fpm containers, nothing seems to be amiss. Any help would be appreciated, thanks!
110: Operation timed out
akrantz01 Did you set any TLSA records for your domain at your domain registrar? If not: That’s normal behavior.
For generating the TLSA records we initiate connections to the mailserver to each service/port in the code here. So apparently this doesn’t work on your particular setup.
Try checking if connection does work e.g. by using:
/opt/mailcow-dockerized $ docker-compose exec php-fpm-mailcow nc -vz mail.domain.tld 25
mail.domain.tld (IP:25) open
AwesomeGeorge No, that’s indeed not normal behavior. When TLSA records are not set, the validation should report that it doesn’t match but not fail with “Operation timed out”.
pkernstock Well, I thought so because it was the same for me. I got a 110: Operation timed out on almost all checked TLSA records, but everything worked fine after I added the TLSA records.
Make sure you can reach your public IP from within Docker. If you use a NAT setup, you most likely need NAT reflection. If not, check your iptables, don’t use ufw etc.
Not an issue with mailcow, but with your network.
This issue “tlsa error 110 timeout” was experienced by me as well…I run mailcow from home in a VM and use a digitalocean droplet (smallest one) for a reputable IP, easy rDNS setup and connect my VM to it via wireguard. I have a simple DNAT rule on the vps allowing allow tcp traffic to it back to the VM over wireguard tunnel but didn’t have an SNAT rule in place to allow the return traffic to use the public ip of the droplet. Thanks for the hint at NAT reflection, @diekuh
\o/ Nice to hear that fixed it for you.