Is this a bug? Underlying OS: debian 12, up-to-date mailcow: latest version docker and docker compose: debian repos, latest version workstation: windows 10 expected behaviour: emails composed in a desktop email client with utf8 encoding should be processed with german umlaute (äöüß) through mailcow. Tests: 1. sogo build-in of mailcow (NOT a desktop client) --> working correct 2. email composed in thunderbird 115.4.1 (64-Bit) --> not working 3. email composed in betterbird --> not working 4. email composed in sylpheed --> not working Using system wide footer is working with sogo, but not working (again umlaute) using a email desktop client. Email sent through a different mail server (nethserver) with same clients are formatted as expected. Please advice where to investigate.

Follow up while digging around: 1. I had to change my fritzbox 6490 cable in bridge mode. Exposed host for the asus router behind was not enough. 2. Now the asus shows a WAN IP, which in (real) bridge mode of the fritzbox is a different one as shown in the fritzbox. The WAN IP shown in the asus is to be set in the DNS settings at the hoster. 3. The laptop is configured as DMZ in the asus. 4. On the laptop I installed nginx as reversed proxy. I took the example config from mailcow and changed it to my domain. 5. I started over with a new mailcow-docker installation. 6. Unbound container was unhealthy. As the asus is running with unbound, I tried to point the forward zone in unbound.conf to the IP of the asus. That didn't work. Unbound container showed healthy, but error during the acme challenge occurred. I changed the IP to 1.1.1.1. That worked. The challenge completed. 7. I created a domain and a test user. 8. I took the dkim key to the DNS (as well as the other settings to make). 9. I tested from sogo an email to email-tester composed in html. So far o.k., dkim passes, not a 10/10 because auf rDNS setting. This was to expect. 10. Changed sogo to plain text, email test also o.k. 11. Tried thunderbird - email tests also o.k. 12. Did a backup. Well - it is was not so easy to track this down. Still some questions open. But maybe it helps someone. I'll keep this running and testing at home for a while. If the mailcow runs smooth, I'll migrate my email servers in business. And will donate for this great work. regards, stefan

> @"stefan21"#p11432 mailcow: latest version Does that mean nightly version? Or latest stable version 2023-10a? What is the receiving side using?

Thank you for taking time to look into. It's the stable version 2023-10a. The clients are configured to use the FQHN in the LAN as mail server. For receiving and sending email. Nothing special, just how any desktop email client would be configured to use an internal email server in the LAN. What do you mean with the receiving side?

Logs from dovecot-mailcow and postfix-mailcow showing nothing special (to me). @"[deleted]"#2109 If it's helpful I'll send you an email to any account you name. @"[deleted]"#2109 If it's helpful I'll send you an email to any account you name. Sorry for double post. The browser requested a refresh...

> @"esackbauer"#p11437 What is the receiving side using? Do you mean where I sent the email to? 1. kabelbw.de 2. mailbox.org

During several investigations I'm facing another problem with the DKIM key. No matter if composing email form build-in sogo or any desktop email client, any email I send does not pass the DKIM check. Messages are: User-Agent: Mozilla Thunderbird: dkim=fail (2048-bit key) reason="fail (message has been altered)" or: User-Agent: SOGoMail 5.9.0 dkim=fail (2048-bit key) reason="fail (message has been altered)" Hmm. Don't know this from my other mail servers...? What's wrong?

Here's an email from nethserver: dkim=pass (2048-bit key) From: =?utf-8?q?x=2E_y?= Content-Type: text/plain; charset="utf-8" Reply-To: x@y.de X-Forward: 10.0.0.3

More testing: Now from my laptop, OS archlinux, but NOT in a VM. I should had make this clear before: all tests above have been made behind a opnsense in a VM hosted from proxmox, no firewall on proxmox enabled. dkim=pass (2048-bit key; unprotected) header.d=x.de header.i=@x.de header.a=rsa-sha256 header.s=dkim header.b=wO+Fa4dv; dkim-atps=neutral FROM: =?utf-8?q?x=2E_y?= text/plain; charset="utf-8" quoted-printable User-Agent: SOGoMail 5.9.0 German umlaute are o.k. Now from an email client, still my laptop: dkim=pass (2048-bit key; unprotected) header.d=x.de header.i=@x.de header.a=rsa-sha256 header.s=dkim header.b=dGLkfmta; dkim-atps=neutral FROM: "x" text/plain; charset=UTF-8; format=flowed User-Agent: Mozilla Thunderbird German umlaute are o.k.

Resume: In a VM, debian 12, hosted on proxmox, no firewall on proxmox, VM in a company LAN behind OPNsense, german umlaute are not processed from mailcow-dockerized, and DKIM is false. Receiving and sending emails is working. On the OPNsense no reverse proxy is configured. Let's encrypt certs are handled by acme-plugin from the OPNsense and are copied via cron job to the VM. Access to mailcow-dockerized via FQHN in LAN is working flawless. Only open port(s) redirected from LAN to WAN are 80 and 443. The mailcow is not intended to be accessable from WAN. Only via wireguard VPN. From a laptop at home, on top of archlinux, no issues. As I intend to substitute a company email server (nethserver 7) with mailcow-dockerized, I need help where to investigate. Any help would be greatly appreciated.

I have no idea what is happening, but I never had any problems that you have. My guess is you are at some point not following the prerequisites or installation docs. Limiting outgoing to only 80 and 443 is bad, because unbound cannot do DNS resolving then. DKIM is reliant on DNS records, which might need some time to sync across all DNS servers out there. So try it later again.

Every DNS (port 53) request from the VM with mailcow (the whole LAN) is redirected to the OPNsense unbound. BTW unbound-mailcow shows healthy status. And port 53 is open. For email the only open port is 25. All other ports (as in the docs described) are only allowed in the LAN. The mailserver is meant for internal access. No public access at all. May I ask if you have mailcow-dockerized running in a VM? If so, qemu, virtualbox, proxmox, ...? What host OS? For the prerequisites, what could be wrong? I mean, on my laptop at home I did the same as in the VM. Except that at home the host in archlinux and not a VM based on debian 12. Well, I can try with another host OS for the VM. Have you got a special recommendation?

encoding from different mail clients using mailcow as mail server

stefan21

Same result with the same tests also here:

check-auth@verifier.port25.com

stefan21

From the postfix log, sent with TB, no matter same result with SOGo:

B0AD2427BCA: replace: header Received: from cdc97c45df2b (mailcowdockerized-sogo-mailcow-1.mailcowdockerized_mailcow-network [172.22.1.248])??(Authenticated sender: x.y@z.de)??by mail.z.de (Postcow) with ESMTP from mailcowdockerized-sogo-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.248]; from=x.y@z.de to=check-auth@verifier.port25.com proto=ESMTP helo=<cdc97c45df2b>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPA id B0AD2427BCA??for check-auth@verifier.port25.com; Sat, 18 Nov 2023 01:54:47 +0100 (CET)

The header, the body and the DKIM key is corrupted. No idea what replace: header received means…

DNS-Check in mailcow says everything is fine.

Mailcow is running on top of archlinux. Laptop is WLAN connected. Static IP is 192.168.XX.YYY. Gateway is the router (for test every possible interference disabled), tried DMZ, portforwarding, etc. There’s no reverse proxy running on the laptop. No firewall, no filters on the laptop. Something must be wrong on the way from the container via docker to the router.

As I already mentioned, I’m running a few other mailservers NOT DOCKERIZED, nearly the same configuration (postfix, dovecot, fail2ban, rspamd, sogo (same ver.).

I have to give up. At this very moment I cannot use mailcow in production environment. I’m sorry.

DocFraggle

Ok… one more thing came to my mind while reading your last post: from the debug outputs you posted and the .de domains I guess you are German? Did you setup your Archlinux in German as well? If so, maybe it’s some kind of encoding issue with the German locale? I haven’t had a look yet if the locale of the host system is used while setting up the docker containers of mailcow in the first place, but maybe… My host system is running with en_us.UTF-8

stefan21

You guess right, I’m German.

Here’s the info:

#$ localectl
System Locale: LANG=C.UTF-8
VC Keymap: de
X11 Layout: de

To my mind another possible issue came across. As I have a pool IP from vodafone (cable), this is not a static IP, it might be impossible to setup a mailserver without having a static IP4. They charge you extra if you want a static one.

Is there a workaround possible with i.e. DDNS and cname in DNS? Don’t know, never tried this. There was no reason for this…

esackbauer

stefan21 it might be impossible to setup a mailserver without having a static IP4.

That is true. It is working for receiving mails, but no chance to send mails via a dynamic IP.
Pay for a relay service then (they can read your mails…), or get a business cable product with static IP and the possibility to have a reverse DNS entry, or pay for a decent hoster.

stefan21

esackbauer That is true. It is working for receiving mails, but no chance to send mails via a dynamic IP.
Pay for a relay service then (they can read your mails…), or get a business cable product with static IP and the possibility to have a reverse DNS entry, or pay for a decent hoster.

In business we have only static IP’s. Not for private. Question is, could a dynamic IP have an impact on DKIM? Hmm…?

Anyone out there running mailcow on top of any linux OS with a dynamic IP?

storpotaten

I´m sending mail from a dynamic IP, no mail´s get rejected so it´s possible.
Before that i used smtp2go, also work´s great.

esackbauer

storpotaten no mail´s get rejected so it´s possible.

With a relay service yes. Otherwise you are very very lucky.

stefan21

storpotaten I´m sending mail from a dynamic IP, no mail´s get rejected so it´s possible.

Thank’s for jumping on.

AFAIK any email sent from a dynamic IP would be rejected from my customers and suppliers. In business a dynamic IP is no option. It’ll simply won’t work.

[unknown]

If you’re using a relay, this is not what I’m looking for. We don’t send email through a relay. We are running our email servers totally on our own. No relay, no smarthost, no connector, … I mean, what for? We are talking about an email server. No need for anything around. That’s it.

storpotaten

Maybe, my IP resolves to “94-255-167-***.cust.bredband2.com” the host of my ISP,
i could be wrong but if everhing else in in place DKIM, SPF and so on the sending of emails seems to work.
i´m far from an emailserver expert but this is my experience.

esackbauer

storpotaten
Some servers might still decline your mail because it’s on a DNSBL for dial up/dynamic IPs.
I know because I am in the same situation 🙂
This is why I use a relay.

DocFraggle

stefan21 If you’re using a relay, this is not what I’m looking for. We don’t send email through a relay. We are running our email servers totally on our own. No relay, no smarthost, no connector, … I mean, what for? We are talking about an email server. No need for anything around. That’s it.

Sure, it’s “just” an email server, but most of the mails sent by it will be rejected nonetheless due to you dynamic IP, wether it’s private or for business purposes. Looking up the IP blacklist is a default option not only for mailcow.
And it’s a real pain if you never can be sure if your mail has been delivered or just silently dropped by the SPAM filter…
Just saying 😃

stefan21

Maybe I didn’t make it clear enough: in business we do only use static IP’s and email-servers without relay, smarthost, … All business domains have 10/10 at mail-tester. No issues at all, no matter where or what I test against.

Not so for private. As I said, the vodafone IP is so-called pool-IP, not static.

stefan21

Follow up while digging around:

I had to change my fritzbox 6490 cable in bridge mode. Exposed host for the asus router behind was not enough.
Now the asus shows a WAN IP, which in (real) bridge mode of the fritzbox is a different one as shown in the fritzbox. The WAN IP shown in the asus is to be set in the DNS settings at the hoster.
The laptop is configured as DMZ in the asus.
On the laptop I installed nginx as reversed proxy. I took the example config from mailcow and changed it to my domain.
I started over with a new mailcow-docker installation.
Unbound container was unhealthy. As the asus is running with unbound, I tried to point the forward zone in unbound.conf to the IP of the asus. That didn’t work. Unbound container showed healthy, but error during the acme challenge occurred. I changed the IP to 1.1.1.1. That worked. The challenge completed.
I created a domain and a test user.
I took the dkim key to the DNS (as well as the other settings to make).
I tested from sogo an email to email-tester composed in html. So far o.k., dkim passes, not a 10/10 because auf rDNS setting. This was to expect.
Changed sogo to plain text, email test also o.k.
Tried thunderbird - email tests also o.k.
Did a backup.

Well - it is was not so easy to track this down. Still some questions open. But maybe it helps someone. I’ll keep this running and testing at home for a while. If the mailcow runs smooth, I’ll migrate my email servers in business. And will donate for this great work.

regards,
stefan

sOliver

stefan21

Hey,

also have the same Fritz!Box (Vodafone) here, but couldn’t get the bridge-mode working.
Maybe you got a tip?

Thanks.

stefan21

I don’t have a customized FritzBox. It’s an original. Therefore I can’t help. You should ask Vodafone.

sOliver

stefan21
Do you know Vodafone? That’s a nightmare!

stefan21

Vodafone is my provider. At home I don’t have a static IP. Therefore I use an unbranded (no customized firmware) fritzbox.

Read this: https://ubiquiti-networks-forum.de/wiki/entry/39-fritz-box-cable-6490-6590-6591-6660-bridge-mode-freischalten/

And this: http://www.mengelke.de/Projekte/FritzBox-JSTool

This adds the option “bridged mode” to an unbranded fritzbox.

In business we use Vodafone only with static IP’s. This allows to run their customized fritzbox firmware in bridged mode.

If all pre-requisites are fulfilled (read mailcow docs) the mailserver works flawless.

stefan21

@sOliver

Even with this hack you’ll have an IP from their pool. It’s not a dedicated static IP which only belongs to you. You’ll definitely have problems sending emails. Check the blacklists… A mailserver without a static dedicated IP is not recommended.

sOliver

stefan21

well, except you have a fixed one ;-)

« Previous Page Next Page »