chimeranzl

You know the irony… is I found that article when troubleshooting earlier today and actually must have stuffed up by pasting the wrong password in when I reset them… so thought id ruled that side out and ended up down a rabbit hole…

It was only after posting additional logs I google searched the “waiting for database to come up” and stumbled back on the same article. it was only when testing with these that I realised I’d fucked up

root@mail:/var/mailcow-dockerized# source mailcow.conf
root@mail:/var/mailcow-dockerized# docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
ERROR 1045 (28000): Access denied for user 'mailcow'@'localhost' (using password: YES)

Cheers from NZ - enjoy your time when you’re down here!!! :-) PM me if you want any tips for places to go!

Ubuntu 22.04.3 LTS

root@mail:/var/mailcow-dockerized# docker -v
Docker version 25.0.3, build 4debf41

Pre-upgrade, test from acme… (although its not upgrade specific, its any process that remove and recreates containers that causes issues)

741e306f2c19:/# ping mailcowdockerized-mysql-mailcow-1
PING mailcowdockerized-mysql-mailcow-1 (172.22.1.10): 56 data bytes
64 bytes from 172.22.1.10: seq=0 ttl=64 time=0.365 ms
64 bytes from 172.22.1.10: seq=1 ttl=64 time=0.127 ms
64 bytes from 172.22.1.10: seq=2 ttl=64 time=0.145 ms
64 bytes from 172.22.1.10: seq=3 ttl=64 time=0.127 ms
nc64 bytes from 172.22.1.10: seq=4 ttl=64 time=0.132 ms
^C
--- mailcowdockerized-mysql-mailcow-1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.127/0.179/0.365 ms
741e306f2c19:/# 
741e306f2c19:/# 
741e306f2c19:/# nc mailcowdockerized-mysql-mailcow-1 3306
a
5.5.5-10.5.25-MariaDB-ubu2004
.^n1DB`>Sh0U>rGK"dTWmysql_native_password

^Cpunt!

Post upgrade (only change is different IP address)

f67a352b8136:/# ping mailcowdockerized-mysql-mailcow-1
PING mailcowdockerized-mysql-mailcow-1 (172.22.1.6): 56 data bytes
64 bytes from 172.22.1.6: seq=0 ttl=64 time=0.323 ms
64 bytes from 172.22.1.6: seq=1 ttl=64 time=0.162 ms
64 bytes from 172.22.1.6: seq=2 ttl=64 time=0.124 ms
64 bytes from 172.22.1.6: seq=3 ttl=64 time=0.129 ms
^C
--- mailcowdockerized-mysql-mailcow-1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.124/0.184/0.323 ms
f67a352b8136:/# 
f67a352b8136:/# 
f67a352b8136:/# nc mailcowdockerized-mysql-mailcow-1 3306
a
5.5.5-10.5.26-MariaDB-ubu2004(t5HL#fZrQy1$a>PXJKwmysql_native_password

^Cpunt!

f67a352b8136:/# ^C

acme logs

Wed Sep 18 21:16:31 NZST 2024 - Waiting for Docker API...
Wed Sep 18 21:16:31 NZST 2024 - Docker API OK
Wed Sep 18 21:16:31 NZST 2024 - Waiting for Postfix...
Wed Sep 18 21:16:32 NZST 2024 - Postfix OK
Wed Sep 18 21:16:32 NZST 2024 - Waiting for Dovecot...
Wed Sep 18 21:16:32 NZST 2024 - Dovecot OK
Wed Sep 18 21:16:32 NZST 2024 - Waiting for database...

(stops here and doesnt proceed)

postfix logs

Waiting for database to come up...
Waiting for database to come up...
Waiting for database to come up...
Waiting for database to come up...
Waiting for database to come up...
Waiting for database to come up...

Heaps of CPU and RAM, resources are no issue.

As I say, it runs fine usually. Things work as per normal. As soon as I docker-compose down / up, or run the update.sh script (anything that stops, removes, recreates containers) they all get created and start up again but get “waiting on database” error.

If it’s a network issue, what steps do I need to run through to check why its waiting on the database? And why is it running fine now but as soon as containers are recreated it fails? (unless its coz containers are getting a new IP address, different to the current, then cant connect? where are the settings that tell each container where the database is or what it resolves too? Its been a while I cant recall what I may have changed originally to get this working!)

Hmmm…. just realised I have 2 x NGINX proxies. One I created myself (for a web site I host) and the manual triggered me to realise there is a NGINX proxy in the mailcow dockerised stack also (or rather, it is the proxy for the GUI, I thought it was the GUI) each on their own networks.

The proxy I deployed myself, I was trying to configure for mailcow…

Will have to rethink this setup

Either way I cant troubleshoot this issue right now til I resolve the waiting for database issue which I’m totally stumped on https://community.mailcow.email/d/4049-waiting-for-database

What mailcow docker container / port does Let’s encrypt connect too on HTTP for SSL renewals?
I have NGINX proxy on HTTP, wanting to direct to the correct container so ssl can get renewed
Also does it use the autodiscover… record or mail…. record to renew?

In logs I get

Confirmed A record with IP x.x.x.x, but HTTP validation failed

Originally I had NGINX for http pointing to another container, but dont need that anymore. So need to point http to the correct container… which one is it supposed to be?

In logs I get

Confirmed A record with IP x.x.x.x, but HTTP validation failed

Originally I had NGINX for http pointing to another container, but dont need that anymore. So need to point http to the correct container… which one is it supposed to be?

Mailcow v2024-07

Running mailcow dockerized, on Rpi4 with 128GB SSD, disk usually sits about 15% in use, 3 times now the log file in the postfix container (/var/lib/docker/containers/03b6…8f9-json.log) consumes all disk space. Tailing the log it shows this repeated over and over. Any ideas?

{“log”:“2024-08-11 15:16:40,307 INFO success: processes entered RUNNING state, process has stayed up for \u003e than 1 seconds (startsecs)\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:40.308066309Z”}
{“log”:“2024-08-11 15:16:40,308 INFO success: postfix entered RUNNING state, process has stayed up for \u003e than 1 seconds (startsecs)\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:40.308157178Z”}
{“log”:“2024-08-11 15:16:40,308 INFO success: syslog-ng entered RUNNING state, process has stayed up for \u003e than 1 seconds (startsecs)\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:40.308333621Z”}
{“log”:“\u001b[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\u001b[0m\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:41.062467697Z”}
{“log”:“\u001b[33mUsing the open Spamhaus blocklists.\u001b[0m\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:41.062570585Z”}
{“log”:“chown: cannot access ‘/usr/share/man/man1/mailq.1.gz’: No such file or directory\n”,“stream”:“stderr”,“time”:“2024-08-11T03:16:41.820820543Z”}
{“log”:“Aug 11 15:16:44 03b652ecd236 postfix/postfix-script[342]: starting the Postfix mail system\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:44.045942502Z”}
{“log”:“Aug 11 15:16:44 03b652ecd236 postfix/master[344]: daemon started – version 3.7.10, configuration /opt/postfix/conf\n”,“stream”:“stdout”,“time”:“2024-08-11T03:16:44.066376407Z”}
{“log”:“Aug 11 15:17:39 03b652ecd236 syslog-ng[9]: REDIS: failed to connect; driver=‘d_redis_ui_log#0’\n”,“stream”:“stdout”,“time”:“2024-08-11T03:17:39.332629719Z”}
{“log”:“Aug 11 15:17:39 03b652ecd236 syslog-ng[9]: REDIS: failed to connect; driver=‘d_redis_f2b_channel#0’\n”,“stream”:“stdout”,“time”:“2024-08-11T03:17:39.3347554Z”}

Workaround I’ve done is create a mailbox with members@domain.com, create a cryptic alias, like sdaf902349r123@domain.com and add mailing list members email addresses too it, create a BCC recipient map under ‘Address rewriting’ so members@domain.com goes to the cryptic alias email address, then create a global pre-filter so that…

if address :is "to" "members@domain.com" 
{
   if not address :is "from" "admin@domain.com"
   {
      reject "You do not have permissions to email this mailing list";
      discard;
      stop;
   }
}

This works, only issue is rspamd daemon adds a received header to the email that has the cryptic email address in it. Only visible to those that know how, but still be nice to omit it. Anyway to remove this?!

Feel like Im chasing my tail here

I have mailcow installed in a docker container and all is working well

I’ve setup an alias as a ‘mailing list’ which also works fine.

I’m now trying to configure a Sieve global prefilter (or post filter) to deny emails to the mailing list address unless its sent from a specific local admin mailbox only. If I send emails externally (from private email address) to the mailing list to test it, they still get sent to all alias addresses - the sieve filter isnt kicking in. I cant tell if its a sieve syntax issue or whether sieve is simply not running (how do I tell?) The script is simply:

# Check if the email is to members
if address :is "to" "members@domain.com" 
{
   if address :is "from" "admin@domain.com"
   {
      keep;
   } 
   else 
   {
      discard;
      stop;
   }
}

What am I doing wrong? Internet emails aredelivered direct to mailcow via SMTP (no sync jobs or fetch mail)