O
olli1411

  • Apr 25, 2024
  • Joined Oct 28, 2020
  • 17 discussions
  • 49 posts
  • 0 best answers
  • Post posted... wait what?
  • Hello everyone!

    I have configure my postfix like this configuration here:
    docs.mailcow.email Icon Unauthenticated Relaying - mailcow: dockerized documentation

    I have added my second mailserver (behind mailcow) to the mynetworks and restart the container.

    After sending out emails i get the following bounce back from mailcow:

    Remote Server returned ‘554 5.7.1 This message does not meet our delivery requirements’

    So I also stored the IP in the mailcow gui within the forwarding hosts setting. If I switch off the SPAM filter with this option, I can now send e-mails.

    However, there is a problem, all outgoing emails from this system are then NO longer DKIM signed, why?

    In addition, the emails then have this strange X header:

    X-Rspamd-Pre-Result: action=no action; module=Unknown lua; ip matched with forward hosts

    It wasn’t there before the update either!

    If I switch on the SPAM filter, the e-mail is apparently treated like an external e-mail and rejected.

    This has only occurred since the last update. Any ideas? Docker is already up to date.

    Is it possibly a bug?

  • Hello everyone!

    I have problems since the last update to connect to Maria-DB from external services.

    Created a docker-compose.override.yml and add this code:

    mysql-mailcow:
    ports:
    - 3306:3306

    From localhost (docker host) I can connect to Maria-DB (tested with e.g. telnet localhost 3306).

    From another host (10.10.10.1) connect to the docker host (mailcow host) direct to ip in the same network (_ e.g. telnet 10.10.10.2 3306_) I have no connection, nothing comes back:-(.

    Before I installed the last mailcow update this config works fine.

    Now I have tested, if I removed this code here from docker-compose.yml I can connect to Maria-DB host and everything is working fine. BUT WHY? Is the network mailcow-network restricted?

    networks:
    mailcow-network:
    aliases:
    - mysql

    The funny thing, without any other config I can connect to IMAP, SMTP from the other host (10.10.10.1). Firewall between the hosts are off.

    I have a second test (started with docker run) some Maria-DB like this here:

    docker run --detach --name some-mariadb --env MARIADB_ROOT_PASSWORD=my-secret-pw -p 444:3306 mariadb:10.5

    To this instance mariadb I can connect without any problem from other host. I think it some config from mailcow.

    Any ideas thank you for every help!!!

  • Hello everyone,

    I checked my logfiles and found serveral entries like this one here: (privat information removed here)

    auth: passwd-file(xxx@mydomain.de,X.X.X.X,<XXXXX/XXXXX>): unknown user
    auth: passwd-file(watchdog@invalid,X.X.X.X): unknown user
    auth-worker(140): conn unix:auth-worker: auth-worker<534440>: sql(watchdog@invalid,X.X.X.X): unknown user

    I did some research and found out that dovecot does not recognize the users if username@domain is used as username and a config adjustment would be necessary. Is this also necessary for mailcow if so why is this not in the mailcow default?

    Second thing, I have also about 60 - 120 request per one to two hours like this

    auth: static(username@domain.de,X.X.X.X): Password mismatch

    All of this IPs are automatically banned but is there any other option? Any one last question what does the last information of this line mean?

    auth: static(username@domain.de,X.X.X.X): allow_real_nets check failed: IP X.X.X.X not in allowed networks

    Thanks for any help!

  • Any news on this topic? Today I have about 60 requests like this:

    "auth: static(username,X.X.X.X: Password mismatch"
    "auth: static(username,X.X.X.X): allow_real_nets check failed: IP X.X.X.X not in allowed networks"

    What is meant by “auth: static”? And what is meant with allow_real_nets check failed: IP X.X.X.X not in allowed networks"?

  • esackbauer Thank you for help!
    Okay understand, I have already received 30 emails from netfilter today. With verbose log from dovecot I can see which usernames are used.

    What is meant by “auth: static”? And what is meant with allow_real_nets check failed: IP X.X.X.X not in allowed networks"?

  • Hello everyone,

    At the moment I have many log entries like this:

    "auth: static(username,X.X.X.X: Password mismatch"
    "auth: static(username,X.X.X.X): allow_real_nets check failed: IP X.X.X.X not in allowed networks"

    My ban configuration ban this ips for a time, but after this time they come back. Is is a simple “IMAP / Dovecot” Login? For what is the “auth: static” ? Can I disable or optimize something?

    Thanks for any help here!

  • Hello everyone,

    My question is, is there a way to customise the autconfig server file? Currently it delivers IMAP, IMAPS, POP3 and POP3S as well as SMTPS and SMTP via submission. I would like to remove POP3 and POP3S completely from the autoconfig file and not offer them, is there a way to do this?

    Furthermore, I have the question of how a client proceeds when SMTPS and SMTP are offered via submission. Which is used first and is there a prevention here? Is there anything against offering both?

    I would like, if possible, only:

    IMAPS (993) and SMTP via Submission (587) all other ports or connection types should not be offered in the autoconfig.

    Regards!

  • Hello everyone,

    I used mailcow with docker and traefik v2.

    In my mailcow.conf I configure this:

    SKIP_LETS_ENCRYPT=y
    ENABLE_SSL_SNI=n

    To explain my config, my mailcow is available under mx.mydomain.com. On this server I will hosted several domain like mydomain2.de, mydomain3.org etc. All this Domains have CNAME’s like this:

    autoconfig.mydomain2.de CNAME mx.mydomain.com
    autodiscover.mydomain2.de CNAME mx.mydomain.com

    autoconfig.mydomain3.org CNAME mx.mydomain.com
    autodiscover.mydomain3.org CNAME mx.mydomain.com

    Now would like to make it possible, that all domains can be set up via autoconfig/autodiscover. When I try to set up a mailbox with Thunderbird, for example, this does not work and I get an error in the Traefik log. The error message looks like this.

    http: TLS handshake error from xx.xxx.xx.xx strict SNI enabled - No certificate found for domain: \"autoconfig.mydomain2.de\", closing connection"
    time="2021-11-09T22:03:53Z" level=debug msg="http: TLS handshake error from xx.xxx.xx.xx strict SNI enabled - No certificate found for domain: \"autodiscover.mydomain2.de\", closing connecti

    Now the question is where is my mistake in this case? Is it mandatory to create a certificate for the subdomains autoconfig.* and autodisocver.* for each domain I create in Mailcow? In an old Postfix environment I did not have to issue a certificate for each domain and solved it via a NGINX rule as follows. Why does the whole thing no longer work with mailcow?

    I would not like to create separate certificates for each domain because of the security, as then all additional domains are displayed in the certificate that is also responsible for the main domain (mx.mydomain.com).

    I would like to handle the complete autoconfig / autodiscover via the main domain mx.mydomain.com without creating individual certificates for each e-mail domain.

    Config from my old Postfix standalone environment

    server {
            listen 80;
            server_name autoconfig.*;
            return 301 https://mailconfig.mydomain.de$request_uri;
    }

    My Traefik Lables configuration looks like this. I wanted to ensure that all requests concerning autodiscover.* and autoconfig.* are correctly redirected to the main domain mx.mydomain.de and can then be processed. But this does not work. Does anyone have an idea where the error lies or what I need to change?

    labels:

           #Admin
            - "traefik.enable=true"
            - "traefik.docker.network=traefik_network"
            - "traefik.http.routers.nginx-mailcow.entrypoints=https"
            - "traefik.http.routers.nginx-mailcow.rule=Host(`mx.mydomain.com`)
            - "traefik.http.routers.nginx-mailcow.tls=true"
            - "traefik.http.routers.nginx-mailcow.tls.certresolver=tlschallenge"
            - "traefik.http.routers.nginx-mailcow.service=nginx-mailcow"
            - "traefik.http.services.nginx-mailcow.loadbalancer.server.port=8181"
    
    
            #Autoconfig
            - "traefik.http.routers.nginx-mailcow-autoconfig.entrypoints=http"
            - "traefik.http.routers.nginx-mailcow-autoconfig.rule=HostRegexp(`{host:(autodiscover|autoconfig|mail|email).+}`)"
            - "traefik.http.routers.nginx-mailcow-autoconfig.middlewares=autoconfig"
            - "traefik.http.routers.nginx-mailcow-autoconfig.service=nginx-mailcow-autoconfig"
            - "traefik.http.services.nginx-mailcow-autoconfig.loadbalancer.server.port=80"
            - "traefik.http.routers.nginx-mailcow-autoconfig.priority=1000"
    
             #Autoconfig Middleware
            - "traefik.http.middlewares.autoconfig.redirectregex.regex=^http://autoconfig/(.*)"
            - "traefik.http.middlewares.autoconfig.redirectregex.replacement=https://mx.mydomain.com/$${1}"

    Regards!

  • Gibt es hierzu neue informationen?

  • diekuh Also wenn es eine Möglichkeit gibt die Docs abzuschalten wäre es cool. Wenn ich es mit einem Passwort schütze fragt das WebUI nur leider bei jeder Anfrage danach.

  • Hallo zusammen,

    Ich würde gerne alle Docker Volumes von /var/lib/docker/volumes in mein Projekt Verzeichnis /data/volumes verschieben. Ich habe eine docker-compose.override.yml erstellt.

    volumes:
       vmail-vol-1:
       driver: local
       driver_opts:
          type: 'none'
          o: 'bind'
          device: '/opt/docker/mailcow-dockerized/data/volumes/vmail-vol-1'

    Aber mailcow erstellt immer wieder die Volumes in/var/lib/docker/volumes eine Idee wie ich das verhindern kann oder ist es bereits in den Images so hinterlegt?

    Ich habe folgendes Dokument genutzt:

    Redirecting...

    Ich würde aber gerne alle Docker Volumes verschieben.

       vmail-index-vol-1:
       driver: local
       driver_opts:
          type: 'none'
          o: 'bind'
          device: '/opt/docker/mailcow-dockerized/data/volumes/vmail-index-vol-1'
  • Headcrasch Also ich habe das ganze mit Traefik am laufen. Von Apache2 bin ich kein Fan. Deshalb würde ich Dir empfehlen einfach den NGINX der dabei ist zu verwenden

    • Headcrasch Schau Dir am besten mal die mailcow Doku an wie man den Traefik konfiguriert. Sofern Du dich noch nie mit Traefik beschäftigt hast, kannst Du das ganze aber auch über den normalen nginx laufen lassen, dagegen spricht ja gar nichts.

      • Headcrasch Und wo ist da der traefik? ;-) Und wie sieht Deine docker-compose bzw. docker-compose.override aus?

      • Headcrasch Meist nur einen Tag oder ein paar Stunden. Aber für Dein nginx-mailcow gibt es ja noch ein anderes Problem und zwar das der Traefik den nginx Container nicht erreichen kann. Daher mal prüfen ob beide im selben Docker Netzwerk sind. Wie sieht Deine docker-compose bzw. docker-compose.override aus? In welchem Netz ist der Traefik in welchem der nginx mailcow Container?