How to check that my mailserver is not sending spam?

[billy-mar]

Subject

Other

Description

Dear developers and maintainers,

Docker Mailserver is fantastic project, thank you very much for it! ;-)

Could you please help me with one question I didn't find an answer to? I searched in Docs and in github issues...

A few days ago I installed Docker Mailserver and I sent just a few e-mails from it to my own address to verify everything is working fine. Yesterday I received a concerning e-mail from linode.com where I'm hosting the server.

We have received a notification from an FBL service that a message you have sent has been marked as spam.

I think there are two options.

a) The e-mail it's wrong and I should not worry.

b) Some bot searching for 25/tcp open ports hacked into the mailserver. When I set up my accounts I used a very strong password but I'm slightly worried anyway.

Could you please tell me the best way to monitor all outgoing messages? It's not a privacy concern since I'm the only user of the server...

Thank you.

Billy

[casperklein]

Your server could be an open relay. You can use external services like this to check that.

If you use the default docker-compose.yml, you should find the mail logs in ./docker-data/dms/mail-logs/ on the host. Every mail that was send, is logged there.

[billy-mar]

Yes, it is a SMTP Open Relay. Thank you for the tip about the MXtoolbox!

I must admit, I don't use the recommended docker-compose.yml. I run it as a "pod" using Podman but I did configured PERMIT_DOCKER=none as suggested in the Docs. I'll investigate further. Thank you.

[billy-mar]

Fixed by:

sed -E -i "s|^mynetworks.*|mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64|" /etc/postfix/main.cf
supervisorctl restart postfix

(from inside of the container)

At this moment workaround - I need to figure out how to make it permanent.

[casperklein]

In the next version or the current edge build, you can set the PERMIT_DOCKER=none.
It's not available in earlier versions.

[billy-mar]

Ouh, I didn't realize that this setting is not available in latest / 10.4.0. Thank you!

[p-fruck]

@billy-mar Just a quick hint on how to make changes permanent on earlier versions, e.g. if you cannot use edge for some reason: You could use the slip4netns approach. However, using the slirp4netns driver your container will not be able to communicate with other containers, e.g. LDAP

[billy-mar]

Thank you @p-fruck , I'm happy to use Edge. I actually I didn't realize you have Dev version / Dev tag on Docker Hub.

I'll use it mainly to find possible bugs and hopefully contribute back to this fantastic project that gave me so much for nothing ;-). Also I'm the ideal tester since the mailserver will not be my primary e-mail so I'm OK with some level of buginess or instability ;-). And I want to use Podman so that's less tested use case.

Thank you.