External IMAP clients don't connect.

[zerpex]

Hi,

I have a strange issue. My container is up and running.
I use rainloop as a webmail. It is installed as another docker container on the same server.

When I configure Rainloop with the local IP of the server, everything is working flawlessly (including sending/receiving emails), but when I configure it with the fdqn or the external IP adress, connections are refused with these errors :

stream_socket_client(): unable to connect to ssl://my.domain.tld:993 (Operation timed out)

stream_socket_client(): unable to connect to tcp://my.domain.tld:587 (Operation timed out)

(telnet from outside to these ports are ok)

Here are 2 TCPDump made on the server while attempting to connect with external IMAP client :

root@stellar:/root# tcpdump -n port 587
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:53:42.784556 IP yyy.yyy.yyy.yyy.50277 > xxx.xxx.xxx.xxx.587: Flags [S], seq 2432524948, win 29200, options [mss 1460,sackOK,TS val 323710534 ecr 0,nop,wscale 7], length 0
10:53:43.783685 IP yyy.yyy.yyy.yyy.50277 > xxx.xxx.xxx.xxx.587: Flags [S], seq 2432524948, win 29200, options [mss 1460,sackOK,TS val 323710784 ecr 0,nop,wscale 7], length 0
10:53:45.787685 IP yyy.yyy.yyy.yyy.50277 > xxx.xxx.xxx.xxx.587: Flags [S], seq 2432524948, win 29200, options [mss 1460,sackOK,TS val 323711285 ecr 0,nop,wscale 7], length 0
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel

root@stellar:/root# tcpdump -n port 993
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:54:06.944484 IP yyy.yyy.yyy.yyy.34158 > xxx.xxx.xxx.xxx.993: Flags [S], seq 1048409777, win 29200, options [mss 1460,sackOK,TS val 323716574 ecr 0,nop,wscale 7], length 0
10:54:07.943693 IP yyy.yyy.yyy.yyy.34158 > xxx.xxx.xxx.xxx.993: Flags [S], seq 1048409777, win 29200, options [mss 1460,sackOK,TS val 323716824 ecr 0,nop,wscale 7], length 0
10:54:09.947775 IP yyy.yyy.yyy.yyy.34158 > xxx.xxx.xxx.xxx.993: Flags [S], seq 1048409777, win 29200, options [mss 1460,sackOK,TS val 323717325 ecr 0,nop,wscale 7], length 0
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel

Paquets are arriving, but there is no answer at all...

Here is my docker-compose.yml file (I tryed disabling cap_add, but got the same issue) :

version: '2'

services:
  mail:
    image: tvial/docker-mailserver:latest
    container_name: gnet-mailserver
    restart: always
    hostname: mail
    domainname: domain.tld
    ports:
    - "25:25"
    - "143:143"
    - "587:587"
    - "993:993"
    - "4190:4190"
    volumes:
    - ./files/maildata:/var/mail
    - ./files/mailstate:/var/mail-state
    - ./files/config:/tmp/docker-mailserver/
    - /etc/localtime:/etc/localtime:ro
    environment:
    - ENABLE_SPAMASSASSIN=1
    - ENABLE_CLAMAV=1
    - ENABLE_MANAGESIEVE=1
    - ENABLE_FAIL2BAN=1
    - ENABLE_POSTGREY=1
    - SSL_TYPE=letsencrypt
    - ONE_DIR=1
    - DMS_DEBUG=0
    cap_add:
    - NET_ADMIN

volumes:
  files:
    driver: local

Any idea ?

[tomav]

Hi @zerpex, this is perhaps related: #501

[zerpex]

Hi @tomav , no, I got the exact same issue after completly disabling fail2ban and re-up the container :/

version: '2'

services:
  mail:
    image: tvial/docker-mailserver:latest
    container_name: gnet-mailserver
    restart: always
    hostname: mail
    domainname: domain.tld
    ports:
    - "25:25"
    - "143:143"
    - "587:587"
    - "993:993"
    - "4190:4190"
    volumes:
    - ./files/maildata:/var/mail
    - ./files/mailstate:/var/mail-state
    - ./files/config:/tmp/docker-mailserver/
    - /etc/localtime:/etc/localtime:ro
    environment:
    - ENABLE_SPAMASSASSIN=1
    - ENABLE_CLAMAV=1
    - ENABLE_MANAGESIEVE=1
    - ENABLE_FAIL2BAN=0
    - ENABLE_POSTGREY=1
    - SSL_TYPE=letsencrypt
    - ONE_DIR=1
    - DMS_DEBUG=0
#    cap_add:
#    - NET_ADMIN

volumes:
  files:
    driver: local

[kdaye]

I got same error with RainLoop, are you solution it?

[kdaye]

after delete mailstate/lib-fail2ban/*, it's works.

Hi @tomav how to set whitelist fail2ban?

[zerpex]

really strange as I completely disabled fail2ban and it doesn't work...

Just trying your trick and I'll let you know.

[zerpex]

It's a KO :/

Can you please post your docker-compose file ?

[zerpex]

Just tryed with Solmail app from google play store and this client can connect to the server. Wierd...

[kdaye]

version: '2'

services:
  mail:
    restart: always
    image: tvial/docker-mailserver:latest
    # build: .
    hostname: mail
    domainname: domain.com
    container_name: mail
    environment:
      - SSL_TYPE=letsencrypt
      - POSTMASTER_ADDRESS=postmaster@domain.com
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - ONE_DIR=1
      - DMS_DEBUG=0
    cap_add:
    - NET_ADMIN
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
    volumes:
      - maildata:/var/mail
      - /data/mailserver/state:/var/mail-state
      - ./config/:/tmp/docker-mailserver/
      - /etc/letsencrypt:/etc/letsencrypt
      - ./config/10-ssl.conf:/etc/dovecot/conf.d/10-ssl.conf
volumes:
  maildata:
    driver: local

follow me
delete mailstate/lib-fail2ban/*

docker stop mail
docker rm mail
docker-compose up -d mail

then it's working.

another error issues
RainLoop/rainloop-webmail#1346

[kdaye]

what about your ssl conf?

[johansmitsnl]

Did it get solved?

[jujes]

same issue here:

solved removing lib-fail2ban/*

[johansmitsnl]

What is causing it to get on the ban list?