Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POSTFIX_INET_PROTOCOLS not applied. #1504

Closed
Ether009 opened this issue May 9, 2020 · 9 comments · Fixed by #1505
Closed

POSTFIX_INET_PROTOCOLS not applied. #1504

Ether009 opened this issue May 9, 2020 · 9 comments · Fixed by #1505

Comments

@Ether009
Copy link

Ether009 commented May 9, 2020

Setting the above env var, does not produce the corresponding line in the postfix configuration, resulting in trying to reach kopano-dagent over ipv6, even if this is not at all available.

`
root@mail-569fc74d58-p5rg2:/# echo $POSTFIX_INET_PROTOCOLS
ipv4
root@mail-569fc74d58-p5rg2:/# cat /etc/postfix/main.cf | grep ipv4
root@mail-569fc74d58-p5rg2:/#

`
It should have created the inet_protocols = ipv4 line properly.
@youtous
Copy link
Contributor

youtous commented May 9, 2020
edited

This image is using postconf for setting some parameters dynamically (see https://github.com/tomav/docker-mailserver/blob/43621e744eee25b3ff2278a7b8ca0d3ebc72a34d/target/start-mailserver.sh#L1172).

What is the output of postconf inet_protocols?

@Ether009
Copy link
Author

Ether009 commented May 9, 2020

root@mail-7465f748c9-9mq6c:/# postconf inet_protocols
inet_protocols = all

@youtous
Copy link
Contributor

youtous commented May 9, 2020
edited

I cannot reproduce. Can you provide your docker-compose/env files etc. as mentioned in https://github.com/tomav/docker-mailserver/blob/master/.github/ISSUE_TEMPLATE/bug_report.md?

You can also enable DMS_DEBUG=1 and post the starting log.

Thank you

@youtous youtous mentioned this issue May 9, 2020
Merged
@youtous
Copy link
Contributor

youtous commented May 9, 2020

I've added a test (#1505) and POSTFIX_INET_PROTOCOLS is working.
Perhaps you have a configuration issue.

@Ether009
Copy link
Author

Ether009 commented May 9, 2020
edited

Well since I'm setting it up in Kubernetes, I can't really provide a compose file. But I can give you the yaml file for k8s. DMS_DEBUG is enabled for now, but it's not like I'm receiving an error or anything. It's just that I noticed that it didn't actually respect the setting. I'll also attach the full startup log. No idea how to get the indentation right for the yaml but hopefully it's readable anyway.

apiVersion: apps/v1
kind: Deployment
metadata:
name: mail
labels:
app: mail
spec:
replicas: 1
selector:
matchLabels:
app: mail
template:
metadata:
labels:
app: mail
spec:
containers:
- name: mail
image: tvial/docker-mailserver:release-v6.2.0
ports:
- name: smtp
containerPort: 25
- name: smtps
containerPort: 465
- name: msa
containerPort: 587
env:
# General
- name: DMS_DEBUG
value: "1"
- name: ENABLE_CLAMAV
value: "0"
- name: ONE_DIR
value: "1"
- name: ENABLE_POP3
value: "0"
- name: ENABLE_FAIL2BAN
value: "0"
- name: SMTP_ONLY
value: "1"
- name: SSL_TYPE
value: "self-signed"
- name: TLS_LEVEL
value: "modern"
- name: SPOOF_PROTECTION
value: "1"
- name: ENABLE_SRS
value: "0"
- name: PERMIT_DOCKER
value: "host"
- name: VIRUSMAILS_DELETE_DELAY
value: ""
- name: ENABLE_POSTFIX_VIRTUAL_TRANSPORT
value: "1"
- name: POSTFIX_DAGENT
value: "lmtp:kopano-dagent.kopano.svc.cluster.local:2003"
- name: POSTFIX_MAILBOX_SIZE_LIMIT
value: ""
- name: ENABLE_QUOTAS
value: "0"
- name: POSTFIX_MESSAGE_SIZE_LIMIT
value: "10240000"
- name: ENABLE_MANAGESIEVE
value: "0"
- name: OVERRIDE_HOSTNAME
value: "mail.domain.tld"
- name: POSTMASTER_ADDRESS
value: "postmaster@domain.tld"
- name: POSTSCREEN_ACTION
value: "enforce"
- name: DOVECOT_MAILBOX_FORMAT
value: "maildir"
- name: POSTFIX_INET_PROTOCOLS
value: "ipv4"
# Reports
- name: PFLOGSUMM_TRIGGER
value: "daily_cron"
- name: PFLOGSUMM_RECIPIENT
value: "ether@domain.tld"
- name: LOGWATCH_INTERVAL
value: "weekly"
- name: LOGWATCH_RECIPIENT
value: "ether@domain.tld"
- name: LOGROTATE_INTERVAL
value: "daily"
# Spamassassin
- name: ENABLE_SPAMASSASSIN
value: "0"
- name: SPAMASSASSIN_SPAM_TO_INBOX
value: "1"
- name: MOVE_SPAM_TO_JUNK
value: "1"
- name: SA_TAG
value: "2.0"
- name: SA_TAG2
value: "6.31"
- name: SA_KILL
value: "100.0"
- name: SA_SPAM_SUBJECT
value: "[SPAM]"
- name: SA_SHORTCIRCUIT_BAYES_SPAM
value: "1"
- name: SA_SHORTCIRCUIT_BAYES_HAM
value: "1"
# Fetchmail
- name: ENABLE_FETCHMAIL
value: "0"
- name: FETCHMAIL_POLL
value: "300"
# LDAP
- name: ENABLE_LDAP
value: "1"
- name: LDAP_START_TLS
value: "yes"
- name: LDAP_SERVER_HOST
value: "openldap.openldap"
- name: LDAP_SEARCH_BASE
value: "dc=domain,dc=tld"
- name: LDAP_BIND_DN
value: "cn=admin,dc=domain,dc=tld"
- name: LDAP_BIND_PW
value: ""
- name: LDAP_QUERY_FILTER_USER
value: "(mail=%s)"
- name: LDAP_QUERY_FILTER_GROUP
value: "(memberUid=%s)"
- name: LDAP_QUERY_FILTER_ALIAS
value: "(mailAlias=%s)"
- name: LDAP_QUERY_FILTER_DOMAIN
value: "(&(objectClass=dNSDomain)(dc=%s))"
- name: DOVECOT_TLS
value: "0"
# Dovecot
- name: DOVECOT_USER_FILTER
value: "(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- name: DOVECOT_USER_ATTRS
value: "homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail"
- name: DOVECOT_PASS_ATTRS
value: uid=user,userPassword=password
- name: ENABLE_POSTGREY
value: "0"
- name: POSTGREY_DELAY
value: "300"
- name: POSTGREY_MAX_AGE
value: "35"
- name: POSTGREY_AUTO_WHITELIST_CLIENTS
value: "5"
- name: POSTGREY_TEXT
value: "Delayed by postgrey"
# SASL Auth
- name: ENABLE_SASLAUTHD
value: "1"
- name: SASLAUTHD_MECHANISMS
value: "ldap"
- name: SASLAUTHD_MECH_OPTIONS
value: ""
- name: SASLAUTHD_LDAP_SERVER
value: "openldap.openldap"
- name: SASLAUTHD_LDAP_SSL
value: "1"
- name: SASLAUTHD_LDAP_BIND_DN
value: "cn=admin,dc=domain,dc=tld"
- name: SASLAUTHD_LDAP_PASSWORD
value: ""
- name: SASLAUTHD_LDAP_SEARCH_BASE
value: "dc=domain,dc=tld"
- name: SASLAUTHD_LDAP_FILTER
value: "(uid=%U)"
- name: SASL_PASSWD
value: ""
# SRS (Sender Rewriting Scheme)
- name: SRS_SENDER_CLASSES
value: "envelope_sender"
- name: SRS_EXCLUDE_DOMAINS
value: ""
- name: SRS_SECRET
value: ""
- name: SRS_DOMAINNAME
value: "domain.tld"
# Default Relay Host
- name: DEFAULT_RELAY_HOST
value: "[smtp.sendgrid.net]:587"
# Multi-domain Relay Hosts
- name: RELAY_HOST
value: "smtp.sendgrid.net"
- name: RELAY_PORT
value: "587"
- name: RELAY_USER
value: "apikey"
- name: RELAY_PASSWORD
value: ""
volumeMounts:
- name: maildata
mountPath: /var/mail
- name: mailstate
mountPath: /var/mail-state
- name: mtaconfig
mountPath: /tmp/docker-mailserver
- name: certs
mountPath: /cert
- name: certs
mountPath: /etc/ssl/certs/ca-certificates.crt
subPath: ca.crt
volumes:
- name: maildata
glusterfs:
endpoints: dream-cluster
path: media2/docker/maildata
readOnly: false
- name: mailstate
emptyDir:
medium: Memory
- name: mtaconfig
glusterfs:
endpoints: dream-cluster
path: media2/docker/mtaconfig
readOnly: false
- name: certs
projected:
sources:
- secret:
name: kopano-search-domain-tld-cert
items:
- key: ca.crt
path: ca.crt
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key

and logfile:

root@dream0:~/kopano# kubectl logs mail-7465f748c9-9mq6c
2020-05-09 18:17:44,339 CRIT Supervisor running as root (no user in config file)
2020-05-09 18:17:44,344 INFO Included extra file "/etc/supervisor/conf.d/saslauth.conf" during parsing
2020-05-09 18:17:44,345 INFO Included extra file "/etc/supervisor/conf.d/supervisor-app.conf" during parsing
2020-05-09 18:17:44,362 INFO RPC interface 'supervisor' initialized
2020-05-09 18:17:44,371 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2020-05-09 18:17:44,373 INFO supervisord started with pid 1
2020-05-09 18:17:45,376 INFO spawned: 'mailserver' with pid 8

2020-05-09 18:17:45,412 INFO success: mailserver entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)

ENV

DEFAULT_RELAY_HOST=[smtp.sendgrid.net]:587
MAIL_PORT_587_TCP_PORT=587
RELAY_PORT=587
SA_SHORTCIRCUIT_BAYES_HAM=1
MAIL_PORT_465_TCP_PORT=465
SASLAUTHD_LDAP_FILTER=(uid=%U)
FETCHMAIL_POLL=300
KOPANO_GATEWAY_PORT_995_TCP_PORT=995
POSTGREY_DELAY=300
KOPANO_GATEWAY_PORT_110_TCP_PORT=110
RELAY_HOST=smtp.sendgrid.net
KOPANO_GATEWAY_SERVICE_PORT=110
PFLOGSUMM_RECIPIENT=ether@domain.tld
SA_SHORTCIRCUIT_BAYES_SPAM=1
RELAY_USER=apikey
SASLAUTHD_LDAP_SEARCH_BASE=dc=domain,dc=tld
SASLAUTHD_MECHANISMS=ldap
KOPANO_GATEWAY_PORT_143_TCP=tcp://10.111.106.252:143
KOPANO_DAGENT_SERVICE_PORT_LMTP=2003
DREAM_CLUSTER_SERVICE_HOST=10.100.23.196
MAIL_SERVICE_PORT_SMTP=25
SA_SPAM_SUBJECT=[SPAM]
SPOOF_PROTECTION=1
MAIL_PORT_25_TCP_ADDR=10.109.26.226
LDAP_BIND_PW=
ENABLE_LDAP=1
HOSTNAME=mail-7465f748c9-9mq6c
KOPANO_KONNECT_PORT_8777_TCP_PORT=8777
OVERRIDE_HOSTNAME=mail.domain.tld
DREAM_CLUSTER_PORT_1_TCP_PORT=1
SASLAUTHD_LDAP_PASSWORD=
LDAP_SERVER_HOST=openldap.openldap
POSTMASTER_ADDRESS=postmaster@domain.tld
KOPANO_GATEWAY_PORT_110_TCP_ADDR=10.111.106.252
LDAP_SEARCH_BASE=dc=domain,dc=tld
MAIL_PORT_465_TCP_PROTO=tcp
MAIL_SERVICE_HOST=10.109.26.226
KOPANO_SERVER_PORT_237_TCP=tcp://10.104.47.144:237
KOPANO_GATEWAY_SERVICE_HOST=10.111.106.252
KOPANO_KONNECT_PORT=tcp://10.98.236.163:8777
KOPANO_GATEWAY_PORT_993_TCP_PROTO=tcp
KOPANO_KONNECT_SERVICE_PORT_HTTPS=8777
KOPANO_DAGENT_PORT_2003_TCP_ADDR=10.99.187.66
LDAP_BIND_DN=cn=admin,dc=domain,dc=tld
SRS_DOMAINNAME=domain.tld
KOPANO_GATEWAY_PORT_993_TCP_ADDR=10.111.106.252
ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
TLS_LEVEL=modern
KOPANO_SERVER_PORT_237_TCP_ADDR=10.104.47.144
KUBERNETES_PORT_443_TCP_PROTO=tcp
DREAM_CLUSTER_PORT_1_TCP=tcp://10.100.23.196:1
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
SA_TAG=2.0
KOPANO_WEBAPP_PORT_80_TCP_PROTO=tcp
ENABLE_MANAGESIEVE=0
DREAM_CLUSTER_PORT_1_TCP_ADDR=10.100.23.196
DREAM_CLUSTER_PORT=tcp://10.100.23.196:1
SMTP_ONLY=1
POSTFIX_INET_PROTOCOLS=ipv4
PERMIT_DOCKER=host
SA_TAG2=6.31
KOPANO_GATEWAY_PORT_143_TCP_PORT=143
POSTFIX_MESSAGE_SIZE_LIMIT=10240000
KOPANO_GATEWAY_SERVICE_PORT_POP3=110
KUBERNETES_PORT=tcp://10.96.0.1:443
PFLOGSUMM_TRIGGER=daily_cron
KOPANO_GATEWAY_PORT_143_TCP_ADDR=10.111.106.252
LOGWATCH_RECIPIENT=ether@domain.tld
MAIL_PORT_587_TCP_ADDR=10.109.26.226
POSTFIX_MAILBOX_SIZE_LIMIT=0
MAIL_SERVICE_PORT=25
KOPANO_GATEWAY_PORT_143_TCP_PROTO=tcp
SPAMASSASSIN_SPAM_TO_INBOX=1
LOGWATCH_INTERVAL=weekly
KOPANO_WEBAPP_PORT_80_TCP=tcp://10.98.41.80:80
PWD=/
POSTFIX_DAGENT=lmtp:kopano-dagent.kopano.svc.cluster.local:2003
LDAP_QUERY_FILTER_USER=(mail=%s)
DOVECOT_TLS=0
KOPANO_SERVER_SERVICE_HOST=10.104.47.144
HOME=/root
KOPANO_GATEWAY_PORT_995_TCP_ADDR=10.111.106.252
SA_KILL=100.0
KOPANO_GATEWAY_SERVICE_PORT_IMAP=143
KOPANO_KONNECT_SERVICE_HOST=10.98.236.163
KOPANO_WEBAPP_PORT=tcp://10.98.41.80:80
KOPANO_GATEWAY_PORT_995_TCP=tcp://10.111.106.252:995
MAIL_PORT_465_TCP_ADDR=10.109.26.226
KUBERNETES_SERVICE_PORT_HTTPS=443
DREAM_CLUSTER_PORT_1_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
DMS_DEBUG=1
KOPANO_SERVER_SERVICE_PORT=237
KOPANO_WEBAPP_SERVICE_PORT_HTTP=80
KOPANO_DAGENT_PORT_2003_TCP_PROTO=tcp
ENABLE_FAIL2BAN=0
MOVE_SPAM_TO_JUNK=1
KOPANO_GATEWAY_PORT_993_TCP=tcp://10.111.106.252:993
SSL_TYPE=self-signed
SUPERVISOR_PROCESS_NAME=mailserver
KOPANO_SERVER_SERVICE_PORT_HTTPS=237
POSTSCREEN_ACTION=enforce
KOPANO_WEBAPP_SERVICE_PORT=80
SUPERVISOR_ENABLED=1
KOPANO_GATEWAY_PORT_110_TCP_PROTO=tcp
LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s)
SASLAUTHD_LDAP_SERVER=openldap.openldap
KOPANO_DAGENT_SERVICE_PORT=2003
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KOPANO_KONNECT_PORT_8777_TCP_ADDR=10.98.236.163
DOVECOT_PASS_ATTRS=uid=user,userPassword=password
SASL_PASSWD=
MAIL_PORT_25_TCP_PROTO=tcp
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=domain,dc=tld
MAIL_PORT_25_TCP=tcp://10.109.26.226:25
KOPANO_GATEWAY_SERVICE_PORT_POP3S=995
ENABLE_SPAMASSASSIN=0
KOPANO_SERVER_PORT=tcp://10.104.47.144:237
KOPANO_WEBAPP_SERVICE_HOST=10.98.41.80
ENABLE_POSTGREY=0
KOPANO_WEBAPP_PORT_80_TCP_ADDR=10.98.41.80
MAIL_SERVICE_PORT_MSA=587
ENABLE_FETCHMAIL=0
RELAY_PASSWORD=
SRS_SECRET=
KOPANO_GATEWAY_PORT_995_TCP_PROTO=tcp
VIRUSMAILS_DELETE_DELAY=7
KOPANO_DAGENT_SERVICE_HOST=10.99.187.66
ENABLE_QUOTAS=0
LOGROTATE_INTERVAL=daily
MAIL_PORT_587_TCP_PROTO=tcp
KOPANO_SERVER_PORT_237_TCP_PORT=237
KOPANO_KONNECT_PORT_8777_TCP_PROTO=tcp
SASLAUTHD_MECH_OPTIONS=
DOVECOT_USER_ATTRS=homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
SHLVL=1
SRS_SENDER_CLASSES=envelope_sender
KOPANO_GATEWAY_SERVICE_PORT_IMAPS=993
KUBERNETES_SERVICE_PORT=443
MAIL_PORT_587_TCP=tcp://10.109.26.226:587
ENABLE_SRS=0
ENABLE_SASLAUTHD=1
KOPANO_GATEWAY_PORT=tcp://10.111.106.252:110
KOPANO_GATEWAY_PORT_110_TCP=tcp://10.111.106.252:110
SUPERVISOR_GROUP_NAME=mailserver
LDAP_QUERY_FILTER_DOMAIN=(&(objectClass=dNSDomain)(dc=%s))
KOPANO_DAGENT_PORT=tcp://10.99.187.66:2003
KOPANO_KONNECT_PORT_8777_TCP=tcp://10.98.236.163:8777
MAIL_SERVICE_PORT_SMTPS=465
MAIL_PORT=tcp://10.109.26.226:25
DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
DREAM_CLUSTER_SERVICE_PORT=1
ENABLE_CLAMAV=0
KOPANO_WEBAPP_PORT_80_TCP_PORT=80
POSTGREY_AUTO_WHITELIST_CLIENTS=5
SASLAUTHD_LDAP_SSL=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL_PORT_465_TCP=tcp://10.109.26.226:465
KOPANO_GATEWAY_PORT_993_TCP_PORT=993
POSTGREY_TEXT=Delayed by postgrey
ONE_DIR=1
KOPANO_KONNECT_SERVICE_PORT=8777
DOVECOT_MAILBOX_FORMAT=maildir
SUPERVISOR_SERVER_URL=unix:///dev/shm/supervisor.sock
POSTGREY_MAX_AGE=35
KOPANO_SERVER_PORT_237_TCP_PROTO=tcp
KUBERNETES_SERVICE_HOST=10.96.0.1
ENABLE_POP3=0
LDAP_QUERY_FILTER_GROUP=(memberUid=%s)
MAIL_PORT_25_TCP_PORT=25
LDAP_START_TLS=yes
KOPANO_DAGENT_PORT_2003_TCP_PORT=2003
KOPANO_DAGENT_PORT_2003_TCP=tcp://10.99.187.66:2003
SRS_EXCLUDE_DOMAINS=
_=/usr/bin/printenv

docker-mailserver

Initializing setup
Registering check,setup,fix,misc and start-daemons functions

  • _check_environment_variables() registered
  • _check_hostname() registered
  • _setup_default_vars() registered
  • _setup_ldap() registered
  • _setup_saslauthd() registered
  • _setup_dkim() registered
  • _setup_ssl() registered
  • _setup_docker_permit() registered
  • _setup_mailname() registered
  • _setup_amavis() registered
  • _setup_dmarc_hostname() registered
  • _setup_postfix_hostname() registered
  • _setup_dovecot_hostname() registered
  • _setup_postfix_smtputf8() registered
  • _setup_postfix_sasl() registered
  • _setup_postfix_override_configuration() registered
  • _setup_postfix_sasl_password() registered
  • _setup_security_stack() registered
  • _setup_postfix_aliases() registered
  • _setup_postfix_vhost() registered
  • _setup_postfix_dhparam() registered
  • _setup_postfix_postscreen() registered
  • _setup_postfix_sizelimits() registered
  • _setup_spoof_protection() registered
  • _setup_postfix_access_control() registered
  • _setup_postfix_default_relay_host() registered
  • _setup_postfix_relay_hosts() registered
  • _setup_postfix_virtual_transport() registered
  • _setup_environment() registered
  • _setup_logrotate() registered
  • _setup_chksum_file() registered
  • _fix_var_mail_permissions() registered
  • _fix_var_amavis_permissions() registered
  • _fix_cleanup_clamav() registered
  • _fix_cleanup_spamassassin() registered
  • _misc_save_states() registered
  • _start_daemons_cron() registered
  • _start_daemons_rsyslog() registered
  • _start_daemons_opendkim() registered
  • _start_daemons_opendmarc() registered
  • _start_daemons_postfix() registered
  • _start_daemons_saslauthd() registered
  • _start_daemons_amavis() registered
    Checking configuration
    Check that there are no conflicts with env variables [_check_environment_variables]
    Check that hostname/domainname is provided or overidden (no default docker hostname/kubernetes) [_check_hostname]
  • Domain has been set to domain.tld
  • Hostname has been set to mail.domain.tld
    Configuring mail server
    Setting up default variables [_setup_default_vars]
  • Set POSTFIX_MESSAGE_SIZE_LIMIT=10240000
  • Set ENABLE_LDAP=1
  • Set OVERRIDE_HOSTNAME=mail.domain.tld
  • Set DMS_DEBUG=1
  • Set POSTFIX_MAILBOX_SIZE_LIMIT=0
  • Set ENABLE_CLAMAV=0
  • Set POSTGREY_AUTO_WHITELIST_CLIENTS=5
  • Set ENABLE_FAIL2BAN=0
  • Set FETCHMAIL_POLL=300
  • Set TLS_LEVEL=modern
  • Set ENABLE_SPAMASSASSIN=0
  • Set DOVECOT_TLS=0
  • Set REPORT_RECIPIENT=0
  • Set POSTGREY_DELAY=300
  • Set POSTGREY_TEXT=Delayed by postgrey
  • Set ENABLE_POSTGREY=0
  • Set POSTGREY_MAX_AGE=35
  • Set POSTMASTER_ADDRESS=postmaster@domain.tld
  • Set ENABLE_FETCHMAIL=0
  • Set REPORT_SENDER=mailserver-report@mail.domain.tld
  • Set REPORT_INTERVAL=daily
  • Set ENABLE_MANAGESIEVE=0
  • Set VIRUSMAILS_DELETE_DELAY=7
  • Set ENABLE_SRS=0
  • Set POSTSCREEN_ACTION=enforce
  • Set ENABLE_POP3=0
  • Set ENABLE_SASLAUTHD=1
  • Set SMTP_ONLY=1
  • Set LDAP_START_TLS=yes
  • Set SPOOF_PROTECTION=1
    Setting up Ldap
  • Checking for custom configs
  • Starting to override configs

Config'O'mat. Version 0.0.0

Got the ENV_PREFIX: LDAP_
Got the CONF_FILE: /etc/postfix/ldap-users.cf

Starting to do overrides:

/etc/postfix/ldap-users.cf: query_filter_group = (memberUid=%s)
/etc/postfix/ldap-users.cf: saslauthd_ldap_server = openldap.openldap
/etc/postfix/ldap-users.cf: search_base = dc=domain,dc=tld
/etc/postfix/ldap-users.cf: saslauthd_ldap_bind_dn = cn=admin,dc=domain,dc=tld
/etc/postfix/ldap-users.cf: saslauthd_ldap_filter = (uid=%U)
/etc/postfix/ldap-users.cf: saslauthd_ldap_password =
/etc/postfix/ldap-users.cf: server_host = openldap.openldap
/etc/postfix/ldap-users.cf: query_filter = (mail=%s)
/etc/postfix/ldap-users.cf: start_tls = yes
/etc/postfix/ldap-users.cf: saslauthd_ldap_ssl = 1
/etc/postfix/ldap-users.cf: query_filter_user = (mail=%s)
/etc/postfix/ldap-users.cf: query_filter_alias = (mailAlias=%s)
/etc/postfix/ldap-users.cf: saslauthd_ldap_search_base = dc=domain,dc=tld
/etc/postfix/ldap-users.cf: bind_pw =
/etc/postfix/ldap-users.cf: query_filter_domain = (&(objectClass=dNSDomain)(dc=%s))
/etc/postfix/ldap-users.cf: bind_dn = cn=admin,dc=domain,dc=tld

Config'O'mat. Version 0.0.0

Got the ENV_PREFIX: LDAP_
Got the CONF_FILE: /etc/postfix/ldap-groups.cf

Starting to do overrides:

/etc/postfix/ldap-groups.cf: query_filter_group = (memberUid=%s)
/etc/postfix/ldap-groups.cf: saslauthd_ldap_server = openldap.openldap
/etc/postfix/ldap-groups.cf: search_base = dc=domain,dc=tld
/etc/postfix/ldap-groups.cf: saslauthd_ldap_bind_dn = cn=admin,dc=domain,dc=tld
/etc/postfix/ldap-groups.cf: saslauthd_ldap_filter = (uid=%U)
/etc/postfix/ldap-groups.cf: saslauthd_ldap_password =
/etc/postfix/ldap-groups.cf: server_host = openldap.openldap
/etc/postfix/ldap-groups.cf: query_filter = (memberUid=%s)
/etc/postfix/ldap-groups.cf: start_tls = yes
/etc/postfix/ldap-groups.cf: saslauthd_ldap_ssl = 1
/etc/postfix/ldap-groups.cf: query_filter_user = (mail=%s)
/etc/postfix/ldap-groups.cf: query_filter_alias = (mailAlias=%s)
/etc/postfix/ldap-groups.cf: saslauthd_ldap_search_base = dc=domain,dc=tld
/etc/postfix/ldap-groups.cf: bind_pw =
/etc/postfix/ldap-groups.cf: query_filter_domain = (&(objectClass=dNSDomain)(dc=%s))
/etc/postfix/ldap-groups.cf: bind_dn = cn=admin,dc=domain,dc=tld

Config'O'mat. Version 0.0.0

Got the ENV_PREFIX: LDAP_
Got the CONF_FILE: /etc/postfix/ldap-aliases.cf

Starting to do overrides:

/etc/postfix/ldap-aliases.cf: query_filter_group = (memberUid=%s)
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_server = openldap.openldap
/etc/postfix/ldap-aliases.cf: search_base = dc=domain,dc=tld
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_bind_dn = cn=admin,dc=domain,dc=tld
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_filter = (uid=%U)
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_password =
/etc/postfix/ldap-aliases.cf: server_host = openldap.openldap
/etc/postfix/ldap-aliases.cf: query_filter = (mailAlias=%s)
/etc/postfix/ldap-aliases.cf: start_tls = yes
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_ssl = 1
/etc/postfix/ldap-aliases.cf: query_filter_user = (mail=%s)
/etc/postfix/ldap-aliases.cf: query_filter_alias = (mailAlias=%s)
/etc/postfix/ldap-aliases.cf: saslauthd_ldap_search_base = dc=domain,dc=tld
/etc/postfix/ldap-aliases.cf: bind_pw =
/etc/postfix/ldap-aliases.cf: query_filter_domain = (&(objectClass=dNSDomain)(dc=%s))
/etc/postfix/ldap-aliases.cf: bind_dn = cn=admin,dc=domain,dc=tld

Config'O'mat. Version 0.0.0

Got the ENV_PREFIX: LDAP_
Got the CONF_FILE: /etc/postfix/ldap-domains.cf

Starting to do overrides:

/etc/postfix/ldap-domains.cf: query_filter_group = (memberUid=%s)
/etc/postfix/ldap-domains.cf: saslauthd_ldap_server = openldap.openldap
/etc/postfix/ldap-domains.cf: search_base = dc=domain,dc=tld
/etc/postfix/ldap-domains.cf: saslauthd_ldap_bind_dn = cn=admin,dc=domain,dc=tld
/etc/postfix/ldap-domains.cf: saslauthd_ldap_filter = (uid=%U)
/etc/postfix/ldap-domains.cf: saslauthd_ldap_password =
/etc/postfix/ldap-domains.cf: server_host = openldap.openldap
/etc/postfix/ldap-domains.cf: query_filter = (&(objectClass=dNSDomain)(dc=%s))
/etc/postfix/ldap-domains.cf: start_tls = yes
/etc/postfix/ldap-domains.cf: saslauthd_ldap_ssl = 1
/etc/postfix/ldap-domains.cf: query_filter_user = (mail=%s)
/etc/postfix/ldap-domains.cf: query_filter_alias = (mailAlias=%s)
/etc/postfix/ldap-domains.cf: saslauthd_ldap_search_base = dc=domain,dc=tld
/etc/postfix/ldap-domains.cf: bind_pw =
/etc/postfix/ldap-domains.cf: query_filter_domain = (&(objectClass=dNSDomain)(dc=%s))
/etc/postfix/ldap-domains.cf: bind_dn = cn=admin,dc=domai,dc=tld

Config'O'mat. Version 0.0.0
The file could not be found: /etc/postfix/maps/sender_login_maps.ldap. Exiting ...

  • Configuring dovecot LDAP

Config'O'mat. Version 0.0.0

Got the ENV_PREFIX: DOVECOT_
Got the CONF_FILE: /etc/dovecot/dovecot-ldap.conf.ext

Starting to do overrides:

/etc/dovecot/dovecot-ldap.conf.ext: hosts = openldap.openldap
/etc/dovecot/dovecot-ldap.conf.ext: dn = cn=admin,dc=domain,dc=tld
/etc/dovecot/dovecot-ldap.conf.ext: dnpass =
/etc/dovecot/dovecot-ldap.conf.ext: user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
/etc/dovecot/dovecot-ldap.conf.ext: pass_attrs = uid=user,userPassword=password
/etc/dovecot/dovecot-ldap.conf.ext: user_attrs = homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
/etc/dovecot/dovecot-ldap.conf.ext: tls = 0
/etc/dovecot/dovecot-ldap.conf.ext: mailbox_format = maildir
/etc/dovecot/dovecot-ldap.conf.ext: base = dc=domain,dc=tld

  • Enabling dovecot LDAP authentification
  • Configuring LDAP
    Setting up Saslauthd
  • Configuring Cyrus SASL
  • Creating /etc/saslauthd.conf
    Adding user postfix to group sasl
    Setting up DKIM
  • No DKIM key provided. Check the documentation to find how to get your keys.
  • Nameservers added to /etc/opendkim.conf
    Setting up SSL
  • TLS configured with 'modern' ciphers
    Setting up PERMIT_DOCKER Option
  • Adding 10.37.0.0/16 to my networks
    Setting up Mailname
  • Creating /etc/mailname
    Setting up Amavis
  • Applying hostname to /etc/amavis/conf.d/05-node_id
    Setting up dmarc
  • Applying hostname to /etc/opendmarc.conf
    Applying hostname and domainname to Postfix
  • Applying hostname to /etc/postfix/main.cf
    Applying hostname to Dovecot
  • Applying hostname to /etc/dovecot/conf.d/15-lda.conf
  • Configuring postfix smtputf8 support (disable)
    Setting up Postfix Override configuration
  • No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided.
  • No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided.
  • set the compatibility level to 2
    Setting up Postfix SASL Password
  • Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created.
    Setting up Security Stack
  • Spamassassin is disabled. You can enable it with 'ENABLE_SPAMASSASSIN=1'
  • Clamav is disabled. You can enable it with 'ENABLE_CLAMAV=1'
    Setting up Postfix Aliases
  • Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created.
  • Configuring root alias
    Setting up Postfix vhost
    Setting up Postfix dhparam
  • Generate new shared dhparams (postfix)
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .......................................+...................................+.....+..........................................................+......+.................................+..............................................................................................................................................................................................................................................+................................................................................................................................................................................................................................................................................+..........................................................................................................................................................+..........................+..................................................................................................+.....................................+............+.....................................................................................................................+.......................+.............+....................................................................................+.............................................................................................................................+...................................................................................................................................................+................................................+......................................................................................................................+................................................+.................+......................................+..............+.............................................................................................................................................................................++++++++
  • Configuring postscreen
  • Configuring postfix message size limit
  • Configuring postfix mailbox size limit
  • Configuring Spoof Protection
  • Configuring user access
    Applying default relay host to Postfix
  • Applying default relay host [smtp.sendgrid.net]:587 to /etc/postfix/main.cf
    Setting up Postfix Relay Hosts
  • Setting up outgoing email relaying via smtp.sendgrid.net:587
    grep: /tmp/docker-mailserver/postfix-accounts.cf: No such file or directory
    Setting up Postfix virtual transport
    Setting up /etc/environment
  • Setting up logrotate
  • Setting postfix summary interval to daily
    Setting up configuration checksum file
    /tmp/docker-mailserver /
  • Creating /tmp/docker-mailserver-config-chksum
    /
    Checking /var/mail permissions
    find: '/var/mail-state/lib-amavis': No such file or directory
  • Permissions in /var/mail look OK
    Checking $amavis_state_dir permissions
  • Permissions in /var/mail-state/lib-amavis look OK
    Cleaning up disabled Clamav
    Cleaning up disabled spamassassin
    Starting Misc
  • Consolidating all state onto /var/mail-state
  • Moving contents of /var/spool/postfix to /var/mail-state/spool-postfix:
  • Moving contents of /var/lib/postfix to /var/mail-state/lib-postfix:
  • Moving contents of /var/lib/amavis to /var/mail-state/lib-amavis:
  • Moving contents of /var/lib/clamav to /var/mail-state/lib-clamav:
  • Moving contents of /var/lib/spamassassin to /var/mail-state/lib-spamassassin:
  • Moving contents of /var/lib/fail2ban to /var/mail-state/lib-fail2ban:
  • Moving contents of /var/lib/postgrey to /var/mail-state/lib-postgrey:
  • Moving contents of /var/lib/dovecot to /var/mail-state/lib-dovecot:
  • Fixing /var/mail-state/* permissions
    Starting mail server
    Starting cron2020-05-09 18:18:16,929 INFO spawned: 'cron' with pid 1065
    2020-05-09 18:18:16,933 INFO success: cron entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    cron: started
    Starting rsyslog 2020-05-09 18:18:17,335 INFO spawned: 'rsyslog' with pid 1067
    2020-05-09 18:18:17,341 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    rsyslog: started
    Starting opendkim 2020-05-09 18:18:17,665 INFO spawned: 'opendkim' with pid 1071
    2020-05-09 18:18:17,667 INFO success: opendkim entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    opendkim: started
    Starting opendmarc 2020-05-09 18:18:18,032 INFO spawned: 'opendmarc' with pid 1079
    2020-05-09 18:18:18,035 INFO success: opendmarc entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    opendmarc: started
    Starting postfix2020-05-09 18:18:18,330 INFO spawned: 'postfix' with pid 1086
    2020-05-09 18:18:18,336 INFO success: postfix entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    postfix: started
    Starting saslauthd2020-05-09 18:18:18,956 INFO spawned: 'saslauthd_ldap' with pid 1115
    2020-05-09 18:18:18,956 INFO success: saslauthd_ldap entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    saslauthd_ldap: started
    Starting amavis2020-05-09 18:18:19,541 INFO spawned: 'amavis' with pid 1216
    2020-05-09 18:18:19,541 INFO success: amavis entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
    amavis: started

mail.domain.tld is up and running

May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: starting. /usr/sbin/amavisd-new at mail.domain.tld amavisd-new-2.10.1 (20141025), Unicode aware
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Net::Server: Group Not Defined. Defaulting to EGID '111 111'
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Net::Server: User Not Defined. Defaulting to EUID '109'
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Amavis::Conf 2.404
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Archive::Zip 1.59
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module BerkeleyDB 0.55
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Compress::Raw::Zlib 2.069
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Compress::Zlib 2.069001
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Digest::MD5 2.54
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Encode 2.80_01
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module File::Temp 0.2304
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module IO::Socket::IP 0.37
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module MIME::Entity 5.508
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module MIME::Parser 5.508
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module MIME::Tools 5.508
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Mail::Header 2.18
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Mail::Internet 2.18
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Net::LibIDN 0.12
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Net::Server 2.008
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Scalar::Util 1.4202
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Socket 2.020_03
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Time::HiRes 1.9733
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Module Unix::Syslog 1.1
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Amavis::ZMQ code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Amavis::DB code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: SQL base code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: SQL::Log code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: SQL::Quarantine NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Lookup::SQL code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Lookup::LDAP code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: AM.PDP-in proto code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: SMTP-in proto code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Courier proto code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: SMTP-out proto code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Pipe-out proto code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: BSMTP-out proto code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Local-out proto code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: OS_Fingerprint code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: ANTI-VIRUS code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: ANTI-SPAM code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: ANTI-SPAM-EXT code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: ANTI-SPAM-C code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: ANTI-SPAM-SA code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Unpackers code loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: DKIM code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Tools code NOT loaded
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found $file at /usr/bin/file
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: No $altermime, not using it
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Internal decoder for .mail
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .Z at /bin/uncompress
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .gz at /bin/gzip -d
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .bz2 at /bin/bzip2 -d
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .xz at /usr/bin/xz -dc
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .lzma at /usr/bin/xz -dc --format=lzma
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .lrz at /usr/bin/lrzip -q -k -d -o -
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .lzo at /usr/bin/lzop -d
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .lz4 at /usr/bin/lz4c -d
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .rpm at /usr/bin/rpm2cpio
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .cpio at /bin/pax
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .tar at /bin/pax
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .deb at /usr/bin/ar
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .rar at /usr/bin/unrar-free
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .arj at /usr/bin/arj
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .arc at /usr/bin/nomarch
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .zoo at /usr/bin/zoo
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .doc at /usr/bin/ripole
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .cab at /usr/bin/cabextract
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Internal decoder for .tnef
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .zip at /usr/bin/7za
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .kmz at /usr/bin/7za
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .7z at /usr/bin/7zr
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .jar at /usr/bin/7z
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .swf at /usr/bin/7z
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .lha at /usr/bin/7z
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .iso at /usr/bin/7z
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Found decoder for .exe at /usr/bin/unrar-free; /usr/bin/arj
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: No decoder for .F
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Deleting db files in /var/lib/amavis/db
May 9 18:18:21 mail-7465f748c9-9mq6c amavis[1216]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.55, libdb 5.3
May 9 18:18:22 mail-7465f748c9-9mq6c postfix/master[1837]: daemon started -- version 3.1.12, configuration /etc/postfix

Hopefully I've censored all the sensitive parts but. domain.tld is ofc a fully public domain, though cluster.local is not.

@youtous
Copy link
Contributor

youtous commented May 9, 2020
edited

It seems your are using tvial/docker-mailserver:release-v6.2.0 which is not the latest version.
POSTFIX_INET_PROTOCOLS has been added by ab22450 (available in 7.0.0).

That said, I would recommend you to always use the latest version (tvial/docker-mailserver:latest), it comes with security fixes and bug fixes.

I hope this will solve your issue.

@Ether009
Copy link
Author

Ether009 commented May 9, 2020

Ah so wasn't added in that version. I was sure I checked that it was the latest, though granted it was a while back when I started this project so it may have been latest at the time. Thank you.

Although using :latest is not an option, and is really not a thing that you should be recommending either. And it doesn't actually help you any with making sure you're running the latest version. See if you pull :latest, then the next time you pull an image, you don't actually make any pull request. It checks if you have an image with the tag you've selected, and since you pulled it as :latest, it keeps the :latest tag until you pull another image, at which point it will lose all its tags. So in order to update, you have to manually make a new pull, and then restart your container. So since you need manual intervention either way, it's simply better to used fixed versions.

This is especially important in distributed setups like k8s. Image as an example I have :latest. Well it runs on one node, and when it started there, 6.2 was latest so it pulled and ran that. Now that node dies, so k8s restarts the pod on a different node. And now 7 is the latest, so it pulls that. Well now that node dies, and k8s schedules the pod back on the original node. But it already has an image with the :latest tag, so it ofc uses that. Except that's a 6.2 image. Which is from before the 7 image... While I don't know how this particular image would handle that situation, but most apps do NOT handle uncontrolled downgrades gracefully. So no, for any serious setups, always, always, ALWAYS, use fixed image versions.

@youtous
Copy link
Contributor

youtous commented May 9, 2020

Seen this project is not updating fixed releases, it's the only option you have in order to get security patches, otherwise you will be running images with CVE 🏴‍☠️

You are always free to manage your images as you want, follow the release channel and adjust upgrades to your needs.

So no, for any serious setups, always, always, ALWAYS, use fixed image versions.

For serious setups, fork this project (forks represents almost 1/5 of the stars) and handle it yourself.

Thank for sharing your docker versioning knowledge but it's not part of this issue, could you close if it's resolved?

@erik-wramner
Copy link
Contributor

@Ether009 we will make a new numbered release soon. I understand both positions and using numbered releases is certainly supported. Ideally we should make them on a regular basis, but all of us do this on our free time, which makes that difficult.

polarathene pushed a commit to polarathene/docker-mailserver that referenced this issue Feb 12, 2021
@youtous
update image: tvial/docker-mailserver ---> always use latest (docker-…
2fd6b7c 
…mailserver#1504)
polarathene pushed a commit to polarathene/docker-mailserver that referenced this issue Feb 22, 2021
@youtous
update image: tvial/docker-mailserver ---> always use latest (docker-…
cfe5d9f 
…mailserver#1504)
wernerfred added a commit to wernerfred/demoghp that referenced this issue Feb 22, 2021
@wernerfred @phish108
@voordev @swiesend @jedateach @albert-darillium @marios88 @tom-drake @tomav @cternes @ovidiucp @erik-wramner @mindrunner @ap-wtioit @mchamplain @gmasse @vilisas @Kaan88 @remoe @CBeerta @odinis @hanscees @JustAnother1 @DuncanvR @youtous @msheakoski @rhyst @okainov @chikamichi @m-a-v @polarathene @aminvakil @idaadi @VictorKoenders @MichaelSp @pyy @georglauterbach @squash @engelant @lukecyca @aydodo @omarc1492 @williamdes @pbek @dashohoxha @fl42 @Thiritin
Docsdemo (#1)
70304c8 
* Updated FAQ and Tips (markdown)

* add a better example for sa-learn cron-jobs

* Updated Configure SSL (markdown)

* Updated Configure SSL (markdown)

* Updated Configure SSL (markdown)

* add a plain docker-compose example without docker swarm

* change min docker-compose version

* remove docker-compose swarm only statement

* unify documentation

* add a blank line in the docker-compose.yml example

* add hint for system cron file

* Added info about DMS_DEBUG variable

* Typo in link

* change user to root. amavis is not sufficient

* emphasize difference between user and system crontab

* change ham folder to Archives

* add consitent comments

* SA_SPAM_SUBJECT values

* LetsEncrypt has a http challenge that runs http and https.

* Created _Footer (markdown)

* Updated Installation Examples (markdown)

* Revert 2e2c1a9...64f2cfe on _Footer

* Add info about mail-state

* Fix wrong directory for spamassassin learning

* Syntax correction.

* Added note about POSTFIX_MESSAGE_SIZE_LIMIT

* Updated Configure SSL (markdown)

* Updated Configure SPF (markdown)

* Updated Configure SSL (markdown)

* Added reference to docker-mailserver/docker-mailserver#1247.

* Edit backup script

* Updated FAQ and Tips (markdown)

* Updated FAQ and Tips (markdown)

* path for generated certificates has changed

* adding note about keys on multiple line

* Added note about clamav memory usage and swap.

* Replace deliveries/certbot docker image by official certbot/cerbot

* Addded example for overriding postfix-master.cf

* Added warning about spaces in options

* Wrong filebeat config path

* Fix wrong volume syntax

* Fixed a typo in docker repository name (certbot instead of cerbot)

* Spamassing cron directories are wrong for Archive and Inbox. On my fresh install it's not .Archives but .Archive and I don't have a separate INBOX folder, just cur, new etc under main mail dir.

* Add sections for catch-all and delete

* Added FAQ about naked/bare domains

* Improved description for bare domains

* updated the deployment manifests. Tested with Kubernetes 1.17 and docker-mailserver v6.2.1

* Add a note on the Biggest flaw of using `hostNetwork`

* Proxy setup is nowhere mentioned.

* Updated FAQ and Tips (markdown)

* Updated FAQ and Tips (markdown)

* added user-patches.sh explanation and example

* Updated Configure SSL (markdown)

* Updated Configure SSL (markdown)

* command did not show up with the <>

* Filebeat container (v7.0.0)

* Updated Using in Kubernetes (markdown)

* Rework section on PROXY protocol (including nameless previous change)

* add ssl doc: traefik

* quota update

* quota update

* quota update

* quota update

* Updated Configure Accounts (markdown)

* quota update

* Updated Configure Accounts (markdown)

* Updated FAQ and Tips (markdown)

* Add MOVE_SPAM_TO_JUNK

* Update SA-learn

* Added note about caddy

* Update config file mentioned in cron instructions to env-mailserver

* Update config file mentioned in cron instructions to env-mailserver

* update image: tvial/docker-mailserver ---> always use latest (docker-mailserver/docker-mailserver#1504)

* Added mail_max_userip_connections

* Adding instructions for Caddy V2

* Updated Configure DKIM (markdown)

* Add DMARC guide

* Updated Configure DMARC (markdown)

* Updated Configure DMARC (markdown)

* Updated Configure DMARC (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Configure Accounts (markdown)

* Updated FAQ and Tips (markdown)

* Updated FAQ and Tips (markdown)

* Updated Update and cleanup (markdown)

* Updated Update and cleanup (markdown)

* Updated Update and cleanup (markdown)

* better not to keep outdated example, upstream's doc is the way to go

* Updated Configure SSL (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Aliases (markdown)

* Updated Configure autodiscover (markdown)

* Updated Configure DKIM (markdown)

* Updated Configure DKIM (markdown)

* Updated Configure DMARC (markdown)

* Updated Configure ELK (markdown)

* Updated FAQ and Tips (markdown)

* Updated FAQ and Tips (markdown)

* Updated Configure Sieve filters (markdown)

* Updated Override Default Dovecot Configuration (markdown)

* Updated Override Default Dovecot Configuration (markdown)

* Updated Override Default Dovecot Configuration (markdown)

* Updated Override Default Dovecot Configuration (markdown)

* Updated Configure SPF (markdown)

* Updated Configure SPF (markdown)

* Updated Configure SPF (markdown)

* Updated Configure SPF (markdown)

* Updated FAQ and Tips (markdown)

* Updated Home (markdown)

* Created _Sidebar (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Created A mail server's 101 (markdown)

* Updated _Sidebar (markdown)

* Updated _Sidebar (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Minor changes: `plain text` to `cleartext`, inline codeblock `docker-mailserver`, some rephrasing and grammar fixes

* Fix rendering of ASCII flows (assuming this isn't an inconsistency between mono fonts chosen by browsers)

* Initial more details page to redirect from README on the ports section

* Add ports page under security section, format single lines into sub-bullet points

* Revert 936020e...fac8d4a on A mail server's 101

* More details on Submission (Outward vs Inward)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* Updated A mail server's 101 (markdown)

* clarification about third-party sending email to dms' MTA

* Add flowchart for SMTP, expand on inbound/outband SMTP traffic and ports

* Slight changes to Alice and Bob example

* Change postfix-aliases.cf to postfix-virtual.cf & add setup.sh alias link

* mailto was missing from the forensics receiver (ruf)

* Added information about stealth blocks on port 25

* traefik v2 section added

* Changed stable to latest for Traefik as the code has not been merged into stable yet

* how to set timezone for container

* Traefik2's wildcard certificates now work with `:stable`

* added warning message for PERMIT_DOCKER=network when using IPv6 (#1405)

* added warning message for PERMIT_DOCKER=network when using IPv6 (#1405)

* Update for key_type global option with Caddy v2 for people sharing their LE certs between Caddy and docker-mailserver

* Updated FAQ and Tips (markdown)

* Updated FAQ and Tips (markdown)

* add account without restart container

* Add Full-text search

* Created Full-text search (markdown)

* Updated Full text search (markdown)

* Updated Full text search (markdown)

* Updated _Sidebar (markdown)

* Created IPv6 (markdown)

* Fix example YAML markdown code block

* Add new options to reflect support for SELinux

* Moving Caddy pitfall to a dedicated section

* Command-line to verify certificate dates

* Better highlighting on config blocks

* Update "Manage Sieve" link

* Mention maintained autodiscover-email-settings

* Add a ToDo note

* Created Forward-Only mailserver with LDAP authentication (markdown)

* Add link to 'Forward-Only mailserver with LDAP authentication'

* Describe how to authenticate with LDAP

* Mention that RELAY_HOST needs to be set even in advanced mode

* style

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated _Sidebar (markdown)

* Add section to use mailserver with proxy protocol

* Updated Installation Examples (markdown)

* Otherwise it will completly set the variable and disable any plugins loaded beforehand e.x. quota

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Configure DKIM (markdown)

* Updated Configure DKIM (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* adjusting to the migrated repo and improvements

* Created _Footer (markdown)

* Updated Home (markdown)

* Updated Setup docker mailserver using the script setup.sh (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Aliases (markdown)

* Updated Configure DKIM (markdown)

* Updated Configure DKIM (markdown)

* Destroyed Configure ELK (markdown)

* Updated Setup docker mailserver using the setup.sh script (markdown)

* Updated _Sidebar (markdown)

* Updated _Sidebar (markdown)

* Updated _Sidebar (markdown)

* Updated A mail server's 101 (markdown)

* Updated _Sidebar (markdown)

* Updated _Sidebar (markdown)

* Updated Configure Accounts (markdown)

* Updated Configure Aliases (markdown)

* Updated _Sidebar (markdown)

* Updated Configure DKIM (markdown)

* Updated Home (markdown)

* Updated Home (markdown)

* Import wiki

Co-authored-by: Christian Glahn <cpglahn@gmail.com>
Co-authored-by: Anne <34578028+voordev@users.noreply.github.com>
Co-authored-by: Sebastian Wiesendahl <swiesend@users.noreply.github.com>
Co-authored-by: Jeremy Shipman <jeremy@burnbright.net>
Co-authored-by: MegaXLR <8215278+megaxlr@users.noreply.github.com>
Co-authored-by: Albert Louzon <46165265+albert-darillium@users.noreply.github.com>
Co-authored-by: marios88 <marios88@gmail.com>
Co-authored-by: Thomas Drake <tom@tom-drake.co.uk>
Co-authored-by: Thomas VIAL <github@ifusio.com>
Co-authored-by: cternes <github@slackspace.de>
Co-authored-by: Ovidiu Predescu <ovidiu@gmail.com>
Co-authored-by: Erik Wramner <erik@wramner.name>
Co-authored-by: lukas <open@mindrunner.de>
Co-authored-by: Andreas Perhab <38032588+ap-wtioit@users.noreply.github.com>
Co-authored-by: mchamplain <email@mchamplain.com>
Co-authored-by: Germain Masse <gmasse@users.noreply.github.com>
Co-authored-by: Vilius <34487517+vilisas@users.noreply.github.com>
Co-authored-by: Kaan88 <kaankasim88@gmail.com>
Co-authored-by: Remo E <remo.eichenberger@gmail.com>
Co-authored-by: Claus Beerta <claus@beerta.de>
Co-authored-by: odinis <23659698+odinis@users.noreply.github.com>
Co-authored-by: Hans-Cees Speel <hanscees@hanscees.com>
Co-authored-by: Lars Pötter <justanotherone@gmx.net>
Co-authored-by: DuncanvR <DuncanvR@users.noreply.github.com>
Co-authored-by: youtous <contact@youtous.me>
Co-authored-by: msheakoski <michael.sheakoski@gmail.com>
Co-authored-by: rhyst <rhystyers1@gmail.com>
Co-authored-by: Oleg Kainov <godfathernn@gmail.com>
Co-authored-by: Jean-Denis Vauguet <jd@vauguet.fr>
Co-authored-by: Sascha Scandella <sascha.scandella@gmail.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Amin Vakil <info@aminvakil.com>
Co-authored-by: idaadi <idaadi@gmail.com>
Co-authored-by: Trangar <victor.koenders@gmail.com>
Co-authored-by: Michael <MichaelSp@users.noreply.github.com>
Co-authored-by: pyy <pyy@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: squash <josh@shortcutsolutions.net>
Co-authored-by: engelant <mumie_die@yahoo.de>
Co-authored-by: Luke Cyca <me@lukecyca.com>
Co-authored-by: Dorian Ayllón <ayllon.dorian@gmail.com>
Co-authored-by: omarc1492 <10967529+omarc1492@users.noreply.github.com>
Co-authored-by: William Desportes <williamdes@wdes.fr>
Co-authored-by: Patrizio Bekerle <patrizio@bekerle.com>
Co-authored-by: Dashamir Hoxha <dashohoxha@gmail.com>
Co-authored-by: FL42 <46161216+fl42@users.noreply.github.com>
Co-authored-by: Tin <kontakt@martin-becker.ovh>
polarathene pushed a commit to polarathene/docker-mailserver that referenced this issue Feb 26, 2021
@youtous
update image: tvial/docker-mailserver ---> always use latest (docker-…
215c042 
…mailserver#1504)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

test postfix inet youtous/docker-mailserver
3 participants
@youtous @Ether009 @erik-wramner