📝 Preliminary Checks
👀 What Happened?
although I keep the same setting, today the ssl is not working which effect to my client nodejs app cannot connect to.
👟 Reproduction Steps
the ssl key mount by dokku caddy system. It basiclly caddy I think. So I decided to mount it directly.
- /var/lib/dokku/data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.awread.vn/mail.awread.vn.crt:/etc/letsencrypt/live/mail.awread.vn/fullchain.pem
- /var/lib/dokku/data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.awread.vn/mail.awread.vn.key:/etc/letsencrypt/live/mail.awread.vn/privkey.pem
# Using letsencrypt for SSL/TLS certificates:
- SSL_TYPE=manual
- SSL_CERT_PATH=/etc/letsencrypt/live/mail.awread.vn/fullchain.pem
- SSL_KEY_PATH=/etc/letsencrypt/live/mail.awread.vn/privkey.pem
the config of DNS come from cloudflare. Only the weird thing is I did nothing but it just not connect. I have no clue what is the issue come from?
all the test check pass, I also change to connect mail.awread.vn:25 it work too
openssl s_client \
-connect 0.0.0.0:25 \
-starttls smtp \
-CApath /etc/ssl/certs/
openssl s_client
-connect mail.awread.vn:465
-starttls smtp
-CApath /etc/ssl/certs/
is return ok
all the test is pass:
so weird with this normal log. Please help me. Can you suggest me what should I do to debug this?
🐋 DMS Version
💻 Operating System and Architecture
unbutu 20
⚙️ Container configuration files
services:
roundcubemail:
image: roundcube/roundcubemail:latest
container_name: roundcubemail
# restart: unless-stopped
volumes:
- ./www:/var/www/html
- ./db/sqlite:/var/roundcube/db
ports:
- 9022:80
environment:
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN=elastic
- ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.awread.vn
- ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.awread.vn
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.awread.vn
ports:
- "25:25"
- "465:465"
- "587:587"
- "993:993"
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
# Mount the cert folder generated by Certbot:
- /var/lib/dokku/data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.awread.vn/mail.awread.vn.crt:/etc/letsencrypt/live/mail.awread.vn/fullchain.pem
- /var/lib/dokku/data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.awread.vn/mail.awread.vn.key:/etc/letsencrypt/live/mail.awread.vn/privkey.pem
# - ./docker-data/certbot/certs/:/etc/letsencrypt/:ro
environment:
- ENABLE_RSPAMD=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
# Using letsencrypt for SSL/TLS certificates:
- SSL_TYPE=manual
- SSL_CERT_PATH=/etc/letsencrypt/live/mail.awread.vn/fullchain.pem
- SSL_KEY_PATH=/etc/letsencrypt/live/mail.awread.vn/privkey.pem
# Set SSL certificate type.
# - SSL_TYPE=letsencrypt
cap_add:
- NET_ADMIN # For Fail2Ban to work
restart: always📜 Relevant log output
2023-08-11T10:13:47.819941701Z Aug 11 17:13:47 mail amavis[693]: starting. /usr/sbin/amavisd-new at mail.awread.vn amavisd-new-2.11.1 (20181009), Unicode aware, LC_CTYPE="C.UTF-8"
2023-08-11T10:13:47.819975745Z Aug 11 17:13:47 mail amavis[693]: perl=5.032001, user=, EUID: 109 (109); group=, EGID: 111 111 (111 111)
2023-08-11T10:13:47.852184115Z Aug 11 17:13:47 mail amavis[693]: Net::Server: Group Not Defined. Defaulting to EGID '111 111'
2023-08-11T10:13:47.852216516Z Aug 11 17:13:47 mail amavis[693]: Net::Server: User Not Defined. Defaulting to EUID '109'
2023-08-11T10:13:47.866105883Z Aug 11 17:13:47 mail amavis[693]: No ext program for .zoo, tried: zoo
2023-08-11T10:13:47.866136491Z Aug 11 17:13:47 mail amavis[693]: No ext program for .doc, tried: ripole
2023-08-11T10:13:47.866313274Z Aug 11 17:13:47 mail amavis[693]: No decoder for .F
2023-08-11T10:13:47.866325957Z Aug 11 17:13:47 mail amavis[693]: No decoder for .doc
2023-08-11T10:13:47.866330476Z Aug 11 17:13:47 mail amavis[693]: No decoder for .zoo
2023-08-11T10:13:47.866334373Z Aug 11 17:13:47 mail amavis[693]: Using primary internal av scanner code for ClamAV-clamd
2023-08-11T10:13:47.868174320Z Aug 11 17:13:47 mail amavis[693]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
2023-08-11T10:20:28.126808201Z Aug 11 17:20:28 mail postfix/postscreen[1353]: CONNECT from [127.0.0.1]:51096 to [127.0.0.1]:25
2023-08-11T10:20:28.126843698Z Aug 11 17:20:28 mail postfix/postscreen[1353]: PASS OLD [127.0.0.1]:51096
2023-08-11T10:20:28.149952768Z Aug 11 17:20:28 mail postfix/smtpd[1354]: connect from localhost[127.0.0.1]
2023-08-11T10:20:28.159448537Z Aug 11 17:20:28 mail opendmarc[564]: ignoring connection from localhost
2023-08-11T10:20:28.212155962Z Aug 11 17:20:28 mail postfix/smtpd[1354]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
2023-08-11T10:20:29.501820404Z Aug 11 17:20:29 mail postfix/smtpd[1354]: lost connection after STARTTLS from localhost[127.0.0.1]
2023-08-11T10:20:29.502148208Z Aug 11 17:20:29 mail postfix/smtpd[1354]: disconnect from localhost[127.0.0.1] ehlo=1 starttls=1 commands=2
2023-08-11T10:22:58.711565405Z Aug 11 17:22:58 mail postfix/smtps/smtpd[1584]: connect from mail.awread.vn[172.24.0.3]
2023-08-11T10:23:45.552179730Z Aug 11 17:23:45 mail postfix/smtps/smtpd[1584]: SSL_accept error from mail.awread.vn[172.24.0.3]: lost connection
2023-08-11T10:23:45.552219094Z Aug 11 17:23:45 mail postfix/smtps/smtpd[1584]: lost connection after CONNECT from mail.awread.vn[172.24.0.3]
2023-08-11T10:23:45.552247308Z Aug 11 17:23:45 mail postfix/smtps/smtpd[1584]: disconnect from mail.awread.vn[172.24.0.3] commands=0/0
2023-08-11T10:24:18.564598762Z Aug 11 17:24:18 mail dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 6 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<H9CGHaMCUMd/AAAB>
2023-08-11T10:26:04.225978609Z Aug 11 17:26:04 mail postfix/postscreen[1874]: CONNECT from [127.0.0.1]:33654 to [127.0.0.1]:25
2023-08-11T10:26:04.226011130Z Aug 11 17:26:04 mail postfix/postscreen[1874]: PASS OLD [127.0.0.1]:33654
2023-08-11T10:26:04.241022991Z Aug 11 17:26:04 mail postfix/smtpd[1875]: connect from localhost[127.0.0.1]
2023-08-11T10:26:04.242388497Z Aug 11 17:26:04 mail opendmarc[564]: ignoring connection from localhost
2023-08-11T10:26:04.289386295Z Aug 11 17:26:04 mail postfix/smtpd[1875]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
### Improvements to this form?
_No response_
📝 Preliminary Checks
👀 What Happened?
although I keep the same setting, today the ssl is not working which effect to my client nodejs app cannot connect to.
https://www.checktls.com/TestReceiver result. The day before all is work and green check, but I get this error now:
👟 Reproduction Steps
the ssl key mount by dokku caddy system. It basiclly caddy I think. So I decided to mount it directly.
the config of DNS come from cloudflare. Only the weird thing is I did nothing but it just not connect. I have no clue what is the issue come from?
all the test check pass, I also change to connect mail.awread.vn:25 it work too
openssl s_client
-connect mail.awread.vn:465
-starttls smtp
-CApath /etc/ssl/certs/
is return ok
all the test is pass:
so weird with this normal log. Please help me. Can you suggest me what should I do to debug this?
🐋 DMS Version
💻 Operating System and Architecture
unbutu 20
⚙️ Container configuration files
📜 Relevant log output