Skip to content

question: How to configure Traefik for port 465? (Postfix smtpd throws TLS library error) #3546

Closed as not planned
Closed as not planned
question: How to configure Traefik for port 465? (Postfix smtpd throws TLS library error)#3546
Labels
area/documentationarea/networkingissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endkind/questionSomeone asked a question - feel free to answermeta/closed due to age or inactivityThis issue / PR has been closed due to inactivitymeta/staleThis issue / PR has become stale and will be closed if there is no further activityservice/postfix
@mich2k

Description

@mich2k
mich2k
opened on Sep 23, 2023

📝 Preliminary Checks

  • I tried searching for an existing issue and followed the debugging docs advice, but still need assistance.

👀 What Happened?

Hello, after having carefully followed every step reported in #3063 I still do not manage in any way running implicit TLS SMTP meanwhile implicit imap works, wondering how to interpret these logs I get

👟 Reproduction Steps

Use DMS behind Traefik reverse proxy

🐋 DMS Version

v12.1.0

💻 Operating System and Architecture

Linux server 5.15.0-83-generic #92-Ubuntu SMP Mon Aug 14 09:30:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

⚙️ Container configuration files

Dovecot config override:

haproxy_trusted_networks = 172.25.0.2, 32
haproxy_timeout = 3 secs
service imap-login {
  inet_listener imaps {
    haproxy = yes
    ssl = yes
    port = 10993
  }
}

postfix-master.cf:

submission/inet/smtpd_upstream_proxy_protocol=haproxy
submissions/inet/smtpd_upstream_proxy_protocol=haproxy

postfix-main.cf

postscreen_upstream_proxy_protocol = haproxy

compose.yaml:

services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    restart: always
    container_name: mailserver
    hostname: mail.domain.com
    env_file: mailserver.env
    volumes:
      - ${DOCKER_VOLUMES_FOLDER}/dms/mail-data/:/var/mail/
      - ${DOCKER_VOLUMES_FOLDER}/dms/mail-state/:/var/mail-state/
      - ${DOCKER_VOLUMES_FOLDER}/dms/mail-logs/:/var/log/mail/
      - ${DOCKER_VOLUMES_FOLDER}/dms/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUMES_FOLDER}/traefik/acme.json:/etc/letsencrypt/acme.json:ro
    cap_add:
      - NET_ADMIN
    stop_grace_period: 1m
    environment:
      - SSL_TYPE=letsencrypt
      - SSL_DOMAIN=domain.com # using wildcard cert

    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtp.entrypoints=smtp"
      - "traefik.tcp.routers.smtp.service=smtp"
      - "traefik.tcp.services.smtp.loadbalancer.server.port=25"
      - "traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=1"
      - "traefik.tcp.routers.smtp-ssl.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtp-ssl.tls=false"
      - "traefik.tcp.routers.smtp-ssl.entrypoints=smtp-ssl"
      - "traefik.tcp.routers.smtp-ssl.service=smtp-ssl"
      - "traefik.tcp.services.smtp-ssl.loadbalancer.server.port=465"
      - "traefik.tcp.services.smtp-ssl.loadbalancer.proxyProtocol.version=1"
      - "traefik.tcp.routers.imap-ssl.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.imap-ssl.entrypoints=imap-ssl"
      - "traefik.tcp.routers.imap-ssl.service=imap-ssl"
      - "traefik.tcp.services.imap-ssl.loadbalancer.server.port=10993"
      - "traefik.tcp.services.imap-ssl.loadbalancer.proxyProtocol.version=2"
      - "traefik.tcp.routers.sieve.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.sieve.entrypoints=sieve"
      - "traefik.tcp.routers.sieve.service=sieve"
      - "traefik.tcp.services.sieve.loadbalancer.server.port=4190"
    
    networks:
      proxy:
        ipv4_address: 172.25.0.12

📜 Relevant log output

Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: disconnect from traefik.proxy[172.25.0.2] commands=0/0
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:27:27 mail postfix/smtps/smtpd[415654]: disconnect from traefik.proxy[172.25.0.2] commands=0/0
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: disconnect from traefik.proxy[172.25.0.2] commands=0/0
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: disconnect from traefik.proxy[172.25.0.2] commands=0/0
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:27:28 mail postfix/smtps/smtpd[415654]: disconnect from traefik.proxy[172.25.0.2] commands=0/0
Sep 23 12:42:20 mail postfix/smtps/smtpd[417225]: connect from traefik.proxy[172.25.0.2]
Sep 23 12:42:20 mail postfix/smtps/smtpd[417225]: SSL_accept error from traefik.proxy[172.25.0.2]: -1
Sep 23 12:42:20 mail postfix/smtps/smtpd[417225]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Sep 23 12:42:20 mail postfix/smtps/smtpd[417225]: lost connection after CONNECT from traefik.proxy[172.25.0.2]
Sep 23 12:42:20 mail postfix/smtps/smtpd[417225]: disconnect from traefik.proxy[172.25.0.2] commands=0/0

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/documentationarea/networkingissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endkind/questionSomeone asked a question - feel free to answermeta/closed due to age or inactivityThis issue / PR has been closed due to inactivitymeta/staleThis issue / PR has become stale and will be closed if there is no further activityservice/postfix

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions