📝 Preliminary Checks
👀 What Happened?
I am trying to setup docker-mailserver behind Traefik, following https://docker-mailserver.github.io/docker-mailserver/latest/examples/tutorials/mailserver-behind-proxy/
For one of my domains I use regular smtp for incoming mail, for other domains I use fetchmail to collect the incoming mails.
To allow fetchmail to forward mails to smtp I followed the section "Configuring services with separate ports for PROXY protocol" in the Tutorials page. I needed it for smtp only. Therefore I added to user-patches.sh:
postconf -Mf smtp/inet | sed -e s/^smtp/12525/ >> /etc/postfix/master.cf
postconf -P 12525/inet/postscreen_upstream_proxy_protocol=haproxy 12525/inet/syslog_name=smtp-proxyprotocol
With both docker-mailserver 13 and 14 I see the the following errors in mail.log:
2024-06-09T09:32:05.682662+02:00 mail postfix/postscreen[2972]: fatal: btree:/var/lib/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
2024-06-09T09:32:06.683464+02:00 mail postfix/master[1089]: warning: process /usr/lib/postfix/sbin/postscreen pid 2972 exit status 1
2024-06-09T09:32:06.683475+02:00 mail postfix/master[1089]: warning: /usr/lib/postfix/sbin/postscreen: bad command startup -- throttling
With docker-mailserver 13 mails from fetchmail get delivered.
With docker-mailserver 14 mails from fetchmail no longer get delivered and I get the following additional errors in mail.log:
2024-06-09T09:30:54.183619+02:00 mail fetchmail[1107]: reading message [email protected]:1 of 1 (9929 header octets) (log message incomplete)
2024-06-09T09:30:54.183630+02:00 mail fetchmail[1107]: SMTP connect to localhost failed
2024-06-09T09:30:54.206819+02:00 mail fetchmail[1107]: SMTP transaction error while fetching from [email protected] and delivering to SMTP host localhost
👟 Reproduction Steps
No response
🐋 DMS Version
v13.3.1 and v14
💻 Operating System and Architecture
Debian 11 (Bullseye) amd64
⚙️ Container configuration files
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:13
container_name: mailserver
restart: unless-stopped
stop_grace_period: 1m
hostname: mail.dehne-cloud.de # FQDN des Mailservers. Der DNS MX Record muss auf diesen Host zeigen.
# Kommentar entfernen falls `ENABLE_FAIL2BAN=1` gesetzt wird:
cap_add:
- NET_ADMIN
networks:
- traefik
# Ports
# Die Ports werden durch Traefik veröffentlicht nicht von diesem Container
# Details zu den Ports und wie sie verwendet werden:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
# ports:
# - "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
# - "143:143" # IMAP4 (explicit TLS => STARTTLS), deaktiviert
# - "465:465" # ESMTP (implicit TLS)
# - "587:587" # ESMTP (explicit TLS => STARTTLS), deaktiviert
# - "993:993" # IMAP4 (implicit TLS)
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
env_file: mailserver.env
volumes:
- /etc/localtime:/etc/localtime:ro
- dms-mail-config:/tmp/docker-mailserver/
- dms-mail-data:/var/mail/
- dms-mail-logs:/var/log/mail/
- dms-mail-state:/var/mail-state/
- traefik-certificates:/etc/letsencrypt # Verzeichnis für Zertifikate
labels:
- "traefik.enable=true"
# SMTP
- traefik.tcp.routers.mail-smtp.entrypoints=mail-smtp
- traefik.tcp.routers.mail-smtp.rule=HostSNI(`*`)
- traefik.tcp.routers.mail-smtp.service=mail-smtp
# In user-patches.sh wird eine Kopie von Port 25 auf Port 12525 erstellt und die ProxyProtocol Unterstützung aktiviert
# Traefik leitet zu Postfix Port 12525 weiter
# Für den Docker internen Datenverkehr kann Port 25 weiterhin ohne Proxy Unterstützung verwendet werden
- traefik.tcp.services.mail-smtp.loadbalancer.server.port=12525
- traefik.tcp.services.mail-smtp.loadbalancer.proxyProtocol.version=2 # Postfix unterstützt Version 2
# Kein TLS, da Traefik den STARTTLS Vorgang nicht unterstützt, Postfix behandelt STARTTLS selbst
# ESMTP (implicit TLS), mit optionaler HostSNI Unterstützung
- traefik.tcp.routers.mail-submissions.entrypoints=mail-submissions
- traefik.tcp.routers.mail-submissions.rule=HostSNI(`*`)
- traefik.tcp.routers.mail-submissions.service=mail-submissions
- traefik.tcp.routers.mail-submissions.tls.passthrough=true # Traefik soll TLS nicht terminieren
- traefik.tcp.services.mail-submissions.loadbalancer.server.port=465
- traefik.tcp.services.mail-submissions.loadbalancer.proxyProtocol.version=2 # Postfix unterstützt Version 2
# IMAP4 (implicit TLS), mit optionaler HostSNI Unterstützung
# Dovecot wird so konfiguriert das es auf Port 10993 hört, um Konflikte mit internen Systemen wie postscreen
# und amavis zu vermeiden, die auf den Standardports kommunizieren.
- traefik.tcp.routers.mail-imaps.entrypoints=mail-imaps
- traefik.tcp.routers.mail-imaps.rule=HostSNI(`*`)
- traefik.tcp.routers.mail-imaps.service=mail-imaps
- traefik.tcp.routers.mail-imaps.tls.passthrough=true # Traefik soll TLS nicht terminieren
- traefik.tcp.services.mail-imaps.loadbalancer.server.port=10993 # Traefik leitet verschlüsselt zu Dovecots Port 10993 weiter
- traefik.tcp.services.mail-imaps.loadbalancer.proxyProtocol.version=2 # Dovecot unterstützt Version 2
volumes:
dms-mail-config:
external: true
dms-mail-data:
external: true
dms-mail-logs:
external: true
dms-mail-state:
external: true
traefik-certificates:
external: true
networks:
traefik:
external: true📜 Relevant log output
2024-06-09T09:32:05.682662+02:00 mail postfix/postscreen[2972]: fatal: btree:/var/lib/postfix/postscreen_cache: unable to get exclusive lock: Resource temporarily unavailable
2024-06-09T09:32:06.683464+02:00 mail postfix/master[1089]: warning: process /usr/lib/postfix/sbin/postscreen pid 2972 exit status 1
2024-06-09T09:32:06.683475+02:00 mail postfix/master[1089]: warning: /usr/lib/postfix/sbin/postscreen: bad command startup -- throttling
...
2024-06-09T09:30:54.183619+02:00 mail fetchmail[1107]: reading message [email protected]:1 of 1 (9929 header octets) (log message incomplete)
2024-06-09T09:30:54.183630+02:00 mail fetchmail[1107]: SMTP connect to localhost failed
2024-06-09T09:30:54.206819+02:00 mail fetchmail[1107]: SMTP transaction error while fetching from [email protected] and delivering to SMTP host localhost
Improvements to this form?
No response
📝 Preliminary Checks
👀 What Happened?
I am trying to setup docker-mailserver behind Traefik, following https://docker-mailserver.github.io/docker-mailserver/latest/examples/tutorials/mailserver-behind-proxy/
For one of my domains I use regular smtp for incoming mail, for other domains I use fetchmail to collect the incoming mails.
To allow fetchmail to forward mails to smtp I followed the section "Configuring services with separate ports for PROXY protocol" in the Tutorials page. I needed it for smtp only. Therefore I added to user-patches.sh:
With both docker-mailserver 13 and 14 I see the the following errors in mail.log:
With docker-mailserver 13 mails from fetchmail get delivered.
With docker-mailserver 14 mails from fetchmail no longer get delivered and I get the following additional errors in mail.log:
👟 Reproduction Steps
No response
🐋 DMS Version
v13.3.1 and v14
💻 Operating System and Architecture
Debian 11 (Bullseye) amd64
⚙️ Container configuration files
📜 Relevant log output
Improvements to this form?
No response