Skip to content

[bugs]Second login will break the ip whitelisting limit! #4287

Closed
Closed
[bugs]Second login will break the ip whitelisting limit!#4287
Labels
area/documentationissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endissue/limited supportDue to a specific configuration on the user side only limited support is offeredservice/security/fail2ban
@PunkFleet

Description

@PunkFleet
PunkFleet
opened on Dec 11, 2024

@polarathene
I went through the official recommended override, but it seems there is a bug here.
The first attempt to log in gets rejected, but the second login goes through with no problem.

2024-12-11T17:05:41.619875+00:00 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=27.128.28.245, lip=10.89.0.9, mpid=980, TLS, session=<I6yHmwEpqLsbgBz1>
2024-12-11T17:05:42.501298+00:00 mail dovecot: imap([email protected])<980><I6yHmwEpqLsbgBz1>: Disconnected: Connection closed (NAMESPACE finished 0.281 secs ago) in=58 out=568 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
2024-12-11T17:06:17.948953+00:00 mail postfix/submissions/smtpd[1039]: connect from unknown[27.128.28.245]
2024-12-11T17:06:18.254865+00:00 mail postfix/submissions/smtpd[1039]: Anonymous TLS connection established from unknown[27.128.28.245]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256
2024-12-11T17:06:20.059749+00:00 mail postfix/submissions/smtpd[1039]: disconnect from unknown[27.128.28.245] ehlo=1 auth=1 quit=1 commands=3
2024-12-11T17:06:21.874301+00:00 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=27.128.28.245, lip=10.89.0.9, mpid=1054, TLS, session=<NfftnQEpvrsbgBz1>
2024-12-11T17:06:22.992662+00:00 mail dovecot: imap([email protected])<1054><NfftnQEpvrsbgBz1>: Disconnected: Connection closed (LIST finished 0.284 secs ago) in=94 out=766 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

there my compose.yaml

...
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/:Z
      - ./docker-data/dms/mail-state/:/var/mail-state/:Z
      - ./docker-data/dms/mail-logs/:/var/log/mail/:Z
      - ./docker-data/dms/config/:/tmp/docker-mailserver/:Z
      # IP Whitelist
      - ./docker-data/dms/config/postfix/trusted_clients:/etc/postfix/trusted_clients:Z
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt:/etc/letsencrypt:Z

and

[root@mail ~]# ls docker-data/dms/config
dovecot-masters.cf  dovecot-quotas.cf  opendkim  postfix  postfix-accounts.cf  postfix-master.cf  postfix-virtual.cf  user-patches.sh
[root@mail ~]# cat docker-data/dms/config/postfix-master.cf
submission/inet/smtpd_client_restrictions=cidr:/etc/postfix/trusted_clients,permit_sasl_authenticated,reject
submissions/inet/smtpd_client_restrictions=cidr:/etc/postfix/trusted_clients,permit_sasl_authenticated,reject
[root@mail ~]# cat docker-data/dms/config/postfix/trusted_clients
!164.25.121.225 REJECT
[root@mail ~]# podman exec -it mailserver cat /etc/postfix/trusted_clients
!164.25.121.225 REJECT
[root@mail ~]#

I did check it many times, so I shouldn't have overlooked anything, right?

Originally posted by @PunkFleet in #3847 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/documentationissue/likely user-related misconfigurationThis issue is likely the result of a misconfiguration on the user's endissue/limited supportDue to a specific configuration on the user side only limited support is offeredservice/security/fail2ban

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions