docker
docker copied to clipboard
All mails rejected as spam
Behaviour
Steps to reproduce this issue
- Use
anonaddy/anonaddy:0.13.3
oranonaddy/anonaddy:0.13.4
- Send mail to any alias
- Mail gets rejected as spam
Expected behaviour
Mail should not be rejected as spam.
Actual behaviour
Mail is rejected as spam, but the rspamd history is empty. The error occurs only when rspamd is started.
Configuration
- Docker version (type
docker --version
) :Docker version 20.10.17, build 100c701
- Docker compose version if applicable (type
docker-compose --version
) :docker-compose version 1.27.4, build 40524192
- Platform (Debian 9, Ubuntu 18.04, ...) :
Ubuntu 20.04.4 LTS
- System info (type
uname -a
) :Linux ***.eu 5.4.0-122-generic #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
- Include all necessary configuration files :
docker-compose.yml
,.env
, ...
docker-compose.yml
version: "3.5"
networks:
proxy:
external:
name: proxy_default
app-network:
driver: bridge
services:
db:
image: mariadb:10.8.3
container_name: anonaddy_db
volumes:
- "./db:/var/lib/mysql"
environment:
- "MARIADB_AUTO_UPGRADE=1"
- "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
- "MYSQL_DATABASE"
- "MYSQL_USER"
- "MYSQL_PASSWORD"
restart: always
networks:
- app-network
redis:
image: redis:6.2-alpine
container_name: anonaddy_redis
restart: always
networks:
- app-network
anonaddy:
image: anonaddy/anonaddy:0.13.4
container_name: anonaddy
depends_on:
- db
- redis
ports:
- target: 25
published: 25
protocol: tcp
- target: 11334
published: 11334
protocol: tcp
volumes:
- "./data:/data"
- "./config/anonaddy.php:/var/www/anonaddy/config/anonaddy.php"
- "./config/wordlist.json:/var/www/anonaddy/config/wordlist.json"
#- "./config/User.php:/var/www/anonaddy/app/Models/User.php"
- /home/kroeb/traefik/certs/***.eu:/certs:ro
dns:
- 1.1.1.1
- 1.0.0.1
- 8.8.8.8
- 8.8.4.4
extra_hosts:
- "***.eu:207.***.***.***"
- "anon.****.eu:207.***.***.***"
networks:
- proxy
- app-network
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy_default"
- "traefik.http.routers.anon.rule=Host(`***.eu`)"
- "traefik.http.routers.anon.entrypoints=https"
- "traefik.http.routers.anon.tls.certresolver=le-dns" #le-dns wegen dem Wildcard
- "traefik.http.routers.anon.tls.domains[0].main=***.eu"
- "traefik.http.routers.anon.tls.domains[0].sans=*.***.eu"
- "traefik.http.routers.anon.middlewares=ratelimit@file,compress@file,anonheaders@file"
- "traefik.http.services.anon.loadbalancer.server.port=8000"
- "traefik.http.routers.anon.service=anon"
- "traefik.http.routers.anonr.rule=Host(`anon.****.eu`)"
- "traefik.http.routers.anonr.entrypoints=https"
- "traefik.http.routers.anonr.tls.certresolver=le-dns" #le-dns wegen dem Wildcard
- "traefik.http.routers.anonr.tls.domains[0].main=anon.****.eu"
- "traefik.http.routers.anonr.tls.domains[0].sans=*.anon.****.eu"
- "traefik.http.routers.anonr.middlewares=ratelimit@file,compress@file,anonheaders@file"
- "traefik.http.services.anonr.loadbalancer.server.port=8000"
- "traefik.http.routers.anonr.service=anonr"
env_file:
- "./anonaddy.env"
environment:
- "DB_HOST=db"
- "DB_DATABASE=${MYSQL_DATABASE}"
- "DB_USERNAME=${MYSQL_USER}"
- "DB_PASSWORD=${MYSQL_PASSWORD}"
- "REDIS_HOST=redis"
#- "LOG_LEVEL=debug"
restart: always
.env
TZ=Europe/Berlin
PUID=1000
PGID=1000
MEMORY_LIMIT=512M
UPLOAD_MAX_SIZE=50M
OPCACHE_MEM_SIZE=128
REAL_IP_FROM=0.0.0.0/32
REAL_IP_HEADER=X-Forwarded-For
LOG_IP_VAR=http_x_forwarded_for
APP_KEY=base64:***
APP_DEBUG=false
APP_URL=https://***.eu
ANONADDY_RETURN_PATH=bounces@***.eu
ANONADDY_ADMIN_USERNAME=***
ANONADDY_ENABLE_REGISTRATION=false
ANONADDY_DOMAIN=***.eu
ANONADDY_ALL_DOMAINS=anon.****.eu,***.eu
ANONADDY_HOSTNAME=***.eu
ANONADDY_DNS_RESOLVER=1.1.1.1
ANONADDY_SECRET=***
ANONADDY_LIMIT=200
ANONADDY_BANDWIDTH_LIMIT=10737418240
ANONADDY_NEW_ALIAS_LIMIT=10000
ANONADDY_ADDITIONAL_USERNAME_LIMIT=1000
ANONADDY_WORDLIST_FILE=/var/www/anonaddy/config/wordlist.json
MAIL_FROM_NAME=***
MAIL_FROM_ADDRESS=noreply@***.eu
POSTFIX_DEBUG=false
POSTFIX_SMTPD_TLS=true
POSTFIX_SMTP_TLS=true
POSTFIX_SMTPD_TLS_CERT_FILE=/certs/certificate.pem
POSTFIX_SMTPD_TLS_KEY_FILE=/certs/privatekey.pem
#DKIM_ENABLE=true
#DMARC_ENABLE=true
RSPAMD_ENABLE=true
RSPAMD_WEB_PASSWORD=abc
Docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 22
Running: 17
Paused: 0
Stopped: 5
Images: 117
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
runc version: v1.1.3-0-g6724737
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.4.0-122-generic
Operating System: Ubuntu 20.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.771GiB
Name: ***.eu
ID: ***
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Logs
[cont-init.d] 13-config-anonaddy.sh: executing...
Creating AnonAddy env file
Trust all proxies
[cont-init.d] 13-config-anonaddy.sh: exited 0.
[cont-init.d] 14-config-rspamd.sh: executing...
Copying DKIM private key for Rspamd
Setting Rspamd dkim_signing.conf
Setting Rspamd arc.conf
Setting Rspamd classifier-bayes.conf
Setting Rspamd logging.inc
Setting Rspamd redis.conf
Setting Rspamd greylist.conf
Setting Rspamd history_redis.conf
Setting Rspamd groups.conf
Setting Rspamd worker-controller.inc
Setting Rspamd dmarc.conf
Setting Rspamd milter_headers.conf
Disabling a variety of Rspamd modules
[cont-init.d] 14-config-rspamd.sh: exited 0.
[cont-init.d] 15-config-postfix.sh: executing...
Setting Postfix master configuration
Setting Postfix main configuration
Setting Postfix milter configuration
Setting Postfix smtpd TLS configuration
Setting Postfix smtp TLS configuration
Creating Postfix virtual alias domains and subdomains configuration
Creating Postfix recipient access configuration
Checking Postfix hostname
myhostname = ***.eu
Creating check_access stored procedure
[cont-init.d] 15-config-postfix.sh: exited 0.
[cont-init.d] 50-svc-main.sh: executing...
������
DB migration
INFO Nothing to migrate.
Clear cache
INFO Application cache cleared successfully.
INFO Configuration cached successfully.
INFO Blade templates cached successfully.
INFO Routes cached successfully.
INFO Broadcasting queue restart signal.
[cont-init.d] 50-svc-main.sh: exited 0.
[cont-init.d] 60-svc-rspamd.sh: executing...
[cont-init.d] 60-svc-rspamd.sh: exited 0.
[cont-init.d] 61-svc-postfix.sh: executing...
[cont-init.d] 61-svc-postfix.sh: exited 0.
[cont-init.d] 80-svc-cron.sh: executing...
Fixing crontabs permissions...
[cont-init.d] 80-svc-cron.sh: exited 0.
[cont-init.d] 99-clean.sh: executing...
[cont-init.d] 99-clean.sh: exited 0.
[cont-init.d] ~-socklog: executing...
[cont-init.d] ~-socklog: exited 0.
[cont-init.d] done.
[services.d] starting services
crond: crond (busybox 1.35.0) started, log level 8
Aug 09 12:51:03 *** postfix[769]: Postfix is using backwards-compatible default settings
Aug 09 12:51:03 *** postfix[769]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Aug 09 12:51:03 *** postfix[769]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload"
[services.d] done.
2022/08/09 12:51:03 [notice] 774#774: using the "epoll" event method
2022/08/09 12:51:03 [notice] 774#774: nginx/1.22.0
2022/08/09 12:51:03 [notice] 774#774: OS: Linux 5.4.0-122-generic
2022/08/09 12:51:03 [notice] 774#774: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/08/09 12:51:03 [notice] 774#774: start worker processes
2022/08/09 12:51:03 [notice] 774#774: start worker process 812
2022/08/09 12:51:03 [notice] 774#774: start worker process 813
2022/08/09 12:51:03 [notice] 774#774: start worker process 814
2022/08/09 12:51:03 [notice] 774#774: start worker process 815
2022-08-09 12:51:03 #770(main) <07bfb7>; main; main: rspamd 3.2 is loading configuration, build id: release
[09-Aug-2022 12:51:03] NOTICE: fpm is running, pid 771
[09-Aug-2022 12:51:03] NOTICE: ready to handle connections
Aug 09 12:51:03 *** postfix/postfix-script[1026]: starting the Postfix mail system
Aug 09 12:51:03 *** postfix/master[1027]: daemon started -- version 3.7.2, configuration /etc/postfix
crond: USER anonaddy pid 1036 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction
INFO No scheduled commands are ready to run.
crond: USER anonaddy pid 1043 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction
31.***.***.*** - - [09/Aug/2022:12:53:00 +0200] "GET /api/v1/aliases?filter[deleted]=with&filter[active]=&filter[search]=&sort=-created_at&page[number]=1&page[size]=10 HTTP/1.1" 200 1257 "-" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
INFO No scheduled commands are ready to run.
Aug 09 12:53:09 *** postfix/smtpd[1050]: connect from mout.gmx.net[212.227.15.18]
Aug 09 12:53:09 *** postfix/smtpd[1050]: Anonymous TLS connection established from mout.gmx.net[212.227.15.18]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384
Aug 09 12:53:09 *** postfix/smtpd[1050]: NOQUEUE: reject: RCPT from mout.gmx.net[212.227.15.18]: 554 5.7.1 Service unavailable; Helo command [mout.gmx.net] blocked using dbl.spamhaus.org; from=<***@gmx.de> to=<***@***.eu> proto=ESMTP helo=<mout.gmx.net>
Aug 09 12:53:09 *** postfix/smtpd[1050]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "***@***.eu" from client "mout.gmx.net[212.227.15.18]"
Aug 09 12:53:09 *** postfix/smtpd[1050]: disconnect from mout.gmx.net[212.227.15.18] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7