docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon anonaddy

All mails rejected as spam

Open KevinRoebert opened this issue 1 year ago • 0 comments

Behaviour

Steps to reproduce this issue

  1. Use anonaddy/anonaddy:0.13.3 or anonaddy/anonaddy:0.13.4
  2. Send mail to any alias
  3. Mail gets rejected as spam

Expected behaviour

Mail should not be rejected as spam.

Actual behaviour

Mail is rejected as spam, but the rspamd history is empty. The error occurs only when rspamd is started.

Configuration

  • Docker version (type docker --version) : Docker version 20.10.17, build 100c701
  • Docker compose version if applicable (type docker-compose --version) : docker-compose version 1.27.4, build 40524192
  • Platform (Debian 9, Ubuntu 18.04, ...) : Ubuntu 20.04.4 LTS
  • System info (type uname -a) : Linux ***.eu 5.4.0-122-generic #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  • Include all necessary configuration files : docker-compose.yml, .env, ...

docker-compose.yml

version: "3.5"

networks:
  proxy:
    external:
      name: proxy_default
  app-network:
      driver: bridge

services:
  db:
    image: mariadb:10.8.3
    container_name: anonaddy_db
    volumes:
      - "./db:/var/lib/mysql"
    environment:
      - "MARIADB_AUTO_UPGRADE=1"
      - "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
      - "MYSQL_DATABASE"
      - "MYSQL_USER"
      - "MYSQL_PASSWORD"
    restart: always
    networks:
      - app-network

  redis:
    image: redis:6.2-alpine
    container_name: anonaddy_redis
    restart: always
    networks:
      - app-network

  anonaddy:
    image: anonaddy/anonaddy:0.13.4
    container_name: anonaddy
    depends_on:
      - db
      - redis
    ports:
      - target: 25
        published: 25
        protocol: tcp
      - target: 11334
        published: 11334
        protocol: tcp
    volumes:
      - "./data:/data"
      - "./config/anonaddy.php:/var/www/anonaddy/config/anonaddy.php"
      - "./config/wordlist.json:/var/www/anonaddy/config/wordlist.json"
      #- "./config/User.php:/var/www/anonaddy/app/Models/User.php"
      - /home/kroeb/traefik/certs/***.eu:/certs:ro
    dns:
      - 1.1.1.1
      - 1.0.0.1
      - 8.8.8.8
      - 8.8.4.4
    extra_hosts:
      - "***.eu:207.***.***.***"
      - "anon.****.eu:207.***.***.***"
    networks:
      - proxy
      - app-network
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy_default"
      - "traefik.http.routers.anon.rule=Host(`***.eu`)"
      - "traefik.http.routers.anon.entrypoints=https"
      - "traefik.http.routers.anon.tls.certresolver=le-dns" #le-dns wegen dem Wildcard
      - "traefik.http.routers.anon.tls.domains[0].main=***.eu"
      - "traefik.http.routers.anon.tls.domains[0].sans=*.***.eu"
      - "traefik.http.routers.anon.middlewares=ratelimit@file,compress@file,anonheaders@file"
      - "traefik.http.services.anon.loadbalancer.server.port=8000"
      - "traefik.http.routers.anon.service=anon"
      - "traefik.http.routers.anonr.rule=Host(`anon.****.eu`)"
      - "traefik.http.routers.anonr.entrypoints=https"
      - "traefik.http.routers.anonr.tls.certresolver=le-dns" #le-dns wegen dem Wildcard
      - "traefik.http.routers.anonr.tls.domains[0].main=anon.****.eu"
      - "traefik.http.routers.anonr.tls.domains[0].sans=*.anon.****.eu"
      - "traefik.http.routers.anonr.middlewares=ratelimit@file,compress@file,anonheaders@file"
      - "traefik.http.services.anonr.loadbalancer.server.port=8000"
      - "traefik.http.routers.anonr.service=anonr"
    env_file:
      - "./anonaddy.env"
    environment:
      - "DB_HOST=db"
      - "DB_DATABASE=${MYSQL_DATABASE}"
      - "DB_USERNAME=${MYSQL_USER}"
      - "DB_PASSWORD=${MYSQL_PASSWORD}"
      - "REDIS_HOST=redis"
      #- "LOG_LEVEL=debug"
    restart: always

.env

TZ=Europe/Berlin
PUID=1000
PGID=1000

MEMORY_LIMIT=512M
UPLOAD_MAX_SIZE=50M
OPCACHE_MEM_SIZE=128
REAL_IP_FROM=0.0.0.0/32
REAL_IP_HEADER=X-Forwarded-For
LOG_IP_VAR=http_x_forwarded_for

APP_KEY=base64:***
APP_DEBUG=false
APP_URL=https://***.eu

ANONADDY_RETURN_PATH=bounces@***.eu
ANONADDY_ADMIN_USERNAME=***
ANONADDY_ENABLE_REGISTRATION=false
ANONADDY_DOMAIN=***.eu
ANONADDY_ALL_DOMAINS=anon.****.eu,***.eu
ANONADDY_HOSTNAME=***.eu
ANONADDY_DNS_RESOLVER=1.1.1.1
ANONADDY_SECRET=***
ANONADDY_LIMIT=200
ANONADDY_BANDWIDTH_LIMIT=10737418240
ANONADDY_NEW_ALIAS_LIMIT=10000
ANONADDY_ADDITIONAL_USERNAME_LIMIT=1000
ANONADDY_WORDLIST_FILE=/var/www/anonaddy/config/wordlist.json

MAIL_FROM_NAME=***
MAIL_FROM_ADDRESS=noreply@***.eu

POSTFIX_DEBUG=false
POSTFIX_SMTPD_TLS=true
POSTFIX_SMTP_TLS=true
POSTFIX_SMTPD_TLS_CERT_FILE=/certs/certificate.pem
POSTFIX_SMTPD_TLS_KEY_FILE=/certs/privatekey.pem

#DKIM_ENABLE=true
#DMARC_ENABLE=true

RSPAMD_ENABLE=true
RSPAMD_WEB_PASSWORD=abc

Docker info

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 22
  Running: 17
  Paused: 0
  Stopped: 5
 Images: 117
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
 runc version: v1.1.3-0-g6724737
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.4.0-122-generic
 Operating System: Ubuntu 20.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.771GiB
 Name: ***.eu
 ID: ***
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Logs

[cont-init.d] 13-config-anonaddy.sh: executing... 
Creating AnonAddy env file
Trust all proxies
[cont-init.d] 13-config-anonaddy.sh: exited 0.
[cont-init.d] 14-config-rspamd.sh: executing... 
Copying DKIM private key for Rspamd
Setting Rspamd dkim_signing.conf
Setting Rspamd arc.conf
Setting Rspamd classifier-bayes.conf
Setting Rspamd logging.inc
Setting Rspamd redis.conf
Setting Rspamd greylist.conf
Setting Rspamd history_redis.conf
Setting Rspamd groups.conf
Setting Rspamd worker-controller.inc
Setting Rspamd dmarc.conf
Setting Rspamd milter_headers.conf
Disabling a variety of Rspamd modules
[cont-init.d] 14-config-rspamd.sh: exited 0.
[cont-init.d] 15-config-postfix.sh: executing... 
Setting Postfix master configuration
Setting Postfix main configuration
Setting Postfix milter configuration
Setting Postfix smtpd TLS configuration
Setting Postfix smtp TLS configuration
Creating Postfix virtual alias domains and subdomains configuration
Creating Postfix recipient access configuration
Checking Postfix hostname
myhostname = ***.eu
Creating check_access stored procedure
[cont-init.d] 15-config-postfix.sh: exited 0.
[cont-init.d] 50-svc-main.sh: executing... 
������
DB migration

   INFO  Nothing to migrate.  

Clear cache

   INFO  Application cache cleared successfully.  


   INFO  Configuration cached successfully.  


   INFO  Blade templates cached successfully.  


   INFO  Routes cached successfully.  


   INFO  Broadcasting queue restart signal.  

[cont-init.d] 50-svc-main.sh: exited 0.
[cont-init.d] 60-svc-rspamd.sh: executing... 
[cont-init.d] 60-svc-rspamd.sh: exited 0.
[cont-init.d] 61-svc-postfix.sh: executing... 
[cont-init.d] 61-svc-postfix.sh: exited 0.
[cont-init.d] 80-svc-cron.sh: executing... 
Fixing crontabs permissions...
[cont-init.d] 80-svc-cron.sh: exited 0.
[cont-init.d] 99-clean.sh: executing... 
[cont-init.d] 99-clean.sh: exited 0.
[cont-init.d] ~-socklog: executing... 
[cont-init.d] ~-socklog: exited 0.
[cont-init.d] done.
[services.d] starting services
crond: crond (busybox 1.35.0) started, log level 8
Aug 09 12:51:03 *** postfix[769]: Postfix is using backwards-compatible default settings
Aug 09 12:51:03 *** postfix[769]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Aug 09 12:51:03 *** postfix[769]: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload"
[services.d] done.
2022/08/09 12:51:03 [notice] 774#774: using the "epoll" event method
2022/08/09 12:51:03 [notice] 774#774: nginx/1.22.0
2022/08/09 12:51:03 [notice] 774#774: OS: Linux 5.4.0-122-generic
2022/08/09 12:51:03 [notice] 774#774: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/08/09 12:51:03 [notice] 774#774: start worker processes
2022/08/09 12:51:03 [notice] 774#774: start worker process 812
2022/08/09 12:51:03 [notice] 774#774: start worker process 813
2022/08/09 12:51:03 [notice] 774#774: start worker process 814
2022/08/09 12:51:03 [notice] 774#774: start worker process 815
2022-08-09 12:51:03 #770(main) <07bfb7>; main; main: rspamd 3.2 is loading configuration, build id: release
[09-Aug-2022 12:51:03] NOTICE: fpm is running, pid 771
[09-Aug-2022 12:51:03] NOTICE: ready to handle connections
Aug 09 12:51:03 *** postfix/postfix-script[1026]: starting the Postfix mail system
Aug 09 12:51:03 *** postfix/master[1027]: daemon started -- version 3.7.2, configuration /etc/postfix
crond: USER anonaddy pid 1036 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction

   INFO  No scheduled commands are ready to run.  

crond: USER anonaddy pid 1043 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction
31.***.***.*** - - [09/Aug/2022:12:53:00 +0200] "GET /api/v1/aliases?filter[deleted]=with&filter[active]=&filter[search]=&sort=-created_at&page[number]=1&page[size]=10 HTTP/1.1" 200 1257 "-" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"

   INFO  No scheduled commands are ready to run.  

Aug 09 12:53:09 *** postfix/smtpd[1050]: connect from mout.gmx.net[212.227.15.18]
Aug 09 12:53:09 *** postfix/smtpd[1050]: Anonymous TLS connection established from mout.gmx.net[212.227.15.18]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384
Aug 09 12:53:09 *** postfix/smtpd[1050]: NOQUEUE: reject: RCPT from mout.gmx.net[212.227.15.18]: 554 5.7.1 Service unavailable; Helo command [mout.gmx.net] blocked using dbl.spamhaus.org; from=<***@gmx.de> to=<***@***.eu> proto=ESMTP helo=<mout.gmx.net>
Aug 09 12:53:09 *** postfix/smtpd[1050]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "***@***.eu" from client "mout.gmx.net[212.227.15.18]"
Aug 09 12:53:09 *** postfix/smtpd[1050]: disconnect from mout.gmx.net[212.227.15.18] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

KevinRoebert avatar Aug 09 '22 11:08 KevinRoebert