docker-mailman
docker-mailman copied to clipboard
maxking
Messages are not archived
I installed docker-mailman with mailcow dockerized as described on the mailcow.email site. There is no problem with the transmission of messages. However, mails published in mailman lists do not appear in hyperkitty archives. I can't see any error logs either. How can I find where the problem originates?
Im using a valid Letsencrypt SSl Cert and it seems its another SSL related bug for mailman in docker. It doesnt seem to accept SSL connections between mailman-core and mailman-web.
Im still looking for a solution, but its this :
requests.exceptions.SSLError: HTTPSConnectionPool(host='mywebserver', port=443): Max retries exceeded with url: /hyperkitty/api/mailman/archive (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
[24/Jul/2023:07:00:02 +0000] "GET /3.1/lists?count=10&page=1 HTTP/1.1" 200 488 "-" "GNU Mailman REST client v3.3.5"
Ive tried setting pythonhttpsverify=0 in docker-compose environment variable for testing, as suggested sometimes, but it doesnt work.
I think I figured it out - seems to be working now: the hypperkitty connections from mailman-core to mailman-web have to run across plain HTTP otherwise it starts to check CA certificates and breaks and the above problem occurs.
docker-compose.yaml:
- HYPERKITTY_URL=http://mailman-web:8000/hyperkitty
This causes an issue with mailman-web when proxying over nginx SSL but I was able to fix it by adding this to
/opt/mailman/web/settings_local.py:
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', '192.168.1.1, 'mywebserver.name', 'mailman-web', '172.19.199.*' ]
Overall - I dont think theres a need to encrypt and do SSL CA checks between docker containers running on the same host machine - it overcomplicates things alot, I think I will leave as it is. Extenal connections are encrypted over nginx uwsgi proxy anyways.
We are experiencing the same issue.
It appears the handling of the MAILMAN_ARCHIVER_FROM has changed, and with it the acceptance of the IP address of the mailman-core container which will access mailman-web.
$ tail -n 500 mailman-core-data/opt/mailman/var/logs/mailman.log
...
Nov 09 12:07:24 2023 (24) Exception in the HyperKitty archiver: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses
assigned to MAILMAN_ARCHIVER_FROM in the settings file.
</p></body></html>
Nov 09 12:07:24 2023 (24) Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 151, in _archive_message
url = self._send_message(mlist, msg)
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 207, in _send_message
raise ValueError(result.text)
ValueError: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses
assigned to MAILMAN_ARCHIVER_FROM in the settings file.
</p></body></html>
Nov 09 12:07:24 2023 (24) Connection to HyperKitty failed: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Nov 09 12:07:24 2023 (24) Exception in the HyperKitty archiver: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Nov 09 12:07:24 2023 (24) Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1046, in _send_output
self.send(chunk)
File "/usr/lib/python3.8/http/client.py", line 968, in send
self.sock.sendall(data)
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 403, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1046, in _send_output
self.send(chunk)
File "/usr/lib/python3.8/http/client.py", line 968, in send
self.sock.sendall(data)
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 151, in _archive_message
url = self._send_message(mlist, msg)
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 195, in _send_message
result = requests.post(
File "/usr/lib/python3.8/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
...
Nov 09 12:07:24 2023 (24) HyperKitty failure on http://mailman-web:8000/hyperkitty/api/mailman/archive: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses
assigned to MAILMAN_ARCHIVER_FROM in the settings file.
</p></body></html> (403)
Nov 09 12:07:24 2023 (24) Exception in the HyperKitty archiver: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses
assigned to MAILMAN_ARCHIVER_FROM in the settings file.
</p></body></html>
Nov 09 12:07:24 2023 (24) Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 151, in _archive_message
url = self._send_message(mlist, msg)
File "/usr/lib/python3.8/site-packages/mailman_hyperkitty/__init__.py", line 207, in _send_message
raise ValueError(result.text)
ValueError: <html><title>Forbidden</title><body>
<h1>Access is forbidden</h1><p>Please check the IP addresses
assigned to MAILMAN_ARCHIVER_FROM in the settings file.
</p></body></html>
Will report back here when a solution has been found.
It appears on our end, all was achieved after upgrading the database and then upgrading the DATABASE_URL scheme from postgres:// to postgresql://. `The configuration was then working again.