search

anonaddy / docker

AnonAddy Docker image
MIT License
519 stars 56 forks source link

Possible issues with Docker setup #264

Closed masterjg closed 8 months ago

masterjg commented 9 months ago

Support guidelines

I've found a bug and checked that ...

Description

Can't seem to receive any mail to any of the aliases whatsoever. In the logs it shows that during the time postfix processes emails something can't access database? I may be completely off but could it be related to https://github.com/anonaddy/docker/blob/3de44c7adf9088d6ae5928bc4fc3cbfd1af696f5/rootfs/etc/cont-init.d/15-config-postfix.sh#L22 ?

Expected behaviour

All emails successfully received by all aliases.

Actual behaviour

No emails received, getting 451 4.3.5 <oval.tragedy514@xxx.yyy>: Recipient address rejected: Server configuration problem

Steps to reproduce

  1. create compose using file content in Docker Compose config step
  2. create any random alias name
  3. test send email swaks --to oval.tragedy514@xxx.yyy --from zzzz@yyyy.com --server mail.xxx.yyy --ehlo mail.xxx.yyy or just using any client to that alias

Docker info

Client: Docker Engine - Community
 Version:    25.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.12.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.24.5
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 12
  Running: 4
  Paused: 0
  Stopped: 8
 Images: 8
 Server Version: 25.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.5.0-21-generic
 Operating System: Ubuntu 23.10
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 1.866GiB
 Name: mail.xxx.yyy
 ID: 98be9f38-8158-4cb9-89b7-4dd92fd97192
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Docker Compose config

name: anonaddy
services:
  AnonAddy:
    depends_on:
      MariaDB:
        condition: service_started
        required: true
      Redis:
        condition: service_started
        required: true
    deploy:
      resources:
        limits:
          memory: "536870912"
    environment:
      ANONADDY_BANDWIDTH_LIMIT: "10485760000"
      ANONADDY_DKIM_SIGNING_KEY: /data/dkim/xxx.yyy.private
      ANONADDY_DOMAIN: xxx.yyy
      ANONADDY_ENABLE_REGISTRATION: "false"
      ANONADDY_HOSTNAME: mail.xxx.yyy
      ANONADDY_SECRET: ggggggg
      ANONADDY_SIGNING_KEY_FINGERPRINT: ggggggg
      APP_KEY: base64:ggggggg
      APP_NAME: xxx.yyy
      APP_URL: http://mail.xxx.yyy:8000
      DB_DATABASE: anonaddy
      DB_HOST: mariadb
      DB_PASSWORD: ggggggg
      DB_USERNAME: anonaddy
      MAIL_FROM_ADDRESS: anonaddy@xxx.yyy
      MAIL_FROM_NAME: AnonAddy
      POSTFIX_SMTP_TLS: "true"
      POSTFIX_SMTPD_TLS: "true"
      POSTFIX_SMTPD_TLS_CERT_FILE: /certs/live/mail.xxx.yyy/fullchain.pem
      POSTFIX_SMTPD_TLS_KEY_FILE: /certs/live/mail.xxx.yyy/privkey.pem
      REDIS_HOST: redis
      RSPAMD_ENABLE: "true"
      RSPAMD_WEB_PASSWORD: ggggggg
      TZ: Europe/Vilnius
    image: anonaddy/anonaddy:1.0.9
    networks:
      anonaddy: null
    ports:
      - mode: ingress
        target: 25
        published: "25"
        protocol: tcp
      - mode: ingress
        target: 8000
        published: "8000"
        protocol: tcp
      - mode: ingress
        target: 11334
        published: "11334"
        protocol: tcp
    restart: unless-stopped
    volumes:
      - type: bind
        source: /home/ubuntu/anonaddy/anonaddy/data
        target: /data
        bind:
          create_host_path: true
      - type: bind
        source: /home/ubuntu/certbot/certs
        target: /certs
        bind:
          create_host_path: true
  MariaDB:
    deploy:
      resources:
        limits:
          memory: "134217728"
    environment:
      MYSQL_DATABASE: anonaddy
      MYSQL_PASSWORD: ggggggg
      MYSQL_ROOT_PASSWORD: ggggggg
      MYSQL_USER: anonaddy
    expose:
      - "3306"
    image: mariadb:11.0.3
    networks:
      anonaddy: null
    restart: unless-stopped
    volumes:
      - type: bind
        source: /home/ubuntu/anonaddy/mysql/data
        target: /var/lib/mysql
        bind:
          create_host_path: true
      - type: bind
        source: /home/ubuntu/anonaddy/mysql/tune.cnf
        target: /etc/mysql/conf.d/tune.cnf
        bind:
          create_host_path: true
  Redis:
    command:
      - redis-server
      - --save
      - 60 1
    deploy:
      resources:
        limits:
          memory: "33554432"
    expose:
      - "6379"
    image: redis:7.0.12-alpine3.18
    networks:
      anonaddy: null
    restart: unless-stopped
    sysctls:
      net.core.somaxconn: "65535"
    volumes:
      - type: bind
        source: /home/ubuntu/anonaddy/redis/data
        target: /data
        bind:
          create_host_path: true
networks:
  anonaddy:
    name: anonaddy_anonaddy

Logs

AnonAddy-1  | Feb 29 21:34:51 mail postfix/smtpd[911]: connect from xxx.xxx[yy.yy.yy.yy]
MariaDB-1   | 2024-02-29 19:34:51 17 [Warning] Access denied for user 'anonaddy'@'192.168.0.4' (using password: YES)
MariaDB-1   | 2024-02-29 19:34:52 18 [Warning] Access denied for user 'anonaddy'@'192.168.0.4' (using password: YES)
AnonAddy-1  | Feb 29 21:34:52 mail postfix/smtpd[911]: warning: problem talking to server private/policy: Application error
AnonAddy-1  | Feb 29 21:34:52 mail postfix/smtpd[911]: NOQUEUE: reject: RCPT from xxx.xxx[yy.yy.yy.yy]: 451 4.3.5 <oval.tragedy514@zzzz.com>: Recipient address rejected: Server configuration problem; from=<zzzz@yyyy.com> to=<oval.tragedy514@zzzz.com> proto=ESMTP helo=<mail.zzzz.com>
AnonAddy-1  | Feb 29 21:34:52 mail postfix/smtpd[911]: disconnect from xxx.xxx[yy.yy.yy.yy] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4


### Additional info

This is instance with IPv6 and IPv4 attached
willbrowningme commented 9 months ago

Are you able to access and login to the web application?

masterjg commented 9 months ago

yes, absolutely, everything works from web app

masterjg commented 8 months ago

@willbrowningme anything else I could help with while debugging? I can mount some debug-able files if needed to pinpoint the issue.

willbrowningme commented 8 months ago

It is related to user=anonaddy argv=php /var/www/anonaddy/postfix/AccessPolicy.php. Are you able to check the contents of storage/logs/postfix-access-policy.log (I'm not sure where this is stored for the Docker image).

masterjg commented 8 months ago 
$noAliasExists = Database::table('aliases')->select('id')->where('email', $aliasEmail)->doesntExist();

this fails, I've added dumb logging with:

    logData("9?");  
    // Check if the alias already exists or not
    $noAliasExists = Database::table('aliases')->select('id')->where('email', $aliasEmail)->doesntExist();
    logData("10?");

and only 9? is shown in the log.

Not truly sure how this supposed to be able to open connection to tadabase without credentials? Is it singleton or something once called with $database->setAsGlobal();?

I've even dumped (logData(print_r($_ENV, true));) $_ENV before setAsGlobal:

(
    [DB_HOST] => mariadb
    [DB_PORT] => 3306
    [DB_DATABASE] => ...
    [DB_USERNAME] => ...
    [DB_PASSWORD] => ...
    [ANONADDY_ADMIN_USERNAME] => null
    [ANONADDY_ALL_DOMAINS] => ...
    [ANONADDY_SECRET] => ...
)
masterjg commented 8 months ago

@willbrowningme OK, I've found the bug. Try setting db password with # symbol via env var DB_PASSWORD. printenv shows it properly in container, however $_ENV strips everything after this symbol.

willbrowningme commented 8 months ago

Good find, I think if you wrap it all in double quotes it should work with the # symbol. Need a note adding about this in the Readme.

masterjg commented 8 months ago

It's already wrapped in docker-compose.yml. And If I enter container I can see the env variable with printenv, only in PHP there are issues. And what's weird is that only with this AccessPolicy.php there are issues as web app works without any issues. So that leads me to believe that there's bug there somewhere.

All in all I've just destroyed database and run a new container with new password without hashtags and now it works as expected.

willbrowningme commented 8 months ago

# is used for comments in .env files - https://github.com/vlucas/phpdotenv?tab=readme-ov-file#comments

If I enter DB_PASSWORD=secret#123 then dump $_ENV['DB_PASSWORD'] it returns secret missing out everything after the hash.

But if I enter DB_PASSWORD="secret#123" and then dump $_ENV['DB_PASSWORD'] it correctly returns secret#123.