Open madeofstown opened 1 year ago
Do you still use this setup? For some reason no matter what I do, I still have an issue with TLSA, in my case error is 111/110. I've used:
So forwarding works as nmap and delivery of emails work but still this is not 100% solution.
From what I understand and found on Google, this is an issue with SNAT/DNAT and/or DNS. What I've discovered is that if you set hosts mail.domain.tld to internal address (127.0.1.1) within VMs and also inside containers to a VMs IP in your network then TLSA seem to generate/work.
Thanks for any tips!
When using mailcow on my local server I could not get it working 100% (TLSA, damn you!) with the iptables rules described in the instructions. The
sudo iptables -P FORWARD DROP
rule specifically was the main problem because the wireguard install script used for the VPS already sets up the proper rules to forward all traffic (IPv4 and IPv6) from client > VPS > Internet (as VPS IP). I did some experimenting and came up with a bash scrip to add the correct iptables and ip6tables rules for forwarding traffic from the Internet > VPS > client on the specified ports. Run this script INSTEAD of adding ANY OTHER iptables or ip6tables rules from the wiki:I've also added the following lines to the VPS's
wg0.conf
file at the end of the[Interface]
section:These should not be necessary but if you find you are having issues go ahead and add them if you want to replicate my environment.