search

foxcpp / maddy

✉️ Composable all-in-one mail server.
https://maddy.email
GNU General Public License v3.0
5.06k stars 244 forks source link

Maddy tries to use a localhost dns resolver instead of the nameserver specified in /etc/resolve.conf #475

Open Ninlives opened 2 years ago

Ninlives commented 2 years ago

Describe the bug

I set up a maddy service on a Vultr VPS, and it seems maddy does not respect the nameserver settings in /etc/resolve.conf and tries to read from localhost resolver. Restart the service solves the problem, but I have to restart the service everytime I reboot.

Steps to reproduce

  1. Setup the systemd service for maddy.
  2. Reboot
  3. Try to send a mail to a remote host.

Log files

queue: delivery attempt failed        {"msg_id":"90b4eed2","rcpt":"rcpt@example.com","reason":"read udp 127.0.0.1:40762-\u003e127.0.0.1:53: read: connection refused","smtp_code":554,"smtp_enchcode":"5.4.4","smtp_msg":"MX lookup error","target":"remote"}

Configuration file

$(hostname) = mx.myhost.name
$primary_domain) = myhost.name
$(local_domains) = $(primary_domain)
hostname mx.myhost.name
      tls file ${cert.directory}/fullchain.pem ${cert.directory}/key.pem

      auth.pass_table local_authdb {
        table sql_table {
          driver sqlite3
          dsn credentials.db
          table_name passwords
        }
      }

      storage.imapsql local_mailboxes {
          driver sqlite3
          dsn imapsql.db
      }

      table.chain local_rewrites {
          optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
          optional_step static {
              entry postmaster mlatus@$(primary_domain)
          }
          optional_step file /etc/maddy/aliases
      }

      msgpipeline local_routing {
          # Insert handling for special-purpose local domains here.
          # e.g.
          # destination lists.example.org {
          #     deliver_to lmtp tcp://127.0.0.1:8024
          # }

          destination postmaster $(local_domains) {
              modify {
                  replace_rcpt &local_rewrites
              }

              deliver_to &local_mailboxes
          }

          default_destination {
              reject 550 5.1.1 "User doesn't exist"
          }
      }

      smtp tcp://0.0.0.0:25 {
          limits {
              # Up to 20 msgs/sec across max. 10 SMTP connections.
              all rate 20 1s
              all concurrency 10
          }

          dmarc yes
          check {
              require_mx_record
              dkim
              spf
          }

          source $(local_domains) {
              reject 501 5.1.8 "Use Submission for outgoing SMTP"
          }
          default_source {
              destination postmaster $(local_domains) {
                  deliver_to &local_routing
              }
              default_destination {
                  reject 550 5.1.1 "User doesn't exist"
              }
          }
      }

      submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
          limits {
              # Up to 50 msgs/sec across any amount of SMTP connections.
              all rate 50 1s
          }

          auth &local_authdb

          source $(local_domains) {
              check {
                  authorize_sender {
                      prepare_email &local_rewrites
                      user_to_email identity
                  }
              }

              destination postmaster $(local_domains) {
                  deliver_to &local_routing
              }
              default_destination {
                  modify {
                      dkim $(primary_domain) $(local_domains) default
                  }
                  deliver_to &remote_queue
              }
          }
          default_source {
              reject 501 5.1.8 "Non-local sender domain"
          }
      }

      target.remote outbound_delivery {
          limits {
              # Up to 20 msgs/sec across max. 10 SMTP connections
              # for each recipient domain.
              destination rate 20 1s
              destination concurrency 10
          }
          mx_auth {
              dane
              mtasts {
                  cache fs
                  fs_dir mtasts_cache/
              }
              local_policy {
                  min_tls_level encrypted
                  min_mx_level none
              }
          }
      }

      target.queue remote_queue {
          target &outbound_delivery

          autogenerated_msg_domain $(primary_domain)
          bounce {
              destination postmaster $(local_domains) {
                  deliver_to &local_routing
              }
              default_destination {
                  reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
              }
          }
      }

      imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
          auth &local_authdb
          storage &local_mailboxes
      }

Environment information

foxcpp commented 2 years ago

/etc/resolv.conf is read once on server startup, might it be that /etc/resolv.conf does not exist (or is not populated correctly) when maddy starts? In that case you would need to adjust the systemd unit file to ensure it starts after the correct configuration is generated.

Ninlives commented 2 years ago

Sure, I add another service that restart maddy everytime /etc/resolv.conf is changed, it works, but tricky.