mailserver stops accepting mails shortly after service start

Classification

Please delete options that are not relevant.

[X] Crash/Hang/Data loss

Reproducibility

Please delete options that are not relevant.

[X] Always

Docker information

Swarm cluster, 1 manager 2 workers. Persistent storage via GlusterFS.

docker images hardware/mailserver --digests --filter "dangling=false"
REPOSITORY            TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
hardware/mailserver   <none>              sha256:0af0d6bb7d5de589cb1cf47811f844d7ed43827a3298197fdd4cafee8d2c8ed5   1d08ae0bb068        3 weeks ago         380MB

Description

I observed the last few days that my mailserver is working as it should for around 5 minutes after the service is deployed. After around 3-5 minutes postfix stops delivering emails and continues to does so until I restart the whole service and remove the mail/postfix folder before. Postfix stop / start does NOT help. I tried starting the mailserver without clamav, started it with debug information but I can not find the reason why it stops working suddenly. It worked for 4 weeks straight without an issue before.

Steps to reproduce

start hardware/mailserver stack
send test email to address
check if mail gets delivered into mailbox

Expected results

Emails get delivered to mailbox the whole time

Actual results

Emails only get delivered for like 3-5 minutes after service start

Debugging information


2019-05-18T11:23:43.333269+00:00 496d456e1f74 dovecot: imap-login: Login: user=<user@domain.tld>, method=PLAIN, rip=10.255.0.2, lip=10.255.0.82, mpid=886, TLS, session=<dttWuyeJAK8K/wAC>,
2019-05-18T11:13:05.600782+00:00 496d456e1f74 postfix/smtpd[858]: NOQUEUE: reject: RCPT from unknown[10.255.0.2]: 554 5.7.1 Service unavailable; Sender address [send@srv2.profunsendsnow.site] blocked using dbl.spamhaus.org; https://www.spamhaus.org/query/domain/profunsendsnow.site; from=<send@srv2.profunsendsnow.site> to=<user@domain.tld> proto=ESMTP helo=<srv2.profunsendsnow.site>,
2019-05-18T11:13:05.638170+00:00 496d456e1f74 postfix/smtpd[858]: disconnect from unknown[10.255.0.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=3/5,
2019-05-18T11:13:43.359045+00:00 496d456e1f74 dovecot: imap-login: Login: user=<user@domain.tld>, method=PLAIN, rip=10.255.0.2, lip=10.255.0.82, mpid=856, TLS, session=<vY2TlyeJkq0K/wAC>,
2019-05-18T11:13:43.559746+00:00 496d456e1f74 dovecot: imap(user@domain.tld): Logged out in=89 out=939,
2019-05-18T11:14:43.294313+00:00 496d456e1f74 dovecot: imap-login: Login: user=<user@domain.tld>, method=PLAIN, rip=10.255.0.2, lip=10.255.0.82, mpid=846, TLS, session=<iaMmmyeJsq0K/wAC>,
2019-05-18T11:14:43.537688+00:00 496d456e1f74 dovecot: imap(user@domain.tld): Logged out in=334 out=1389,

<<<<< i sent an email here. did not get delivered. and yes, it worked like a charm 3 minutes before this >>>>>

2019-05-18T11:15:43.427309+00:00 496d456e1f74 dovecot: imap-login: Login: user=<user@domain.tld>, method=PLAIN, rip=10.255.0.2, lip=10.255.0.82, mpid=865, TLS, session=<b3i7nieJ0q0K/wAC>,
2019-05-18T11:15:43.574375+00:00 496d456e1f74 dovecot: imap(user@domain.tld): Logged out in=89 out=939,
2019-05-18T11:16:43.351158+00:00 496d456e1f74 dovecot: imap-login: Login: user=<user@domain.tld>, method=PLAIN, rip=10.255.0.2, lip=10.255.0.82, mpid=834, TLS, session=<rINOoieJ/q0K/wAC>,
2019-05-18T11:16:43.443713+00:00 496d456e1f74 dovecot: imap(user@domain.tld): Logged out in=55 out=871

Configuration (docker-compose.yml, traefik.toml...etc)

version: "3"

# IPv4 only
# docker network create traefik-public

# IPv4/IPv6 network
# docker network create traefik-public --ipv6 --subnet "fd00:0000:0000:0000::/64"
# Refer to https://github.com/hardware/mailserver/#ipv6-support for more information.

networks:
  traefik-public:
    external: true
  mail_network:
    driver: overlay
    external: false

services:
  mailserver:
    image: hardware/mailserver:1.1-stable
    deploy:
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:spam.domain.tld
        - traefik.port=11334
        - traefik.docker.network=traefik-public
        - traefik.tags=traefik-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https
      placement:
        constraints: [node.role == manager]
    ports:
      - "25:25"       # SMTP                - Required
      - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
    # - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
      - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
    environment:
      - DOMAIN=domain.tld
      - HOSTNAME=mail
      - DBPASS=SuperSecretPassword       # MariaDB database password (required)
      - RSPAMD_PASSWORD=SuperSecretPassword   # Rspamd WebUI password (required)
      - ADD_DOMAINS=domain2.tld, domain3.tld, domain4.tld      # Add additional domains separated by commas (needed for dkim keys etc.)
    #  - FQDN=mail.domain.tld
    #  - DEBUG_MODE=true                        # Enable Postfix, Dovecot, Rspamd and Unbound verbose logging
      - ENABLE_POP3=true                       # Enable POP3 protocol
    # - ENABLE_FETCHMAIL=true                  # Enable fetchmail forwarding
    # - DISABLE_RATELIMITING=false             # Enable ratelimiting policy
    #  - DISABLE_CLAMAV=true                    # Disable virus scanning
    # - DISABLE_SIGNING=true                   # Disable DKIM/ARC signing
    # - DISABLE_GREYLISTING=true               # Disable greylisting policy
    #
    # Full list : https://github.com/hardware/mailserver#environment-variables
    #
    volumes:
      - /swarm/prod/mailserver/mail:/var/mail
      - /swarm/prod/traefik/data/:/etc/letsencrypt/acme
    depends_on:
      - mariadb
      - redis
    networks:
      - mail_network
      - traefik-public

  postfixadmin:
    image: hardware/postfixadmin
    deploy:
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:postfixadmin.domain.tld
        - traefik.port=8888
        - traefik.tags=traefik-public
        - traefik.docker.network=traefik-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https
    environment:
      - DBPASS=SuperSecretPassword
      - DOMAINNAME=domain.tld
      - HOSTNAME=mail
    depends_on:
      - mailserver
      - mariadb
    networks:
      - mail_network
      - traefik-public

  # Webmail (Optional)
  # https://github.com/hardware/rainloop
  # https://www.rainloop.net/
  # Configuration : https://github.com/hardware/mailserver/wiki/Rainloop-initial-configuration
  rainloop:
    image: hardware/rainloop
    deploy:
      labels:
        - traefik.enable=true
        - traefik.port=8888
        - traefik.frontend.rule=Host:webmail.domain.tld
        - traefik.tags=traefik-public
        - traefik.docker.network=traefik-public
        - traefik.redirectorservice.frontend.entryPoints=http
        - traefik.redirectorservice.frontend.redirect.entryPoint=https
        - traefik.webservice.frontend.entryPoints=https
    volumes:
      - /swarm/prod/mailserver/rainloop:/rainloop/data
    depends_on:
      - mailserver
      - mariadb
    networks:
      - mail_network
      - traefik-public

  # Alternative webmail (Optional)
  # https://github.com/hardware/afterlogic-webmail-lite
  # https://afterlogic.org/webmail-lite
  # Configuration : https://github.com/hardware/mailserver/wiki/AfterLogic-Webmail-Lite-initial-configuration
  # afterlogic-webmail-lite:
  #   image: hardware/afterlogic-webmail-lite
  #   container_name: afterlogic-webmail-lite
  #   restart: ${RESTART_MODE}
  #   labels:
  #     - traefik.enable=true
  #     - traefik.port=8888
  #     - traefik.frontend.rule=Host:webmail.domain.tld
  #     - traefik.docker.network=traefik-public
  #   volumes:
  #     - /swarm/prod/mailserver/afterlogic-webmail-lite:/afterlogic-webmail-lite/data
  #   depends_on:
  #     - mailserver
  #     - mariadb
  #   networks:
  #     - mail_network
  #     - traefik-public

  # Authoritative DNS server (Optional)
  # https://github.com/hardware/nsd-dnssec
  # https://www.nlnetlabs.nl/projects/nsd/
  # Configuration : https://github.com/hardware/mailserver/wiki/NSD-initial-configuration
  # nsd:
  #   image: hardware/nsd-dnssec
  #   container_name: nsd
  #   restart: ${RESTART_MODE}
  #   ports:
  #     - "53:53"
  #     - "53:53/udp"
  #   volumes:
  #     - /swarm/prod/mailserver/nsd/conf:/etc/nsd
  #     - /swarm/prod/mailserver/nsd/zones:/zones
  #     - /swarm/prod/mailserver/nsd/db:/var/db/nsd

  # Database
  # https://github.com/docker-library/mariadb
  # https://mariadb.org/
  mariadb:
    image: mariadb:10.2
    # Info : These variables are ignored when the volume already exists (if databases was created before).
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE=postfix
      - MYSQL_USER=postfix
      - MYSQL_PASSWORD=SuperSecretPassword
    volumes:
      - /swarm/prod/mailserver/mysql/db:/var/lib/mysql
    networks:
      - mail_network

  # Database
  # https://github.com/docker-library/redis
  # https://redis.io/
  redis:
    image: redis:4.0-alpine
    command: redis-server --appendonly yes
    volumes:
      - /swarm/prod/mailserver/redis/db:/data
    networks:
      - mail_network

hardware / mailserver