Closed dereddy93 closed 5 years ago
andryyy
commented
5 years ago Provided through which config file?
You only need to make sure, that unbound-mailcow can resolve addresses through your firewall.
It checks various blacklists and databases. We only use unbound-mailcow to resolve names. Not random DNS servers. oO
dereddy93
commented
5 years ago Hello @andryyy , thanks for your quick reply. I configured it through the docker-compose.yml file. I think there might have been an issue here as well where this solved some dns resolution issue for another user.
Nevertheless I did a tcpdump on my system listening to port 25 and as soon as I send an e-mail it starts requesting dns queries to some (more or less) random servers.
andryyy
commented
5 years ago But it does not query anything DNS-like on port 25/tcp. :o And we don't query any random servers, but unbound-mailcow (which then resolves addresses etc.). When you monitor port 25/tcp and send a mail, you will not see anything. Port 25 is not enabled for authenticated submission.
A lot of RBLs are queried, you can disable aaaaall the RBLs and Rspamds fuzzy hashes if you feel paranoid. You will have a shitty spam scanner then. :o
Most important: We don't talk to random DNS servers. We check against some RBLs and update Rspamds fuzzy hashes. But that's pretty much it.
dereddy93
commented
5 years ago Hello @andryyy ,
sorry, my bad. Of course monitoring port 25 won't give me anything on dns issues - just not my day today. I checked it in my firewall log. I don't doubt that you won't do any "random dns lookups". It is just strange seeing docker/mailcow ignoring my dns settings. Are there any workarounds on this issue since I am not happy with allowing DNS traffic to the whole internet for my mailserver?
stale[bot]
commented
5 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello,
I did a clean install on an Ubuntu 18.04 running on ESXi 6.7 with 4GB RAM and 1 CPU. Furthermore I am using docker version 18.09.2, build 6247962 and docker-compose version 1.23.2, build 1110ad01.
I run a firewall in front of the mailserver and which also acts as a local dns proxy. What bugs me is, that mailcow refuses to use the dns server provided through a) the config file and b) the /etc/resolv.conf file. I got several errors in my docker-compose logs with something like "Host or domain not found". When looking at my firewall log I can see DNS requests send to what seems to me like random DNS server. Is it possible to restrict these DNS requests or at least give me a list of DNS server you are using for your domain names?
Thanks a lot in advance and keep up the good work.