ASN Check Fails with script error

Clete2 commented 1 year ago

Contribution guidelines

[X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

[X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
[X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
[X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

When running `./update.sh`, the ASN check fails with an error.

Curl version: 8.0.1
Bash version: 4.2.46(2)

Running the command that generates the `response` variable (line 260) results in a failed status code 23 with no text:

[root@mail mailcow-dockerized]# curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email"
[root@mail mailcow-dockerized]# echo $?
23

I assume maybe the script was not tested with my particular version of curl and that the curl is expected to return a textual version of the http code, but mine is not for some reason?

Logs:

⚡  /o/mailcow-dockerized   master ±  ./update.sh
Detecting if your IP is listed on Spamhaus Bad ASN List...
./update.sh: line 261: [: : integer expression expected
./update.sh: line 276: [: : integer expression expected
./update.sh: line 278: [: : integer expression expected
Check failed! Maybe a DNS or Network problem?
Checking internet connection... OK
Detecting which build your mailcow runs on...
You are receiving stable updates (master).
To change that run the update.sh Script one time with the --nightly parameter to switch to nightly builds.
Checking for newer update script...
Updated 0 paths from 9377dc0d
Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N]

Steps to reproduce:

1. Run update.sh from AWS
2. ?? I'm not sure what else is causing it

Which branch are you using?

master

Operating System:

Amazon Linux 2 (4.14.320-242.534.amzn2.x86_64)

Server/VM specifications:

2 CPU 4 GB RAM

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM I assume -- it is AWS EC2

Docker version:

Docker version 20.10.23, build 7155243

docker-compose version or docker compose version:

Docker Compose version v2.11.2

mailcow version:

command fails "unknown option max-count=1"

Reverse proxy:

NA

Logs of git diff:

Nothing relevant, only conf changes.

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 5924 packets, 2802K bytes)
 pkts bytes target     prot opt in     out     source               destination
 5956 2808K MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
70855   59M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0
71339   59M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
71339   59M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
56297   49M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 3678  234K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
11364 9665K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 3368  217K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 6422 packets, 1076K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:3306
    2   128 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
   10   600 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    7   404 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    4   240 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
   82  5396 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   19  1200 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    4   240 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
   55  3280 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:443
  127  6432 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:80

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
11364 9665K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
  17M 9644M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
1690K 1015M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
  17M 9644M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     all  --  *      *       141.98.80.0/24       0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       141.98.10.0/24       0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       45.150.206.0/24      0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       212.70.149.0/24      0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       98.49.103.0/24       0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  *      *       141.98.11.0/24       0.0.0.0/0            reject-with icmp-port-unreachable

Logs of ip6tables -L -vn:

IPv6 disabled

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 4623 packets, 322K bytes)
 pkts bytes target     prot opt in     out     source               destination
 137K   11M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 287 packets, 26216 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 188 packets, 12752 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 3885 packets, 248K bytes)
 pkts bytes target     prot opt in     out     source               destination
  952 78424 MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.6           172.22.1.6           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.6:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.8:3306
    2   128 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
   10   600 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    7   404 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    4   240 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
   84  5524 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   20  1264 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    4   240 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
   56  3340 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.10:443
  127  6432 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.10:80

Logs of ip6tables -L -vn -t nat:

IPv6 disabled

DNS check:

151.101.193.69
151.101.129.69
151.101.65.69
151.101.1.69

FingerlessGlov3s commented 1 year ago

I have the same problems with my installation of Mailcow. I tried it again eventually got a Check completed! Your IP seems to be rate limited on the ASN Check service... so something isn't quite right, but it know when it's rated limited, since that's a 429 HTTP CODE it checks for.

Host: Debian GNU/Linux 11 (bullseye)" Curl: 7.74.0 ASN: OVH

FingerlessGlov3s commented 1 year ago

After looking at what curl is doing, I'm getting 503 response code from the web server. I get 200 when I use my home internet connection. On my OVH server I should be getting 403.

Not sure if there's an actual server error or typo on the response type for when the certain ASN's are detected.

lalaluuu commented 1 year ago

Here the same:

 ./update.sh
Detecting if your IP is listed on Spamhaus Bad ASN List...
./update.sh: line 261: [: : integer expression expected
./update.sh: line 276: [: : integer expression expected
./update.sh: line 278: [: : integer expression expected
Check failed! Maybe a DNS or Network problem?

Debian 6.1.38-1 Curl: 7.88.1 ASN: OVH

Clete2 commented 1 year ago

This issue was fixed in https://github.com/mailcow/mailcow-dockerized/commit/6cf2775e7e03a01436d4f6f07145d24d1b80fa48

mailcow / mailcow-dockerized