Open XenonR opened 2 years ago
root@debian:~# docker version
Client:
Version: 20.10.5+dfsg1
API version: 1.41
Go version: go1.15.15
Git commit: 55c4c88
Built: Mon May 30 18:34:49 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.5+dfsg1
API version: 1.41 (minimum version 1.12)
Go version: go1.15.15
Git commit: 363e9a8
Built: Mon May 30 18:34:49 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.13~ds1
GitCommit: 1.4.13~ds1-1~deb11u2
runc:
Version: 1.0.0~rc93+ds1
GitCommit: 1.0.0~rc93+ds1-5+deb11u2
docker-init:
Version: 0.19.0
GitCommit:
root@debian:~# docker-compose version
docker-compose version 1.25.0, build unknown
docker-py version: 4.1.0
CPython version: 3.9.2
OpenSSL version: OpenSSL 1.1.1n 15 Mar 2022
Same setup, same error. I can confirm that bug.
It looks like SSL_TYPE=self-signed
is not supported on docker-mailserver
anymore. At least since https://github.com/docker-mailserver/docker-mailserver/commit/c851f5b6aa59d24b6d52b4d7fd2923bd5f4f64bf
The new alternative seems to be SSL_TYPE=snakeoil
for testing purposes.
Please change docker-compose.mail.yml
SSL_TYPE
to snakeoil
and test if demo setup is now running.
Yes, by changing that line the mailserver is able to start up and the spooler is able to connect. I can access the webpage.
kopano_spooler_1 | 2022/08/24 13:21:21 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1 | 2022/08/24 13:21:22 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1 | 2022/08/24 13:21:23 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
mail_1 | Aug 24 13:21:24 mail postfix/master[2339]: daemon started -- version 3.5.6, configuration /etc/postfix
mail_1 | Aug 24 13:21:24 mail postfix/pickup[2342]: 44D83141192: uid=0 from=<root>
mail_1 | Aug 24 13:21:24 mail postfix/cleanup[2346]: 44D83141192: message-id=<20220824112124.44D83141192@mail.kopano.demo>
mail_1 | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signing table match for 'root@mail.kopano.demo'
mail_1 | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signature data
mail_1 | Aug 24 13:21:24 mail postfix/qmgr[2343]: 44D83141192: from=<root@mail.kopano.demo>, size=729, nrcpt=1 (queue active)
kopano_spooler_1 | 2022/08/24 13:21:24 Ready: tcp://mail:25.
kopano_spooler_1 | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 0)
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=0 dropped=0 entries
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: CONNECT from [172.20.0.7]:44952 to [172.20.0.3]:25
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: WHITELISTED [172.20.0.7]:44952
kopano_spooler_1 | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 999)
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: connect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1 | Aug 24 13:21:24 mail opendmarc[1126]: ignoring connection from kopano_kopano_spooler_1.kopano_kopano-net
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: lost connection after CONNECT from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: disconnect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7] commands=0/0
docker-compose.mail.yml
as copy&paste for convinience:
version: "3.5"
services:
mail:
image: mailserver/docker-mailserver:10
restart: unless-stopped
hostname: mail # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
domainname: ${LDAP_DOMAIN}
container_name: ${COMPOSE_PROJECT_NAME}_mail
ports:
- "${SMTPPORT:-25}:25"
- "${SMTPSPORT:-465}:465"
- "${MSAPORT:-587}:587"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- mtaconfig:/tmp/docker-mailserver/
environment:
- DMS_DEBUG=0
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_LDAP=1
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- ENABLE_POSTGREY=1
- ENABLE_SASLAUTHD=1
- ENABLE_SPAMASSASSIN=1
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_SERVER_HOST=${LDAP_SERVER}
- ONE_DIR=1
- PERMIT_DOCKER=connected-networks
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
- PFLOGSUMM_TRIGGER=logrotate
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_SERVER=${LDAP_HOST}
- SASLAUTHD_MECHANISMS=rimap
- SASLAUTHD_MECH_OPTIONS=kopano_gateway
- SMTP_ONLY=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- SSL_TYPE=snakeoil
- TZ=${TZ}
env_file:
- mail.env
networks:
- kopano-net
# dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
# set to the ip of a trusted dns service (Cloudflare is given as an example).
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
cap_add:
- NET_ADMIN
- SYS_PTRACE
kopano_spooler:
depends_on:
- mail
volumes:
maildata:
mailstate:
maillogs:
mtaconfig:
And .env
generated by setup.sh
, just in case, as reference:
# please consult https://github.com/zokradonh/kopano-docker
# for possible configuration values and their impact
CORE_VERSION=latest
WEBAPP_VERSION=latest
ZPUSH_VERSION=latest
KONNECT_VERSION=latest
KWM_VERSION=latest
MEET_VERSION=latest
KDAV_VERSION=latest
KAPPS_VERSION=latest
LDAP_CONTAINER=kopano_ldap_demo
LDAP_ORGANISATION="Kopano Demo"
LDAP_DOMAIN=kopano.demo
LDAP_BASE_DN=dc=kopano,dc=demo
LDAP_SERVER=ldap://ldap:389
LDAP_HOST=ldap:389
LDAP_ADMIN_PASSWORD=P05ZPCijJtslpv2xPhEE4olNUeUH7mnE
LDAP_READONLY_USER_PASSWORD=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_BIND_DN=cn=readonly,dc=kopano,dc=demo
LDAP_BIND_PW=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_SEARCH_BASE=dc=kopano,dc=demo
# LDAP query filters
LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=*@%s)))
SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))
# LDAP user password self-service reset settings
SELF_SERVICE_SECRETEKEY=V339QJmge49oxXlaUuQ3LHCOte67O49W
SELF_SERVICE_PASSWORD_MIN_LENGTH=5
SELF_SERVICE_PASSWORD_MAX_LENGTH=0
SELF_SERVICE_PASSWORD_MIN_LOWERCASE=0
SELF_SERVICE_PASSWORD_MIN_UPPERCASE=0
SELF_SERVICE_PASSWORD_MIN_DIGIT=1
SELF_SERVICE_PASSWORD_MIN_SPECIAL=1
# switch the value of these two variables to use the activedirectory configuration
KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg
MYSQL_HOST=db
MYSQL_ROOT_PASSWORD=4OII0t4bPkReacmEVUbY86xREN5dkbUm
MYSQL_USER=kopano
MYSQL_PASSWORD=ZBlaDovYP9RyGcDxgBTjIwEKadm3kmVw
MYSQL_DATABASE=kopano
KCCONF_SERVER_SERVER_NAME=Kopano
POSTMASTER_ADDRESS=postmaster@kopano.demo
MAILBOXLANG=en_US.UTF-8
TZ=Europe/Berlin
# Defines how Kopano can be accessed from the outside world
FQDN=kopano.demo
FQDNCLEANED=kopano.demo
DEFAULTREDIRECT=/webapp
EMAIL=self_signed
CADDY=2015
HTTP=80
HTTPS=443
LDAPPORT=389
SMTPPORT=25
SMTPSPORT=465
MSAPORT=587
IMAPPORT=143
ICALPORT=8080
KOPANOPORT=236
KOPANOSPORT=237
# Settings for test environments
INSECURE=yes
# Docker and docker-compose settings
# Docker Repository to push to/pull from
docker_repo=zokradonh
COMPOSE_PROJECT_NAME=kopano
COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:docker-compose.ldap.yml:docker-compose.mail.yml
# Modify below to build a different version, than the Kopano nightly release
# credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
#KOPANO_KAPPS_REPOSITORY_URL=https://download.kopano.io/supported/kapps:/master/Debian_10/
#KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
#KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/pre-final/Debian_10/
#KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://download.kopano.io/supported/mdm:/final/Debian_10/
#KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
#KOPANO_WEBAPP_SMIME_REPOSITORY_URL=https://download.kopano.io/supported/smime:/final/Debian_10/
#KOPANO_ZPUSH_REPOSITORY_URL=https://download.kopano.io/zhub/z-push:/final/Debian_10/
#DOWNLOAD_COMMUNITY_PACKAGES=0
# Remove this variable to not push versioned containers with the :latest tag
PUBLISHLATEST=yes
# Additional packages to install
ADDITIONAL_KOPANO_PACKAGES=""
ADDITIONAL_KOPANO_WEBAPP_PLUGINS=""
Thanks.
thanks for the workarround. is it normal that the container kopano_kopano_ssl_1 cannot be started?
docker logs of this container shows only the following:
errexit on
noglob off
ignoreeof off
monitor off
noexec off
xtrace off
verbose off
noclobber off
allexport off
notify off
nounset on
vi off
pipefail off
SSL certs:
-rw-r--r-- 1 root root 3054 Aug 31 06:51 /kopano/ssl/admin.pem
-rw-r--r-- 1 root root 1338 Aug 31 06:51 /kopano/ssl/ca.pem
-rw-r--r-- 1 nobody nobody 227 Sep 1 08:27 /kopano/ssl/ecparam.pem
-rw-r--r-- 1 root root 129 Aug 31 06:51 /kopano/ssl/kapid-pubs-secret.key
-rw-r--r-- 1 root root 32 Aug 31 06:51 /kopano/ssl/konnectd-encryption.key
-rw-r--r-- 1 nobody nobody 491 Sep 1 08:27 /kopano/ssl/konnectd-identifier-registration.yaml
-rw-r--r-- 1 root root 3272 Aug 31 06:51 /kopano/ssl/konnectd-tokens-signing-key.pem
-rw-r--r-- 1 root root 3082 Aug 31 06:51 /kopano/ssl/kopano_dagent.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_monitor.pem
-rw-r--r-- 1 root root 3090 Aug 31 06:51 /kopano/ssl/kopano_search.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_server.pem
-rw-r--r-- 1 root root 3098 Aug 31 06:51 /kopano/ssl/kopano_server_2.pem
-rw-r--r-- 1 root root 3090 Aug 31 06:51 /kopano/ssl/kopano_spooler.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_webapp.pem
-rw-r--r-- 1 nobody nobody 227 Sep 1 08:27 /kopano/ssl/meet-kwmserver.pem
Client public keys:
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/admin-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_dagent-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_monitor-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_search-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_server-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_server_2-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_spooler-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_webapp-public.pem
It starts successfully and fullfills its job to create the certificates if they don't exist. Afterwards it closes immediately. This is normal.
Describe the bug Demo setup with default settings is unable to produce a working environment on a fresh OS isntallation.
To Reproduce
Expected behavior Working demo environment. But website is not accessible.
Logs I assume the culprit is somehow this:
Full logs Mailserver log