Comments (9)
Ok second server. Postal upgraded.
We are listening on * port 587:
ruby 3339945 systemd-coredump 5u IPv6 44482698 0t0 TCP *:587 (LISTEN)
Postal still running version: 1
config.
A new issue though -- getting a handshake failure:
Mar 6 11:40:13 <sender> postfix/smtp[1293399]: 1B6871798B7: to=<[email protected]>, relay=<postal>[<IP>]:587, delay=0.57, delays=0.03/0.03/0.51/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)
This is new so will proceed with the config change and hope that fixes it
from postal.
Trying to load certificates from /config/smtp.cert
but that is not what is in my config:
smtp-1 | 2024-03-06 12:16:38 +0000 ERROR Errno::ENOENT: No such file or directory @ rb_sysopen - /config/smtp.cert trace_id=A0GDVGQI component=smtp-server
Config:
tls_certificate_path: /config/certs/fullchain.pem
tls_private_key_path: /config/certs/privkey.pem
from postal.
Had to set tls_enabled
to false and now I am sending through Postal without issue. So the question remains: why is it not seeing the correct certificate path in my config?
from postal.
I can now confirm my original issue.
Using my original config (albeit with tls disabled now), the SMTP server is listening on *:587
:
ruby 3346358 systemd-coredump 5u IPv6 44517716 0t0 TCP *:587 (LISTEN)
When I update the config to version: 2
(again tls disabled), the SMTP server listens on 127.0.0.1:587
:
ruby 3345537 systemd-coredump 5u IPv4 44512786 0t0 TCP 127.0.0.1:587 (LISTEN)
Note there also seems to be a difference in that with version: 2
config, in that the listen bindings seem to be explicitly IPv4
whereas they are IPv6
when using the original config.
Original (Postal 2.3 config):
general:
use_ip_pools: true
maximum_delivery_attempts: 20
suppression_list_removal_delay: 1
maximum_hold_expiry_days: 1
web:
host: server.example.com
protocol: https
web_server:
bind_address: 127.0.0.1
port: 5000
smtp_server:
port: 587
tls_enabled: false
tls_certificate_path: /config/certs/fullchain.pem
tls_private_key_path: /config/certs/privkey.pem
logging:
stdout: true
main_db:
host: 127.0.0.1
username: root
password: <password>
database: postal
pool_size: 10
message_db:
host: 127.0.0.1
username: root
password: <password>
prefix: postal
rabbitmq:
host: 127.0.0.1
username: postal
password: <password>
vhost: postal
dns:
mx_records:
- mx.server.example.com
smtp_server_hostname: server.example.com
spf_include: spf.server.example.com
return_path: rp.server.example.com
route_domain: routes.server.example.com
smtp:
host: server.example.com
port: 587
username: <username>
password: <password>
from_name: <From_name>
from_address: [email protected]
workers:
quantity: 30
threads: 12
rails:
secret_key: <secret_key>
New (Postal v3) config:
version: 2
postal:
web_hostname: server.example.com
web_protocol: https
smtp_hostname: server.example.com
use_ip_pools: true
default_maximum_delivery_attempts: 20
default_suppression_list_automatic_removal_days: 1
smtp_server:
default_port: 587
default_bind_address: '*'
tls_enabled: false
tls_certificate_path: /config/certs/fullchain.pem
tls_private_key_path: /config/certs/privkey.pem
logging:
enabled: true
main_db:
host: 127.0.0.1
username: root
password: <password>
pool_size: 10
message_db:
host: 127.0.0.1
username: root
password: <password>
dns:
mx_records:
- mx.server.example.com
smtp_server_hostname: server.example.com
spf_include: spf.server.example.com
return_path: rp.server.example.com
route_domain: routes.server.example.com
smtp:
host: server.example.com
port: 587
username: <username>
password: <password>
from_name: <From name>
from_address: [email protected]
rails:
secret_key: <secret_key>
from postal.
Okay... another new issue.
Under DNS configuration:
Return Path
WARNING There is a CNAME record at psrp.example.tld but it points to rp.server.example.com which is incorrect. It should point to rp.postal.example.com.
This is optional but we recommend adding this to improve deliverability. You should add a CNAME record at psrp.example.tld to point to the hostname below.
rp.postal.example.com
Where is it getting rp.postal.example.com
from? I guess this is because return_path_domain
is not defined in the new config? (This is not happening on the original server I upgraded).
from postal.
SMTP server not listening on all interfaces
The v2 configuration has a default to listen on 127.0.0.1 so this needs to be changed ::
when migrating.
Either we should change this default or document this. I'm leaning towards changing the default.
Having to define
dns.helo_hostname
The HELO should use postal.smtp_server_hostname
if dns.helo_hostname
is not defined.
Return Path
This was renamed from dns.return_path
to dns.return_path_domain
for consistency.
SSL cert path not found
This is an interesting one. The container sets 4 environment variables which will always override what is in the configuration file. These are all variables which relate to the path where files exist. At present, it is not possible to set these in the config file. To change them, you would need to change your docker-compose.yml
file but I do not recommend this as it will cause issues on upgrade.
ENV POSTAL_CONFIG_FILE_PATH=/config/postal.yml
ENV POSTAL_SIGNING_KEY_PATH=/config/signing.key
ENV SMTP_SERVER_TLS_CERTIFICATE_PATH=/config/smtp.cert
ENV SMTP_SERVER_TLS_PRIVATE_KEY_PATH=/config/smtp.key
I think the most useful thing I can do is make a guide on the key changes between v1 and v2 configuration to help with migrations. Broadly the main things are:
web.host
->postal.web_hostname
web.protocol
->postal.web_protocol
web_server.port
->web_server.default_port
web_server.bind_address
->web_server.default_bind_address
smtp_server.port
->smtp_server.default_port
smtp_server.bind_address
->smtp_server.default_bind_address
dns.return_path
->dns.return_path_domain
dns.smtp_server_hostname
->postal.smtp_server_hostname
general.use_ip_pools
->postal.use_ip_pools
general.*
-> moved to various new names under thepostal.
namespacesmtp_relays
->postal.smtp_relays
and now uses an array of strings which should be in the format ofsmtp://{host}:{port}?ssl_mode={mode}
logging.graylog.*
->gelf.*
I'll get this transferred to the docs site shortly.
Did I missing anything?
from postal.
The v2 configuration has a default to listen on 127.0.0.1 so this needs to be changed :: when migrating.
Either we should change this default or document this. I'm leaning towards changing the default.
Yeah I think this will catch fewer people out, hopefully.
The HELO should use postal.smtp_server_hostname if dns.helo_hostname is not defined.
postal.smtp_hostname
* π
This was renamed from dns.return_path to dns.return_path_domain for consistency.
Yeah looks like this one was my bad and accounts for the inconsistency when I migrated the config the second time.
This is an interesting one.
Does it make sense for now for me to copy the the cert and key to match the env var names?
I'll get this transferred to the docs site shortly.
Great!
Did I missing anything?
Don't think so. Thanks for everything. It was quiet here for a while which made me a little nervous as I was about to move two business critical servers over to Postal but the momentum recently is really impressive and it's very much appreciated. Thank you.
from postal.
Does it make sense for now for me to copy the the cert and key to match the env var names?
Yes
Thanks for everything. It was quiet here for a while which made me a little nervous as I was about to move two business critical servers over to Postal but the momentum recently is really impressive and it's very much appreciated. Thank you.
Not a problem! Quite a few new updates coming soon around authentication and the API too.
from postal.
On my Postal 2.3.2 server, I have fail2ban configured on the host to watch the smtp logs and ban repeat evil hitting the server.
I have this set up with the following v1 config:
logging:
# Specify options for the logging
stdout: false
root: /opt/postal/log
(and I also have the directory /opt/postal/log
bind mounted via docker into the smtp container)
β¦which results in postal logs being written to /opt/postal/log
on the host making it simple to configure fail2ban to look there.
Is it possible to achieve the same behavior in the v2 configuration (iow, will logging.root
work similarly in v2 or is there some equivalent)?
from postal.
Related Issues (20)
- Support for authentication on SMTP relays HOT 4
- Problem on upgrading postal to 2.3.0 HOT 5
- Characters being stripped from emails since upgrade from 2.1.2 to 2.3.0 HOT 21
- Privacy mode not work in v2.3.1, but works in v2.3.0 HOT 1
- Getting Internal error: Encoding::CompatibilityError: incompatible character encodings: UTF-8 and ASCII-8BIT HOT 4
- Mysql2::Error: Data too long for column 'output' at row 1 HOT 1
- Sometimes postal sent email to A record insted of MX HOT 1
- Set `Content-Id` header on attachments through send message API HOT 1
- Upgrade to v3 failed due to migration error HOT 9
- Cannot send emails after upgrading to v3 HOT 2
- Unable to receive incoming email after upgrade to V3 HOT 8
- Documentation is missing how to upgrade docker containers from version 2.x.x to V3 HOT 2
- Postal with IPv6 breaks r
- Postal with IPv6 breaks Rspamd HOT 1
- Postal v3 fails to forward messages to SMTP servers
- Postal Don't Override Environment Variables HOT 1
- Unable to get incoming mails - Broken pipe smtp-server HOT 1
- Webhook error / Mysql2::Error (Data too long for column 'body' at row 1) HOT 1
- v3 Breaking Changes: log files HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postal.