Project

General

Profile

Actions

CdmServer in docker instance sending e-mails

Problem:

For the self registration in phycobank it is necessary that the CDM Server is able to send emails. This works fine for the CDM Server running on the host system, but fails when the CDM Server is running in a docker instance.

The mail is sent with org.springframework.mail.javamail.JavaMailSender and the host is defined as localhost, this does not work within docker because the MTA (exim4) runs on the host machine.

Ideas:

First we have to install ssmtp on docker-container, this is already done with inside Dockerfile:

RUN apt-get update && apt-get install -y ssmtp && rm -rf /var/lib/apt/lists/*

COPY ssmtp.conf /etc/ssmtp/ssmtp.conf

To analyse the ip configuration also iproute2 is installed:

RUN apt-get update && apt-get install -y iproute2 && rm -rf /var/lib/apt/lists/*

Some urls to find ideas how to fix the problem:

https://gehrcke.de/2014/07/discourse-docker-container-send-mail-through-exim/
https://stackoverflow.com/questions/26215021/configure-sendmail-inside-a-docker-container/30021595#30021595 (using postfix instead of exim4)

How to connect from inside the docker instance to localhost:
https://www.howtogeek.com/devops/how-to-connect-to-localhost-within-a-docker-container/
Configure firewall to allow the docker container connecting to host MTA
https://docs.docker.com/network/iptables/
https://serverfault.com/questions/705192/iptables-rule-set-so-that-a-docker-container-can-access-a-service-on-a-host-ip

The docker container can be started with different network modes, for us it is the bridge mode, this means between docker container and host system there is a bridge with different IP adresses on container side (172.17.0.2) and host side (172.17.0.1).
So we need to configure exim4 to listen also on 172.17.0.1 and ssmtp to send the mails to 172.17.0.2 (mailhub).

For edit-integration

iptables -I INPUT "linenumber" -s 172.17.0.2 -d 172.17.0.1 -p tcp --dport 25 -j ACCEPT

for edit-production this would be

iptables -I ALLOW "linenumber" -s 172.17.0.2 -d 172.17.0.1 -p tcp --dport 25 -j ACCEPT

To get the line numbers call:

iptables --list --line-numbers -n

did the trick to allow the docker container contacting port 25 on host system. This can be tested with netcat:

First install netcat on docker container with

apt-get update
apt-get -y install netcat

and try to connect to docker.host.internal port 25:

nc -vz docker.host.internal 25

The Server mail.fu-berlin.de allows only internal e-mail addresses, actually I do not know whether this also includes the host address or the mail address mail@cybertaxonomy.org is not allowed.

see https://www.zedat.fu-berlin.de/Relaying

This problem could also be solved by creating a new e-mail address no-reply@phycobank.org by Dominik and then we have a valid from address. If we want to use the password recovery for other instances as well, we have to find out how to set this property outside cdmlib.

Updated by Katja Luther 11 months ago · 15 revisions