CdmServer in docker instance sending e-mails » History » Version 14
Katja Luther, 04/25/2023 03:09 PM
1 | 1 | Katja Luther | # CdmServer in docker instance sending e-mails |
---|---|---|---|
2 | |||
3 | ## Problem: |
||
4 | |||
5 | 13 | Andreas Müller | For the self registration in phycobank it is necessary that the CDM Server is able to send emails. This works fine for the CDM Server running on the host system, but fails when the CDM Server is running in a docker instance. |
6 | 1 | Katja Luther | |
7 | 12 | Andreas Müller | The mail is sent with org.springframework.mail.javamail.JavaMailSender and the host is defined as localhost, this does not work within docker because the MTA (exim4) runs on the host machine. |
8 | 1 | Katja Luther | |
9 | ## Ideas: |
||
10 | |||
11 | First we have to install ssmtp on docker-container, this is already done with inside Dockerfile: |
||
12 | |||
13 | ~~~ |
||
14 | RUN apt-get update && apt-get install -y ssmtp && rm -rf /var/lib/apt/lists/* |
||
15 | |||
16 | COPY ssmtp.conf /etc/ssmtp/ssmtp.conf |
||
17 | ~~~ |
||
18 | |||
19 | To analyse the ip configuration also iproute2 is installed: |
||
20 | |||
21 | ~~~ |
||
22 | RUN apt-get update && apt-get install -y iproute2 && rm -rf /var/lib/apt/lists/* |
||
23 | ~~~ |
||
24 | |||
25 | Some urls to find ideas how to fix the problem: |
||
26 | |||
27 | https://gehrcke.de/2014/07/discourse-docker-container-send-mail-through-exim/ |
||
28 | https://stackoverflow.com/questions/26215021/configure-sendmail-inside-a-docker-container/30021595#30021595 (using postfix instead of exim4) |
||
29 | |||
30 | How to connect from inside the docker instance to localhost: |
||
31 | https://www.howtogeek.com/devops/how-to-connect-to-localhost-within-a-docker-container/ |
||
32 | Configure firewall to allow the docker container connecting to host MTA |
||
33 | https://docs.docker.com/network/iptables/ |
||
34 | https://serverfault.com/questions/705192/iptables-rule-set-so-that-a-docker-container-can-access-a-service-on-a-host-ip |
||
35 | 2 | Katja Luther | |
36 | 14 | Katja Luther | The docker container can be started with different network modes, for us it is the bridge mode, this means between docker container and host system there is a bridge with different IP adresses on container side (172.17.0.2) and host side (172.17.0.1). |
37 | 2 | Katja Luther | So we need to configure exim4 to listen also on 172.17.0.1 and ssmtp to send the mails to 172.17.0.2 (mailhub). |
38 | 4 | Katja Luther | |
39 | For edit-integration |
||
40 | |||
41 | 8 | Katja Luther | iptables -I INPUT "linenumber" -s 172.17.0.2 -d 172.17.0.1 -p tcp --dport 25 -j ACCEPT |
42 | 7 | Katja Luther | |
43 | for edit-production this would be |
||
44 | |||
45 | |||
46 | 8 | Katja Luther | iptables -I ALLOW "linenumber" -s 172.17.0.2 -d 172.17.0.1 -p tcp --dport 25 -j ACCEPT |
47 | 4 | Katja Luther | |
48 | 9 | Katja Luther | |
49 | To get the line numbers call: |
||
50 | |||
51 | iptables --list --line-numbers -n |
||
52 | |||
53 | 4 | Katja Luther | did the trick to allow the docker container contacting port 25 on host system. This can be tested with netcat: |
54 | |||
55 | First install netcat on docker container with |
||
56 | |||
57 | ~~~ |
||
58 | apt-get update |
||
59 | apt-get -y install netcat |
||
60 | ~~~ |
||
61 | |||
62 | and try to connect to docker.host.internal port 25: |
||
63 | |||
64 | ~~~ |
||
65 | nc -vz docker.host.internal 25 |
||
66 | ~~~ |
||
67 | 5 | Katja Luther | |
68 | After fixing the firewall problem, the mail is send by exim4, but there are still some problems: |
||
69 | |||
70 | ~~~ |
||
71 | 2023-04-18 15:19:46 no host name found for IP address 172.17.0.2 |
||
72 | 2023-04-18 15:19:47 1polFK-0003qc-W7 <= mail@cybertaxonomy.org H=(e746b3eea32a) [172.17.0.2] P=esmtp S=879 id=1902382989.6.1681823986995@e746b3eea32a |
||
73 | 2023-04-18 15:19:51 1polFK-0003qc-W7 ** k.luther@bo.berlin R=smarthost T=remote_smtp_smarthost H=mail.fu-berlin.de [130.133.4.67] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=yes DN="C=DE,ST=Berlin,O=Freie Universit\303\244t Berlin,CN=mail.fu-berlin.de": SMTP error from remote mail server after RCPT TO:<k.luther@bo.berlin>: 550-Verification failed for <mail@cybertaxonomy.org>\n550-Unknown user\n550 Sender verify failed |
||
74 | 2023-04-18 15:19:54 1polFS-0003qg-9d <= <> R=1polFK-0003qc-W7 U=Debian-exim P=local S=2584 |
||
75 | 2023-04-18 15:19:54 1polFK-0003qc-W7 Completed |
||
76 | 2023-04-18 15:19:58 1polFS-0003qg-9d ** mail@cybertaxonomy.org R=smarthost T=remote_smtp_smarthost H=mail.fu-berlin.de [130.133.4.67] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=yes DN="C=DE,ST=Berlin,O=Freie Universit\303\244t Berlin,CN=mail.fu-berlin.de": SMTP error from remote mail server after RCPT TO:<mail@cybertaxonomy.org>: 550 Unknown user |
||
77 | 2023-04-18 15:19:58 1polFS-0003qg-9d Frozen (delivery error message) |
||
78 | ~~~ |
||
79 | 6 | Katja Luther | |
80 | from https://bobcares.com/blog/smtp-error-from-remote-mail-server-after-rcpt-to/ |
||
81 | |||
82 | ~~~ |
||
83 | 5. Sender errors |
||
84 | |||
85 | SMTP error from remote mail server after RCPT TO:: |
||
86 | host host.domain.com [xx.xx.xx.xx]: 554 5.1.8 : |
||
87 | Sender address rejected: Domain not found |
||
88 | |||
89 | SMTP error from remote mail server after RCPT TO:: |
||
90 | host mx.server.com [xxx.xxx.xxx.xxx]: 550-Verification failed for |
||
91 | 550-No Such User Here : Sender verify failed |
||
92 | |||
93 | |||
94 | |||
95 | Cause: A sender error can be caused due to many factors. The prominent reasons we have seen in our role as Website Support Techs for web hosting companies, include: |
||
96 | |||
97 | a. Duplicate sender account present in the recipient server |
||
98 | b. Misconfigured mail configuration settings |
||
99 | c. Sender email account doesn’t exist or cannot be detected |
||
100 | d. Permission issues caused by server migrations, updates or custom scripts |
||
101 | |||
102 | Fix: To resolve sender errors, we examine the mail server logs, sender email account settings, folder permissions, mail server configuration, etc. and resolve any issues related to that. |
||
103 | |||
104 | ~~~ |
||
105 | 10 | Katja Luther | |
106 | The Server mail.fu-berlin.de allows only internal e-mail addresses, actually I do not know whether this also includes the host address or the mail address mail@cybertaxonomy.org is not allowed. |
||
107 | |||
108 | see https://www.zedat.fu-berlin.de/Relaying |
||
109 | 11 | Katja Luther | |
110 | This problem could also be solved by creating a new e-mail address no-reply@phycobank.org by Dominik and then we have a valid from address. If we want to use the password recovery for other instances as well, we have to find out how to set this property outside cdmlib. |