Suggested DNS records say "110: Operation timed out" for TLSA record #4408
Comments
|
It is most likely a NAT reflection issue.
Connecting from the host itself to its own public IP so to say.
…
Am 31.12.2021 um 14:29 schrieb mfnalex ***@***.***>:
Prior to placing the issue, please check following: (fill out each checkbox with an X once done)
I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
I have understood that answers are voluntary and community-driven, and not commercial support.
I have verified that my issue has not been already answered in the past. I also checked previous issues.
Summary
Hi everyone :)
I get the following suggested DNS record:
That obviously isn't what I am actually supposed to enter, I assume :)
Logs
I am not actually sure where to look. I checked the Mailcow UI logs but there was nothing related to this.
Reproduction
Not sure. I have this problems for months and just didn't any TLSA records, but would like to do that now.
System information
Question Answer
My operating system Debian 10.11 4.19.0-18-amd64
Is Apparmor, SELinux or similar active? Nope
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported KVM
Server/VM specifications (Memory, CPU Cores) 12x AuthenticAMD @ 2GHz (AMD EPYC 7702P 64-Core Processor), 64 GB RAM
Docker Version (docker version) 20.10.12
Docker-Compose Version (docker-compose version) 1.29.2, build 5becea4c
Reverse proxy (custom solution) Apache, see below
Apache config:
<VirtualHost *:80>
ServerName mail.<mydomain>.com
ServerAlias <mydomain>.de
ServerAlias www.<mydomain>.de
ServerAlias mail.<mydomain>.de
ServerAlias autodiscover.*
ServerAlias autoconfig.*
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
ProxyPass / http://127.0.0.1:7080/
ProxyPassReverse / http://127.0.0.1:7080/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto "http"
</VirtualHost>
<VirtualHost *:443>
ServerName mail.<mydomain>.com
ServerAlias <mydomain>.de
ServerAlias www.<mydomain>.de
ServerAlias mail.<mydomain>.de
ServerAlias autodiscover.*
ServerAlias autoconfig.*
# You should proxy to a plain HTTP session to offload SSL processing
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
ProxyPass / http://127.0.0.1:7080/
ProxyPassReverse / http://127.0.0.1:7080/
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /etc/letsencrypt/live/<mydomain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<mydomain>/privkey.pem
# If you plan to proxy to a HTTPS host:
#SSLProxyEngine On
# If you plan to proxy to an untrusted HTTPS host:
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
</VirtualHost>
# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
151.101.1.69
151.101.129.69
151.101.65.69
151.101.193.69
UFW is installed but I didn't mess with any internal docker stuff.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
|
Thanks for replying. I have no idea about NAT or docker networking. Is there any way I could fix this? |
|
I also have this problem and have not found a solution yet. |
|
I my case, it was ufw. Take a look at |
|
I still have the same problem on a new machine that doesn't have any firewall installed. |
|
For me, the firewall was also the problem. I have released my port 25 and it has worked with it |
|
I'm forwarding / nat'ing 25 from the proxmox host to the VM running mailcow. Mails can also be delivered via port 25 :/ |
|
These two things don't have to be related. You can be able to establish/receive connections from WAN to your cow through NAT on a port while not being able to connect to your WAN address from inside your LAN on the very same port and IP. That would be a reflection issue. It can also be an issue with some IPv6 routing or something else. Try something like this:
Works? Cool. This should not have been a problem so far anyway. If this failed though, you don't need to try the stuff below. Now enter a container with "nc" installed and try again:
Something times out? Please let us now about the returned IPs: Where do you host these servers? This could be a useful information, too, as they might add some tricky filtering for SMTP. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
milkmaker
added
the
stale
For me |
|
What is |
|
For me it shows Inside the container I still don't get an answer |
|
If you are using a proxied DNS service, such as Cloudflare, switch it to 'DNS Only' mode and ensure that port 25 is open. |
Unfortunately it does not work for me even though I did both of those things |
Prior to placing the issue, please check following: (fill out each checkbox with an
Xonce done)Summary
Hi everyone :)
I get the following suggested DNS record:
That obviously isn't what I am actually supposed to enter, I assume :)
Logs
I am not actually sure where to look. I checked the Mailcow UI logs but there was nothing related to this.
Reproduction
Not sure. I have this problems for months and just didn't any TLSA records, but would like to do that now.
System information
docker version)docker-compose version)Apache config:
UFW is installed but I didn't mess with any internal docker stuff.
The text was updated successfully, but these errors were encountered: