Cloudron Forum

Could you please check whether this applies to the PTR4 record as well? As I hadn’t configured it on the Cloudron – since I was using a relay – I experienced issues with incoming email delivery until I configured it. I then configured the PTR4 record and everything was solved. I know that PTR4 record is related only to outbound, but I want to figure out if there is some relationship on what happened. Thanks a lot

Small update from my side. I contacted Spamhaus through their ticket system and after communicating with them it seems everything is now resolved and the IP has been removed from the blacklist. Emails are working normally again. Sorry for the false alarm and thank you for your help and responses. I did notice that occasionally I still see the error that was present in the previous version, so I will keep

Hello @diego @diego said: However, from a system design perspective, I was wondering if it would be better to: keep the system disk small (OS + Cloudron core) attach a separate disk dedicated to mail storage Yes you can do that. I also do that with my private Hetzner server so I can scale up the CPU/RAM and have the storage seperate. @diego said: Will the Cloudron backup system still include it normally? Yes. If you move e.g.: /home/yellowtent/boxdata/mail to /mnt/sdd1 and create a symlink so /home/yellowtent/boxdata/mail => /mnt/sdd1 this still works. What you can always to is creating a small Cloudron server to test and tinker as much as you like. This way you get a better feeling for everything without risking any damage to production.

@joseph omg! thank you so much for pointing in the right direction. i did upgrade our servers on Netcup a while ago, i kept the old ones in case i needed any data, turns out, the VMs had an autostart set and were running again.... Thank you! Case solved (i hope)

Just to come back to the previously suggested solutions - Would it be a big feature request to add group name parsing into the mailing list input box? E.g. instead of (or in addition to) a list of email addresses it could take something like "group:foo" and then this would dynamically pull in the email addresses of all users in group foo as needed. Is there a way that cloudron user group info could be pulled in @roundcube (or another mail system), so that instead of setting up forwarding rules that go to a list of emails it could go to "group:foo". Is there a way that we could run a cron job (or similar) which could hackily create either of the above functionalities by generating and inserting the lists (rather than these lists being dynamically generated), with the downside that this would only ever be as up-to-date as the frequency with which the cron job runs.

Hello @pistou79 Always happy to help.

No, For spam filtering. I've moved to Postfix. I didn't like how locked down the MTA is.

@sebastienserre said in Email questions: When I received the email, the "from" header is "Matomo" which is another apps I'm running on the Cloudron. This is coming from somewhere in Dolibarr. The from name is not part of the SMTP protocol , it's inside the email body. Can you go over the SMTP settings inside Dolibarr again?

Right, the haraka log can be ignored. I think the IP and cert name don't match and thus the warning. It's not a problem since such mails don't leave the server.

Created an issue. https://github.com/haraka/Haraka/issues/3516

Hello @estudios507 Thank you for the detailed report. I will try to assist you to my best capabilities. @estudios507 said in Cloudron rejects iCloud forwarding only when “Delete after forwarding” is enabled (SMTP 550 on MAIL FROM): Identify which Cloudron restriction/policy is triggering “Mail from domain ‘X’ is not allowed from your host” in this scenario. Regarding why this is happening. When iCloud forwards messages in delete mode, iCloud uses the original sender’s MAIL FROM (envelope-from) unchanged instead of rewriting it. If that original sender domain is hosted on the same Cloudron server, Cloudron sees an external connection (from iCloud’s outbound IP) claiming to send mail from its own domain. Cloudron treats that as spoofing and rejects it. @estudios507 said in Cloudron rejects iCloud forwarding only when “Delete after forwarding” is enabled (SMTP 550 on MAIL FROM): Confirm whether there is a supported and safe way in Cloudron to allow this specific flow (forwarding from iCloud with delete enabled) without broadly weakening anti-spoofing protections. There is also another topic regarding this issue with iCloud, see: https://forum.cloudron.io/topic/1998/mail-error-after-sending-message-mail-from-domain-example-com-is-not-allowed-from-your-host A fix is to add the iCloud servers to the domain A's SPF record. Your current SPF record is: dig TXT estudios507.com +short "v=spf1 a:mail.estudios507.com include:_spf.safewebservices.com ~all" You can edit that to include apple: "v=spf1 a:mail.estudios507.com include:_spf.safewebservices.com include:_spf.apple.com ~all" after that edit it can take some time to propagate, but this should resolve your issue.

Fixed in support. Not clear what the issue is, but it could be possibly because spamcop dnsbl was not responding. I removed it from the mail acl - https://docs.cloudron.io/email/#dnsbl.

@james thank you so much! SOGoMailCustomFromEnabled worked prefectly!

Ok, so after looking into open ports a bit more, it turns out that there is nothing listening on port 587. As such, there is no SMTP server running or listening to any port whatsoever. I figure that an SMTP server may only start running if I enable incoming emails (setting which was not enabled, purposefully). When I enabled incoming email setting, sudo netstat -tlnp | grep 587 was finally returning something and n8n configuration worked fine. So to sum up, if my understanding is correct, when only using outbound mail, there isn't an actual SMTP server running, but only some kind of abstraction that containerized apps can use to send email directly through the mail relay (the internals of this are fuzzy to me...), so I need to enable incoming emails in order to send emails... But I'm glad I was at least able to make this work before going into 2026. Thanks for the help and for putting me on the right path here. Thank you for all the great work you do Cloudron Team, and wishing you all the best for the new year :).

Haven't encountered such timeouts from thunderbird, unless the network is actually flaky. Maybe check if both ipv4 and ipv6 are setup but only one works? Could be that thunderbird (probably relying on the system's network interface selector) sometimes picks one of the two which resolves but does not route.

@simplo thanks for reporting, fixed now - https://git.cloudron.io/platform/box/-/commit/fda393b5e148340e2dc138f31a5a6443fa8d0ee3

@joseph thanks! No, no errors inside of docker image logs. /home/yellowtent/platformdata/logs/mail/*.log - from what I can see, that is the same logs I can see inside of Docker - so I would say there are no (error) logs - from all of the perspective, the server looks perfectly normal... except that it doesn't accept user's messages... I would hope that you bring updated Dovecot to Cloudron 9 and it will self-resolve, but better will just do a restart for the time being...

@nebulon That's great. Apart from that, it seems to be running smoothly; it still takes time to propagate the usage stats, but that doesn't really affect us.

@hakunamatata Can you try the telnet command via SSH first (instead of web terminal) ? I think maybe a machine in DMZ is unable to connect to itself using the public IP ? Can you try `telnet cloudron-lan-ip 993 ?