Cloudron Forum

@joseph I wanted to also ask a question outside this cloudron scope and see if you can point me to the right direction. I am looking for how to write a script that has the capcity to run any file in any type of OS remotely. Meaning I can just download and the file runs on the script fully/silently without forcing any permissions on my user interface. For example if i want to send updates on a particlar software, i just want it to be downloaded and run without user being able to prompt and allow permissions

@avatar1024 said in Email search not working properly: What's tika? tika is this - https://tika.apache.org/ . it converts the pdf/docs attachments in emails to text to make them searchable

Here the issue was that the e-mails have been moved to the new cloudron server only partially, and the new folder wasn't created in this case, so when I tried to move this in Thunderbird, it failed. So, this is solved now

@scooke said in Every Cloudron instance sets a DKIM entry. Is this good or bad or necessary?: why use ai when we already have Real Intelligence here. Limited time and resources of humans?

@jdaviescoates said in URGENT: In a post on an originally unrelated thread about IPv6 issues @Gengar posted this link https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/ which I think explains what's going on with all these false positive spamhaus issues people are having: The TL;DR seems to be: fill in this form https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/

@jdaviescoates said in Cloudron seems to have changed to set-up ?all SPF records instead of ~all - why?: whereas only my newer ones have ?all I checked some domains on my Cloudron and noticed one has -all where all others have ~all. Then I realised that one was a recently transferred domain that was already 'working' and obviously the previous hoster had it like this, Cloudron didn't touch it when "importing" it.

A homemade problem. We have refactored our Ansible role. It has installed an MTA that was previously started as Cloudron's mail service. After uninstalling the MTA, everything works as expected.

I remove the user from the group and add the user again to the group.

https://github.com/haraka/haraka-plugin-dns-list/pull/11/commits should fix it

@nebulon here's what an AI found: Tarball Permissions The tarball contains files with ownership/permissions the process can’t replicate (e.g., root-owned files). Example: Extraction fails when tar.extract preserves original ownership. SELinux/AppArmor Security policies block filesystem operations despite correct permissions. Tar Library Behavior: The tar library (likely tar-fs) might try to preserve file permissions from the tarball. If the tarball contains files owned by root and the app runs as yellowtent, extraction fails unless permissions are ignored. Fix: Modify the code to ignore permissions: javascript const tarStream = tar.extract({ cwd: destinationPath, ignore: () => true }); Debugging Steps Check Permissions: javascript console.log('Source:', fs.statSync(sourcePath).mode.toString(8)); console.log('Dest:', fs.statSync(destinationPath).mode.toString(8)); Ensure Directory Exists: javascript if (!fs.existsSync(destinationPath)) fs.mkdirSync(destinationPath, { recursive: true }); fs.accessSync(destinationPath, fs.constants.W_OK); Add Error Logging: javascript const readStream = fs.createReadStream(sourcePath).on('error', (err) => console.error('Read:', err)); const unzipStream = zlib.createGunzip().on('error', (err) => console.error('Gunzip:', err)); const tarStream = tar.extract({ cwd: destinationPath }).on('error', (err) => console.error('Tar:', err)); Potential Fixes Ignore Tar Permissions: javascript const tarStream = tar.extract({ cwd: destinationPath, ignore: () => true }); Test with Logging: Run the modified code with error handlers. async function tarExtract(sourcePath, destinationPath) { ensureSafePath(sourcePath); ensureSafePath(destinationPath); console.log('Source:', sourcePath, fs.statSync(sourcePath)); console.log('Dest:', destinationPath, fs.existsSync(destinationPath) ? fs.statSync(destinationPath) : 'does not exist'); const readStream = fs.createReadStream(sourcePath) .on('error', (err) => console.error('Read error:', err)); const unzipStream = zlib.createGunzip() .on('error', (err) => console.error('Gunzip error:', err)); const tarStream = tar.extract({ cwd: destinationPath }) .on('error', (err) => console.error('Tar error:', err)); readStream.pipe(unzipStream).pipe(tarStream); await streamPromise(tarStream); } Conclusion The error is likely a mismatch between the Cloudron app’s user permissions and the filesystem.

@David-0 said in Use Cloudron Mailserver but have different Webhosting?: Would it be possible to use Cloudron as a mail server for mail@new.com while the domain new.com (or even subdomain.new.com) is hosted somewhere else? yes, the DNS records for a mail server (MX record) and webhosting (A records) are entirely different. It's totally normal and safe to host web and mail of the same domain on totally different systems.

It worked! Thanks!

For anyone wondering on the same question as I did: Dovecot seems to be a standard IMAP server for now, which seems to be used on majority of servers. It claims to be written with security in mind, which doesn't seem to help to avoid privileges escalations, buffer overflow, crashes (on the same page - below). Given the dominance of that mail server on the internet, it seems to be a go-to solution for many, just like Ubuntu, referred here above, is; so I wouldn't expect it to be replaced on Cloudron anytime soon. Given the self-confidence of the authors, that claims that running from root is not a big deal and not providing any easily ready to use solution, I doubt that many will go extra mile to implement that on they own; given Cloudron limited resources and luck of advertising and hence focus to be security first platform, dovecot processes will remain to be running as root. From the positive side, root owned processes are not opening any network port, so direct exploitation would be problematic. Hope that would be of help.

@Klaus Which email provider are you testing with? We can try to implement it.

This doesn't affect Cloudron as such but the upcoming mail addon update contains the fix.

The only message was only related to PTR. And there was no other message. Maybe it was a special case or a problem with the request and the question was whether from my server or on the provider's side. After I clicked sync DNS, I left it for another 24 hours just to be sure, because the proprogation could have been prolonged. After 24 hours there was still a problem , then I did a record analysis and noticed as I wrote above one record A was not updated. In general, the situation embraced. You can close the topic only waiting for the improvement of the results from PTR. Generally I have changed but FCrDNS has not been updated.

Looks like that was the fix, now it doesn't change the A and AAAA records of the email server, and Cloudron can still use my External SMTP connection while having the Mail Server Location set to "cloudron.blockbluemedia.com".

Hello, correct, it is the subdomain. This all seems to have been solved by restarting the app

@timbo I have practically zero spam with the rules mentioned in my post and abusix DSNBL (https://abusix.com/) - the free tier is sufficient. Do you have catch-all enabled?

Ah the Cloudron is on version 7.5.2 which had a bug here. This is fixed with v8.0 already