@girish said in Email / Dovecot, possible data corruption:

Someone has written a script too - https://blog.alan.lt/2020/01/fix-emails-date-time-after-migration-to.html

Ah yes, that's the script I used. 😉

@girish said in Email / Dovecot, possible data corruption:

I will investigate more tomorrow. Maybe we can fix up mail data timestamps post restoring.

Thanks Girish! Definitely seems like this is a low priority issue given that nobody else using Cloudron has run into this yet, but its also likely something that will come up again as Cloudron grows with more users, and would be great to see that handled in Cloudron automatically, making things easier for the admin users. 🙂

Thanks guys, I check out those resources provided ❤

@3246 said in Backup mail service and primary MX:

I added made sure the record includes "v=spf1 mx..." but it's still showing as erroring in Cloudron

Sometimes it takes a while to propagate the change in DNS, so you may need to check it a few hours later.

@JLX89 said in Cloudflare + PTR (rDNS) Settings Compatibly:

Does anyone know if there is a way around this and enable proxying on example.tld with the mail server at the same location?

AFAIK, this is not possible since Cloudflare does not support proxying mail.

We are using Vultr for the VPS, so rDNS needs to be setup to reflect the server host (EX: example.tld), if pushing the mail server to mail.example.tld, the rDNS would need to be updated to that.

Correct. You have to set the rDNS to the name of the mail server in Vultr.

@girish Thanks about that. That was the fix. Fastmail already whitelist it the domain and we are ready to go. Thanks!

@matthewdykstra it's turned has most features off by default. Why do you think it takes up memory/resources ?

@murgero As i said, Preside does all what I need and handles all data (including a full-text search index) on device, only.

@atridad said in Interesting read on self-hosting email, with perhaps some tidbits that'd be helpful for Cloudron in the future (i.e. monitoring):

the main difference is where the emails are stored when not in transit

This was the case up until a few years ago. Nowadays a large part is deliverability.

Every system on the internet can theoretically sent mails to any other system and this means that there are a lot of people actually using this to send spam. This has caused large providers to block out entire ip ranges and datacenters. So if you don't want to silently end up in the junk folders of gmail and office 365, your best bet is to send through them as well. Its not impossible to host your own mail, and there are still mail relays you could use to improve your chances, but it is definitely something to consider when self hosting mails.

@robi I measured again and it look 30-50 seconds. With the default pool_timeout of 50 that should suffice, yet when I tried multiple times with the defaults it never succeeded. It's possible that it was always close.

I have tried to reach out to their IT support, because at first I thought it's a bug on their end. Their response was that they don't see anything wrong on their end. It's also a prospective business customer/partner, so my interest in the ability to exchange emails with them outweighs theirs for sure at this stage. Consequently I'd rather apply generous timeouts than ask their IT to make changes 🙂

@scooke Solution was deleting a buch of files from path:

/home/yellowtent/boxdata/mail/haraka-queue

that files were created past Jan-06.

On that day we had an account hijacked that started sending out spam. I deactivated the account and it was working fine until past feb-16th, when email service started to crash.

HTH.

@robi yes!

In the Postfix world this feature is called "always bcc", but it does not look like something like this exists out of the box in Haraka.

@micmc said in Configure Haraka for Mailman3:

https://www.phplist.org/

Thanks for the recommendation. PHPList looks like a "campaign" mailing list to send to external people. This is definitely useful but not quite what we were after.

More we are looking for mailing lists for internal people that maintains nice archives and people inside our group can subscribe to our de-subscribe to. Eg sales@ourconmpany.com, devops@ourcompany.com, expenses@ourcompany.com, design@ourcompany.com, marketing@ourcompany.com, etc. And so as people our interested in some of these topics they get naturally filtered to the different email lists... and we have internal archives of these lists. It works quite well as we currently have it. I just want to bring this sort of thing over to a cloudron server!

@girish Yes there are definitely more than 20 events, and the Next page still works to load more, it's just that dropdown to change how many records are shown at once which has an issue. I just updated to 7.0.3 so will try soon, unfortunately it seems the email logs were cleared after update, so there's no records in there at all now.

@d19dotca great catch! I was a bug in the client side code. It is fixed now and will be part of next release.

@eddowding If you like you can patch the file in /home/yellowtent/box/src/mail.js and systemctl restart box.

@luckow Yes, similar view to the aliases ones where all are listed for the mailbox user.

I didn't know Argo tunnels were free. So one can hide the mail service and put it thru an Argo tunnel on a subdomain to the world.

https://docs.ibracorp.io/all-guides-in-order/documentation/cloudflare-tunnel

Similarly one can have another domain and IP handle the incoming, which is tunneled to you via Tailscale.

https://docs.ibracorp.io/all-guides-in-order/documentation/tailscale

@murgero re-read, my response remains the same, sorry.

You know the way security scanners (or script-kiddies) works, it's to scan the network (Internet), get hosts and they software; if there is zero-day on CloudRon or other not disclosed vulnerability, apply it across the hosts.
Having DNS records showing that there is CloudRon here means you don't even need to scan for the ports, which just simplify things.

Hope that helps to understand my response here.

I have also added Service events in the event log for the next release. So, this way, we can know if the service was automatically restarted after cert update.

@marcusquinn as @robi said, there is no such limitation of having a single app on that domain.

@murgero thank you!

@girish ah alright, that sent me down the right path. needed to switch from encoded body to raw JSON and that cleared it up. thank you!

@austinsonger

Regarding Linode and Mail - default is blocked by Linode:
https://www.linode.com/docs/guides/running-a-mail-server/

Sending Email on Linode

In an effort to fight spam, Linode restricts outbound connections on ports 25, 465, and 587 on all Linodes for new accounts created after November 5th, 2019.

If you have a need to send mail from your Linode, we ask that you first configure (1) valid DNS A records and (2) rDNS records for any Linodes that you plan to use to send mail. Then, open a Support ticket from the Linode Manager – we’ll ask you to provide the name of the Linode(s) that will be used for mailing.

Once you’ve completed those steps and provided that information, our Support team will be happy to review your request.

@nebulon Thanks 👍

@scooke we have traced this down to a nodejs bug apparently with the domain in question.
The upstream issue is at https://github.com/nodejs/node/issues/39397

Good notes to follow up when we look into email in the next release.

IIRC, whitelist setting is a bit dangerous because it allows "spoofed" emails as it pretty much bypasses all the SPF/DMARC/DKIM checks. Meaning, Cloudron does not reject mail if those checks do not pass because there are too many misconfigured mail servers out there. Instead we tag the failures and allow spamassassin to score the rules. whitelisting makes spamassassin bypass the checks altogether.

@d19dotca Ah good point about editing those files. In the next release, I am hoping to make the filemanager be able to edit mail data (so admins can setup sieve rules etc for a mailbox), so this will atleast partly fix that issue.

@eddowding ah, great you managed to figure this out. indeed, cloudflare can only proxy http(s) and not email.