Cloudron Forum

Thank you @james, that is great news.

TTL issue ? I mean, this symptom lasted a very long time (a full year I'd say). Not seen since early June though. Maybe the "odd DNS issue" then. I guess this can be closed.

@james Yes it’s technically a feature request. I only threw it in here since it seemed like Girish was already making adjustments to the filtering in the mail event log viewer. If you’re okay forking it to a feature request, that’s totally fine.

Hello @tadeas Is this still an issue or can this topic be marked as solved?

your config.production.json should work as it is identical to the solution here: https://forum.ghost.org/t/unable-to-invite-new-admin-users-to-account-without-mailgun-setup/56711/11 I had tried it and it is working for me. by default if you set up ghost.example.com cloudron should set up an email account ghost.app@example.com for you, you should use ghost.app@example.com instead of newsletter@example.com.

Hi @fbartels You're right, double checked and it always defaults to smtp. instead of .my When manually changing on both PC and Mobile, the SMTP accounts can be added without the certificate error! Thanks Everyone!

@mrhakash said in Outbound Emails Queued — NXDOMAIN Error and Local DNS Resolution Issue: dig @127.0.0.1 gmail.com mx returns: connection refused You have to check host -t MX gmail.com 127.0.0.150 . Can you also run cloudron-support --troubleshoot for hints?

@mmtrade the image looks correct . the issue is something else then . if you write to support@cloudron.io, then we have to debug this again .

@avatar1024 said in Email search not working properly: What's tika? tika is this - https://tika.apache.org/ . it converts the pdf/docs attachments in emails to text to make them searchable

Here the issue was that the e-mails have been moved to the new cloudron server only partially, and the new folder wasn't created in this case, so when I tried to move this in Thunderbird, it failed. So, this is solved now

@scooke said in Every Cloudron instance sets a DKIM entry. Is this good or bad or necessary?: why use ai when we already have Real Intelligence here. Limited time and resources of humans?

@jdaviescoates said in URGENT: In a post on an originally unrelated thread about IPv6 issues @Gengar posted this link https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/ which I think explains what's going on with all these false positive spamhaus issues people are having: The TL;DR seems to be: fill in this form https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/

@jdaviescoates said in Cloudron seems to have changed to set-up ?all SPF records instead of ~all - why?: whereas only my newer ones have ?all I checked some domains on my Cloudron and noticed one has -all where all others have ~all. Then I realised that one was a recently transferred domain that was already 'working' and obviously the previous hoster had it like this, Cloudron didn't touch it when "importing" it.

A homemade problem. We have refactored our Ansible role. It has installed an MTA that was previously started as Cloudron's mail service. After uninstalling the MTA, everything works as expected.

I remove the user from the group and add the user again to the group.

https://github.com/haraka/haraka-plugin-dns-list/pull/11/commits should fix it

@nebulon here's what an AI found: Tarball Permissions The tarball contains files with ownership/permissions the process can’t replicate (e.g., root-owned files). Example: Extraction fails when tar.extract preserves original ownership. SELinux/AppArmor Security policies block filesystem operations despite correct permissions. Tar Library Behavior: The tar library (likely tar-fs) might try to preserve file permissions from the tarball. If the tarball contains files owned by root and the app runs as yellowtent, extraction fails unless permissions are ignored. Fix: Modify the code to ignore permissions: javascript const tarStream = tar.extract({ cwd: destinationPath, ignore: () => true }); Debugging Steps Check Permissions: javascript console.log('Source:', fs.statSync(sourcePath).mode.toString(8)); console.log('Dest:', fs.statSync(destinationPath).mode.toString(8)); Ensure Directory Exists: javascript if (!fs.existsSync(destinationPath)) fs.mkdirSync(destinationPath, { recursive: true }); fs.accessSync(destinationPath, fs.constants.W_OK); Add Error Logging: javascript const readStream = fs.createReadStream(sourcePath).on('error', (err) => console.error('Read:', err)); const unzipStream = zlib.createGunzip().on('error', (err) => console.error('Gunzip:', err)); const tarStream = tar.extract({ cwd: destinationPath }).on('error', (err) => console.error('Tar:', err)); Potential Fixes Ignore Tar Permissions: javascript const tarStream = tar.extract({ cwd: destinationPath, ignore: () => true }); Test with Logging: Run the modified code with error handlers. async function tarExtract(sourcePath, destinationPath) { ensureSafePath(sourcePath); ensureSafePath(destinationPath); console.log('Source:', sourcePath, fs.statSync(sourcePath)); console.log('Dest:', destinationPath, fs.existsSync(destinationPath) ? fs.statSync(destinationPath) : 'does not exist'); const readStream = fs.createReadStream(sourcePath) .on('error', (err) => console.error('Read error:', err)); const unzipStream = zlib.createGunzip() .on('error', (err) => console.error('Gunzip error:', err)); const tarStream = tar.extract({ cwd: destinationPath }) .on('error', (err) => console.error('Tar error:', err)); readStream.pipe(unzipStream).pipe(tarStream); await streamPromise(tarStream); } Conclusion The error is likely a mismatch between the Cloudron app’s user permissions and the filesystem.

@David-0 said in Use Cloudron Mailserver but have different Webhosting?: Would it be possible to use Cloudron as a mail server for mail@new.com while the domain new.com (or even subdomain.new.com) is hosted somewhere else? yes, the DNS records for a mail server (MX record) and webhosting (A records) are entirely different. It's totally normal and safe to host web and mail of the same domain on totally different systems.

It worked! Thanks!

For anyone wondering on the same question as I did: Dovecot seems to be a standard IMAP server for now, which seems to be used on majority of servers. It claims to be written with security in mind, which doesn't seem to help to avoid privileges escalations, buffer overflow, crashes (on the same page - below). Given the dominance of that mail server on the internet, it seems to be a go-to solution for many, just like Ubuntu, referred here above, is; so I wouldn't expect it to be replaced on Cloudron anytime soon. Given the self-confidence of the authors, that claims that running from root is not a big deal and not providing any easily ready to use solution, I doubt that many will go extra mile to implement that on they own; given Cloudron limited resources and luck of advertising and hence focus to be security first platform, dovecot processes will remain to be running as root. From the positive side, root owned processes are not opening any network port, so direct exploitation would be problematic. Hope that would be of help.