AGH, Hetzner Firewall and Dynamic IP

@joseph I do use the Hetzner Firewall, but not to block DNS requests. Because of Client IDs any strangers DNS request will be denied by Adguard, IP-Limitter helps to get not flooded with requests. I have whitelistet my ISP IP and update it manually when it changes.

Thanks for the hint with Hetzner Firewall API, could be interesting for some other use cases

My setup is pretty similar to yours. I decieded to use Adguard with integrated DoT or DoH and ClientIDs. Works very good.

I am running a Intel J4125 with 16GB RAM and an Intel J5040 with 16GB RAM. Both are par in terms of performance. Power Consumption is very low with <10 Watts

@verbally I am not from Cloudron, but here you can find details how to approach them:
https://www.cloudron.io/security.html

@girish Great work, thank you very much for the quick fix and release. I just updated and tested and the crash doesn't show up again and DKIM is also working.

Always glad to post real defects

@girish I did find a github repo for a possibly usable Nextcloud Fulltext Solr app, but the last Update was 2019

https://github.com/rearden-logic-inc/fulltextsearch_solr

@girish Great, thanks and happy new year !

Hi there,

anybody here who configured Nextcloud on Cloudron successfully to enable fulltext search for file contents? I tried the Nextcloud Apps but without any success - only filename search, but not file content search.

If there is some kind of different solution, like using a independet search service for Nextcloud, that would be okay for me as a solution.

Best,
Mike

@nebulon thx, I tried, no errors during redo, but the result is the same. DKIM is still missing for outgoing emails. I will continue to monitor if the looopback error still appears.

The loopback error still exist:

Dec 30 13:11:07 TypeError: Cannot read properties of undefined (reading 'loopback_is_rejected')
Dec 30 13:11:07 at exports.checkZoneNegative (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:347:22)
Dec 30 13:11:07 at exports.check_zone (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:372:20)
Dec 30 13:11:07 at async Promise.all (index 1)
Dec 30 13:11:07 at async exports.check_zones (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:393:5)

@d19dotca 8.2.1 and i confirm invalid (not existing) dkim in tests on my cloudron instance

I don't VPN and the error occures not related to sending emails

Hi there,

today I discovered, that I get (maybe every 30 Minutes?) the following errors:

2024-12-29T04:11:07Z TypeError: Cannot read properties of undefined (reading 'loopback_is_rejected')
2024-12-29T04:11:07Z at exports.checkZoneNegative (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:347:22)
2024-12-29T04:11:07Z at exports.check_zone (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:372:20)
2024-12-29T04:11:07Z at async Promise.all (index 1)
2024-12-29T04:11:07Z at async exports.check_zones (/app/code/haraka/node_modules/haraka-plugin-dns-list/index.js:393:5)

Is this something we should be concerned?

Best,
Mike

• Main Page: https://blinko.mintlify.app/introduction
• Git: https://github.com/blinko-space/blinko
• Licence: AGPL
• Docker: Yes
• Demo: https://blinko-demo.vercel.app/

---

• Summary: Blinko is an innovative open-source project designed for individuals who want to quickly capture and organize their fleeting thoughts. Blinko allows users to seamlessly jot down ideas the moment they strike, ensuring that no spark of creativity is lost.

---

• Notes:

Feature
AI-Enhanced Note Retrieval
Leverage AI-powered RAG technology to quickly search and retrieve your notes using natural language queries.

Data Ownership
All your notes and data are stored securely in your self-hosted environment, ensuring complete control over your information.

Efficient and Fast
Capture ideas instantly with plain text and Markdown support for easy formatting and sharing.

Open for Collaboration
Blinko invites contributions from the community. All code is transparent and available on GitHub, fostering a spirit of collaboration and constant improvement.

---

• Screenshots:
  

You should use tmux or gnu screen for that use case

https://www.gnu.org/software/screen/manual/screen.html
https://github.com/tmux/tmux/wiki

I prefer tmux myself.

Ah, sorry, you are talking about the browser shells only?

Omg, for whatever reason the TLD did change from .de to .com (I have .de but not .com) so the failure was totally correct.

No problems, nothing to see here, please close the case

Happy holidays!

Hmmm.... I tried with another alias (different domain, same account) and it works... what could be the reason that the other alias don't work?

Hi there,
since I updated today to Cloudron 8.2.1 I am not able to send e-mail with an alias e-mailaddress via Cloudron. It get rejected during sending with reason, that I am not allowed to use the alias.

{
  "ts": 1734703453864,
  "type": "denied",
  "direction": "inbound",
  "uuid": "C057353E-XXXXXXXX-1753D9C9BF39.1",
  "messageId": null,
  "mailFrom": "<alias@aliasdomain.com>",
  "spamStatus": null,
  "mailbox": null,
  "quotaPercent": null,
  "rcptTo": [],
  "remote": {
    "ip": "2003:*",
    "port": 57528,
    "host": "*",
    "info": "*",
    "closed": false,
    "is_private": false,
    "is_local": false
  },
  "authUser": "user@cloudrondomain.com",
  "relaying": true,
  "pluginName": "cloudron",
  "errorCode": 902,
  "message": "Authenticated user user@cloudrondomain.com cannot send mail as alias@aliasdomain.com",
  "rejectionCountLastHour": 0
}

Sending with user@cloudrondomain.com does work.

Best,
Mike

I did a test and created a fresh mailbox on my cloudron for one of my existing domains to check the headers when sending an e-mail. Here is the header result:

Authentication-Results: RECEIVERMAILSERVERHOSTNAME (dis=neutral; info=dmarc domain policy);
	dmarc=pass (dis=neutral p=reject; aspf=r; adkim=r; pSrc=dns) header.from=IDEA.COM;
	dkim=pass header.d=IDEA.COM header.s=cloudron-2f6807 header.b=F+cRmQ1r
Received: from RECEIVERMAILSERVERHOSTNAME ([fd:ac:0:0:0:0:e:13])
        by RECEIVERMAILSERVERHOSTNAME
        with SMTP (SubEthaSMTP 3.1.7) id M4CRBUTJ
        for RECEIPIENT@SOMEWHERE.COM;
        Fri, 06 Dec 2024 14:04:18 +0100 (CET)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=IP_OF_CLOUDRON_SERVER; helo=MY.EXAMPLE.COM; envelope-from=SENDER@IDEA.COM; receiver=SOMEWHERE.COM 
Received: from MY.EXAMPLE.COM (MY.EXAMPLE.COM [XX.XX.XX.XX])
	by RECEIVERMAILSERVERHOSTNAME (Postfix) with ESMTPS id 35F3543CDFB8
	for <SOMEONE@SOMEWHERE.COM>; Fri,  6 Dec 2024 14:04:18 +0100 (CET)
Received: (Haraka outbound); Fri, 06 Dec 2024 13:04:17 +0000
Authentication-Results: MY.EXAMPLE.COM;
	auth=pass (plain)
From: "test user" <SENER@IDEA.COM>
To: "SOMEONE@SOMEWHERE.COM" <SOMEONE@SOMEWHERE.COM>
Subject: test email
Date: Fri, 06 Dec 2024 13:04:17 +0000
Message-Id: <em10edd919-xxxx-4789-xxxx-db21f7b92ff5@584dbbfc.com>
Reply-To: "test user" <SOMEONE@SOMEWHERE.COM>
User-Agent: mailClient/10.1.4828.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=IDEA.COM; s=cloudron-12345;
	h=from:reply-to:subject:date:message-id:to:mime-version;
	bh=7Yyzn....*

So at least for the sending server hostname the my.example.com domain will leak.

Yes, this is a possible setup. What exactly are your concerns?

@necrevistonnezr yes, exactly - but not sure how good it works with streaming use case

the command i execute on my local server is:

ssh -R CLOUDRONPORT:127.0.0.1:LOCALPORT -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 USER@CLOUDRONSERVER