Cloudron email Server - multiple domains

I did a test and created a fresh mailbox on my cloudron for one of my existing domains to check the headers when sending an e-mail. Here is the header result:

Authentication-Results: RECEIVERMAILSERVERHOSTNAME (dis=neutral; info=dmarc domain policy);
	dmarc=pass (dis=neutral p=reject; aspf=r; adkim=r; pSrc=dns) header.from=IDEA.COM;
	dkim=pass header.d=IDEA.COM header.s=cloudron-2f6807 header.b=F+cRmQ1r
Received: from RECEIVERMAILSERVERHOSTNAME ([fd:ac:0:0:0:0:e:13])
        by RECEIVERMAILSERVERHOSTNAME
        with SMTP (SubEthaSMTP 3.1.7) id M4CRBUTJ
        for RECEIPIENT@SOMEWHERE.COM;
        Fri, 06 Dec 2024 14:04:18 +0100 (CET)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=IP_OF_CLOUDRON_SERVER; helo=MY.EXAMPLE.COM; envelope-from=SENDER@IDEA.COM; receiver=SOMEWHERE.COM 
Received: from MY.EXAMPLE.COM (MY.EXAMPLE.COM [XX.XX.XX.XX])
	by RECEIVERMAILSERVERHOSTNAME (Postfix) with ESMTPS id 35F3543CDFB8
	for <SOMEONE@SOMEWHERE.COM>; Fri,  6 Dec 2024 14:04:18 +0100 (CET)
Received: (Haraka outbound); Fri, 06 Dec 2024 13:04:17 +0000
Authentication-Results: MY.EXAMPLE.COM;
	auth=pass (plain)
From: "test user" <SENER@IDEA.COM>
To: "SOMEONE@SOMEWHERE.COM" <SOMEONE@SOMEWHERE.COM>
Subject: test email
Date: Fri, 06 Dec 2024 13:04:17 +0000
Message-Id: <em10edd919-xxxx-4789-xxxx-db21f7b92ff5@584dbbfc.com>
Reply-To: "test user" <SOMEONE@SOMEWHERE.COM>
User-Agent: mailClient/10.1.4828.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=IDEA.COM; s=cloudron-12345;
	h=from:reply-to:subject:date:message-id:to:mime-version;
	bh=7Yyzn....*

So at least for the sending server hostname the my.example.com domain will leak.

Yes, this is a possible setup. What exactly are your concerns?

@necrevistonnezr yes, exactly - but not sure how good it works with streaming use case

the command i execute on my local server is:

ssh -R CLOUDRONPORT:127.0.0.1:LOCALPORT -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 USER@CLOUDRONSERVER

Hi there,

I have some local services running at home that I would like to make available via Cloudron App Proxy for my Cloudron Users via Internet.

Therefore I have setup a ssh remote tunnel from my local server to Cloudron. On Cloudron I configured an App Proxy to use http://127.0.0.1:8123 as upstream.

As this solution does work reliable and I would expand this use to more local services I wonder what Port Range would be the best safe to use for my remote tunnels on Cloudron?

I think I read somewhere in the Cloudron Documentation that there was a range of ports that could be used safely, but I cannot find it anymore.

Best,
Michael

I updated Cloudron to latest Version with Hetzner S3 support, but the backups still failing. So I reverted back again to my main backup target.

Are the Hetzner S3 Backups running fine on your servers? On my Cloudron the first backup works, but all following backups fails after several "Retrying (1) multipart copy of cloudron/snapshot/app_1fd4bcdf-5f88-4d92-8769-43521695a827.tar.gz.enc. Error: 504: null 504" . Sometimes a second backup works, but not often. The app is Nextcloud App.

@nebulon uhm, it's already long time ago since I tried on this. I think during that time my problem was to get the UDP and TCP Ports for Mumble configured in the Manifest.json. The packaging of the binary of mumble itself was not a big deal as far as I remember.

@jdaviescoates Sorry, no progress with this as I had problems with the required ports mapping.

@LoudLemur I did sign up with my Github Account...

Groq is the AI infrastructure company that delivers fast AI inference.

The LPU Inference Engine by Groq is a hardware and software platform that delivers exceptional compute speed, quality, and energy efficiency.

Groq, headquartered in Silicon Valley, provides cloud and on-prem solutions at scale for AI applications. The LPU and related systems are designed, fabricated, and assembled in North America.

https://groq.com

Since I use this with Llama 3 70B I don't have a need for GPT 3.5 anymore. GPT 4 is too expensive IMHO

@humptydumpty I am using Hetzner Cloud Server since 2015 and in addition an dedicated server since March. I never had any issues with Hetzner. No network timeouts, no performance issues, no (cloud)-hardware issues. Before I got my dedicated server I was considering using Netcup for the dedicated server for several reasons (something independant of Hetzner for more availabliity, lower price or higher performance for the same money...) however, after some research I decided to use a dedicated server for Hetzner for simplicity (eg. just one account, instead of two).

I also read about things like Hetzner is doing identitiy verifications for new accounts which never aplied to myself as my account is quite mature. So I have no idea how problematic it is to get a new Hetzner account - but I think they do the verifications for some reason.

Not sure if my experience help you for your considerations, but I am sure more opinions and experiences will follow...

Hi @staff,

since upgrade to Cloudron 8.0.0 I discovered some warnings in the logfile of the email service:

Jul 02 22:10:33 [POST] /spam_custom_config
Jul 02 22:10:33 Jul 2 20:10:33.867 [5031] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied
Jul 02 22:10:33 Jul 2 20:10:33.867 [5031] warn: config: path "/root/.spamassassin/user_prefs" is inaccessible: Permission denied
Jul 02 22:10:33 Jul 2 20:10:33.946 [5031] warn: config: registryboundaries: no tlds defined, need to run sa-update
Jul 02 22:10:33 Jul 2 20:10:33.957 [5031] warn: config: path "/root/.spamassassin" is inaccessible: Permission denied

Is this somehow specific to my installation or maybe a bug?

Best,
Mike

Just to let you guys know that upgrade to 8.0.0 on my Cloudron with 22 Apps did work without problems.
Only thing I noticed was, that I had to re-mount ALL external CIFS drives manually, and therefore had to restart some Cloudron Apps which was using those.

@AartJansen Did you try the marker on the bottom right of the edit field? You can resize it with a mouse and move click.

@girish okay, so that means, this example of a Dockerfile would be acceptable?

FROM node:20-alpine as build-stage
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4 as production-stage
WORKDIR /app
COPY --from=build-stage /app/node_modules ./node_modules
COPY --from=build-stage /app/package.json ./
COPY --from=build-stage /app/dist ./dist
COPY --from=build-stage /app/server.js ./
COPY --from=build-stage /app/static-server.js ./
COPY --from=build-stage /app/api ./api

EXPOSE 18966

CMD ["npm", "start"]

Dear @staff ,

I would like to request to accept Multi Stage Dockerfiles for Cloudron packages.

As at the end only the generated Docker Image is what is relevent, it should be accepted if a Multi Stage Dockerfile has been used to build the Cloudron Package Docker Image.

IMHO this would speed up package creation a lot.

Best,
Mike

Sure, in fact I would like to have some web services only available to users/processes from a specific network (eg. home or office ip address), but not anybody else.

In my case I have some kind of intranet webserver running on server B. Cloudron does the App Proxy to give access to it. I cannot use any authentication because there are some processes in the local network running that are not able to do authentication. So I would like to just whitelist them by IP Address.

Hi there,

I would like to have a ip white listing for the proxy App.

Scenario:

• Clouron is running on server A.
• Web service is running on server B.
• server A and B are in the same network.
• server A is reachable from internet, but server B is not.
• Cloudron Proxy App on server A enables access to Web service on server B.
• User A is located in a trusted network.
• User B is a stranger in some other network.
• User A is browsing to the URL for the proxied Web service.
• User B is browsing to the URL for the proxied Web service.
• User A is granted access without any authentication because of his trusted network source.
• User B is access denied because of his untrusted network source. (for me it would be already good if the connection just get rejected in that case, no message or page needs to be displayed)

Does this feature request make also sense to other Cloudron users?
Is there a chance to get this feature in the future?

Cheers,
Michael

@coniunctio Yes, exactly this was what I was referring to. Thank you for bringing this example up.

@cdauth That looks very nice and valuable for self hosting... The Dockerfile seems to be straight forward...

Github Link: https://github.com/FacilMap/facilmap