RE: SMTP rejected for some users

This appears to be a case of https://forum.cloudron.io/post/6533 . Applying the linked setting change fixed the issue.

Rocketchat group calls are also using Jitsi, so including that would be a big plus for us.

For some of our users, their SMTP connections are being denied, with:

902 Host names have more than one DNS label

This error appears to come from https://codeclimate.com/github/msimerson/Haraka/plugins/helo.checks.js/source

I don't know how to walk them through finding out what HELO their device is sending to validate it, but it seems related to the plugin.cfg.reject.valid_hostname setting. Did this change in 5.0.3 ?

@girish Thank you, the workaround worked.

I grabbed out the certs that were there before. I don't know if it would help to attach them, but they look like standard Lets Encrypt Authority X3 issued certs.

@girish said in Backups failing with ERR_STREAM_WRITE_AFTER_END:

npm install git+https://github.com/cloudron-io/aws-sdk-js.git#continue_once

This has worked for me.

Just as a note, I had to su yellowtent rather than sudo, as NPM kept complaining about root owned cache files (since HOME was still pointing at /root/). Just in case anyone else needs to follow these instructions.

@girish said in Backups failing with ERR_STREAM_WRITE_AFTER_END:

npm install git+https://github.com/cloudron-io/aws-sdk-js.git#continue_once

This has worked for me.

Just as a note, I had to su yellowtent rather than sudo, as NPM kept complaining about root owned cache files (since HOME was still pointing at /root/). Just in case anyone else needs to follow these instructions.

@girish Ah, great - I'm one of the comments on that thread as well. That's an interesting problem.

For the last 5 days, every backup is failing with ERR_STREAM_WRITE_AFTER_END. We are using the Linode backend, and are in communication with them as well to find out if anything changed on their end.

(stdout): 2021-03-21T06:14:46.894Z box:storage/s3 Error uploading [cloudron/snapshot/app_0443482b-6d44-49a5-b02c-92412307a711.tar.gz.enc]: s3 upload error. Error [ERR_STREAM_WRITE_AFTER_END]: write after end
at writeAfterEnd (_http_outgoing.js:668:15)
at ClientRequest.end (_http_outgoing.js:788:7)
at features.constructor.writeBody (/home/yellowtent/box/node_modules/aws-sdk/lib/http/node.js:137:14)
at ClientRequest.<anonymous> (/home/yellowtent/box/node_modules/aws-sdk/lib/http/node.js:102:14)
at ClientRequest.emit (events.js:315:20)
at ClientRequest.EventEmitter.emit (domain.js:467:12)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:606:11)
at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)
at TLSSocket.socketOnData (_http_client.js:509:22)
at TLSSocket.emit (events.js:315:20) {
code: 'NetworkingError',
region: 'us-east-1',
hostname: '[redacted].us-east-1.linodeobjects.com',
retryable: true,
time: 2021-03-21T06:14:46.873Z

Based on my diagnosis, this is caused by the "worker" scheduler/cron task. Every time that runs (based on the log), I see a new file in /app/code/tmp/cache owned by root. Sometimes this new file is in a new directory (as the cache splits the storage across multiple directories on demand based on the random file name). When this newly created root owned folder is used by the normal process (running as www-data), it fails the permission check and users see the error message.

I've been "fixing" this by manually running

/app/code/tmp/cache# find -user root -exec chown www-data:www-data {} \;

at the terminal.

@girish Yes I did, and the problem with the certificates is now fixed. Thank you!

@girish Actually, I just double-checked and the update didn't install. I'd seen it was in the process of installing, then had finished, so had assumed I was on 5.5, but I'm still using 5.4 . I've retriggered the update process and will test again if it finishes.

Edit: Hmm, it ran and again failed, but I refreshed the page before clicking to get the logs, and the nightly scheduled update had started! The displayed message was something like "failed with signal null".

Edit: Ah, I was able to grab the log (and the log of cloudton-updater) and found the problem. A little while ago, I'd started installing a tool used by my hosting provider, without realizing it was going to trigger an apt update etc, which Cloudron specifically warns against. I broke out of it, but it seems I left dpkg with unconfigured packages. I've fixed that now, and am trying the update again.

@girish I'm still getting the same behaviour, and having to reapply the manual change whenever a app updates.

Great, I'm looking forward to it.
So you know, the old certificate got put back into place and I had to re-apply the manual change.
Do you know what circumstances cause the cert to be reevaluated? For example, adding applications? Or is it just something that will happen on a regular schedule?

@girish Yes, that was the case.

@girish Thank you, the workaround worked.

I grabbed out the certs that were there before. I don't know if it would help to attach them, but they look like standard Lets Encrypt Authority X3 issued certs.