RE: SMTP rejected for some users

This appears to be a case of https://forum.cloudron.io/post/6533 . Applying the linked setting change fixed the issue.

Rocketchat group calls are also using Jitsi, so including that would be a big plus for us.

For some of our users, their SMTP connections are being denied, with:

902 Host names have more than one DNS label

This error appears to come from https://codeclimate.com/github/msimerson/Haraka/plugins/helo.checks.js/source

I don't know how to walk them through finding out what HELO their device is sending to validate it, but it seems related to the plugin.cfg.reject.valid_hostname setting. Did this change in 5.0.3 ?

@girish Thank you, the workaround worked.

I grabbed out the certs that were there before. I don't know if it would help to attach them, but they look like standard Lets Encrypt Authority X3 issued certs.

Great, I'm looking forward to it.
So you know, the old certificate got put back into place and I had to re-apply the manual change.
Do you know what circumstances cause the cert to be reevaluated? For example, adding applications? Or is it just something that will happen on a regular schedule?

@girish Yes, that was the case.

@girish Thank you, the workaround worked.

I grabbed out the certs that were there before. I don't know if it would help to attach them, but they look like standard Lets Encrypt Authority X3 issued certs.

@girish OK, I've just tried that (for the main domain), but I'm not seeing any change.

This is affecting both incoming SMTP (so is domain agnostic at that point), as well as IMAP (which I assume also uses STARTTLS or equivalent before using a specific domain login).

If it's helpful, I'm familiar enough with sysadmin to be able to access the docker container command line and such, to get more information/apply changes.

Edit: I also just tried cycling the mail service, in case the change hadn't applied yet.

Edit: I also just tried disabling email across all domains (which did disable the mail service, based on the SSL test), but as soon as I re-enabled it for the main domain, the same error occurred.

We're using custom wildcard certificates for all our domains. When we made this switch, email didn't change to using the new certificate, and kept using the Lets Encrypt cert.

This cert has now expired. I've found various issues in the past similar to this, and tries those fixes (add new domain then remove it, restart email service), but the issue persists.

This appears to be a case of https://forum.cloudron.io/post/6533 . Applying the linked setting change fixed the issue.

For some of our users, their SMTP connections are being denied, with:

902 Host names have more than one DNS label

This error appears to come from https://codeclimate.com/github/msimerson/Haraka/plugins/helo.checks.js/source

I don't know how to walk them through finding out what HELO their device is sending to validate it, but it seems related to the plugin.cfg.reject.valid_hostname setting. Did this change in 5.0.3 ?

@girish As far as I know, it's correct - unless DKIM has the IP included, since that did change during the migration. Unfortunately, the Email section of Cloudron wasn't properly giving the needed information - previously it was saying DKIM was incorrect, but the display just said something like "expected null to equal null". DKIM isn't showing in the Email status page at all with the workaround I added here.

I'll put that in as a separate issue, though, once the update comes out and I see the proper message.

Last night our Cloudron updated to 4.4.0, and got stuck in a restart loop.
The error in box.log was:

/home/yellowtent/box/src/mail.js:524
                    if (!record.status) message.push(`${type.toUpperCase()} DNS record (${record.type}) did not match.\n    * Hostname: \`${record.name}\`\n
   * Expected: \`${record.expected}\`\n    * Actual: \`${record.value}\``);
                                ^

TypeError: Cannot read property 'status' of undefined
    at Object.keys.forEach (/home/yellowtent/box/src/mail.js:524:33)
    at Array.forEach (<anonymous>)
    at /home/yellowtent/box/src/mail.js:522:41
    at /home/yellowtent/box/src/mail.js:503:13
    at /home/yellowtent/box/node_modules/async/dist/async.js:3888:9
    at /home/yellowtent/box/node_modules/async/dist/async.js:473:16
    at iteratorCallback (/home/yellowtent/box/node_modules/async/dist/async.js:1064:13)
    at /home/yellowtent/box/node_modules/async/dist/async.js:969:16
    at /home/yellowtent/box/node_modules/async/dist/async.js:3885:13
    at /home/yellowtent/box/src/mail.js:471:17

I patched around this by editing that file and adding a

if (!record) return;

into the forEach callback.

We've been having issues with Cloudron not correctly reading the mail config (reporting DNS misconfiguration, with error messages about expecting null to equal null), since we migrated to a new host a few weeks ago. This may be related, but I haven't had time to report the issues that happening in that migration yet.

Rocketchat group calls are also using Jitsi, so including that would be a big plus for us.