docker-mailserver: Cant receive emails from outside

Subject

I cant receive emails from outside my server.

Description

Im so sorry, to bother you with that topic again… I see there are already a lot of other issues, but I didnt found the right answer for my problem in these…

I have a docker-mailserver running on my IP with this docker-compose.yml:

version: '3.8'

services:
  mailserver:
    image: docker.io/mailserver/docker-mailserver:latest
    container_name: mailserver
    restart: always
    hostname: mail
    domainname: domain.com
    ports:
      - "25:25"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - /certbot/conf:/etc/letsencrypt
      - /etc/localtime:/etc/localtime:ro
    environment:
      LOG_LEVEL: debug
      ENABLE_AMAVIS: 1
      #AMAVIS_LOGLEVEL: 5
      ENABLE_CLAMAV: 1
      #ENABLE_DNSBL: 1
      ENABLE_FAIL2BAN: 1
      SPOOF_PROTECTION: 1
      POSTMASTER_ADDRESS: my_gmail@gmail.com
      POSTFIX_INET_PROTOCOLS: ipv4
      DOVECOT_INET_PROTOCOLS: ipv4
      ENABLE_SPAMASSASSIN: 1
      SPAMASSASSIN_SPAM_TO_INBOX: 1
      ENABLE_POSTGREY: 1
      ENABLE_SASLAUTHD: 0
      SSL_TYPE: letsencrypt
      ONE_DIR: 1
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE

I have my domain domain.com and my subdomain mail.domain.com. I have added name@domain.com as an email.

I can successfully send emails (everywhere, e.g. gmail), but I can only receive emails from local (name2@domain.com). I can not receive emails from gmail etc. (all tested with thunderbird (explicit TLS - IMAP and ESMTP))

So I think it must be a networking problem… At first I had a look at my server ports with sudo netstat -nlp | grep :25:

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      27651/docker-proxy
tcp6       0      0 :::25                   :::*                    LISTEN      27658/docker-proxy

that one looked fine, but I also did an external portscan with this website http://www.dnstools.ch/port-scanner.html - port 25 and all the others are open.

My Domain got a MX record for domain.com on mail.domain.com, https://dnschecker.org/mx-lookup.php is confirming its working. SPF and DKIM entries are also successfull, DMARC is not working correctly atm. just still figuring that one out (but I thought it wont fail cuz of this)?

This SSL part is a little bit tricky for me, I know how it works on websites, but dont really know how its used for mailservers… I just created 2 virtual servers inside nginx to get the letsencrypt certificates with certbot… (like for a website) Then I mounted the volume as described in the docs and like in my docker-compose.yml, all my certs are inside of that, not just the cert for the mailserver, but I think that shouldnt be a problem? I have a cert for domain.com and a cert for mail.domain.com, can you explain which one I need? Do I need a cert for the mailserver (so mail.domain.com) or do I need a cert for my used domain (domain.com, as I use the email name@domain.com)? Or both?

I tried to test this with https://ssl-tools.net/mailservers, but it is not checking the certs, I dont know why… Website

But connecting from thunderbird with TLS/SSL with IMAP and SMTP is working, so I thought there shouldnt be a problem, but as said, my knowledge on that specific topic is limited…

I have kaspersky installed on my pc, and sometimes I get a warning, that the certificate for domain.com is wrong, and when I display it from kaspersky, the certificate is issued for mail.domain.com. Thunderbird got no problems, as I tell kaspersky not to block that connection, thunderbird doesnt bother, so I dont know if that is really an issue or maybe just kaspersky being weired.

So I dont know why its not working and what to do… Glad for any help and sorry to bother! Merry Christmas!

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 30 (11 by maintainers)

Most upvoted comments

However, I think by default any IP address considered private (172.x.x.x, 10.x.x.x, 192.168.x.x) are configured as trusted and can send without authenticating through a user account.

https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker

+2
casperklein on Dec 29, 2022

Ah thank you, that makes sense! So im fine with PERMIT_DOCKER=none set? 😄

Yes.

And does anyone know what the SYS_PTRACE under cap_add is about?

SYS_PTRACE is no longer needed.

+1
casperklein on Dec 29, 2022

That was an awesome summary, thank you very much! So the most important part for me is, that everyone needs to authenticate before sending emails from my server, and if I understood everything right, no one can somehow connect to port 25 and just send random emails from my server from other domains, without having a user account and authenticate before, correct? 😄

+1
da-wilky on Dec 28, 2022

So I dont know why it cant be authenticated… any ideas on that one?

I think it’s common to see this issue with clients like ThunderBird, have you got any other account correctly logging in?

Try adding/removing the @domain.com part from the user/account login field.

+1
polarathene on Dec 27, 2022

Currently, I removed the TXT Records (SPF, DKIM and DMARC), those should just be for security and outgoing emails, or am I wrong? I still have my mx record for my domain.com on mail.domain.com and I still have my A Record on my IP for mail.domain.com.

+1
da-wilky on Dec 27, 2022
Read more comments on GitHub
← docker-mailserver: Can't login mail server with ldap
docker-mailserver: Cant send email on the server itself →