Help wanted for local email client (e.g. Thunderbird)

[kklepper]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

I had a running local connection to my domain hosted via plesk. Now I moved on to a virtual server and installed your system. Great work, great explanation, easy installation. Thank you very much.

Roundcube works, I could receive mail. I could not send due to a general lock of my new provider on port 25, which was removed on request. I also opened port 25 for connections from my local IP. Sending from Roundcube now works, too.

Now I wanted to change my local Thunderbird configuration to connect to my new virtual server. The domain name xxx.tld and mail.xxx.tld point to the new virtual server IP. Well, no matter which method and port I choose for send and receive, I cannot send and I cannot receive from my local Thunderbird account like before.

Describe the solution you'd like
A clear and concise description of what you want to happen.

I'd like to have a simple instruction to this end. What do I have to do where to make things work as expected.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

I opened ports 25, 110, 143, 465, 587, 993, 995 - to no avail. Obviously I do not understand what I do.

Additional context
Add any other context or screenshots about the feature request here.

The old setting was 143 for receive and 587 for send.

This is an excerpt of my ports setting:

As you see, I restricted one port to my local IP.

I set up a TLS certificate using letsencrypt, so https://xxx.tld works fine. Thunderbird comes up with

Downloading a certificate from here does not work either.

Sorry, I run out of ideas.

[jeboehm]

Hi @kklepper

Thunderbird Settings for SMTP:
Port 587 with TLS/SSL (try both, if you have seperate options for this)
Authentification Method: Password

For incoming mails:
Port 143 with TLS
Authentification Method: Password

When LetsEncrypt is working, it is important to use the certificates in docker-mailserver aswell. This guide should explain it. Don't forget to restart the whole project afterwards.

Roundcube is sending and receiving mails via an internal connection to the mda and mta service. What you need to open in your firewall are the ports 25 (for sending & receiving mails from external users), 143 (communication with your Thunderbird instance, receiving), 587 143 (communication with your Thunderbird instance, sending).

If it is all set up and working, I'ld appreciate if you can provide some documentation of your knowledge for other users.

[kklepper]

Thank you for your immediate answer.

No error now, but timeout:

  # The Mail Transfer Agent (Postfix) receives incoming mail
  # on TCP port 25.
  mta:
    image: jeboehm/mailserver-mta:latest
    build: ./mta
    restart: on-failure:5
    env_file: .env
    volumes:
#      - data-tls:/media/tls:ro
      # For using external certificates uncomment the following lines
      # and change the path on the left side of the colon.
      # - /home/user/certs/mail.example.com.crt:/media/tls/mailserver.crt:ro
      # - /home/user/certs/mail.example.com.key:/media/tls/mailserver.key:ro
      - /etc/letsencrypt/archive/xxx.tld/fullchain1.pem:/media/tls/mailserver.crt:ro
      - /etc/letsencrypt/archive/xxx.tld/privkey1.pem:/media/tls/mailserver.key:ro

  # The Mail Delivery Agent (Dovecot) is responsible for storing
  # incoming mail into a users mailbox and also delivers them
  # via POP3 or IMAP4.
  mda:
    image: jeboehm/mailserver-mda:latest
    build: ./mda
    restart: on-failure:5
    env_file: .env
    volumes:
      - data-mail:/var/vmail
#      - data-tls:/media/tls:ro
      # For using external certificates uncomment the following lines
      # and change the path on the left side of the colon.
      # - /home/user/certs/mail.example.com.crt:/media/tls/mailserver.crt:ro
      # - /home/user/certs/mail.example.com.key:/media/tls/mailserver.key:ro
      - /etc/letsencrypt/archive/xxx.tld/fullchain1.pem:/media/tls/mailserver.crt:ro
      - /etc/letsencrypt/archive/xxx.tld/privkey1.pem:/media/tls/mailserver.key:ro

What's wrong here?

[kklepper]

SMTP STARTTLS

[kklepper]

The last message suspected that the server does not support encrypted passwords. So now with plain password:

Message now: server not available.

[kklepper]

I'm sorry, I guess I wrecked it all up.

First I restored the original docker-compose.yml file, to no avail. Next I renamed the directory and created a new one via git clone as I did before, again to no avail. Then I found, that jeboehm/mailserver-ssl:latest exited immediately which explained why http://xxx.tld:81/webmail/ did not work anymore.

So I concluded that the volume data-tls might have wrong data, so I removed that volume, but that did not help either. Next I removed all volumes, again to no avail.

Now I have no idea why the original installation does not work anymore and that new installation does not work either, although the original installation worked out-of-the-box.

What can I do now?

[kklepper]

Again sorry, now it works...

Totally confused now.

[jeboehm]

I only have to wait for you to find the solution, very good! ;P

Because I lost track what you're doing exactly, just some explanation here.

• jeboehm/mailserver-ssl is used to create a self signed certificate if you don't use your own ones. It will exit after certificates are created or if they already exist.

• Most of the containers are depending on existing certificates. The containers won't start if anything is messed up here.

• Be careful when you rename the project directory. docker-compose will choose a different name for your containers and this can lead to confusing things if you don't have better Docker knowledge.

• The timeout problem sounded like an issue with your port forwarding. For that, the output of docker ps -a would be helpful.

[kklepper]

I am so glad you bear with me, that is really kind of you.

Thank you very much for the explanation. I was misled by the exiting. So here is the output

[email protected]: /root/docker-mailserver # docker ps -a | grep "jeb"
fb3beb1d67c7        jeboehm/mailserver-filter:latest                                "/usr/local/bin/entr…"   2 hours ago          Up 2 hours (healthy)            11332/tcp, 11334/tcp                                                                                                               docker-mailserver_filter_1
510aaa6a7f18        jeboehm/mailserver-mta:latest                                   "/usr/local/bin/entr…"   2 hours ago          Up 2 hours (healthy)            0.0.0.0:25->25/tcp                                                                                                                 docker-mailserver_mta_1
027a3f7a3a53        jeboehm/mailserver-mda:latest                                   "/usr/local/bin/entr…"   2 hours ago          Up 2 hours (healthy)            0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:587->587/tcp, 0.0.0.0:993->993/tcp, 2003/tcp, 0.0.0.0:995->995/tcp, 4190/tcp   docker-mailserver_mda_1
72cf1a678939        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   2 hours ago          Up 2 hours (healthy)            9000/tcp, 0.0.0.0:81->80/tcp                                                                                                       docker-mailserver_web_1
a01b51054dee        jeboehm/mailserver-ssl:latest                                   "/usr/local/bin/crea…"   2 hours ago          Exited (0) 2 hours ago                                                                                                                                             docker-mailserver_ssl_1
90d8c90568a0        jeboehm/mailserver-virus:latest                                 "/usr/local/bin/entr…"   2 hours ago          Up 2 hours (healthy)            3310/tcp                                                                                                                           docker-mailserver_virus_1
721df7e773ab        jeboehm/mailserver-db:latest                                    "docker-entrypoint.s…"   2 hours ago          Up 2 hours                      3306/tcp, 33060/tcp                                                                                                                docker-mailserver_db_1

As you see, I spent 2 hours to get the thing working, but still it doesn't do as it did the first time. Also, you see that I renamed the original folder for the new git clone to be on the safe side.

I was able to install a 2nd user, but I cannot send or receive, or rather, to be precise, all e-mails sent from http://xxx.tld:81/webmail/?_task=mail&_mbox=INBOX or to one of my users from Thunderbird don't appear anywhere.

So something is wrong. In order to get some insight I tried telnet. I logged into my mail server, composed a message from one of my users to the other, and then completed with a dot. The answer looked good to me, but again nothing happened.

I didn't change anything with the ports on my virtual server.

[kklepper]

At least, now I got an error message

host mx00.emig.gmx.net[212.227.15.9] refused to talk to me:
    554-gmx.net (mxgmx014) Nemesis ESMTP Service not available 554-No SMTP
    service 554-Bad DNS PTR resource record. 554 For explanation visit
    https://www.gmx.net/mail/senderguidelines?ip=217.160.241.84&c=rdns

What exactly is wrong here? GMX sends me to https://intodns.com/ and they say ERROR: No reverse DNS (PTR) entries. Ok, I contacted my provider who told me where to set this record.

I set a bcc to each email to gmail, and gmx.de gets nothing yet, but gmail does. So this is good.

Another test, the other way around, now email to gmail and bcc to gmx -- same thing, gmail responds, gmx not. I guess after a while I will get another error report.

Also, GMX sent me to https://mxtoolbox.com/ which tells me I need a DMARC record. Ok, I hope I made it correctly with the help of my dns provider and Wikipedia, but it seems that this takes a while to be found.

Now why did it work the first time without all that fuss? Confusing.

[kklepper]

Oh, what a bummer! GMX classified my test emails as spam.

[kklepper]

Yes, sending from Roundcube to GMX with better faked emails is fine, with attachment, too.

And yes, https://mxtoolbox.com reports

[kklepper]

Funny, though, gmail classified this email as phishing due to the image attachment and stated that it was not possible to verify the sender. No, I don't understand all this.

[kklepper]

Well, I seem to have blocked myself. As a kind of newbee paranoia, I restricted all email ports to my own IP address. When I opened them up, emails waiting somewhere came in.

Let's see tomorrow what this means for my POP/SMTP problem.

[jeboehm]

How is it going? :)

[kklepper]

Oh yes, I just thought I have to keep you informed.

Well, I collected quite some new errors, so instead of bothering you, I chose a deviant way to learn more.

I have another virtual server with a LAMP stack, but the installation didn't work out fine either:

root@IONOS_1: /root/docker-mailserver # cp .env.dist .env
root@IONOS_1: /root/docker-mailserver # vi .env
root@IONOS_1: /root/docker-mailserver # bin/production.sh pull
Pulling db     ... done
Pulling mda    ... done
Pulling web    ... done
Pulling virus  ... done
Pulling ssl    ... done
Pulling filter ... done
Pulling mta    ... done
root@IONOS_1: /root/docker-mailserver # bin/production.sh up -d
Creating network "docker-mailserver_default" with the default driver
Creating volume "docker-mailserver_data-db" with default driver
Creating volume "docker-mailserver_data-dkim" with default driver
Creating volume "docker-mailserver_data-mail" with default driver
Creating volume "docker-mailserver_data-tls" with default driver
Creating volume "docker-mailserver_data-filter" with default driver
Creating volume "docker-mailserver_data-virusdb" with default driver
Creating docker-mailserver_mda_1   ... done
Creating docker-mailserver_db_1    ... done
Creating docker-mailserver_virus_1 ... done
Creating docker-mailserver_mta_1   ... done
Creating docker-mailserver_ssl_1   ... done
Creating docker-mailserver_web_1   ... done
Creating docker-mailserver_filter_1 ... done
root@IONOS_1: /root/docker-mailserver # bin/production.sh run --rm web setup.sh
2020/05/20 13:40:05 Waiting for: tcp://web:80
2020/05/20 13:40:05 Waiting for: tcp://db:3306
2020/05/20 13:40:05 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:05 Connected to tcp://db:3306
2020/05/20 13:40:06 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:07 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:08 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:09 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:10 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s
2020/05/20 13:40:11 Problem with dial: dial tcp 172.20.0.3:80: getsockopt: connection refused. Sleeping 1s

Now this looked like a clash with LAMP, so I first integrated my own database (I'll post suggestions for your help file later), but it didn't work out.

Finally I realized I should drop LAMP first and then install a LEMP docker setup. Locally, adminer works. After opening the adminer port, it works in the browser, too.

Next I try to define virtual servers. If this works, I will come back to docker-mailserver.

I'll keep you informed.

[kklepper]

This is another report of enduring failures.

My first virtual server has a running webmail with the ability to send and receive from Roundcube.

I noticed an interesting phenomenon. The address http://xxx.tld:81/webmail/?_task=mail&_mbox=INBOX gets updated in Opera, but not in Vivaldi.

Still I cannot find any combination of settings for SMTP, and the same holds true for POP.

All my ports are open. Nevertheless Thunderbird reports server errors. Any idea of how I can debug this?

My 2nd virtual server has its own problems. The first one still runs on port 80, the 2nd reroutes all unsafe connections to port 443.

Of course, this is my goal with the first one as well. There is a big docker stack running on port 80 which ought to be transformed to https. I still don't have an idea how to do that right. As I use ports, it may be a good idea to leave the whole zoo as it is and use a reverse proxy in front to accept https.

Around these lines I stumbled upon Traefik, which promises to be an excellent concept, but unfortunately I don't understand the setup good enough to make it work. So this was a 2nd reason to keep things simple and experiment with another virtual server first.

Now my main address on the 2nd server runs on https without Traefik, but now I have 2 problems I struggle with. Port 81 doesn't run with https. So I'll try to tie docker-mailserver to the first stack and 2nd make it work with https.

Another problem I don't understand is the way NGINX handles server blocks. For testing, I acquired a .tk domain. It turns out that is not possible to get a letsenscript for this tld. Therefore, I wanted to handle one block as redirecting to https and the other not. I can't get it right.

So this is how I spend hours and hours and my mind gets confused more and more.

Okay, this is nothing new, I have to become patient and work it out one by one.

Thank you for listening.

[jeboehm]

Puuh, all this sounds a bit messed up. First things first!
I don't use Vivaldi, neither Opera. But any problems regarding browser compatibility of the webmailer are better addressed at the Roundcube project.

I even don't know what's wrong with your Thunderbird. Since you're working on so many construction sites in parallel it's hard to locate the issues and their causes.
My recommendation:

• disable firewall, Traefix, nginx, everything that doesn't belong here
• start from scratch
• get the installation done carefully and step by step

The software swaks might help you to test the services like smtp, pop3 (do you really need it?) and imap. I use it in the integration tests: https://github.com/jeboehm/docker-mailserver/blob/master/test/rootfs/usr/share/tests/003_mta.bats
When you're able to connect with swaks, Thunderbird will work too.

To protect the manager and webmail with https, have a look at this:
https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-The-Web-Service-Behind-nginx-proxy
Personally I don't use Traefik, so my recommendation would be nginx-proxy & lets-encrypt, but they should work both the same. In any case: don't change the mailserver-web container, just remove the port forwarding and connect it to your proxy container network.

[kklepper]

Thank you very much for your kind words and your helpful advice. By studying your docker-mailserver.yml I discovered jwilder and was studying his contributions when your reply came. I'm sure your hints will help me achieve what I want.

I have a couple of browsers at my hands but I am using mostly Opera and lately gave Vivaldi a chance. Vivaldi misses a couple of features of Opera which boost my productivity quite a lot.

I am stubborn and persistent and don't tend to give up. Anyway, your work is brilliant and helps a lot. Thank you.

I'll keep you informed.

[kklepper]

Well, I think it's time to deliver an intermediate report.

Yesterday, I was struggling with all kinds of interesting and well-written tutorials to implement a proxy to a docker zoo, including jwilder/nginx-proxy. But somehow they were all incomplete and do not really fit my scenario.

In the end I was confused; I couldn't get any approach to work. So I turned to docker-mailserver and again had the error I experienced before, so I gave up and decided to install a fresh CentOS 8 and start from scratch.

This time I didn't install LEMP, as I had learned that I don't need that, rather delivering every service via docker containers.

After one day of making every mistake you can think of, I finally managed to not only reach my domain.TLD via ports 80 and 443 with 3 docker containers, but also, with the help of https://www.domysee.com/blogposts/reverse-proxy-nginx-docker-compose, install a proxy in front of my docker containers.

That's fine, but still not really understood. For example, the procedure I used for getting the letsenscrypt certificates (https://github.com/wmnnd/nginx-certbot/) does not place symbolic links in the directory live, which is not what the letsenscrypt expects, so I cannot inspect the certificates for the domains they are valid for. So far, I call special services via port, which is not possible with https, so I have to translate that into subdomains. I wanted to check if the subdomain has a certificate, so that's why I found out about the flaw of this approach.

Or is it a bug of certbot? I don't know yet. I have seen the symbolic links and worked with them, probably from the approach https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx, I don't know, I will use that approach next and will see if it uses symbolic links.

In addition, both solutions use NGINX, so this NGINX container might just as well be my proxy. I will investigate into that also.

Back to docker-mailserver. First I shut down all docker containers to have a clean setup. And then I followed your procedure and got the same error I had the day before. So here it is:

root@IONOS_1: /root # git clone [email protected]:jeboehm/docker-mailserver.git
Cloning into 'docker-mailserver'...
Warning: Permanently added the RSA host key for IP address '140.82.118.3' to the list of known hosts.
remote: Enumerating objects: 51, done.
remote: Counting objects: 100% (51/51), done.
remote: Compressing objects: 100% (36/36), done.
remote: Total 1846 (delta 7), reused 30 (delta 2), pack-reused 1795
Receiving objects: 100% (1846/1846), 233.05 KiB | 1.33 MiB/s, done.
Resolving deltas: 100% (680/680), done.

root@IONOS_1: /root # cd docker-mailserver/

root@IONOS_1: /root/docker-mailserver # cp .env.dist .env

root@IONOS_1: /root/docker-mailserver # nano .env

root@IONOS_1: /root/docker-mailserver # bin/production.sh pull
Pulling mda    ... done
Pulling virus  ... done
Pulling ssl    ... done
Pulling web    ... done
Pulling db     ... done
Pulling filter ... done
Pulling mta    ... done

root@IONOS_1: /root/docker-mailserver # bin/production.sh up -d
Creating network "docker-mailserver_default" with the default driver
Creating volume "docker-mailserver_data-db" with default driver
Creating volume "docker-mailserver_data-dkim" with default driver
Creating volume "docker-mailserver_data-mail" with default driver
Creating volume "docker-mailserver_data-tls" with default driver
Creating volume "docker-mailserver_data-filter" with default driver
Creating volume "docker-mailserver_data-virusdb" with default driver
Creating docker-mailserver_mda_1   ... done
Creating docker-mailserver_mta_1   ... done
Creating docker-mailserver_db_1    ... done
Creating docker-mailserver_web_1   ... done
Creating docker-mailserver_ssl_1   ... done
Creating docker-mailserver_virus_1 ... done
Creating docker-mailserver_filter_1 ... done

root@IONOS_1: /root/docker-mailserver # bin/production.sh run --rm web setup.sh
2020/05/23 17:05:40 Waiting for: tcp://web:80
2020/05/23 17:05:40 Waiting for: tcp://db:3306
2020/05/23 17:05:40 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:40 Connected to tcp://db:3306
2020/05/23 17:05:41 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:42 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:43 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:44 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:45 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:46 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:47 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:48 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:49 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:50 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:51 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:52 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:53 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:54 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:55 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:56 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:57 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:58 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:05:59 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:06:00 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:06:02 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:06:03 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:06:04 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
2020/05/23 17:06:05 Problem with dial: dial tcp 192.168.208.4:80: getsockopt: connection refused. Sleeping 1s
^C

What's happening here? How can I debug that? What is tcp 192.168.208.4:80? Here my uneducated investigation:

root@IONOS_1: /root/docker-mailserver # netstat  | grep "tcp"
tcp        0     64 localhost:ssh           p54957b34.dip0.t-:62560 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:36906 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:47592 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:33343 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:46700 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:54467 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:57082 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:52303 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:62865 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:43968 ESTABLISHED
tcp        0      0 localhost:ssh           p54957b34.dip0.t-:58309 ESTABLISHED


root@IONOS_1: /root/docker-mailserver # netstat  | grep "LISTEN"

root@IONOS_1: /root/docker-mailserver #

root@IONOS_1: /root/letsencrypt/wpopken.de/nginx-certbot # docker ps -a
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS                                 PORTS                                                                                                                              NAMES
1e0b35c38b1c        jeboehm/mailserver-filter:latest   "/usr/local/bin/entr…"   3 minutes ago       Up 48 seconds (health: starting)       11332/tcp, 11334/tcp                                                                                                               docker-mailserver_filter_1
9d124ad0b46f        jeboehm/mailserver-mta:latest      "/usr/local/bin/entr…"   3 minutes ago       Up About a minute (health: starting)   0.0.0.0:25->25/tcp                                                                                                                 docker-mailserver_mta_1
3ca99b5276c8        jeboehm/mailserver-mda:latest      "/usr/local/bin/entr…"   3 minutes ago       Up 3 minutes (unhealthy)               0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:587->587/tcp, 0.0.0.0:993->993/tcp, 2003/tcp, 0.0.0.0:995->995/tcp, 4190/tcp   docker-mailserver_mda_1
ee645414d977        jeboehm/mailserver-virus:latest    "/usr/local/bin/entr…"   3 minutes ago       Up 3 minutes (unhealthy)               3310/tcp                                                                                                                           docker-mailserver_virus_1
5fa82cf4642c        jeboehm/mailserver-db:latest       "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes                           3306/tcp, 33060/tcp                                                                                                                docker-mailserver_db_1
b745ba195b9d        jeboehm/mailserver-ssl:latest      "/usr/local/bin/crea…"   3 minutes ago       Exited (0) 3 minutes ago                                                                                                                                                  docker-mailserver_ssl_1
a1240dd862a5        jeboehm/mailserver-web:latest      "docker-php-entrypoi…"   3 minutes ago       Up About a minute (health: starting)   9000/tcp, 0.0.0.0:81->80/tcp                                                                                                       docker-mailserver_web_1

No other container is running:

root@IONOS_1: /root/letsencrypt/wpopken.de/nginx-certbot # docker ps -a | grep -v "jeb"
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS                                 PORTS                                                                                                                              NAMES

After nearly an hour I found some containers exited:

root@IONOS_1: /root # docker ps -a
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS                         PORTS                                                                                                                              NAMES
1e0b35c38b1c        jeboehm/mailserver-filter:latest   "/usr/local/bin/entr…"   58 minutes ago      Exited (1) 45 minutes ago                                                                                                                                         docker-mailserver_filter_1
9d124ad0b46f        jeboehm/mailserver-mta:latest      "/usr/local/bin/entr…"   59 minutes ago      Exited (1) About an hour ago                                                                                                                                      docker-mailserver_mta_1
3ca99b5276c8        jeboehm/mailserver-mda:latest      "/usr/local/bin/entr…"   59 minutes ago      Up About an hour (unhealthy)   0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:587->587/tcp, 0.0.0.0:993->993/tcp, 2003/tcp, 0.0.0.0:995->995/tcp, 4190/tcp   docker-mailserver_mda_1
ee645414d977        jeboehm/mailserver-virus:latest    "/usr/local/bin/entr…"   59 minutes ago      Up About an hour (healthy)     3310/tcp                                                                                                                           docker-mailserver_virus_1
5fa82cf4642c        jeboehm/mailserver-db:latest       "docker-entrypoint.s…"   59 minutes ago      Up About an hour               3306/tcp, 33060/tcp                                                                                                                docker-mailserver_db_1
b745ba195b9d        jeboehm/mailserver-ssl:latest      "/usr/local/bin/crea…"   59 minutes ago      Exited (0) About an hour ago                                                                                                                                      docker-mailserver_ssl_1
a1240dd862a5        jeboehm/mailserver-web:latest      "docker-php-entrypoi…"   59 minutes ago      Exited (1) About an hour ago                                                                                                                                      docker-mailserver_web_1

Any hint?

[kklepper]

Wait, I found an obvious mistake: .env is not correct, no MYSQL_HOST

[kklepper]

Hello, time again to report.

The obvious mistake I thought to have found wasn't really one. So I just picked up your advice and started from scratch. But first an explanation for the long silence.

The most urgent thing I was looking for is providing a solution for TLS. The obvious thing to do is to put a proxy in front of all the services, but this isn't that easy as I thought. I couldn't get it right with jwilder, for example, but finally succeeded with nginx.

Then I ran into the next problem which seems to be unsolved for years now. It was a longtime standard to track the IP addresses of users in the log files of the Web server. With docker things changed. Docker does not supply the IP address of the user, but the internal IP address of the container -- which is useless information.

I am not interested in tracking the IP addresses of my users, but I must know geographical data to provide certain services. So the IP address of the user is vital. How do you get this information?

Well, many people have invested much time and effort and didn't find much. There are people who pretend that they can trick nginx into providing this information, in particular with nginx as reverse proxy. Unfortunately I was not able to reproduce these solutions.

Somebody presented a solution via Traefik. This solution doesn't work out of the box, and I was not able to make it work. However, I was able to set up a small example which showed that the proposition as such is correct. This sample presents the information I'm looking for under both X-Forwarded-For and X-Real-Ip:

curl http://xxx.tld

Hostname: 39fbe76d1d2a
IP: 127.0.0.1
IP: 192.168.48.2
RemoteAddr: 192.168.48.3:43238
GET / HTTP/1.1
Host: xxx.tld
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/48.12.18.254 Chrome/48.0.2564.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4
Cookie: SERVERID=A; 
Dnt: 1
Upgrade-Insecure-Requests: 
X-Forwarded-For: xxx.149.123.52
X-Forwarded-Host: xxx.tld
X-Forwarded-Port: 80
well X-Forwarded-Proto: http
X-Forwarded-Server: 8f52871fd9d3
X-Real-Ip: xxx.149.123.52

That's great, and I hope to be able to integrate that result into a working proxy for my Docker zoo.

Right now I am exhausted, so I picked up docker-mailserver again. I made sure I have a clean start and stick to your procedures.

The first snapshot looks promising.

root@IONOS_2: /root/docker-mailserver # docker ps -a | grep "jeb"
6d00adddfbe3        jeboehm/mailserver-filter:latest                                "/usr/local/bin/entr…"   3 minutes ago       Up About a minute (healthy)   11332/tcp, 11334/tcp                                                                                                               docker-mailserver_filter_1
94615388bfc2        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   3 minutes ago       Up About a minute (healthy)   9000/tcp, 0.0.0.0:81->80/tcp                                                                                                       docker-mailserver_web_1
564dfd5e7c07        jeboehm/mailserver-mda:latest                                   "/usr/local/bin/entr…"   3 minutes ago       Up 3 minutes (unhealthy)      0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:587->587/tcp, 0.0.0.0:993->993/tcp, 2003/tcp, 0.0.0.0:995->995/tcp, 4190/tcp   docker-mailserver_mda_1
635eb81bf873        jeboehm/mailserver-mta:latest                                   "/usr/local/bin/entr…"   3 minutes ago       Up About a minute (healthy)   0.0.0.0:25->25/tcp                                                                                                                 docker-mailserver_mta_1
c9c53bbb56b8        jeboehm/mailserver-db:latest                                    "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes                  3306/tcp, 33060/tcp                                                                                                                docker-mailserver_db_1
bcc9cac47660        jeboehm/mailserver-ssl:latest                                   "/usr/local/bin/crea…"   3 minutes ago       Exited (0) 3 minutes ago                                                                                                                                         docker-mailserver_ssl_1
f9b2099eea75        jeboehm/mailserver-virus:latest                                 "/usr/local/bin/entr…"   3 minutes ago       Up 3 minutes (unhealthy)      3310/tcp                                                                                                                           docker-mailserver_virus_1

But then I get the following:

root@IONOS_2: /root/docker-mailserver # http://127.0.0.1:81/manager/
-bash: http://127.0.0.1:81/manager/: No such file or directory

Okay, nevermind, just proceed.

root@IONOS_2: /root/docker-mailserver # bin/production.sh run --rm web setup.sh
2020/05/25 17:41:21 Waiting for: tcp://web:80
2020/05/25 17:41:21 Waiting for: tcp://db:3306
2020/05/25 17:41:21 Connected to tcp://web:80
2020/05/25 17:41:21 Connected to tcp://db:3306
Welcome to docker-mailserver!
This tool will help you to set up the first mail account.
You just have to answer a few questions.
Please enter the first email address you want to receive mails to: [email protected]
Enter a password for the new account:
Repeat the password:
Your new email address [email protected] was successfully created.
You can now login using the previously set password.
2020/05/25 17:41:36 Command finished successfully.

root@IONOS_2: /root/docker-mailserver # http://127.0.0.1:81/manager/
-bash: http://127.0.0.1:81/manager/: No such file or directory

Well, why that? It went without problems the first time.

Actually, Thunderbird came up and wanted to get a certificate exception. Well, looks like something is responding.

Now the problem is that having TLS installed, the address http://xxx.tld:81/webmail will no longer work as it is redirected to be handled by the nginx proxy.

That shouldn't be a problem, but it is. To begin with, I integrated all your containers simply with copy and paste into my stack.

root@IONOS_2: /root/docker-mailserver # docker stack deploy -c /c/kklepper/xxx/vx/docker-compose_core.proxy.`nginx`.mail.yml vx
Ignoring unsupported options: build, links, restart

Creating network vx_default
Creating network vx_front_ntw
Creating network vx_proxy
Creating network vx_back_ntw
Creating service vx_db
Creating service vx_s2
Creating service vx_master
Creating service vx_websm
Creating service vx_webmy
Creating service vx_ssl
Creating service vx_mda
Creating service vx_web
Creating service vx_mta
Creating service vx_virus
Creating service vx_filter
Creating service vx_sph
Creating service vx_yaws
Creating service vx_s1
Creating service vx_adm
Creating service vx_db_svr
Creating service vx_nginx
Creating service vx_webm

That looks good, but it isn't:

root@IONOS_2: /root/docker-mailserver # docker stack services vx
ID                  NAME                MODE                REPLICAS            IMAGE                                                           PORTS
3zk86x48r47i        vx_websm            replicated          5/5                 kklepper/apache-php7-mysqli-memcache-graphicsmagick-v1:alpine   *:8030->80/tcp
4tcn50d3cry1        vx_adm              replicated          1/1                 adminer:latest                                                  *:8071->8080/tcp
52zyvmbi2sz9        vx_s1               replicated          1/1                 kklepper/mariadb33:alpine
56npowjc0vb7        vx_virus            replicated          0/1                 jeboehm/mailserver-virus:latest
71zesi0l9909        vx_db               replicated          1/1                 jeboehm/mailserver-db:latest
b4m7m67ifwaq        vx_yaws             replicated          1/1                 kklepper/yaws-v3:alpine
dimetqrkk9fi        vx_sph              replicated          1/1                 kklepper/sphinx:alpine                                          *:9312->9312/tcp, *:9990->9990/tcp
dj0t9knb0tgg        vx_mda              replicated          0/1                 jeboehm/mailserver-mda:latest
h9wvo3qbaljm        vx_webm             replicated          0/1                 jeboehm/mailserver-web:latest
i5o6hs6sw2po        vx_s2               replicated          1/1                 kklepper/mariadb33:alpine
j8odhgdj3tqc        vx_master           replicated          1/1                 kklepper/mariadb33:alpine
lldutumny5lf        vx_mta              replicated          0/1                 jeboehm/mailserver-mta:latest
ngbp6ilb8gnh        vx_webmy            replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:8020->80/tcp
pkuyslxlbjzn        vx_db_svr           replicated          1/1                 kklepper/haproxy-mysql:alpine                                   *:3306->3306/tcp, *:24448->8080/tcp
u5n59isncbkd        vx_nginx            replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:80->80/tcp, *:443->443/tcp
v3zh3uut7cvo        vx_ssl              replicated          0/1                 jeboehm/mailserver-ssl:latest
x7fpgn4b5jks        vx_filter           replicated          0/1                 jeboehm/mailserver-filter:latest
y670pzucqhl1        vx_web              replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:8010->80/tcp

To make it more understandable:

root@IONOS_2: /root/docker-mailserver # docker stack services vx | grep "0/1"
56npowjc0vb7        vx_virus            replicated          0/1                 jeboehm/mailserver-virus:latest
dj0t9knb0tgg        vx_mda              replicated          0/1                 jeboehm/mailserver-mda:latest
h9wvo3qbaljm        vx_webm             replicated          0/1                 jeboehm/mailserver-web:latest
lldutumny5lf        vx_mta              replicated          0/1                 jeboehm/mailserver-mta:latest
v3zh3uut7cvo        vx_ssl              replicated          0/1                 jeboehm/mailserver-ssl:latest
x7fpgn4b5jks        vx_filter           replicated          0/1                 jeboehm/mailserver-filter:latest

Why is that? The rest of the zoo is fine:

root@IONOS_2: /root/docker-mailserver # docker stack services vx | grep -v "0/1"
ID                  NAME                MODE                REPLICAS            IMAGE                                                           PORTS
3zk86x48r47i        vx_websm            replicated          5/5                 kklepper/apache-php7-mysqli-memcache-graphicsmagick-v1:alpine   *:8030->80/tcp
4tcn50d3cry1        vx_adm              replicated          1/1                 adminer:latest                                                  *:8071->8080/tcp
52zyvmbi2sz9        vx_s1               replicated          1/1                 kklepper/mariadb33:alpine
71zesi0l9909        vx_db               replicated          1/1                 jeboehm/mailserver-db:latest
b4m7m67ifwaq        vx_yaws             replicated          1/1                 kklepper/yaws-v3:alpine
dimetqrkk9fi        vx_sph              replicated          1/1                 kklepper/sphinx:alpine                                          *:9312->9312/tcp, *:9990->9990/tcp
i5o6hs6sw2po        vx_s2               replicated          1/1                 kklepper/mariadb33:alpine
j8odhgdj3tqc        vx_master           replicated          1/1                 kklepper/mariadb33:alpine
ngbp6ilb8gnh        vx_webmy            replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:8020->80/tcp
pkuyslxlbjzn        vx_db_svr           replicated          1/1                 kklepper/haproxy-mysql:alpine                                   *:3306->3306/tcp, *:24448->8080/tcp
u5n59isncbkd        vx_nginx            replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:80->80/tcp, *:443->443/tcp
y670pzucqhl1        vx_web              replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:8010->80/tcp

The obvious thing is that the original snippet cannot work anymore; apart from the unsupported options these lines had to be corrected as follows:

env_file: /root/docker-mailserver/.env

Also, having a database running already, I commented the database block out.

But this isn't it. Everything else works as planned:

root@IONOS_2: /root/docker-mailserver # docker stack deploy -c /c/kklepper/xxx/vx/docker-compose_core.proxy.`nginx`.mail.yml vx;curl https://xxx.tld; echo ;docker stack services vx | grep "_ng"
Updating service vx_webm (id: h9wvo3qbaljm5vqq72zjzo043)
Updating service vx_nginx (id: u5n59isncbkdac78gqij4aukr)
Updating service vx_master (id: j8odhgdj3tqcpalhj05239nj7)
Updating service vx_mta (id: lldutumny5lfxanva1qeilchf)
Updating service vx_filter (id: x7fpgn4b5jksishf2swg7gli6)
Updating service vx_sph (id: dimetqrkk9fibickdp1x3cnk0)
Updating service vx_db_svr (id: pkuyslxlbjznroib1l89qp64n)
Updating service vx_yaws (id: b4m7m67ifwaqusiq3fr0klw7l)
Updating service vx_webmy (id: ngbp6ilb8gnhi6dh3vu3wxdcp)
Updating service vx_s2 (id: i5o6hs6sw2poxv0d1a53mu4jt)
Updating service vx_s1 (id: 52zyvmbi2sz91ilfjrlpkxsuk)
Updating service vx_adm (id: 4tcn50d3cry10rzcabddoruxv)
Updating service vx_mda (id: dj0t9knb0tgg3crrhqc3bv0ik)
Updating service vx_virus (id: 56npowjc0vb7o12feetjbaiev)
Updating service vx_ssl (id: v3zh3uut7cvo0t8a9p130os3k)
Updating service vx_websm (id: 3zk86x48r47i6fko4cirlkxw3)
Updating service vx_web (id: y670pzucqhl13lygiholt1c9y)
<hr><pre> L: 641  :HOSTNAME => web:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SHLVL => 1:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HOME => /:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :TERM => xterm:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :PATH => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HOST_HOSTNAME => mail.xxx.tld:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :PWD => /:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :USER => nobody:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HTTP_CONNECTION => keep-alive:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HTTP_HOST => xxx.tld:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HTTP_TE => :  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :HTTP_CONTENT_LENGTH => 0:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SCRIPT_FILENAME => /www/index.php:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REDIRECT_STATUS => 200:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SERVER_NAME => xxx.tld:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SERVER_PORT => 80:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SERVER_ADDR => 10.0.74.10:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REMOTE_PORT => 46569:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REMOTE_ADDR => 10.0.74.8:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SERVER_SOFTWARE => `nginx`/1.16.1:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :GATEWAY_INTERFACE => CGI/1.1:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REQUEST_SCHEME => http:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SERVER_PROTOCOL => HTTP/1.1:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :DOCUMENT_ROOT => /www:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :DOCUMENT_URI => /index.php:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REQUEST_URI => /?lg=de:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :SCRIPT_NAME => /index.php:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :CONTENT_LENGTH => 0:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :CONTENT_TYPE => :  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REQUEST_METHOD => GET:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :QUERY_STRING => lg=de:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :FCGI_ROLE => RESPONDER:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :PHP_SELF => /index.php:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REQUEST_TIME_FLOAT => 1590434330.8124:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 641  :REQUEST_TIME => 1590434330:  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<hr><pre> L: 643  ::  :: F: /www/application/helpers/debug_1_helper.php M: wp_is_webmaster 21:18:52 (  ) </pre>
<!-- case atomic [Row] SUCCESS --><div class='center_text'>&middot;</div>
u5n59isncbkd        vx_nginx            replicated          1/1                 kklepper/`nginx`-php7-mysqli-memcached:alpine                     *:80->80/tcp, *:443->443/tcp

Here you see that nginx doesn't deliver the client IP I'm looking for.

If I would succeed in getting all your containers started, I would add the following snippet to my nginx.conf

        location /webm {
            proxy_pass http://webm:81;
            rewrite ^/xxx.tld(.*)$ $1 break;
        }

and hopefully everything would work as smooth as it does with Adminer:

        location /adm {
            proxy_pass http://adm:8080;
            rewrite ^/xxx.tld(.*)$ $1 break;
        }

(So my initial idea with subdomains was not good.)

I tried to approach the problem by eliminating all containers of yours but the first one, volumes leaving untouched. The result is

root@IONOS_2: /root/docker-mailserver # docker stack services vx | grep  "0/1"
u3veqg5w4y16        vx_ssl              replicated          0/1                 jeboehm/mailserver-ssl:latest

I looked at the source code for this container at github, but couldn't find anything which would explain this failure.

Do you have any ideas to get me on the right track?

[kklepper]

Aha:

root@IONOS_2: /root/docker-mailserver # docker ps -a | grep "ted"
aa16d225b153        jeboehm/mailserver-ssl:latest                                   "/usr/local/bin/crea…"   2 seconds ago       Created                                        vx_ssl.1.35smvz5ajejin8nzkhm97nbm7
d8515cb5510f        jeboehm/mailserver-ssl:latest                                   "/usr/local/bin/crea…"   8 seconds ago       Exited (0) 2 seconds ago                       vx_ssl.1.coi9acda3c0hdi03slm65p9eg

[kklepper]

Same here:

root@IONOS_2: /root # docker stack services vx | grep "0/1"
oa5e7wqaypxg        vx_webm             replicated          0/1                 jeboehm/mailserver-web:latest

[kklepper]

root@IONOS_2: /root # docker ps -a | grep "x_webm\."
cfc056b13267        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   About a minute ago   Up About a minute (health: starting)   80/tcp, 9000/tcp    vx_webm.1.zmq0k63ivdog0xer4rzzz26pa
08e93fae4f38        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   2 minutes ago        Exited (137) About a minute ago                            vx_webm.1.6gks5jifer3vxr6x0ilajz2i5
a548e62dd049        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   4 minutes ago        Exited (137) 2 minutes ago                                 vx_webm.1.tjotbczbcvck5hsytev8lwb6g
a08c94391684        jeboehm/mailserver-web:latest                                   "docker-php-entrypoi…"   6 minutes ago        Exited (137) 4 minutes ago                                 vx_webm.1.wscbf87936iwap5cif3k2o915

[jeboehm]

Sorry, I've never used Docker Stack. :(

[kklepper]

See last entry in #85 at Thunderbird