Docker mailman image can't access https://publicsuffix.org/
Thanks so it looks like Mailman can not get to publicsuffix. The wrinkle is I am running maxking's docker version. The host can get there, but not from the docker image. Any idea to to configure that? and this only comes into play when I set the dmarc settings.
Could you share some more information about the problem and your debugging steps so far? This sounds most likely to be an issue with your container environment (docker, podman, kubernetes...), or how networking or DNS is handled within it.
What errors are logged? (I assume you are getting an error like "Unable to retrieve public suffix list from ..." with DMARC enabled; what is the error?)
Can you not access the IP address, or can you not resolve the domain?
Can you reproduce this when shelled into the container?
What is your host environment? etc.
--Jered
----- On Jan 8, 2024, at 4:11 PM, bob B via Mailman-users mailman-users@mailman3.org wrote:
Thanks so it looks like Mailman can not get to publicsuffix. The wrinkle is I am running maxking's docker version. The host can get there, but not from the docker image. Any idea to to configure that? and this only comes into play when I set the dmarc settings.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to jered@convivian.com
In my testing, from the docker host, I can curl "https://publicsuffix.org" But from inside the container, it just times out.
It looks like mailman needs to contact publicsuffix.org when you set the "DMARC mitigation action" to "replace from with list address" The mailman core log shows
/list/public_suffix_list.dat (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f8b38d318a0>, 'Connection to publicsuffix.org timed out. (connect timeout=5)'))
I had another thread for this issue (https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...), but started this one because it seems to just be an issue with the docker container not being able to get out to publicsuffix.org
I am running the maxking docker images version 0.4.3
This is definitely a problem with your docker environment configuration and not a Mailman issue.
What does your environment look like? (Host version, host OS, docker version, network config, etc?)
From a shell _inside_ the container, can you ping publicsuffix.org? traceroute to it?
--Jered
----- On Jan 9, 2024, at 8:22 AM, bob B via Mailman-users mailman-users@mailman3.org wrote:
In my testing, from the docker host, I can curl "https://publicsuffix.org" But from inside the container, it just times out.
It looks like mailman needs to contact publicsuffix.org when you set the "DMARC mitigation action" to "replace from with list address" The mailman core log shows
/list/public_suffix_list.dat (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f8b38d318a0>, 'Connection to publicsuffix.org timed out. (connect timeout=5)'))
I had another thread for this issue (https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...), but started this one because it seems to just be an issue with the docker container not being able to get out to publicsuffix.org
I am running the maxking docker images version 0.4.3
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to jered@convivian.com
I followed the instructions from Maxking to set up our docker environment, and mailman has been working fine for years, but we need to set the dmarc settings and that's when we saw the error. I wonder if the Docker Mailman environment is not set up to get out to publicsuffix.org.
Were are running cent os version 7 Docker version 1.13.1
here is my docker yaml file
-bash-4.2$ cat docker-compose.yaml version: '2' services: mailman-core: image: maxking/mailman-core:0.4.3 container_name: mailman-core restart: always hostname: mailman-core volumes: - /opt/mailman/core:/opt/mailman/ - /docker-mailman/mailinfoscripts/migration_script:/migration stop_grace_period: 30s environment: .[Redacted] .[Redacted] .[Redacted] ports: - "127.0.0.1:8001:8001" # API - "127.0.0.1:8024:8024" # LMTP - incoming emails networks: mailman: ipv4_address: 172.19.199.2
mailman-web: image: maxking/mailman-web:0.4.3 container_name: mailman-web restart: always hostname: mailman-web links: - mailman-core:mailman-core volumes: - /opt/mailman/web:/opt/mailman-web-data - /docker-mailman/mailinfoscripts/migration_script:/migration - /docker-mailman/custom_container_files/uwsgi.ini:/opt/mailman-web/uwsgi.ini environment: .[Redacted] .[Redacted] .[Redacted] ports: - "127.0.0.1:8000:8000" # HTTP - "127.0.0.1:8080:8080" # uwsgi networks: mailman: ipv4_address: 172.19.199.3
networks: mailman: ipam: config: - subnet: 172.19.199.0/24 gateway: 172.19.199.1
-bash-4.2$
confirming:
using the latest image, a call to
docker compose exec mailman-core curl https://publicsuffix.org/
returns html data correctly.
what version are you running?
I also see the same thing on image: maxking/mailman-core:0.4.5
This really sounds like a problem with your docker host environment, not the Mailman container.
What happens when you run Jörg's example command of "docker exec mailman-core curl https://publicsuffix.org/"?
Are you able to resolve, ping, traceroute (etc) from within the mailman-core container you are running?
--Jered
----- On Jan 9, 2024, at 12:02 PM, bob B via Mailman-users mailman-users@mailman3.org wrote:
what version are you running?
I also see the same thing on image: maxking/mailman-core:0.4.5
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to jered@convivian.com
Found it !!!!!!
We have a proxy server setup (our Linux teams build our hosts), so I need to set an environmental variable in the docker images. I manually set it, and then I could curl.
participants (3)
-
bob B -
Jered Floyd -
Jörg Schulz