Project

General

Profile

Bug #759

redmine instances don't send any notification

Added by Pierre-Louis Bonicoli 4 months ago. Updated 14 days ago.

Status:
In Progress
Priority:
Normal
Category:
Service :: Web
Start date:
2022-03-15
Due date:
% Done:

50%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
No
Help Needed:

Description

Since the redmine instances are hosted within a LXC container, email notifications are no longer sent.

It looks like the issue comes from the Redmine configuration and 127.0.0.1:25 being used within the container.

The following configuration update isn't sufficient:

--- /etc/redmine/dc/configuration.yml    2022-03-15 22:28:00.095274510 +0000
+++ /etc/redmine/dc/configuration.yml.new    2022-03-15 22:27:44.102827009 +0000
@@ -4,8 +4,8 @@
   email_delivery:
     delivery_method: :smtp
     smtp_settings:
-      address: 127.0.0.1
-      domain: ''
+      address: 10.0.7.1
+      domain: 'projects.duckcorp.org'
       enable_starttls_auto: false
       port: 25

due to the grey listing configuration:
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: connect from unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: 4KJ71x5crKz4Bs: client=unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: message-id=<redmine.journal-2400.20220315221237.3bd6c5f55c0c0d17@projects.duckcorp.org>
Mar 15 23:12:38 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: milter-reject: END-OF-MESSAGE from unknown[10.0.7.2]: 4.7.1 Try again later; from=<issues@projects.duckcorp.org> to=<[redacted]@ir5.eu> proto=ESMTP helo=<projects.duckcorp.org>

Marc Dequènes should the grey listing be disabled for 10.0.7.2 or is there another way ?

Associated revisions

Revision bc549b1c (diff)
Added by Marc Dequènes 14 days ago

dc-rspamd: whitelist redmine container IP

refs #759

History

#1

Updated by Marc Dequènes 4 months ago

We could disable it per IP I think but I've never done that so we'll need to dig into rspamd's config. Another way would be a add a local relay that would handle the retries. Or it could even send outside by itself.

#2

Updated by Pierre-Louis Bonicoli 4 months ago

  • % Done changed from 0 to 50
  • Security set to No

The following configuration works fine (within the controller /etc/redmine/dc/configuration.yml needs to be updated too):

# cat /etc/rspamd/local.d/greylist.conf 
whitelisted_ip = "10.0.7.2";
# systemctl restart rspamd.service

Should this configuration be added to ansible? Something like that would work:

diff --git a/ansible/playbooks/tenants/duckcorp/web/projects.duckcorp.org.yml b/ansible/playbooks/tenants/duckcorp/web/projects.duckcorp.org.yml
index 79f76c3..e4b9c13 100644
--- a/ansible/playbooks/tenants/duckcorp/web/projects.duckcorp.org.yml
+++ b/ansible/playbooks/tenants/duckcorp/web/projects.duckcorp.org.yml
@@ -1,5 +1,15 @@
 ---

+- hosts: mx1_servers:&container_hosts
+  tasks:
+    copy:
+      dest: /etc/rspamd/local.d/greylist.conf
+      content: |-
+        whitelisted_ip = "{{ XXX }}";
+      owner: root
+      group: rspamd
+      mode: u=rw,g=r,o=
+
 - hosts: Toushirou

#3

Updated by Marc Dequènes 14 days ago

  • Status changed from New to In Progress
  • Assignee set to Pierre-Louis Bonicoli

Quack,

Sorry to reply late.

The configuration seems fine. This file is managed by Ansible already, see ansible/roles/dc-rspamd/templates/local.d/greylist.conf (although empty).

I updated the mail configuration and noticed the change being overwritten, so I adapted the rules to add the fix.

I'm not closing the ticket since the Redmine configuration also needs to be handled in Ansible (sorry no time for that right now). I assigned the ticket to you, I hope you don't mind.

Also available in: Atom PDF