Comments (5)
micw
commented on May 5, 2024
I merged #46 - does this fix the issue for you? With port forwarding there's always the risk that all requests seems to come from localhost, making mailu an open relay.
from helm-charts.
asoltesz
commented on May 5, 2024
I further investigated the issues around NodePorts and it seems that it is NOT possible to preserve the Source IP when NodePorts are used the way I described them in my enhancement request. (as of Kubernetes v1.19)
https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-nodeport
To avoid this, Kubernetes has a feature to preserve the client source IP. If you set service.spec.externalTrafficPolicy to the value Local, kube-proxy only proxies proxy requests to local endpoints, and does not forward traffic to other nodes. This approach preserves the original source IP address. If there are no local endpoints, packets sent to the node are dropped, so you can rely on the correct source-ip in any packet processing rules you might apply a packet that make it through to the endpoint.
So, I think my original request would create an open-relay.
from helm-charts.
asoltesz
commented on May 5, 2024
NOTE:
I have solved my original issue (that prompted the enhancement request) by creating/updating DNS entries dynamically with External-DNS and a small Mailu-specific operator that I wrote for this purpose.
The managed DNS entry always points to the exact Kubernetes node that is running the Mailu Front pod. It the Front pod is migrated to another Kubernetes node, the DNS entry gets updated.
from helm-charts.
tbscode
commented on May 5, 2024
Very old issue, a lot has changed in the chart.
What is the recommended way to connect to the smtp tcp port externally?
I have a basic installation of the chart working on my cluster.
I can login, send and receive emails use the admin interface and webmailer.
I'm using microk8s + metallb and have tested for open relays.
But I was not yet able to send emails from another machine though smtp.
So-far I tried
- using the default
hostPort.enabed: trueand exposing 465 port. - Configuring
values.yaml
front:
externalService:
type: LoadBalancer
enabled: true
loadBalancerIP: <server-ip>
And then exposing the port that the load balancer get mapped for 465.
Both without success.
from helm-charts.
tbscode
commented on May 5, 2024
Whoops ok both approaches work totally fine, when trying the correct port 587.
from helm-charts.
Related Issues (20)
- [BUG] Postfix liveness probe is not sufficient to detect faulty pods HOT 7
- Postfix stopped working HOT 5
- Re-add containerSecurityContext HOT 1
- [BUG] Credentials are being asked when upgrading van 1.2.0 to 1.4.0 HOT 1
- [BUG] Postfix forward to Dovecot HOT 5
- Avoid hard coding "svc" in FQDNs HOT 2
- [BUG] HOT 3
- Admin hangs at migration after upgrade from 2.0.28 to 2.0.29 HOT 13
- [BUG] Authentication credentials invalid HOT 10
- mailu 2.0.30 admin container not starting - mail redirected to legacy setup and seemingly missing due to misconfiguration HOT 14
- Freshclam on K8S HOT 6
- relay abuse through SRS HOT 6
- [BUG] Admin service crashes when creating a new user HOT 2
- [BUG] Changes to immutable labels prevent migrations to newer chart versions HOT 5
- [BUG] Default configuration disables outbound TLS of Postfix HOT 3
- fix(admin): relation "domain" does not exist for postgres HOT 1
- treafik support HOT 2
- [BUG] rspamd: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'LkJBkdnhL-tpa.dwl.dnswl.org' (likely DNS spoofing or BL internal issues) HOT 3
- feat: providing existing certificate for `imaps`, `pop3s`, `smtps`(465), and `starttls`(587), etc HOT 4
- No rate limit internal email? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.