Comments (4)
Hello,
nginx is used smtp/imap/pop3. It preserves the originating IP. I run exactly this setup and it's not an open relay. Check that the original IP is in nginx logs. If not, your k8s setup is somehow broken.
from helm-charts.
@micw which CNI are using? Maybe the problem is specific to flannel.
from helm-charts.
@micw the problems seems to happen when kube-proxy is configured with iptables mode instead of ipvs. don't know if we have a way to prevent that, but we should definitely document it and tell people how to test if they operate an open relay. since this can severely impact IP/RANGE score...
from helm-charts.
I use canal with default setup (as provided by rancher2).
If your CNI makes your pods see internal IPs for external traffic, it should be considered seriously broken. With mail, you see consequences very directly (spam, bad reputation) but such an issue would also affect other services that rely on ip information (e.g. any rate-limiting stuff, session security of several applications).
Nevertheless, IMO that's not a bug in mailu or the helm chart. It needs to be fixed in the CNI config.
from helm-charts.
Related Issues (20)
- Admin hangs at migration after upgrade from 2.0.28 to 2.0.29 HOT 13
- [BUG] Authentication credentials invalid HOT 10
- mailu 2.0.30 admin container not starting - mail redirected to legacy setup and seemingly missing due to misconfiguration HOT 14
- Freshclam on K8S HOT 6
- relay abuse through SRS HOT 6
- [BUG] Admin service crashes when creating a new user HOT 2
- [BUG] Changes to immutable labels prevent migrations to newer chart versions HOT 5
- [BUG] Default configuration disables outbound TLS of Postfix HOT 3
- fix(admin): relation "domain" does not exist for postgres HOT 1
- treafik support HOT 2
- [BUG] rspamd: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'LkJBkdnhL-tpa.dwl.dnswl.org' (likely DNS spoofing or BL internal issues) HOT 3
- feat: providing existing certificate for `imaps`, `pop3s`, `smtps`(465), and `starttls`(587), etc HOT 4
- No rate limit internal email? HOT 3
- Error: failed to prepare subPath for volumeMount "data" of container HOT 2
- [BUG] global.storageClass is not applied to single_pvc HOT 2
- [BUG] externalRedis,No password attribute HOT 4
- mailu-front: using reloader on k8s HOT 4
- Whenever I restart my kubernetes cluster running mailu my user accounts are lost. HOT 1
- [BUG] Using an external MariaDB database causes admin pod to fail starting HOT 1
- Hostname Test fails for valid domain 123_123_123_123.example.org HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.