PERMIT_DOCKER=none doesn't appear to enforce authentication when running a rootless container?
#4685
-
|
Hey y'all, I've had some issues recently with my Podman Quadlets setup where I've been receiving random emails from my own server... so I checked for an open relay (just basic For context, I'm running Ubuntu 24.04 (so still Podman 4), with the network driver set to |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
I think more information would need to be provided to reproduce. It is unclear why the information provided below wouldn't apply. Ensure that the container is properly recreated (not just restarted) if you're changing settings and want to ensure that they're correctly applied. When changing ENV this should imply a new container is setup, but you may need to verify that's the case when that ENV is provided via a In this case Additionally:
Just to clarify. Port 25 should allow accepting mail without authentication, but it forbids relaying. Only mail for a mail domain DMS knows about will be accepted for delivering locally or forwarding. Ports 587/465 are submission ports to send mail internally or outbound, which will allow you to send with whatever sender address you choose (it will be rejected if you are not actually authorized by DNS), and to whatever recipient address you choose. Podman support is best effort by community, and our Quadlet config advice I think has only had a first pass and may be incomplete. As for
docker-mailserver/target/scripts/startup/setup.d/networking.sh Lines 45 to 48 in cb76075 docker-mailserver/target/scripts/startup/setup.d/networking.sh Lines 29 to 32 in cb76075 As you can see the logic will ensure that For other settings the interface does need to get detected correctly, but as the linked issue on the feature notes, some of the current settings don't really cover IP ranges as expected (with some assumptions based on Docker network defaults): docker-mailserver/target/scripts/startup/setup.d/networking.sh Lines 16 to 27 in cb76075 DMS does have the following policy set for Postfix restrictions, docker-mailserver/target/postfix/main.cf Lines 55 to 59 in cb76075 docker-mailserver/target/postfix/main.cf Lines 70 to 75 in cb76075 |
Beta Was this translation helpful? Give feedback.
I think more information would need to be provided to reproduce. It is unclear why the information provided below wouldn't apply.
Ensure that the container is properly recreated (not just restarted) if you're changing settings and want to ensure that they're correctly applied. When changing ENV this should imply a new container is setup, but you may need to verify that's the case when that ENV is provided via a
.envfile.In this case
PERMIT_DOCKER=noneis already the default. Within the container theenvcommand should also show the ENV is set (bash shell), or you can see the ENV that DMS has resolved (with defaults) stored at/etc/dms-settings.Additionally:
mynet…