Skip to Content
Last modified by Alexandru Pentilescu on 2025/02/09 14:17
From version 11.1
edited by Alexandru Pentilescu
on 2024/05/19 14:43
Change comment: There is no comment for this version
To version 12.1
edited by Alexandru Pentilescu
on 2024/05/19 14:48
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -184,17 +184,6 @@
184 184  
185 185  From that, the only genuinely relevant changes that need to be highlighted are the last two lines (i.e. the "Restart" and "RestartSec" assignments). These tell systemd that that, in the event that the service gets killed due to an abnormality (i.e. it receives a SIGKILL system because it is running low on RAM), to automatically restart it. The second rule (i.e. "RestartSec"), tells it to wait an entire second before performing the restart, so that it gives the system the chance to finish whatever it was doing.
186 186  
187 -= Troubleshooting issues with Postfix reachability from docker containers=
188 -If whichever docker container you're currently running doesn't seem to connect to 172.17.0.1 and its image contains the ping utility pre-installed in it, you can attach your current terminal session into that container and access it via "docker exec -it <docker_container_id> /bin/bash" and then simply issuing a "ping 172.17.0.1" to send ICMP echo packets to your SMTP server from inside the container itself. If there are replies, this means the container can reach your local Postfix server so the problem is most likely from Postfix dropping the requests intentionally. Alternatively, this could be a firewall misconfiguration problem but this has never happened to me before, although I recognize that it may be theoretically possible.
189 -
190 -To further validate this, issue the following command to see the last log error reports from Postfix, including the notifications of rejected requests:
191 -
192 -{{code language="bash"}}
193 -sudo cat /var/log/mail.log
194 -{{/code}}
195 -
196 -Note, you need sudo privileges to read the mail.log file, as it is owned by the syslog user and it has restricted reading privileges.
197 -
198 198  = Opening up port 587 for SMTP traffic =
199 199  Certain services refuse to accept STARTTLS traffic on port 25, as is open, by default, on Postfix (looking at you, Gitea). To account for them, we must open port 587 to attain this. To do so, we must open the master.cf configuration file (mine was under "/etc/postfix/master.cf") and add the following line:
200 200  
... ... @@ -224,7 +224,25 @@
224 224  
225 225  to delete the firewall rules that allow full access to port 25. This solved an issue where Google would spam my Gmail inbox with unnecessary garbage because it was trying to relay bounced email notifications to me, which was highly annoying to say the least.
226 226  
227 -Please note, though, that
216 += Troubleshooting issues with Postfix reachability from docker containers=
217 +If whichever docker container you're currently running doesn't seem to connect to 172.17.0.1 or to mail.transistor.one and its image contains the ping utility pre-installed in it, you can attach your current terminal session into that container and access it via "docker exec -it <docker_container_id> /bin/bash" and then simply issuing a "ping 172.17.0.1" to send ICMP echo packets to your SMTP server from inside the container itself. If there are replies, this means the container can reach your local Postfix server so the problem is most likely from Postfix dropping the requests intentionally. Alternatively, this could be a firewall misconfiguration problem but this has never happened to me before, although I recognize that it may be theoretically possible.
218 +
219 +To further validate this, issue the following command to see the last log error reports from Postfix, including the notifications of rejected requests:
220 +
221 +{{code language="bash"}}
222 +sudo cat /var/log/mail.log
223 +{{/code}}
224 +
225 +Note, you need sudo privileges to read the mail.log file, as it is owned by the syslog user and it has restricted reading privileges.
226 +
227 +Finally, to get further in depth into this matter, you can run:
228 +
229 +{{code language="bash"}}
230 +docker run --rm busybox telnet mail.transistor.one:587
231 +{{/code}}
232 +
233 +To see if port 587 on localhost is reachable from within a docker container. If it is, this utility should be able to confirm it. Otherwise it will print an error message.
234 +
228 228  = Wrapping it up=
229 229  That's it! As soon as you finish editing the main configuration file, please remember to restart the Postfix service afterwards so that the changes can take effect immediately (or reboot the machine).
230 230