Demo setup with defaults does not work

[XenonR]

Describe the bug
Demo setup with default settings is unable to produce a working environment on a fresh OS isntallation.

To Reproduce

• Install fresh debian 11 (netinst)
• apt install docker docker-compose git
• git clone ...
• cd kopano-docker
• ./setup.sh (All default options)
• docker-compose up

Expected behavior
Working demo environment. But website is not accessible.

Logs
I assume the culprit is somehow this:

mail_1              | Error: sed -i /^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org// /etc/postfix/main.cf
mail_1              | [ WARNING ]  No DKIM key provided. Check the documentation on how to get your keys.
mail_1              | Nameservers 127.0.0.11
mail_1              | [  FATAL  ]  TLS Setup [SSL_TYPE=self-signed] | File /tmp/docker-mailserver/ssl/mail.kopano.demo-key.pem or /tmp/docker-mailserver/ssl/mail.kopano.demo-cert.pem does not exist!
mail_1              | [  ERROR  ]  Shutting down..
mail_1              | 2022-08-20 12:40:37,577 WARN received SIGTERM indicating exit request
kopano_spooler_1    | 2022/08/20 12:40:39 Waiting for tcp://mail:25: dial tcp 172.20.0.4:25: connect: connection refused.

Full logs
Mailserver log

[XenonR]

root@debian:~# docker version
Client:
 Version:           20.10.5+dfsg1
 API version:       1.41
 Go version:        go1.15.15
 Git commit:        55c4c88
 Built:             Mon May 30 18:34:49 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.5+dfsg1
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.15.15
  Git commit:       363e9a8
  Built:            Mon May 30 18:34:49 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.13~ds1
  GitCommit:        1.4.13~ds1-1~deb11u2
 runc:
  Version:          1.0.0~rc93+ds1
  GitCommit:        1.0.0~rc93+ds1-5+deb11u2
 docker-init:
  Version:          0.19.0
  GitCommit:

root@debian:~# docker-compose version
docker-compose version 1.25.0, build unknown
docker-py version: 4.1.0
CPython version: 3.9.2
OpenSSL version: OpenSSL 1.1.1n  15 Mar 2022

[DFS-90]

Same setup, same error. I can confirm that bug.

[zokradonh]

It looks like SSL_TYPE=self-signed is not supported on docker-mailserver anymore. At least since docker-mailserver/docker-mailserver@c851f5b

The new alternative seems to be SSL_TYPE=snakeoil for testing purposes.

Please change docker-compose.mail.yml SSL_TYPE to snakeoil and test if demo setup is now running.

[XenonR]

Yes, by changing that line the mailserver is able to start up and the spooler is able to connect. I can access the webpage.

kopano_spooler_1    | 2022/08/24 13:21:21 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1    | 2022/08/24 13:21:22 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1    | 2022/08/24 13:21:23 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
mail_1              | Aug 24 13:21:24 mail postfix/master[2339]: daemon started -- version 3.5.6, configuration /etc/postfix
mail_1              | Aug 24 13:21:24 mail postfix/pickup[2342]: 44D83141192: uid=0 from=<root>
mail_1              | Aug 24 13:21:24 mail postfix/cleanup[2346]: 44D83141192: message-id=<[email protected]>
mail_1              | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signing table match for '[email protected]'
mail_1              | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signature data
mail_1              | Aug 24 13:21:24 mail postfix/qmgr[2343]: 44D83141192: from=<[email protected]>, size=729, nrcpt=1 (queue active)
kopano_spooler_1    | 2022/08/24 13:21:24 Ready: tcp://mail:25.
kopano_spooler_1    | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 0)
mail_1              | Aug 24 13:21:24 mail postfix/postscreen[2362]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=0 dropped=0 entries
mail_1              | Aug 24 13:21:24 mail postfix/postscreen[2362]: CONNECT from [172.20.0.7]:44952 to [172.20.0.3]:25
mail_1              | Aug 24 13:21:24 mail postfix/postscreen[2362]: WHITELISTED [172.20.0.7]:44952
kopano_spooler_1    | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 999)
mail_1              | Aug 24 13:21:24 mail postfix/smtpd[2363]: connect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1              | Aug 24 13:21:24 mail opendmarc[1126]: ignoring connection from kopano_kopano_spooler_1.kopano_kopano-net
mail_1              | Aug 24 13:21:24 mail postfix/smtpd[2363]: lost connection after CONNECT from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1              | Aug 24 13:21:24 mail postfix/smtpd[2363]: disconnect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7] commands=0/0

docker-compose.mail.yml as copy&paste for convinience:

version: "3.5"

services:
  mail:
    image: mailserver/docker-mailserver:10
    restart: unless-stopped
    hostname: mail # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
    domainname: ${LDAP_DOMAIN}
    container_name: ${COMPOSE_PROJECT_NAME}_mail
    ports:
      - "${SMTPPORT:-25}:25"
      - "${SMTPSPORT:-465}:465"
      - "${MSAPORT:-587}:587"
    volumes:
      - maildata:/var/mail
      - mailstate:/var/mail-state
      - maillogs:/var/log/mail
      - mtaconfig:/tmp/docker-mailserver/
    environment:
      - DMS_DEBUG=0
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_LDAP=1
      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
      - ENABLE_POSTGREY=1
      - ENABLE_SASLAUTHD=1
      - ENABLE_SPAMASSASSIN=1
      - LDAP_BIND_DN=${LDAP_BIND_DN}
      - LDAP_BIND_PW=${LDAP_BIND_PW}
      - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
      - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
      - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
      - LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
      - LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
      - LDAP_SERVER_HOST=${LDAP_SERVER}
      - ONE_DIR=1
      - PERMIT_DOCKER=connected-networks
      - POSTFIX_DAGENT=lmtp:kopano_dagent:2003
      - PFLOGSUMM_TRIGGER=logrotate
      - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
      - SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
      - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
      - SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
      - SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
      - SASLAUTHD_LDAP_SERVER=${LDAP_HOST}
      - SASLAUTHD_MECHANISMS=rimap
      - SASLAUTHD_MECH_OPTIONS=kopano_gateway
      - SMTP_ONLY=1
      - SPAMASSASSIN_SPAM_TO_INBOX=1
      - SSL_TYPE=snakeoil
      - TZ=${TZ}
    env_file:
      - mail.env
    networks:
      - kopano-net
    # dns: 1.1.1.1  # using Google DNS can lead to lookup errors uncomment this option and
    # set to the ip of a trusted dns service (Cloudflare is given as an example).
    # See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE

  kopano_spooler:
    depends_on:
      - mail

volumes:
  maildata:
  mailstate:
  maillogs:
  mtaconfig:

And .env generated by setup.sh, just in case, as reference:

# please consult https://github.com/zokradonh/kopano-docker
# for possible configuration values and their impact
CORE_VERSION=latest
WEBAPP_VERSION=latest
ZPUSH_VERSION=latest
KONNECT_VERSION=latest
KWM_VERSION=latest
MEET_VERSION=latest
KDAV_VERSION=latest
KAPPS_VERSION=latest

LDAP_CONTAINER=kopano_ldap_demo
LDAP_ORGANISATION="Kopano Demo"
LDAP_DOMAIN=kopano.demo
LDAP_BASE_DN=dc=kopano,dc=demo
LDAP_SERVER=ldap://ldap:389
LDAP_HOST=ldap:389
LDAP_ADMIN_PASSWORD=P05ZPCijJtslpv2xPhEE4olNUeUH7mnE
LDAP_READONLY_USER_PASSWORD=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_BIND_DN=cn=readonly,dc=kopano,dc=demo
LDAP_BIND_PW=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_SEARCH_BASE=dc=kopano,dc=demo

# LDAP query filters
LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=*@%s)))
SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))

# LDAP user password self-service reset settings
SELF_SERVICE_SECRETEKEY=V339QJmge49oxXlaUuQ3LHCOte67O49W
SELF_SERVICE_PASSWORD_MIN_LENGTH=5
SELF_SERVICE_PASSWORD_MAX_LENGTH=0
SELF_SERVICE_PASSWORD_MIN_LOWERCASE=0
SELF_SERVICE_PASSWORD_MIN_UPPERCASE=0
SELF_SERVICE_PASSWORD_MIN_DIGIT=1
SELF_SERVICE_PASSWORD_MIN_SPECIAL=1

# switch the value of these two variables to use the activedirectory configuration
KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg

MYSQL_HOST=db
MYSQL_ROOT_PASSWORD=4OII0t4bPkReacmEVUbY86xREN5dkbUm
MYSQL_USER=kopano
MYSQL_PASSWORD=ZBlaDovYP9RyGcDxgBTjIwEKadm3kmVw
MYSQL_DATABASE=kopano

KCCONF_SERVER_SERVER_NAME=Kopano

[email protected]
MAILBOXLANG=en_US.UTF-8
TZ=Europe/Berlin

# Defines how Kopano can be accessed from the outside world
FQDN=kopano.demo
FQDNCLEANED=kopano.demo
DEFAULTREDIRECT=/webapp
EMAIL=self_signed
CADDY=2015
HTTP=80
HTTPS=443
LDAPPORT=389
SMTPPORT=25
SMTPSPORT=465
MSAPORT=587
IMAPPORT=143
ICALPORT=8080
KOPANOPORT=236
KOPANOSPORT=237

# Settings for test environments
INSECURE=yes

# Docker and docker-compose settings
# Docker Repository to push to/pull from
docker_repo=zokradonh
COMPOSE_PROJECT_NAME=kopano
COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:docker-compose.ldap.yml:docker-compose.mail.yml

# Modify below to build a different version, than the Kopano nightly release
# credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
#KOPANO_KAPPS_REPOSITORY_URL=https://download.kopano.io/supported/kapps:/master/Debian_10/
#KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
#KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/pre-final/Debian_10/
#KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://download.kopano.io/supported/mdm:/final/Debian_10/
#KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
#KOPANO_WEBAPP_SMIME_REPOSITORY_URL=https://download.kopano.io/supported/smime:/final/Debian_10/
#KOPANO_ZPUSH_REPOSITORY_URL=https://download.kopano.io/zhub/z-push:/final/Debian_10/
#DOWNLOAD_COMMUNITY_PACKAGES=0

# Remove this variable to not push versioned containers with the :latest tag
PUBLISHLATEST=yes

# Additional packages to install
ADDITIONAL_KOPANO_PACKAGES=""
ADDITIONAL_KOPANO_WEBAPP_PLUGINS=""

Thanks.

[BMWfan]

thanks for the workarround. is it normal that the container kopano_kopano_ssl_1 cannot be started?
docker logs of this container shows only the following:

errexit         on
noglob          off
ignoreeof       off
monitor         off
noexec          off
xtrace          off
verbose         off
noclobber       off
allexport       off
notify          off
nounset         on
vi              off
pipefail        off
SSL certs:
-rw-r--r--    1 root     root          3054 Aug 31 06:51 /kopano/ssl/admin.pem
-rw-r--r--    1 root     root          1338 Aug 31 06:51 /kopano/ssl/ca.pem
-rw-r--r--    1 nobody   nobody         227 Sep  1 08:27 /kopano/ssl/ecparam.pem
-rw-r--r--    1 root     root           129 Aug 31 06:51 /kopano/ssl/kapid-pubs-secret.key
-rw-r--r--    1 root     root            32 Aug 31 06:51 /kopano/ssl/konnectd-encryption.key
-rw-r--r--    1 nobody   nobody         491 Sep  1 08:27 /kopano/ssl/konnectd-identifier-registration.yaml
-rw-r--r--    1 root     root          3272 Aug 31 06:51 /kopano/ssl/konnectd-tokens-signing-key.pem
-rw-r--r--    1 root     root          3082 Aug 31 06:51 /kopano/ssl/kopano_dagent.pem
-rw-r--r--    1 root     root          3086 Aug 31 06:51 /kopano/ssl/kopano_monitor.pem
-rw-r--r--    1 root     root          3090 Aug 31 06:51 /kopano/ssl/kopano_search.pem
-rw-r--r--    1 root     root          3086 Aug 31 06:51 /kopano/ssl/kopano_server.pem
-rw-r--r--    1 root     root          3098 Aug 31 06:51 /kopano/ssl/kopano_server_2.pem
-rw-r--r--    1 root     root          3090 Aug 31 06:51 /kopano/ssl/kopano_spooler.pem
-rw-r--r--    1 root     root          3086 Aug 31 06:51 /kopano/ssl/kopano_webapp.pem
-rw-r--r--    1 nobody   nobody         227 Sep  1 08:27 /kopano/ssl/meet-kwmserver.pem
Client public keys:
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/admin-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_dagent-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_monitor-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_search-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_server-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_server_2-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_spooler-public.pem
-rw-r--r--    1 root     root           451 Aug 31 06:51 /kopano/ssl/clients/kopano_webapp-public.pem   

[zokradonh]

It starts successfully and fullfills its job to create the certificates if they don't exist. Afterwards it closes immediately. This is normal.