TLS error on connection from (localhost.localdomain) [172.17.0.2]

unsupported-install

(Bruce Bates) #1

I have NO idea how to fix this. I get these errors from exim when trying to send emails from discourse. It is connecting fine, but not about to send.

Exim errors:

2018-10-19 00:07:41 no host name found for IP address 172.17.0.2
2018-10-19 00:07:44 no host name found for IP address 172.17.0.2
2018-10-19 00:07:44 TLS error on connection from (localhost.localdomain) [172.17.0.2] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.

When running discourse-doctor it returns:

For a robust test, get an address from http://www.mail-tester.com/
Sending mail to REDACTED  . .
Testing sending to president@marketers.coop using president@marketers.coop:*******@smtp.marketers.coop:587.
SMTP server connection successful.
Sending to president@marketers.coop. . .
Sending mail failed.

(boredomdenied) #2

It looks like you’re missing a PTR record. Might want to run mail-tester and see what it turns up


(Bruce Bates) #3

Nothing that I can see.

-0.1	DKIM_SIGNED	Message has a DKIM or DK signature, not necessarily valid
This negative score will become positive if the signature is validated. See immediately below.
0.1	DKIM_VALID	Message has at least one valid DKIM or DK signature
Great! Your signature is valid
0.1	DKIM_VALID_AU	Message has a valid DKIM or DK signature from author's domain
Great! Your signature is valid and it's coming from your domain name
-1.985	PYZOR_CHECK	Similar message reported on Pyzor (http://pyzor.org)
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (http://public.pyzor.org/whitelist/)
0.001	SPF_HELO_PASS	SPF: HELO matches SPF record
0.001	SPF_PASS	SPF: sender matches SPF record
Great! Your SPF is valid
0.01	T_RP_MATCHES_RCVD	Envelope sender domain matches handover relay domain

The only real “potential problem” is that it reports:

Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.

Your IP address  **192.227.210.138**  is associated with the domain  **mail.marketers.coop** .
Nevertheless your message appears to be sent from  **marketers.coop** .

You may want to publish a pointer (PTR type) DNS record with a value of  **marketers.coop**  or use  **mail.marketers.coop**  as hostname in your mail software

Here are the tested values for this check:

* IP: 192.227.210.138
* HELO: marketers.coop
* rDNS: mail.marketers.coop

(boredomdenied) #4

Try this:


(Stephen) #5

Can you elaborate on your setup?

Was it built using our documentation and configured to use one of the recommended mail providers?


(Bruce Bates) #6

I am using my own dedicated server with exim (and dovecot)

I followed the documentation on discourse/INSTALL-cloud.md at master · discourse/discourse · GitHub

and then set it up by modifying containers/app.yml

and launching

./launcher bootstrap app

I did not use recommended mail providers as I already have my own servers and it looks more professional when the mail comes from the same domain as the site is being hosted on.


(Bruce Bates) #7

@boredomdenied I have no idea where or what that file is :stuck_out_tongue:


(Stephen) #8

You can use any of the named providers to relay email from your domain.

The big reason we recommend those services is because they are both experts in deliverability and work pretty much flawlessly. The assumption is that you take responsibility for your own mail server if you opt to run one.


(boredomdenied) #9

It’s a script. I’m referring to your exim server. I’m assuming it’s on the same host as your docker/discourse.

This was required to run discourse on a server which also used exim as it’s mail service as of two years ago. No guarantees for 2018. Add the docker IP (172.17.0.2) and use the docker subnet for the dc_relay_nets


(Bruce Bates) #10

The script was not an option for me. Exim is custom installed and working with dozens of different domain names and using the script would have put files in all sorts of wrong places and changed configurations in various ways that would have broken my server.

Instead what I did was:

#edit /etc/hosts
172.17.0.2      localhost.localdomain marketers.coop

then

#added to my dns
mail._domain...TXT "v=DKIM1; k=rsa; p={my rsa key}"
_domainkeyTXT "t=y; o=~;"
_dmarcTXT "v=DMARC1; p=none"
@TXT "v=spf1 a mx ip4:172.17.0.2 ~all"
@MX10 172.17.0.2.
imap A 172.17.0.2
pop A 172.17.0.2
smtp A 172.17.0.2

then

ls -s /etc/exim4/domains/localhost.localdomain /path/to/my/domain/exim_files

finally

#edit containers/app.yml
DISCOURSE_SMTP_ENABLE_START_TLS: false

After all the above steps were done it started working (and yes I did try TLS false from the start but it still failed with auth denied from 172.17.0.2)

Happy to say, my mails are now being delivered from the script.