1. SH Avatar SH
  2. Untitled project
  3. MailServer
  4. Issues

Disable automatic blocking

Issue #345 resolved
Alexander created an issue

I have the issue that the the IP 172.17.0.1 gets automatically blocked periodically and this results in blocking all emails in and out to my poste pro v2.07 pro installation. I did not have this issue in v2.06 pro

  • Is there a way to disable automatic blocking?
  • Why are all connections listed as being from 172.17.0.1 an not from their real public IP ?

Comments (7)

  1. Alexander reporter

    Ok, I think I've found how to disable the autoblock function, it's configured in /opt/haraka-smtp/config/block_bad_connections.ini

  2. Alexander reporter

    Still have the issue that original ips are not listed, but only the proxied ip of docker

  3. SH repo owner

    Plugin block_bad_connections counts wasted SMTP connections. It means that any connection which ends without sending email is counted and if counter hits treshold host get blocked.

    With "all connections" you mean at users log or really all connections including SMTP ones? Do you have some non-common docker setup? Custom firewall with nating?

  4. Alexander reporter

    I have docker in bridge mode. With all connections I mean all connections incl. smtp ones. So any connection is seen as from 172.17.0.1. This is why blocking 172.17.0.1 is so fatal ...

    Unfortunately, 172.17.0.1 still got blocked over night, so my question still is: where can I disable autoblocking? Setting value to false in /opt/haraka-smtp/config/block_bad_connections.ini did not seem to work!

  5. Alexander reporter

    Ok, I think I need to disable it in the following file as well: /opt/haraka-submission/config/block_bad_connections.ini

  6. SH repo owner

    I am more worried about "real" IP issue. It causes block_bad_connections plugin working bad and it is kind of miracle you have not hit issue before because there are other plugins working with counters per IP (spamfilter, ralay, karma...). I would definitely recommend to try solve IP issue first.

    Thing is that container itself is not modifiing IP headers itself so it fully depends on what host system deliver to him. Thats why I am asking what is your docker setup and afaik default bridge mode should not work as you describe - it seems that you have something like masquerade for docker subnets.

  8. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!