Problem with access to admin panel

Comments (8)

1. 

   SB

   Could webmail on same server IP with failed logins cause this?

   • 2019-07-04T21:51:42+00:00
2. 

   Андрій Кісіль

   When it block access to the admin panel, web access to webmail around roundcube is available.

   I remove REDIS DB file, restart docker and get access to web panel. How to fix?

   • 2019-07-05T07:35:19+00:00
3. 

   Alexander

   I suspect you have setup docker as bridge, but not as host network (see: https://poste.io/doc/network-schemes) If you setup as bridge, all you connections are seen as coming from your proxy ip 172.17.0.1. If for some reason you are unable to run your docker in host mode, you should disable connection blocking in docker to avoid your issue; you do that in “System Settings” → “Advanced” → “Connection blocking”

   • 2019-07-08T07:33:55+00:00
4. 

   Андрій Кісіль

   How to run docker with net=host. I get error.

   docker run \

   ‌ -p 25:25 \

   ‌ -p 5080:80 \

   ‌ -p 5083:443 \

   ‌ -p 143:143 \

   ‌ -p 465:465 \

   ‌ -p 587:587 \

   ‌ -p 993:993 \

   ‌ -p 4091:4091 \

   ‌ -v /etc/localtime:/etc/localtime:ro \

   ‌ -v /volume4/docker/mail:/data \

   ‌ -t analogic/poste.io \

   ‌ --network = host

   • 2019-07-08T11:37:23+00:00
5. 

   Alexander

   -p argument in host mode is not correct, try:

   docker run \
     --net=host \
     -v /etc/localtime:/etc/localtime:ro \
     -v /volume4/docker/mail:/data \
     --name "mailserver" \
     -h "mail.example.com" \
     -t analogic/poste.io
   

   • 2019-07-08T11:47:43+00:00
6. 

   Tony Bogdanov

   Is there any way to remove this blacklisting feature altogether, or at least supress it for certain IP subnets?

   We are running poste.io as our mail server of choice in a DigitalOcean managed Kubernetes environment, where it is running behind an NGINX reverse proxy. This means that all traffic is routed with the node’s IP listed as source, since source IP spoofing seems impossible (to the extent of my knowledge).

   A temporary solution is to evict the server’s pod and have it moved to another node, but we do need a better and more permanent solution, and I don’t really want to open a node port.

   Any ideas?

   EDIT

   I’m not sure yet, but I think I found the solution, there’s a setting under Settings / Advanced / Connection blocking, which is enabled by default. I’ve disabled it and now I hope it will fix this for me.

   Alternatively, clearing the redis entries like this seems to fix it:

   ‌

   redis-cli --scan --pattern "stats|blacklist|*" | xargs redis-cli del
   redis-cli --scan --pattern "guard|*" | xargs redis-cli del
   

   ‌

   • 2020-09-17T06:23:25+00:00
7. 

   Andres Jalinton

   Same issue here, I was trying to access my admin panel and since all IPv6 addresses shows as 172.17.0.1 someone trying to brute force the password banned all access unless you access throw IPv4.

   This also affects SMTP connections so I can’t send emails from IPv6 addresses.

   There should be rule not to block local IPs.

   ‌

   • 2023-09-22T20:15:09+00:00
8. 

   SH repo owner

   • changed status to resolved

   fix #674 allow all local proxies

   → <<cset 3672cfd72e12>>

   • 2023-11-30T10:34:07+00:00
9. Log in to comment