- edited description
Running two instances of poste.io on a single host with secondary ip address
Hey!
I’ve been running a single instance of poste.io w/o any issues (even now it is running fine and passing all DKIM/SPF-checks at https://www.appmaildev.com/de/dkim).
Recently, I wanted to move my secondary email to the same server and therefore bound a dedicated, second ip address to said server.
The docker-compose.yml
which I use (along with nginx, jwilder/docker-gen, jrcs/letsencrypt-nginx-proxy-companion):
mailserver:
image: analogic/poste.io
container_name: mailserver
restart: always
ports:
- "1.2.3.4:25:25"
- "1.2.3.4:110:110"
- "1.2.3.4:143:143"
- "1.2.3.4:465:465"
- "1.2.3.4:587:587"
- "1.2.3.4:993:993"
- "1.2.3.4:995:995"
volumes:
- 'mailserver-data:/data'
- 'nginx-well-known:/opt/www/.well-known'
- /etc/localtime:/etc/localtime:ro
environment:
HTTPS: "OFF"
VIRTUAL_HOST: mail.myhost.com
LETSENCRYPT_HOST: mail.myhost.com
LETSENCRYPT_EMAIL: letsencrypt@myhost.com
mailserver-space:
image: analogic/poste.io
container_name: mailserver-space
restart: always
ports:
- "5.6.7.8:25:25"
- "5.6.7.8:110:110"
- "5.6.7.8:143:143"
- "5.6.7.8:465:465"
- "5.6.7.8:587:587"
- "5.6.7.8:993:993"
- "5.6.7.8:995:995"
volumes:
- 'mailserver-data-space:/data'
- 'nginx-well-known:/opt/www/.well-known'
- /etc/localtime:/etc/localtime:ro
environment:
HTTPS: "OFF"
VIRTUAL_HOST: mail.mynewhost.com
LETSENCRYPT_HOST: mail.mynewhost.com
LETSENCRYPT_EMAIL: letsencrypt@myhost.com
But, when running above mentioned SPF-test, it tells me that the ip address used to send an email from mailserver-space
is the one which mailserver
should use (so both containers use 1.2.3.4
). Is there any way to bind the seconday ip address 5.6.7.8
to the second container?
Also, the source of the received email only contains the primary ip address, so the 5.6.7.8
is not used in any way.
Thanks.
Comments (5)
-
reporter -
reporter https://github.com/dirtsimple/poste.io seems to fix some issues concerning binding of addresses but is rather old and outdated. I’m not sure if that fixes my problem, anyways
-
repo owner - changed status to closed
Sadly Docker have no control over outbound IP address. There is way how to do it, but not an easy one.
Generally you need to create new docker network and masquerade all traffic with iptables from that subnet.
Please see https://github.com/moby/moby/issues/30053#issuecomment-283674682
-
FYI, I’ve recently updated https://github.com/dirtsimple/poste.io to use analogic/poste.io v2.2.2, so if you want to try it out I’d love to get your feedback. I’ve also just put through PRs to Haraka and one of its plugins to support unix sockets so that hopefully the rest of my changes can go upstream to analogic without needing to monkeypatch anything.
You would need to use host-mode networking, though; the docker-compose would look something like:
# Assumes mail.myhost.com -> 1.2.3.4, mail.mynewhost.com -> 5.6.7.8 version: "2.3" services: mailserver: image: dirtsimple/poste.io:2.2.2 restart: always hostname: mail domainname: myhost.com network_mode: host volumes: - 'mailserver-data:/data' - /etc/localtime:/etc/localtime:ro mailserver-space: image: dirtsimple/poste.io:2.2.2 restart: always hostname: mail domainname: mynewhost.com network_mode: host volumes: - 'mailserver-data-space:/data' - /etc/localtime:/etc/localtime:ro
Since each container has its own IP for web service, they can handle their own letsencrypt processing, and don’t need to go through your reverse proxy. With this configuration, each mail server should send mail strictly from its own IP.
-
reporter Thank you for you help! I got it to work, that’s awesome :)
- Log in to comment