Okay. I used the setup config generator from mailu, then commented all ipv4 ports (changed the http for my reverse proxy on an other machine) and then exposed the ipv6 ports on :: as advised in the documentation for running accessible for the internet.
This causes the the front to identify all incoming emails as internal (from a ipv4 (?!?) address within the private subnet) and relays them without further checking!
Yeah I know there are some problems at the moment with ipv6 - but this should be CLEARLY STATED inside the documentation!
Workaround: Comment SUBNET6 and the subnet part for ipv6 (and enable_ipv6) from docker-compose. Also allow all from the internet accessible ports only to listen on 0.0.0.0 (by modifying the port expose statement).
Simonmicro
All 5 comments
Hi There,
The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.
To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.
In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).
- 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
- 🎉 if you find it a nice bonus, but no deal-breaker
- 🚀 if you want to work on it yourself!
We want to keep this voting open for 2 weeks from now, so please help out!
Nebukadneza
on 18 Aug 2020
@Simonmicro There is a clear warning if you pick the ipv6 configuration:
What else would you like to see, or what do you think would help even more to highlight this?
liquidat
on 27 Aug 2020
Hmm, I had read that and also read the FAQ section. Maybe it would be a good idea to append to...
The userland proxy, however, seems to be on its way out (docker/docker#14856) and has various issues, like:
A note that this ip-address-rewriting causes explicitly an open relay. I know this is not much, but I could also life with a big, fat warning in that list (:grin:)? Because, at least for me, it was not clear on the first reading what the ip-rewriting means: An open relay...
To be more specific: The current list details the issues caused by ipv6, but not the resulting effect clearly enough.
Simonmicro
on 27 Aug 2020
Hm, sounds reasonable to me. Would you mind doing a small PR to show how you think it would best be phrased? Your perspective might find the best approach to position this clear enough. Sometimes people close to the code can be too "blind" to spot such things.
liquidat
on 31 Aug 2020
I have currently not a lot of time - but I will sit down and implement what I suggested in the next days... :sweat:
Simonmicro
on 3 Sep 2020
Related issues
elektro-wolle
·
3Comments
styxlab
·
4Comments
chrisch-hh
·
4Comments
micw
·
4Comments
Yermo
·
3Comments
Most helpful comment
Hi There,
The
Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.To help with that, we are currently trying to find out which issues are actively keeping users from using
Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).
We want to keep this voting open for 2 weeks from now, so please help out!