Skip to content

Instantly share code, notes, and snippets.

View CurlyMoo's full-sized avatar

CurlyMoo

36 followers · 0 following
View GitHub Profile
@CurlyMoo
CurlyMoo / gist:b383afbf92b21ce634bf1628c318b2b1
Last active April 16, 2025 20:02
Mailcow in a rootless docker

The quirks I encountered when installing mailcow in a rootless docker instance.

The issues below took me way to long to find a solution for, so I hope it will help others.

Passing real IP's

By default, a rootless docker instance doesn't allow passing the real IP's to the docker containers, instead the IP of network bridge is communicated. In case of docker this is 172.22.1.1. This is annoying in NGINX because you don't know where your visitors came from, but dangerous in mailcow installations. Because of this, all connections to Postfix will be considered as coming from the internal mailcow network and thus considered safe. The Postfix installation has now become an openrelay. This means that everyone connecting to port 25 can send emails through your mailcow instance. Which spammers will very soon do.

The only solution for this (as well for NGINX) is putting Postfix behind a HAProxy installation. HAProxy can add a header to each TCP-package in which the real IP is encapsulated. Postfix can be conf

@CurlyMoo
CurlyMoo / start.ino
Created April 12, 2021 19:52
Rules library implementation
//Flash ide size: 4194304 bytes
//Flash ide speed: 40000000 Hz
//Flash ide mode: DIO
//Flash Chip configuration ok.
#include <FS.h>
#include <stdlib.h>
#include <sys/time.h>
#include <time.h>
@CurlyMoo
CurlyMoo / block.sh
Last active September 25, 2023 09:02
Mailcow: Automatically add ip to blocklist
#
# Add this file in your crontab. If there was a failed login, the ip
# address will be automatically added to the mailcow blocklist.
#
# I use mailcow in a personal setup so i only have one ip to be
# permanently allow listed.
#
# Update 19-08-2022
# - Only check the IP's of the last hour (run hourly)
# - Only block IP's that have been blocked for 5 or more times