1. docker-mailserver SSL alert number 42
I was getting following error after setting up TLS certificates in docker-mailserver after setting it up with letsencrypt:
TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42The problem was caused by two reasons
1.1. Letsencrypt and wildcard domains
My MX domain was example.com, bu letsencrypt have been set up with wildcard certificate on *.example.com.
So, specifying SSL_MODE=letsencrypt made it searching for /etc/letsencrypt/mail.example.com, when it was just /etc/letsencrypt/example.com
SOLUTION:
Change .env file to:
SSL_MODE=manualSSL_KEY_PATH=/etc/letsencrypt/example.com/fullchain.pemSSL_KEY_PATH=/etc/letsencrypt/example.com/privkey.pem
Don't forget to modify docker-compose volumes and pass certs from host filesystem. Note: they're not mail.example.com, they're just example.com.
This ticket describes it well.
1.2. Docker was using internal hostname of docker-mailserver
Internal hostname for docker-mailserver was just mail, and other container tried to send emails to mail:25.
SOLUTION: change internal hostname in your app settings to actual, specified in your certificates and MX record.
2. docker-mailserver not listening on 25 port (SMTP)
Solution was to add quotes in your docker compose, just like that:
ports: - "25:25"This ticket solved it
3. Connect to docker-mailserver from other docker-compose
I've had mailserver/compose.yaml and application/compose.yaml and needed to connect application to mailserver.
// application/compose.yamlapp: networks: - sharednetworks: shared: driver: bridge/// mailserver/compose.yamlmail: networks: - "application_shared"networks: application_shared: external: true4. How to convert DKIM mail.txt to DNS record
My mail.txt was like:
mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
"p=sOmEJuNkLiKeRaNdOmOrLikeThat"
"eVeNmOrERANdOmStuFf" ) ; ----- DKIM key mail for example.comSOLUTION: concatenate all strings inside round brackets:
v=DKIM1; h=sha256; k=rsa; p=sOmEJuNkLiKeRaNdOmOrLikeThateVeNmOrERANdOmStuFfAnd add them as a TXT record on my DNS provider control panel under mail._domainkey record.
Solution was right in official documentation, just hidden a little bit.