2023-06-24T11:48:35.798293Z  WARN lemmy_server::root_span_builder: email_send_failed: Connection error: failed to lookup address information: Try again
   0: lemmy_api::local_user::reset_password::perform
             at crates/api/src/local_user/reset_password.rs:15
   1: lemmy_server::root_span_builder::HTTP request
           with http.method=POST http.scheme="http" http.host=iusearchlinux.fyi http.target=/api/v3/user/password_reset otel.kind="server" request_id=ba8117b9-9c0f-49e5-af0e-01e92a4917cf
             at src/root_span_builder.rs:16
LemmyError { message: Some("email_send_failed"), inner: Connection error: failed to lookup address information: Try again

Caused by:
    failed to lookup address information: Try again, context: SpanTrace [{ target: "lemmy_api::local_user::reset_password", name: "perform", file: "crates/api/src/local_user/reset_password.rs", line: 15 }, { target: "lemmy_server::root_span_builder", name: "HTTP request", fields: "http.method=POST http.scheme=\"http\" http.host=iusearchlinux.fyi http.target=/api/v3/user/password_reset otel.kind=\"server\" request_id=ba8117b9-9c0f-49e5-af0e-01e92a4917cf", file: "src/root_span_builder.rs", line: 16 }] }
2023-06-24T11:48:46.118615Z  WARN lemmy_server::root_span_builder: data did not match any variant of untagged enum AnnouncableActivities
   0: lemmy_apub::activities::community::announce::receive
             at crates/apub/src/activities/community/announce.rs:46
   1: lemmy_server::root_span_builder::HTTP request
           with http.method=POST http.scheme="http" http.host=iusearchlinux.fyi http.target=/inbox otel.kind="server" request_id=0d639361-7707-4f9b-b61f-fc133d3946e7
             at src/root_span_builder.rs:16

I am using the lemmy-ansible setup on ubuntu 22.10

  • Sören@iusearchlinux.fyiOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This almost fixed it. So no more error in Lemmy. Now I get this error in postfix: 2023-06-25T07:44:48.221806+00:00 f42cba971055 postfix/bounce[150]: B5C5E99B88: sender non-delivery notification: 34AF199B8A 2023-06-25T07:44:48.221897+00:00 f42cba971055 postfix/qmgr[134]: 34AF199B8A: from=<>, size=4451, nrcpt=1 (queue active) 2023-06-25T07:44:48.222390+00:00 f42cba971055 postfix/qmgr[134]: B5C5E99B88: removed 2023-06-25T07:44:48.226425+00:00 f42cba971055 postfix/smtp[149]: connect to iusearchlinux.fyi[2a03:b0c0:3:d0::1b5f:9001]:25: Cannot assign requested address 2023-06-25T07:44:48.226554+00:00 f42cba971055 postfix/smtp[149]: connect to iusearchlinux.fyi[46.101.183.128]:25: Connection refused 2023-06-25T07:44:48.240297+00:00 f42cba971055 postfix/smtp[149]: 34AF199B8A: to=<noreply@iusearchlinux.fyi>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (connect to iusearchlinux.fyi[46.101.183.128]:25: Connection refused) 2023-06-25T07:45:47.742485+00:00 f42cba971055 postfix/smtpd[146]: disconnect from iusearchlinuxfyi-lemmy-1.iusearchlinuxfyi_lemmyexternalproxy[172.22.0.3] ehlo=1 quit=1 commands=2 2023-06-25T07:45:47.742847+00:00 f42cba971055 postfix/smtpd[144]: disconnect from iusearchlinuxfyi-lemmy-1.iusearchlinuxfyi_lemmyexternalproxy[172.22.0.3] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

    • Freeman@lemmy.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Well that would make sense. That domain has no MX record. Nor SPF, DMARC or even PTR records set.

      That looks like a misconfig somewhere.

      the flow should be

      Lemmy APP see’s request to email something@gmail.com. --> Postfix looks up something@gmail.com --> gets MX record --> connects to gmail.com --> Does HELO/EHLO ahndshake --> Sends email.

      Your server is stuck here

      Lemmy APP see’s request to email something@iusearchlinux.fyi. --> Postfix looks up something@iusearchlinux.fyi --> Error no mx record for this domain…close

      You are either testing with a misconfigured domain/email address, or you have configured postfix to try and relay through iusearchlinux.fyi domain, which is misconfigured on the email side.

      At the very least you should have an SPF record, a DMARC record and a PTR/A record for the domain. All I see is an A record there.

      I would double/triple check your config.hjson and docker-compose.yml and make sure you didnt try and setup relay ala: https://github.com/wader/postfix-relay#relay-client-authentication

        • Freeman@lemmy.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          So if your instance is https://iusearchlinux.fyi then here is what I would do. For most of this it can be done in the DNS section of the place you registered the domain with.

          NOTE: It looks like you are using Google Domains. Those are going away. So you may need to move to a differe registrar: https://9to5google.com/2023/06/15/google-domains-squarespace/

          1. SPF record. This is a txt record (text) record saying “these servers can relay from this location” For you the content should be

          v=spf1 ip4:45.33.23.198 ~all

          1. DMARC record. is another text record that says “Do this if SPF or DKIM dont match.” If you put it in strict mode, you need BOTH SPF and DKIM. DKIM is a bit of a pain (though is much better). But if you start with SPF and the default relaxed mode you are probably fine. The record here would be for the _dmarc subdomain as well ie: _dmarc.iusearchlinux.fyi. In the below case I am saying “reject emails that are trying to spoof my domain” you can set it to quarantine but there is little need here.

          _dmarc.iusearchlinux.fyi 900 IN TXT "v=DMARC1;p=reject"

          1. PTR record. You are using digital ocean. These are good to setup because many email servers will look up your IP and make sure it matches the domain. It shows you own it. Dont know how to do it in digital ocean but on linode its in the networking section of the UI. Because linode/DO owns the IP they need to make the change for you as opposed to all the previous steps being done in your domain registrars portal (ie: goodle domains)

          This will get you most of the way to ensure Digital Ocean doesnt get pissed and suspend you for spamming or the like. They may also restrict port 25 outbound due to abuse. For linode you ahve to log a ticket if your account is too young. Your other alternative would be to use a relay host, like sendgrid. Its possible to relay through other services like gmail, but it would probably get your account flagged for something like this. So I would stick to sendgrid or some other relay provider if DO support wont allow you to relay off your droplet.

          The default postfix setup is a direct relay, which DigitalOcean may block. So you can setup relay with these instructions: https://github.com/wader/postfix-relay#relay-client-authentication This is the docker container bundled in the lemmy-ansible app.

          • Sören@iusearchlinux.fyiOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I added the missing records. Lets hope its working soon. I will have to wait to move the domain since it’s less than 60 days since i bought it.

            • Freeman@lemmy.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Best of luck. If you have any questions feel free to holler.

              I’m not a lemmy (or docker) pro, but I have done a few postfix and email setups including a lot of email admin, dmarc/dkim/spf etc.

              It does look like digital ocean may be blocking the normal mail ports outbound. So you’ll want to make sure you can work around that or get them to open it.

              • Sören@iusearchlinux.fyiOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I wrote them about opening the port but maybe it will already be open since my acount is older. Thank you again!