Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Postfix and ClamAV container wait for Unbound #5449

Closed
smarsching opened this issue Oct 10, 2023 · 1 comment · Fixed by #5451
Closed

Make Postfix and ClamAV container wait for Unbound #5449

smarsching opened this issue Oct 10, 2023 · 1 comment · Fixed by #5451
Labels
enhancement
Milestone
2023-10

Comments

@smarsching
Copy link
Contributor

Summary

The postfix-mailcow and clamd-mailcow containers should only be started when Unbound (in the unbound-mailcow container) is ready to accept queries.

At the moment (mailcow 2023-09), the docker-compose.yml file already specified a dependency from clamd-mailcow to unbound-mailcow and from postfix-mailcow to mysql-mailcow, which transitively includes unbound-mailcow. However, as there is no condition: service_healthy, this does not wait for the Unbound DNS service to actually be ready, which can lead to name resolution errors during startup of the aforementioned containers.

I added a docker-compose.override.yml which reliably resolves the problem for me:

services:
  clamd-mailcow:
    depends_on:
      unbound-mailcow:
        condition: service_healthy
  mysql-mailcow:
    depends_on:
      unbound-mailcow:
        condition: service_healthy
  unbound-mailcow:
    healthcheck:
      start_interval: 5s
      start_period: 30s
      test: ["CMD-SHELL", "nslookup ${MAILCOW_HOSTNAME} 127.0.0.1 || exit 1"]

version: '2.1'

Instead of ${MAILCOW_HOSTNAME} one could also use stackoverflow.com, which is already used in the Watchdog script.

Motivation

DNS not being ready yet while starting the postfix-mailcow container results in the following error messages being logged:

Checking if ASN for your IP is listed for Spamhaus Bad ASN List...
We couldn't determine your AS... (maybe DNS/Network issue?) Response Code: 000
Deactivating Spamhaus DNS Blocklists to be on the safe site!

(BTW, while we are at it, we could also fix the typo in “on the safe side”.)

For the clamd-mailcow container, the error message is different:

ClamAV update process started at …
^Can't query current.cvd.clamav.net
Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Invalid DNS reply. Falling back to HTTP mode.

In both cases, the problem can be resolved by making the containers wait for the unbound-mailcow service to actually be ready.

Additional context

I am willing to contribute a PR for this improvement. Before I do so, we should discuss whether the health check should go into docker-compose.yml, or whether we should make it part of data/Dockerfiles/unbound/Dockerfile and which DNS name we should use for this test.
@DerLinkman
Copy link
Member

Hi,

sounds good!

Let me build that all real quickly so we can take this for the 2023-10 Update tomorrow (if anything works fine though).

@DerLinkman DerLinkman added this to the 2023-10 milestone Oct 11, 2023
@DerLinkman DerLinkman mentioned this issue Oct 11, 2023
Merged
@DerLinkman DerLinkman linked a pull request Oct 11, 2023 that will close this issue
[Unbound] Added Healthcheck for Unbound (Dockerfile and Compose) #5451
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2023-10
Development

Successfully merging a pull request may close this issue.

[Unbound] Added Healthcheck for Unbound (Dockerfile and Compose) mailcow/mailcow-dockerized
2 participants
@smarsching @DerLinkman