Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

only getting 404 on the public https endpoint but im able to access on localhost:80 #321

Open
sam-willsey opened this issue Mar 26, 2025 · 7 comments
Open

only getting 404 on the public https endpoint but im able to access on localhost:80 #321

sam-willsey opened this issue Mar 26, 2025 · 7 comments

Comments

@sam-willsey
Copy link

whenever i go to the public domain i just get a 404 error, i have a caddy reverse proxy that sits in front of mox on the ipv4 address but on the ipv6 address mox is directly exposed to the web and on the ipv4 address i have port forwarded port 25, 465, and 993 to the private ipv4 address of the LXC container mox is running on

also i setup mox to expect to be run standalone and not along side an existing webserver because i have a public static ipv6 address it is on, but i have caddy setup to handle all of my other traffic so i used caddy to reverse proxy traffic from my public dynamic ipv4 address, also my router is setup to automatically allow all traffic going to the ipv6 address of mox container, also i have not setup any of the dns records for mox yet becuase i don't want to risk not receiving any of my emails if possible because my domain is already in use for email

here is the logs from the the last startup

Mar 26 18:25:55 mox mox[19314]: l=debug m="autotls setting allowed hostnames" pkg=mox hostnames=[autoconfig.sniper.cat;mail.sniper.cat;mox.sniper.cat;mta-sts.sniper.cat] publicips=[108.254.44.183,2600:1702:6510:2f80::1:8]
Mar 26 18:25:55 mox mox[19314]: l=print m="starting as root, initializing network listeners" pkg=serve version=v0.0.14-go1.24.1 pid=19314 moxconf=/home/mox/config/mox.conf domainsconf=/home/mox/config/domains.conf
Mar 26 18:25:55 mox mox[19314]: l=print m="listening for smtp" pkg=smtpserver listener=public address=[2600:1702:6510:2f80::1:8]:25 protocol=smtp
Mar 26 18:25:55 mox mox[19314]: l=print m="listening for smtp" pkg=smtpserver listener=public address=[2600:1702:6510:2f80::1:8]:465 protocol=submissions
Mar 26 18:25:55 mox mox[19314]: l=print m="listening for imap" pkg=imapserver listener=public addr=[2600:1702:6510:2f80::1:8]:993 protocol=imaps
Mar 26 18:25:55 mox mox[19314]: l=print m="http listener" pkg=http name=internal kinds="account-http at /,admin-http at /admin/,webapi-http at /webapi/,webmail-http at /webmail/" address=127.0.0.1:80
Mar 26 18:25:55 mox mox[19314]: l=print m="http listener" pkg=http name=internal kinds="account-http at /,admin-http at /admin/,webapi-http at /webapi/,webmail-http at /webmail/" address=[::1]:80
Mar 26 18:25:55 mox mox[19314]: l=print m="http listener" pkg=http name=internal kinds=metrics-http address=127.0.0.1:8010
Mar 26 18:25:55 mox mox[19314]: l=print m="http listener" pkg=http name=internal kinds=metrics-http address=[::1]:8010
Mar 26 18:25:55 mox mox[19314]: l=print m="http listener" pkg=http name=public kinds=webserver-http,acme-http-01 address=[2600:1702:6510:2f80::1:8]:80
Mar 26 18:25:55 mox mox[19314]: l=print m="https listener" pkg=http name=public kinds=acme-tls-alpn-01,autoconfig-https,mtasts-https,webserver-https address=[2600:1702:6510:2f80::1:8]:443
Mar 26 18:25:55 mox mox[19322]: l=debug m="autotls setting allowed hostnames" pkg=mox hostnames=[autoconfig.sniper.cat;mail.sniper.cat;mox.sniper.cat;mta-sts.sniper.cat] publicips=[108.254.44.183,2600:1702:6510:2f80::1:8]
Mar 26 18:25:55 mox mox[19322]: l=print m="starting as unprivileged user" pkg=serve user=mox uid=1000 gid=1000 pid=19322
Mar 26 18:25:55 mox mox[19322]: l=debug m="checking ips of hosts configured for acme tls cert validation" pkg=mox
Mar 26 18:25:55 mox mox[19322]: l=print m="ready to serve" pkg=serve
Mar 26 18:25:55 mox mox[19322]: l=debug m="checking for updates" pkg=serve lastknown=v0.0.14
Mar 26 18:25:55 mox mox[19322]: l=info m="sending tls reports" pkg=tlsrptsend day=20250325 cid=195d3b42dc3
Mar 26 18:25:55 mox mox[19322]: l=info m="finished sending tls reports" pkg=tlsrptsend cid=195d3b42dc3
Mar 26 18:25:55 mox mox[19322]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mox.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration=29.940857ms
Mar 26 18:25:55 mox mox[19322]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=autoconfig.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration=19.489743ms
Mar 26 18:25:55 mox mox[19322]: l=debug m="dns lookup result" err="lookup mta-sts.sniper.cat. on 127.0.0.1:53: no such host" pkg=mox pkg=autotls type=ip network=ip host=mta-sts.sniper.cat. resp=[] authentic=true duration=23.011211ms
Mar 26 18:25:55 mox mox[19322]: l=warn m="acme tls cert validation for host may fail due to dns lookup error" err="lookup mta-sts.sniper.cat. on 127.0.0.1:53: no such host" pkg=mox host=mta-sts.sniper.cat
Mar 26 18:25:55 mox mox[19322]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mail.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration=15.070558ms
Mar 26 18:25:55 mox mox[19322]: l=debug m="dns lookup result" err="lookup 183.44.254.108.sbl.spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=183.44.254.108.sbl.spamhaus.org. resp=[] authentic=false duration=240.520643ms
Mar 26 18:25:55 mox mox[19322]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=108.254.44.183 status=pass explanation= duration=240.545703ms
Mar 26 18:25:56 mox mox[19322]: l=debug m="dns lookup result" pkg=serve pkg=dns type=txt name=_updates.xmox.nl. resp="[v=UPDATES0;l=v0.0.14]" authentic=true duration=411.404346ms
Mar 26 18:25:56 mox mox[19322]: l=debug m="updates lookup result" pkg=serve pkg=updates domain=xmox.nl version=v0.0.14 record="version=UPDATES0" duration=411.435555ms
Mar 26 18:25:56 mox mox[19322]: l=debug m="updates check result" pkg=serve pkg=updates domain=xmox.nl lastknown=v0.0.14 changelogbaseurl=https://updates.xmox.nl/changelog version=v0.0.14 record="version=UPDATES0" duration=411.446335ms
Mar 26 18:25:56 mox mox[19322]: l=debug m="no new version available" pkg=serve
Mar 26 18:25:56 mox mox[19322]: l=debug m="autotls cert get" pkg=autotls name=autoconfig.sniper.cat
Mar 26 18:25:56 mox mox[19322]: l=debug m="dircache get result" pkg=autotls name=autoconfig.sniper.cat
Mar 26 18:25:56 mox mox[19322]: l=debug m="autotls cert get" pkg=autotls name=mox.sniper.cat
Mar 26 18:25:56 mox mox[19322]: l=debug m="dircache get result" pkg=autotls name=mox.sniper.cat
Mar 26 18:25:57 mox mox[19322]: l=debug m="dns lookup result" err="lookup 183.44.254.108.bl.spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=183.44.254.108.bl.spamcop.net. resp=[] authentic=false duration=99.890917ms
Mar 26 18:25:57 mox mox[19322]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=108.254.44.183 status=pass explanation= duration=99.921087ms
Mar 26 18:25:58 mox mox[19322]: l=debug m="dns lookup result" err="lookup 8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.sbl.spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.sbl.spamhaus.org. resp=[] authentic=false duration=71.030996ms
Mar 26 18:25:58 mox mox[19322]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=2600:1702:6510:2f80::1:8 status=pass explanation= duration=71.063646ms
Mar 26 18:25:59 mox mox[19322]: l=debug m="dns lookup result" err="lookup 8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.bl.spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.bl.spamcop.net. resp=[] authentic=false duration=55.942208ms
Mar 26 18:25:59 mox mox[19322]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=2600:1702:6510:2f80::1:8 status=pass explanation= duration=55.984617ms
Mar 26 18:26:14 mox mox[19322]: l=debug m="autotls cert get" pkg=autotls name=mail.sniper.cat
Mar 26 18:26:14 mox mox[19322]: l=debug m="dircache get result" pkg=autotls name=mail.sniper.cat
Mar 26 18:26:14 mox mox[19322]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mail.sniper.cat duration="50.8µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:50690 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b42dc4
Mar 26 18:26:14 mox mox[19322]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mail.sniper.cat duration="14.18µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:50690 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b42dc5
Mar 26 18:26:16 mox mox[19322]: l=debug m="autotls cert get" pkg=autotls name=mox.sniper.cat
Mar 26 18:26:16 mox mox[19322]: l=debug m="dircache get result" pkg=autotls name=mox.sniper.cat
Mar 26 18:26:16 mox mox[19322]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="48.909µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:50692 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b42dc6
Mar 26 18:26:16 mox mox[19322]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mox.sniper.cat duration="18.98µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:50692 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b42dc7
Mar 26 18:27:18 mox mox[19322]: l=debug m="ctl connection" pkg=serve cid=195d3b42dc8
Mar 26 18:27:18 mox mox[19322]: l=info m="ctl command" pkg=serve cmd=stop cid=195d3b42dc8
Mar 26 18:27:18 mox mox[19322]: l=print m="connections shutdown, waiting until 1 second passed" pkg=serve
Mar 26 18:27:18 mox mox[19322]: l=info m="tls report sender shutting down" pkg=tlsrptsend
Mar 26 18:27:18 mox mox[19322]: l=info m="dmarc aggregate report sender shutting down" pkg=dmarcdb
Mar 26 18:27:19 mox mox[19314]: l=print m="stopping after child exit" pkg=mox exitcode=0
Mar 26 18:27:42 mox mox[19719]: l=debug m="autotls setting allowed hostnames" pkg=mox hostnames=[autoconfig.sniper.cat;mail.sniper.cat;mox.sniper.cat;mta-sts.sniper.cat] publicips=[108.254.44.183,2600:1702:6510:2f80::1:8]
Mar 26 18:27:42 mox mox[19719]: l=print m="starting as root, initializing network listeners" pkg=serve version=v0.0.14-go1.24.1 pid=19719 moxconf=/home/mox/config/mox.conf domainsconf=/home/mox/config/domains.conf
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for smtp" pkg=smtpserver listener=public address=192.168.1.8:25 protocol=smtp
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for smtp" pkg=smtpserver listener=public address=[2600:1702:6510:2f80::1:8]:25 protocol=smtp
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for smtp" pkg=smtpserver listener=public address=192.168.1.8:465 protocol=submissions
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for smtp" pkg=smtpserver listener=public address=[2600:1702:6510:2f80::1:8]:465 protocol=submissions
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for imap" pkg=imapserver listener=public addr=192.168.1.8:993 protocol=imaps
Mar 26 18:27:42 mox mox[19719]: l=print m="listening for imap" pkg=imapserver listener=public addr=[2600:1702:6510:2f80::1:8]:993 protocol=imaps
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=internal kinds="account-http at /,admin-http at /admin/,webapi-http at /webapi/,webmail-http at /webmail/" address=127.0.0.1:80
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=internal kinds="account-http at /,admin-http at /admin/,webapi-http at /webapi/,webmail-http at /webmail/" address=[::1]:80
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=internal kinds=metrics-http address=127.0.0.1:8010
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=internal kinds=metrics-http address=[::1]:8010
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=public kinds=webserver-http,acme-http-01 address=192.168.1.8:80
Mar 26 18:27:42 mox mox[19719]: l=print m="http listener" pkg=http name=public kinds=webserver-http,acme-http-01 address=[2600:1702:6510:2f80::1:8]:80
Mar 26 18:27:42 mox mox[19719]: l=print m="https listener" pkg=http name=public kinds=acme-tls-alpn-01,autoconfig-https,mtasts-https,webserver-https address=192.168.1.8:443
Mar 26 18:27:42 mox mox[19719]: l=print m="https listener" pkg=http name=public kinds=acme-tls-alpn-01,autoconfig-https,mtasts-https,webserver-https address=[2600:1702:6510:2f80::1:8]:443
Mar 26 18:27:42 mox mox[19728]: l=debug m="autotls setting allowed hostnames" pkg=mox hostnames=[autoconfig.sniper.cat;mail.sniper.cat;mox.sniper.cat;mta-sts.sniper.cat] publicips=[108.254.44.183,2600:1702:6510:2f80::1:8]
Mar 26 18:27:42 mox mox[19728]: l=print m="starting as unprivileged user" pkg=serve user=mox uid=1000 gid=1000 pid=19728
Mar 26 18:27:42 mox mox[19728]: l=debug m="checking ips of hosts configured for acme tls cert validation" pkg=mox
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mox.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration="259.019µs"
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=autoconfig.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration="111.429µs"
Mar 26 18:27:42 mox mox[19728]: l=print m="ready to serve" pkg=serve
Mar 26 18:27:42 mox mox[19728]: l=debug m="checking for updates" pkg=serve lastknown=v0.0.14
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" pkg=serve pkg=dns type=txt name=_updates.xmox.nl. resp="[v=UPDATES0;l=v0.0.14]" authentic=true duration="95.35µs"
Mar 26 18:27:42 mox mox[19728]: l=debug m="updates lookup result" pkg=serve pkg=updates domain=xmox.nl version=v0.0.14 record="version=UPDATES0" duration="111.09µs"
Mar 26 18:27:42 mox mox[19728]: l=debug m="updates check result" pkg=serve pkg=updates domain=xmox.nl lastknown=v0.0.14 changelogbaseurl=https://updates.xmox.nl/changelog version=v0.0.14 record="version=UPDATES0" duration="120.07µs"
Mar 26 18:27:42 mox mox[19728]: l=debug m="no new version available" pkg=serve
Mar 26 18:27:42 mox mox[19728]: l=info m="sending tls reports" pkg=tlsrptsend day=20250325 cid=195d3b5d049
Mar 26 18:27:42 mox mox[19728]: l=info m="finished sending tls reports" pkg=tlsrptsend cid=195d3b5d049
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" err="lookup mta-sts.sniper.cat. on 127.0.0.1:53: no such host" pkg=mox pkg=autotls type=ip network=ip host=mta-sts.sniper.cat. resp=[] authentic=true duration=17.54265ms
Mar 26 18:27:42 mox mox[19728]: l=warn m="acme tls cert validation for host may fail due to dns lookup error" err="lookup mta-sts.sniper.cat. on 127.0.0.1:53: no such host" pkg=mox host=mta-sts.sniper.cat
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" pkg=mox pkg=autotls type=ip network=ip host=mail.sniper.cat. resp=[2600:1702:6510:2f80::1:8;108.254.44.183] authentic=true duration="126.529µs"
Mar 26 18:27:42 mox mox[19728]: l=debug m="dns lookup result" err="lookup 183.44.254.108.sbl.spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=183.44.254.108.sbl.spamhaus.org. resp=[] authentic=false duration=88.166067ms
Mar 26 18:27:42 mox mox[19728]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=108.254.44.183 status=pass explanation= duration=88.196307ms
Mar 26 18:27:43 mox mox[19728]: l=debug m="autotls cert get" pkg=autotls name=autoconfig.sniper.cat
Mar 26 18:27:43 mox mox[19728]: l=debug m="dircache get result" pkg=autotls name=autoconfig.sniper.cat
Mar 26 18:27:43 mox mox[19728]: l=debug m="autotls cert get" pkg=autotls name=mox.sniper.cat
Mar 26 18:27:43 mox mox[19728]: l=debug m="dircache get result" pkg=autotls name=mox.sniper.cat
Mar 26 18:27:43 mox mox[19728]: l=debug m="dns lookup result" err="lookup 183.44.254.108.bl.spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=183.44.254.108.bl.spamcop.net. resp=[] authentic=false duration=57.942671ms
Mar 26 18:27:43 mox mox[19728]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=108.254.44.183 status=pass explanation= duration=57.979351ms
Mar 26 18:27:45 mox mox[19728]: l=debug m="dns lookup result" err="lookup 8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.sbl.spamhaus.org. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.sbl.spamhaus.org. resp=[] authentic=false duration=60.86942ms
Mar 26 18:27:45 mox mox[19728]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=sbl.spamhaus.org ip=2600:1702:6510:2f80::1:8 status=pass explanation= duration=60.90172ms
Mar 26 18:27:45 mox mox[19728]: l=debug m="autotls cert get" pkg=autotls name=mox.sniper.cat
Mar 26 18:27:45 mox mox[19728]: l=debug m="dircache get result" pkg=autotls name=mox.sniper.cat
Mar 26 18:27:45 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="43.61µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04a
Mar 26 18:27:45 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mox.sniper.cat duration="28.93µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04b
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="42.43µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04c
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mox.sniper.cat duration="15.18µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04d
Mar 26 18:27:46 mox mox[19728]: l=debug m="dns lookup result" err="lookup 8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.bl.spamcop.net. on 127.0.0.1:53: no such host" pkg=dnsblmonitor type=ip network=ip4 host=8.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.8.f.2.0.1.5.6.2.0.7.1.0.0.6.2.bl.spamcop.net. resp=[] authentic=false duration=59.156246ms
Mar 26 18:27:46 mox mox[19728]: l=debug m="dnsbl lookup result" pkg=serve pkg=dnsbl zone=bl.spamcop.net ip=2600:1702:6510:2f80::1:8 status=pass explanation= duration=59.185476ms
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="45.05µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04e
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mox.sniper.cat duration="17.429µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d04f
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="30.1µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d050
Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/favicon.ico host=mox.sniper.cat duration="19.08µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d051
Mar 26 18:35:25 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=account method=get url=/ host=localhost:8080 duration=2.548151ms statuscode=200 proto=http/1.1 remoteaddr=[::1]:37852 tlsinfo=plain useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=29386 uncompressedsize=114499 cid=195d3b5d052
Mar 26 18:35:25 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=account method=post url=/api/Account host=localhost:8080 duration="204.949µs" statuscode=200 proto=http/1.1 remoteaddr=[::1]:37852 tlsinfo=plain useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=96 uncompressedsize=74 cid=195d3b5d054
Mar 26 18:35:25 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=account method=post url=/api/TLSPublicKeys host=localhost:8080 duration=1.307346ms statuscode=200 proto=http/1.1 remoteaddr=[::1]:37636 tlsinfo=plain useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=96 uncompressedsize=74 cid=195d3b5d056
@mjl-
Copy link
Owner

mjl- commented Mar 27, 2025
edited
Loading

What does your mox.conf look like? Especially the public listener is relevant. Also the Hostname that's configured, both globally in mox.conf and in the public listener.

What I've seen go wrong with a reverse proxy is that they don't pass along the Host header when reverse proxying. So that request ends up at mox with as a request to http://127.0.0.1:8000, but mox needs to know for which hostname the request was to answer it properly.

@sam-willsey
Copy link
Author

sam-willsey commented Mar 27, 2025
edited
Loading

i have a bash script that runs as the root user and checks the external ip address, because my public ipv4 address is dynamic, using api.ipify.org and api6.ipify.org and will automatically update the config and restart mox if the ip address changes

here is the mox.conf:

# NOTE: This config file is in 'sconf' format. Indent with tabs. Comments must be
# on their own line, they don't end a line. Do not escape or quote strings.
# Details: https://pkg.go.dev/github.com/mjl-/sconf.


# Directory where all data is stored, e.g. queue, accounts and messages, ACME TLS
# certs/keys. If this is a relative path, it is relative to the directory of
# mox.conf.
DataDir: ../data

# Default log level, one of: error, info, debug, trace, traceauth, tracedata.
# Trace logs SMTP and IMAP protocol transcripts, with traceauth also messages with
# passwords, and tracedata on top of that also the full data exchanges (full
# messages), which can be a large amount of data.
LogLevel: debug

# User to switch to after binding to all sockets as root. Default: mox. If the
# value is not a known user, it is parsed as integer and used as uid and gid.
# (optional)
User: mox

# Full hostname of system, e.g. mail.<domain>
Hostname: mox.sniper.cat

# If enabled, a single DNS TXT lookup of _updates.xmox.nl is done every 24h to
# check for a new release. Each time a new release is found, a changelog is
# fetched from https://updates.xmox.nl/changelog and delivered to the postmaster
# mailbox. (optional)
#
# RECOMMENDED: please enable to stay up to date
#
CheckUpdates: true

# Automatic TLS configuration with ACME, e.g. through Let's Encrypt. The key is a
# name referenced in TLS configs, e.g. letsencrypt. (optional)
ACME:
	letsencrypt:

		# For letsencrypt, use https://acme-v02.api.letsencrypt.org/directory.
		DirectoryURL: https://acme-v02.api.letsencrypt.org/directory

		# Email address to register at ACME provider. The provider can email you when
		# certificates are about to expire. If you configure an address for which email is
		# delivered by this server, keep in mind that TLS misconfigurations could result
		# in such notification emails not arriving.
		ContactEmail: snipercat@sniper.cat

		# If set, used for suggested CAA DNS records, for restricting TLS certificate
		# issuance to a Certificate Authority. If empty and DirectyURL is for Let's
		# Encrypt, this value is set automatically to letsencrypt.org. (optional)
		IssuerDomainName: letsencrypt.org

# File containing hash of admin password, for authentication in the web admin
# pages (if enabled). (optional)
AdminPasswordFile: adminpasswd

# Listeners are groups of IP addresses and services enabled on those IP addresses,
# such as SMTP/IMAP or internal endpoints for administration or Prometheus
# metrics. All listeners with SMTP/IMAP services enabled will serve all configured
# domains. If the listener is named 'public', it will get a few helpful additional
# configuration checks, for acme automatic tls certificates and monitoring of ips
# in dnsbls if those are configured.
Listeners:
	internal:

		# Use 0.0.0.0 to listen on all IPv4 and/or :: to listen on all IPv6 addresses, but
		# it is better to explicitly specify the IPs you want to use for email, as mox
		# will make sure outgoing connections will only be made from one of those IPs. If
		# both outgoing IPv4 and IPv6 connectivity is possible, and only one family has
		# explicitly configured addresses, both address families are still used for
		# outgoing connections. Use the "direct" transport to limit address families for
		# outgoing connections.
		IPs:
			- 127.0.0.1
			- ::1

		# If empty, the config global Hostname is used. The internal services webadmin,
		# webaccount, webmail and webapi only match requests to IPs, this hostname,
		# "localhost". All except webadmin also match for any client settings domain.
		# (optional)
		Hostname: localhost

		# Account web interface, for email users wanting to change their accounts, e.g.
		# set new password, set new delivery rulesets. Default path is /. (optional)
		AccountHTTP:
			Enabled: true

		# Admin web interface, for managing domains, accounts, etc. Default path is
		# /admin/. Preferably only enable on non-public IPs. Hint: use 'ssh -L
		# 8080:localhost:80 you@yourmachine' and open http://localhost:8080/admin/, or set
		# up a tunnel (e.g. WireGuard) and add its IP to the mox 'internal' listener.
		# (optional)
		AdminHTTP:
			Enabled: true

		# Webmail client, for reading email. Default path is /webmail/. (optional)
		WebmailHTTP:
			Enabled: true

		# Like WebAPIHTTP, but with plain HTTP, without TLS. (optional)
		WebAPIHTTP:
			Enabled: true

		# Serve prometheus metrics, for monitoring. You should not enable this on a public
		# IP. (optional)
		MetricsHTTP:
			Enabled: true
	public:

		# Use 0.0.0.0 to listen on all IPv4 and/or :: to listen on all IPv6 addresses, but
		# it is better to explicitly specify the IPs you want to use for email, as mox
		# will make sure outgoing connections will only be made from one of those IPs. If
		# both outgoing IPv4 and IPv6 connectivity is possible, and only one family has
		# explicitly configured addresses, both address families are still used for
		# outgoing connections. Use the "direct" transport to limit address families for
		# outgoing connections.
		IPs:
			- 192.168.1.8
			- 2600:1702:6510:2f80::1:8

		# If set, the mail server is configured behind a NAT and field IPs are internal
		# instead of the public IPs, while NATIPs lists the public IPs. Used during
		# IP-related DNS self-checks, such as for iprev, mx, spf, autoconfig,
		# autodiscover, and for autotls. (optional)
		NATIPs: 
			- 108.254.44.183
			- 2600:1702:6510:2f80::1:8

		# For SMTP/IMAP STARTTLS, direct TLS and HTTPS connections. (optional)
		TLS:

			# Name of provider from top-level configuration to use for ACME, e.g. letsencrypt.
			# (optional)
			ACME: letsencrypt

			# Private keys used for ACME certificates. Specified explicitly so DANE TLSA DNS
			# records can be generated, even before the certificates are requested. DANE is a
			# mechanism to authenticate remote TLS certificates based on a public key or
			# certificate specified in DNS, protected with DNSSEC. DANE is opportunistic and
			# attempted when delivering SMTP with STARTTLS. The private key files must be in
			# PEM format. PKCS8 is recommended, but PKCS1 and EC private keys are recognized
			# as well. Only RSA 2048 bit and ECDSA P-256 keys are currently used. The first of
			# each is used when requesting new certificates through ACME. (optional)
			HostPrivateKeyFiles:
				- hostkeys/mox.sniper.cat.20250326T171428.ecdsap256.privatekey.pkcs8.pem
				- hostkeys/mox.sniper.cat.20250326T171428.rsa2048.privatekey.pkcs8.pem

		# (optional)
		SMTP:
			Enabled: true

			# Addresses of DNS block lists for incoming messages. Block lists are only
			# consulted for connections/messages without enough reputation to make an
			# accept/reject decision. This prevents sending IPs of all communications to the
			# block list provider. If any of the listed DNSBLs contains a requested IP
			# address, the message is rejected as spam. The DNSBLs are checked for healthiness
			# before use, at most once per 4 hours. IPs we can send from are periodically
			# checked for being in the configured DNSBLs. See MonitorDNSBLs in domains.conf to
			# only monitor IPs we send from, without using those DNSBLs for incoming messages.
			# Example DNSBLs: sbl.spamhaus.org, bl.spamcop.net. See
			# https://www.spamhaus.org/sbl/ and https://www.spamcop.net/ for more information
			# and terms of use. (optional)
			#DNSBLs:
				#- sbl.spamhaus.org
				#- bl.spamcop.net

		# SMTP over TLS for submitting email, by email applications. Requires a TLS
		# config. (optional)
		Submissions:
			Enabled: true

		# IMAP over TLS for reading email, by email applications. Requires a TLS config.
		# (optional)
		IMAPS:
			Enabled: true

		# Serve autoconfiguration/autodiscovery to simplify configuring email
		# applications, will use port 443. Requires a TLS config. (optional)
		AutoconfigHTTPS:
			Enabled: true

		# Serve MTA-STS policies describing SMTP TLS requirements. Requires a TLS config.
		# (optional)
		MTASTSHTTPS:
			Enabled: true

		# All configured WebHandlers will serve on an enabled listener. (optional)
		WebserverHTTP:
			Enabled: true

		# All configured WebHandlers will serve on an enabled listener. Either ACME must
		# be configured, or for each WebHandler domain a TLS certificate must be
		# configured. (optional)
		WebserverHTTPS:
			Enabled: true

# Destination for emails delivered to postmaster addresses: a plain 'postmaster'
# without domain, 'postmaster@<hostname>' (also for each listener with SMTP
# enabled), and as fallback for each domain without explicitly configured
# postmaster destination.
Postmaster:
	Account: snipercat

	# E.g. Postmaster or Inbox.
	Mailbox: Postmaster

# Destination for per-host TLS reports (TLSRPT). TLS reports can be per recipient
# domain (for MTA-STS), or per MX host (for DANE). The per-domain TLS reporting
# configuration is in domains.conf. This is the TLS reporting configuration for
# this host. If absent, no host-based TLSRPT address is configured, and no host
# TLSRPT DNS record is suggested. (optional)
HostTLSRPT:

	# Account to deliver TLS reports to. Typically same account as for postmaster.
	Account: snipercat

	# Mailbox to deliver TLS reports to. Recommended value: TLSRPT.
	Mailbox: TLSRPT

	# Localpart at hostname to accept TLS reports at. Recommended value: tls-reports.
	Localpart: tls-reports

this is the relevant parts of my caddyfile and for more info, the caddy server is running directly on proxmox, it is not in a container or vm

http://mox.sniper.cat:80 {
        reverse_proxy http://mox.sniper.cat:80
}

https://mox.sniper.cat:443 {
        reverse_proxy https://mox.sniper.cat:443
}

http://mail.sniper.cat:80 {
        reverse_proxy http://mail.sniper.cat:80
}

https://mail.sniper.cat:443 {
        reverse_proxy https://mail.sniper.cat:443
}

http://autoconfig.sniper.cat:80 {
        reverse_proxy http://autoconfig.sniper.cat:80
}

https://autoconfig.sniper.cat:443 {
        reverse_proxy https://autoconfig.sniper.cat:443
}

http://mta-sts.sniper.cat:80 {
        reverse_proxy http://mta-sts.sniper.cat:80
}

https://mta-sts.sniper.cat:443 {
        reverse_proxy https://mta-sts.sniper.cat:443
}

here is the relevant part of my /etc/hosts on proxmox

2600:1702:6510:2f80::1:8 mox.sniper.cat mail.sniper.cat autoconfig.sniper.cat mta-sts.sniper.cat

edit:
i looked at the log and found this line here:

Mar 26 18:27:46 mox mox[19728]: l=debug m="http request" pkg=http httpaccess= handler=(nomatch) method=get url=/ host=mox.sniper.cat duration="30.1µs" statuscode=404 proto=http/2.0 remoteaddr=[2600:1702:6510:2f80::1:1]:37412 tlsinfo=tls1.3 useragent="Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0" referrr= size=19 cid=195d3b5d050

that shows that apache, im assuming it is an apache webserver at least, is receiving the correct hostname but its not matching

@mjl-
Copy link
Owner

mjl- commented Mar 27, 2025

that shows that apache, im assuming it is an apache webserver at least, is receiving the correct hostname but its not matching

It is receiving the correct hostname indeed. This isn't apache though, it's the mox builtin webserver.

You're getting a 404 because there is no handler active at https://mox.sniper.cat/.

The webmail/account/admin handlers are only active on the "internal" listener, which is only accessible on the loopback ips. The quickstart has an example of accessing it using an ssh tunnel. You would have to enable those on the public listener to make them accessible publicly. The reasoning behind this is for security, but it's certainly surprising for some. The new upcoming step-by-step guided setup will be asking if you want to enable those web interfaces on the public listener.

However, you'll run into another problem. You've got both an internal/NATed IP that is also reverse proxied in the public listener, and a public IPv6 address. For the reverse proxying to work fully (with IP-based rate limiting and such), you need the Forward: true config options on the *HTTPS options, for example, see https://www.xmox.nl/config/#cfg-mox-conf-Listeners-x-AccountHTTP-Forwarded. But if you have those, the requests to the public IP needs them too. The solution would be to have two listeners. One for the public IP, and one for the internal private IP. However, mox is treating the "public" listener specially in a few places, so this will cause other trouble. I'm writing down a todo to look into that, but it will take a while before I get to it. For now, it's probably better to do reverse proxying for both IPv4 and IPv6.

@sam-willsey
Copy link
Author

thank you for the help, now its time for me to go another reverse proxy behind my reverse proxy, also, im assuming that the fact the the IPv6 address is the same on the internal and external of the NATIPs won't cause any problems at least i hope

@kjetilho
Copy link

kjetilho commented Apr 4, 2025
edited
Loading

Not sure if my problem is the same or if I understood correctly. I have SNAT for my IPv4, but otherwise Mox is directly available from the Internet, so I tried to comment out legacy IP support (and of course did systemctl restart mox)

        public:
                IPs:
                        # - 192.168.4.10
                        - 2a02:c0:1001:101::110
                NATIPs:
                        # - 87.238.54.110
                        - 2a02:c0:1001:101::110
                WebmailHTTP:
                        Enabled: true
                WebserverHTTP:
                        Enabled: true
                WebserverHTTPS:
                        Enabled: true

but I still get 404 on /webmail

@kjetilho
Copy link

kjetilho commented Apr 4, 2025

Sorry - since I copied the stanza from internal, I did not notice it says WebmailHTTP, not WebmailHTTPS. A bit strange that there seems to be no way to redirect from HTTP to HTTPS, but that should be in a separate issue.

@sam-willsey
Copy link
Author

I found out that my ISP, AT&T, blocks port 25 (for residential customers), idk if it is just blocked on IPv4 or also IPv6, but I imagine it is. Even if port 25 isn’t blocked on IPv6 there are several major email providers, cough cough yahoo and Fastmail cough cough, don’t have IPv6 addresses on their mail servers, so it is not reasonable to have an IPv6-only mail server at the current time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kjetilho @mjl- @sam-willsey