Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No certificate validation possible when sending mail via gvmd in docker #2316

Open
perlfisch opened this issue Oct 30, 2024 · 3 comments
Open

No certificate validation possible when sending mail via gvmd in docker #2316

perlfisch opened this issue Oct 30, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@perlfisch
Copy link

Expected behavior

The official gvmd Docker container should be able to send mail and validate the submission servers certificate.

Actual behavior

No CAs are available in the container gvmd. ca-certificates is not installed and validation of all certificates fails. The only way to get mail working persistently is by modifying the containers compose to mount the hosts ca-certificates.crt or disabling certificate validation entirely.

Disabling certificate validation, which is dangerous and should not be done, is the only solution that comes up when googling the error and will likely be implemented by many people trying to get mail working in the container.

I've confirmed that manually installing ca-certificates into a running gvmd container fixes the problem.

Steps to reproduce

  1. Setup gvmd via docker based on https://greenbone.github.io/docs/latest/22.4/container/index.html
  2. Configure mail as described in https://greenbone.github.io/docs/latest/22.4/container/workflows.html#setting-up-a-mail-transport-agent-inside-docker-container to any public provider like mailgun, google, m365 etc.
  3. Try sending any mail, either through gvm or manually via sendmail.

GVM versions

Stable official docker containers as of 2024-10-30

Environment

Operating system:

Debian 12 stable

Installation method / source: (packages, source installation)

Official docker compose

Logfiles


email: system failed with ret 17664, 69, read FROM TO < /tmp/gvmd-args-Ln7YTZ; /usr/sbin/sendmail -f "$FROM" "$TO" < /tmp/gvmd-content-8HCXWY > /dev/null 2>&1
@perlfisch perlfisch added the bug Something isn't working label Oct 30, 2024
@cfi-gb
Copy link
Member

cfi-gb commented Oct 30, 2024
edited
Loading

Should be a duplicate of / related to greenbone/docs#483 and IIRC the MTA / mail server setup is community based and needs community contributions in form of a PR.

But let's see what the maintainers of this repo are saying / if they will maintain / accept something in the container directly.

@perlfisch
Copy link
Author

Installing anything into a Docker container is not persistent and will be gone once it's restarted. Instead of documenting manual changes that have to be reapplied after restarting the container, ca-certificates should be installed via apt as part of the Dockerfile to persistently fix this issue.

@cfi-gb
Copy link
Member

cfi-gb commented Oct 30, 2024

You could try to create a PR to the relevant file and see if the repo maintainers are accepting such a change (see previous notes about usually requiring community contributions for such topics).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cfi-gb @perlfisch