Issues Deploying Chatmail Server on AWS – DNS Settings Help Needed

milinddeore · February 15, 2025, 6:38pm

I’m trying to deploy the Chatmail server on AWS and encountered a few issues along the way:

crypt-r replaced with crypt – I found a similar issue here, so that’s sorted.
SSH-related issues – Managed to fix them, and another way to deploy is from the same localhost.
Now stuck with DNS settings problems.

Has anyone successfully deployed Chatmail on AWS? Any guidance on DNS settings would be greatly appreciated. Thanks!

adbenitez · February 20, 2025, 4:43pm

I also stumble into some problems as a first-time self-hoster but in another VPS provider, but maybe this also applies to you:

github.com/chatmail/chatmail

README/guide is incomplete, missing DNS configurations/tips

opened 11:46PM - 16 Jan 25 UTC

adbenitez

for someone setting up a server for the first time like me, just following the g…uide/readme was not enough, ex. the guide assumes you already have a VPS with DNS configured to point to your domain, it would be good to mention that the A record is needed to be added with the domain and corresponding VPS IP, without this it is not possible to start the guide, I had to add this initial records before being able to properly run the `cmddeploy run` command: ![Image](https://github.com/user-attachments/assets/50c45daf-bf6d-486a-95d9-3b9f505ebbd2) more important to point out: after finishing the deployment, my server was still not able to communicate with Gmail because [Reverse DNS lookup](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) records were not configured, the guide doesn't mention this, which is important for federation with the "big providers", the google error: ``` The IP address sending this message does not have a PTR record setup, or the corresponding forward DNS entry does not match the sending IP. As a policy, Gmail does not accept messages from IPs with missing PTR records. For more information, go to https://support.google.com/a?p=sender-guidelines-ip ``` after setting up the PTR records in my VPS provider and waiting for some minutes for it to propagate to google DNS servers, then sending messages worked, the PTR can be checked with `nslookup` or https://www.whatsmydns.net/dns-lookup/ptr-records

milinddeore · February 27, 2025, 3:51pm

I successfully deployed and ran the ChatMail server on AWS after AWS lifted the port 25 restrictions. Here are a few key steps I had to take on AWS for deployment:

Request access to SMTP port 25.
Ensure root access (AWS default user is ubuntu).
Enable outgoing SMTP (25) and SMTPS (465) ports, as well as inbound IMAP (143) and IMAPS (993) ports.
Configure rDNS on your elastic IP.
Verify that port 25 is unblocked using telnet <domain.com> 25. Note that telnet localhost 25 may work, but DNS propagation could take time, so allow it to complete.

Other than that, the deployment process was quite straightforward. Simply follow the commands in the README:

$ git clone https://github.com/chatmail/server.git
$ cd server
$ scripts/initenv.sh
$ scripts/cmdeploy init chat.example.org  # <-- use your domain
$ scripts/cmdeploy run

DNS entries look as:

my-server.com.                   MX 10 my-server.com.
_mta-sts.my-server.com.          TXT "v=STSv1; id=2025023471600"
opendkim._domainkey.my-server.com. TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrACM/0v3y+jAQXpKXUvA4GDFopPs7tzH73qvo9USainyYzEhNCisc38B+gROvMPPRcqSUU2z4eODdadKcleJhfiPS1P+DJWaAmoRH6c0l14fl+njvGug9R/yrkG45+DJWaAmoRH6c0l14fl+njv" "Gug9R/yrkG45uKtkYiMsHfSGUU+HOfNQGJpNgLaCzBLKOCBElSdDFPr2NWA7L+sVeh/CGT7U7X15UseKUuaZ4MWwz9q+XKzv+xXMJDbhk+wfgZ/AdtSKcXMIgJQH9D8o+YExZYQrW5yXB2rnkowIDAQAB;s=email;t=s"

If the DKIM entry above does not work with your DNS provider, you can try this one:

opendkim._domainkey.my-server.com. TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAG9w0BAQEFAAOCACM/0v3y+jAQXpKXUvA4GDFopPs7tzH7NNgbdG9w0BAQEFAAOCAh48xKqMcBqx9UPH5ZYdNUwr9yRdbdWwo+/tlF5ruJTpErbKoZaQTy3qvo9USainyYzEhNCisc38B+gROvMPPRcqSUU2z4eODdadKcleJhfiPS1P+DJWaAmoRH6c0l14fl+njvGug9R/yrkG45uKtkYiMsHfSGUU+HOfNQGJpNgLaCzBLKOCBElSdDFPr2NWA7L+sVeh/CGG9w0BAQEFAAOCAaZ4MWwz9q+XKzv+xXMJDbhk+wfgZ/G9w0BAQEFAAOCA+YExZYQrW5yXB2rnkowIDAQAB;s=email;t=s"

WARNING: these recommended DNS entries are not set:

my-server.com.                   TXT "v=spf1 a ~all"
_dmarc.my-server.com.            TXT "v=DMARC1;p=reject;adkim=s;aspf=s"
my-server.com.                   CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/2025023471600"
_adsp._domainkey.my-server.com.  TXT "dkim=discardable"
_submission._tcp.my-server.com.  SRV 0 1 587 my-server.com.
_submissions._tcp.my-server.com. SRV 0 1 465 my-server.com.
_imap._tcp.my-server.com.        SRV 0 1 143 my-server.com.
_imaps._tcp.my-server.com.       SRV 0 1 993 my-server.com.

milinddeore · March 9, 2025, 3:20am

After installing the server, I noticed that it works for emails within the my-server.com domain but not for external addresses like Gmail or others.

Is this due to a missing configuration, or is it a limitation?

milinddeore · March 11, 2025, 6:54pm

In fact quite a few tests are failing on running: scripts/cmdeploy test

[$ /root/server-large/server/venv/bin/python3 -m pip install deltachat]
Collecting deltachat
  Downloading deltachat-1.155.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (1.5 kB)
Requirement already satisfied: cffi>=1.0.0 in ./venv/lib/python3.10/site-packages (from deltachat) (1.17.1)
Requirement already satisfied: imap-tools in ./venv/lib/python3.10/site-packages (from deltachat) (1.10.0)
Requirement already satisfied: pluggy in ./venv/lib/python3.10/site-packages (from deltachat) (1.5.0)
Requirement already satisfied: requests in ./venv/lib/python3.10/site-packages (from deltachat) (2.32.3)
Requirement already satisfied: pycparser in ./venv/lib/python3.10/site-packages (from cffi>=1.0.0->deltachat) (2.22)
Requirement already satisfied: charset-normalizer<4,>=2 in ./venv/lib/python3.10/site-packages (from requests->deltachat) (3.4.1)
Requirement already satisfied: idna<4,>=2.5 in ./venv/lib/python3.10/site-packages (from requests->deltachat) (3.10)
Requirement already satisfied: urllib3<3,>=1.21.1 in ./venv/lib/python3.10/site-packages (from requests->deltachat) (2.3.0)
Requirement already satisfied: certifi>=2017.4.17 in ./venv/lib/python3.10/site-packages (from requests->deltachat) (2025.1.31)
Downloading deltachat-1.155.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (13.4 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 13.4/13.4 MB 2.4 MB/s eta 0:00:00
Installing collected packages: deltachat
Successfully installed deltachat-1.155.6
[$ /root/server-large/server/venv/bin/pytest cmdeploy/src/ -n4 -rs -x -v --durations=5]
===================================================================== test session starts =====================================================================
platform linux -- Python 3.10.12, pytest-8.3.5, pluggy-1.5.0 -- /root/server-large/server/venv/bin/python3
cachedir: .pytest_cache
Deltachat core=v1.155.6 sqlite=3.45.3 journal_mode=wal
rootdir: /root/server-large/server/cmdeploy
configfile: pyproject.toml
plugins: typeguard-4.4.2, deltachat-1.155.6, xdist-3.6.1, chatmaild-0.2, cmdeploy-0.2, deltachat-rpc-client-1.156.2
4 workers [45 items]
scheduling tests via LoadScheduling

cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_basic_functioning[imap]
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_init
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_same_password[imap]
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_concurrent_logins_same_account
[gw0] [  2%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_init
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_capabilities
[gw0] [  4%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_capabilities
cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_gen_qr_png_data
[gw2] [  6%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_same_password[imap]
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_same_password[smtp]
[gw0] [  8%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_gen_qr_png_data
cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_fastcgi_working
[gw0] [ 11%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_fastcgi_working
cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_newemail_configure
[gw1] [ 13%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_basic_functioning[imap]
cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_basic_functioning[smtp]
[gw3] [ 15%] FAILED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_concurrent_logins_same_account
[gw2] [ 17%] FAILED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_same_password[smtp]
[gw1] [ 20%] FAILED cmdeploy/src/cmdeploy/tests/online/test_0_login.py::test_login_basic_functioning[smtp]
[gw0] [ 22%] PASSED cmdeploy/src/cmdeploy/tests/online/test_0_qr.py::test_newemail_configure
cmdeploy/src/cmdeploy/tests/online/test_1_basic.py::TestSSHExecutor::test_exception
[gw0] [ 24%] PASSED cmdeploy/src/cmdeploy/tests/online/test_1_basic.py::TestSSHExecutor::test_exception
cmdeploy/src/cmdeploy/tests/online/test_1_basic.py::TestSSHExecutor::test_opendkim_restarted
[gw0] [ 26%] PASSED cmdeploy/src/cmdeploy/tests/online/test_1_basic.py::TestSSHExecutor::test_opendkim_restarted

$ scripts/cmdeploy dns

[ssh] login to my-server.com
Collecting initial DNS settings..............
Check expected zone file entries...........................................
Great! All your DNS entries are verified and correct.

$ scripts/cmdeploy run

produces following result:

Grand total                                                                    95      18        -       77

Looks like something wrong with the smtp? But my port 25 is unblocked, am i missing anything here?