If you set up postgrey to listen on 127.0.0.1 I cannot be reached from the outside, make sure to listen on 0.0.0.0:10023 in the container.

"--publish",  "1.2.3.4:10023:10023"

Also I assume you changed the ip here and that you use your actual local ip there and not 1.2.3.4.

On Thu, Jan 13, 2022 at 3:50 PM Daniel Walsh <dwalsh@redhat.com> wrote:
On 1/12/22 16:59, Ranbir wrote:
> On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote:
>> Try the container in --privileged mode, to see if this is causing the
>> issue.
> That didn't help. :(
>
>> If it still crashes, then I figure it is something with the user
>> namespace.
> The container doesn't crash. It actually runs and I can see postgrey
> running in the container. The problem is when I do a telnet test from
> the host or from another server to the postgrey port I exposed, the
> telnet connection doesn't stay up and instead drops immediately. If the
> container is running rootfull, the telnet test is established and
> doesn't disconnect.
>
>> Do you have an image I could try?
> It's not uploaded anywhere. I'm turning some of my KVMs into containers
> because I wanted to learn podman and get familiar with it. I've only
> been doing container stuff in general since August of last year.
>
> Hmmm...can I dump the Containerfile for each image here? They're not
> big. The Rocky Linux 8 Dockerfile is copied directly from their docker
> image page on dockerhub.
>
> There's some wrapping.
>
>
> Here's the latest run command I used:
>
> "CreateCommand": [
>                  "podman",
>                  "run",
>                  "-d",
>                  "--name",
>                  "postgrey",
>                  "--publish",
>                  "1.2.3.4:10023:10023",
>                  "--volume",
>                  "postgrey:/var/spool/postfix/postgrey:Z",
>                  "--privileged",
>                  "postgrey-v0.0.3"
>              ],
>
>
> The volume doesn't matter. I'm just preserving data from my KVM.
>
> Below are the Containerfile, config file and Dockerfile.
>
> --------
> postgrey
> --------
>
> FROM local/rocky8-systemd
>
> RUN dnf -y update && \
>      dnf -y install epel-release && \
>      dnf -y --nodocs install postgrey telnet && \
>      dnf clean all && \
>      systemctl enable postgrey
>
> COPY postgrey /etc/sysconfig/
>
> CMD ["/usr/sbin/init"]
>
> --------------------
> postgrey sysconfig file
> --------------------
>
> # Postgrey offers 2 listening types, --inet and --unix. As default, Fedora
> # postgrey works under UNIX socket, but, changing to TCP socket on user's own
> # is also available, for instance, let it work at 10023 port of localhost:
> #   --inet=10023
> # To be more detailed, there is another way if you still run it at localhost:
> #   --inet=127.0.0.1:10023
> #POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
> POSTGREY_TYPE="--inet=127.0.0.1:10023"
>
> # If postgrey works under UNIX socket way, PID file can be specified to
> # custom location, note that no need to set this if postgrey is working
> # under TCP socket way.
> POSTGREY_PID="--pidfile=/var/run/postgrey.pid"
>
> # Name of group which postgrey belongs, default is postgrey
> POSTGREY_GROUP="--group=postgrey"
>
> # Name of user which postgrey belongs, default is postgrey
> POSTGREY_USER="--user=postgrey"
>
> # DELAY
> POSTGREY_DELAY="--delay=60"
>
> # For more options can be used, please read manpage or execute `postgrey -h`.
> # Custom options.
> POSTGREY_OPTS=""
>
>
> -------------
> rocky linux 8
> -------------
>
> FROM rockylinux/rockylinux:latest
>
> ENV container docker
>
> RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i
> == \
>       systemd-tmpfiles-setup.service ] || rm -f $i; done); \
>       rm -f /lib/systemd/system/multi-user.target.wants/*;\
>       rm -f /etc/systemd/system/*.wants/*;\
>       rm -f /lib/systemd/system/local-fs.target.wants/*; \
>       rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
>       rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
>       rm -f /lib/systemd/system/basic.target.wants/*;\
>       rm -f /lib/systemd/system/anaconda.target.wants/*;
>
> VOLUME [ "/sys/fs/cgroup" ]
>
> CMD ["/usr/sbin/init"]
>
>
Giuseppe, Paul, Matt Do you think this is slirp4netns related?


Ranbir could you try with --net=hosts