Concernant les services accéssible de l’exterrieur, je fais tourner Nextcloud, avec lequel je n’ai pas eu de problème. Home assitant semble aussi fonctionnel (je n’ai pas encore eu l’occasion de le tester de manière plus poussé que de voir l’interface web), owntracks fonctionne parfaitement,…
Pour les problème de diagnostique les voilà : (j’ai laisser uniquement les warning, erreur et infos) j’ai du enlever une partie des lien aussi
=================================
Base system (basesystem)
[INFO] Server hardware architecture is bare-metal amd64
- Server model is Acer Predator G3-710
[INFO] Server is running Linux kernel 5.10.0-21-amd64
[INFO] Server is running Debian 11.6
[INFO] Server is running YunoHost 11.1.6 (stable)
- yunohost version: 11.1.6 (stable)
- yunohost-admin version: 11.1.5 (stable)
- moulinette version: 11.1.4 (stable)
- ssowat version: 11.1.4 (stable)
[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in /security.
=================================
DNS records (dnsrecords)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)
[ERROR] Some DNS records are missing or incorrect for domain maindomain.tld (category mail)
- Please check the documentation at dns_config if you need help configuring DNS records.
- The following DNS record does not seem to follow the recommended configuration:
Type: MX
Name: @
Current value: [‘10 mx3.mail.ovh net.’, ‘1 mx4.mail.ovh nnet.’]
Expected value: 10 maindomain.tld.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: @
Value: “v=spf1 a mx -all”
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: mail._domainkey
Value: “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAeRezyxRDfMVws3p62waaM9/zawWp9bqS6X549nIjvWPVSTLF0UFYdd4DYqYYzXvP+B5uwnRP5tu1zfrWeTZphhyeja3Gsq6IbOx9vGx4FWsk4WR2O/Td2JLIEVdGDaHi1oWDG/adP4q52tQ+FdUMqA3Z4DntG1S7x5rGPPAwnQIDAQAB”
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: _dmarc
Value: “v=DMARC1; p=none”
[WARNING] Some DNS records are missing or incorrect for domain maindomain.tld (category xmpp)
- Please check the documentation at dns_config if you need help configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: SRV
Name: _xmpp-client._tcp
Value: 0 5 5222 maindomain.tld.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: SRV
Name: _xmpp-server._tcp
Value: 0 5 5269 maindomain.tld.
[WARNING] Some DNS records are missing or incorrect for domain maindomain.tld (category extra)
- Please check the documentation at dns_config if you need help configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: CAA
Name: @
Value: 128 issue “letsencrypt org”
[ERROR] Some DNS records are missing or incorrect for domain domain2.tld (category basic)
- Please check the documentation at dns_config if you need help configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: A
Name: vpn
Value: xx.xx.xx.xx
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: AAAA
Name: vpn
Value: xx:xx:xx:xx:xx:xx
[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category mail)
- Please check the documentation at dns_config if you need help configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: MX
Name: vpn
Value: 10 domain2.tld.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: vpn
Value: “v=spf1 a mx -all”
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: mail._domainkey.vpn
Value: “v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClvwTfm2Lm34kUPOm7to1WpNiRluQxdIWI/OyRALX3yDi/cypJbrm+tte/JVKk1SFFns4xFBVqm3VMz9ZCJbYS/lLcTYRiAArbhgFTsqt5wUr6BVJ/k/vbdspCI2kyZHxlcBZJ7uUATIOjuImcbRuu35Vi75IAvv5QfTGxirkhiwIDAQAB”
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: TXT
Name: _dmarc.vpn
Value: “v=DMARC1; p=none”
[WARNING] Some DNS records are missing or incorrect for domain domain2.tld (category extra)
- Please check the documentation at dns_config if you need help configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: A
Name: *.vpn
Value: xx.xx.xx.xx
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: AAAA
Name: *.vpn
Value: xx:xx:xx:xx:xx:xx
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: CAA
Name: vpn
Value: 128 issue “letsencrypt org”
[WARNING] Unable to check the expiration date for some domains
- The domain xn–imbert-rejen-fkb.ovh doesn’t exist in WHOIS database or is expired!
=================================
Ports exposure (ports)
[ERROR] Port 8098 is not reachable from the outside.
- Exposing this port is needed for [?] features (service wg-quick@wg0)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in isp_box_config
=================================
Email (mail)
[ERROR] The SMTP mail server cannot send emails to other servers because outgoing port 25 is blocked in IPv4.
- You should first try to unblock outgoing port 25 in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
- Some providers won’t let you unblock outgoing port 25 because they don’t care about Net Neutrality.
- Some of them provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN with a dedicated public IP to bypass these kinds of limits. See vpn_advantage
- You can also consider switching to a more net neutrality-friendly provider
[SUCCESS] The SMTP mail server is reachable from the outside and therefore is able to receive emails!
[ERROR] Reverse DNS is not correctly configured for IPv4. Some emails may fail to get delivered or be flagged as spam.
- Current reverse DNS: lfbn-idf3-1-33-72.w81-249 nabo wanadoo fr
Expected value: maindomain.tld
- You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
- Some providers won’t let you configure your reverse DNS (or their feature might be broken…). If you are experiencing issues because of this, consider the following solutions:
- Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN with a dedicated public IP to bypass this kind of limits. See vpn_advantage
- Or it’s possible to switch to a different provider
[ERROR] Reverse DNS is not correctly configured for IPv6. Some emails may fail to get delivered or be flagged as spam.
- Current reverse DNS: 2a01cb0808a0e6009aeecbfffe272e20 .ipv6.abo.wanadoo.fr
Expected value: maindomain.tld
- You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
- Some providers won’t let you configure your reverse DNS (or their feature might be broken…). If your reverse DNS is correctly configured for IPv4, you can try disabling the use of IPv6 when sending emails by running ‘yunohost settings set email.smtp.smtp_allow_ipv6 -v off’. Note: this last solution means that you won’t be able to send or receive emails from the few IPv6-only servers out there.
[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Spamhaus ZEN
- The blacklist reason is: “query/ip/xx.xx.xx.xx”
- After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on spamhaus org/zen/
[ERROR] Your IP or domain xx:xx:xx:xx:xx:xx is blacklisted on Spamhaus ZEN
- The blacklist reason is: “query/ip/xx:xx:xx:xx:xx:xx”
- After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on spamhaus org /zen/
[WARNING] Too many pending emails in mail queue (1481 emails)
=================================
Services status check (services)
[ERROR] Service code-server is failed 
- You can try to restart the service, and if it doesn’t work, have a look at the service logs in the webadmin (from the command line, you can do this with ‘yunohost service restart code-server’ and ‘yunohost service log code-server’).
[ERROR] Service dnsmasq is dead
- You can try to restart the service, and if it doesn’t work, have a look at the service logs in the webadmin (from the command line, you can do this with ‘yunohost service restart dnsmasq’ and ‘yunohost service log dnsmasq’).
[ERROR] Service pihole-FTL is exited
- You can try to restart the service, and if it doesn’t work, have a look at the service logs in the webadmin (from the command line, you can do this with ‘yunohost service restart pihole-FTL’ and ‘yunohost service log pihole-FTL’).