Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netfilter-mailcow restarting #5334

Closed
5 tasks done
subedinfo-it opened this issue Jul 28, 2023 · 3 comments
Closed
5 tasks done

netfilter-mailcow restarting #5334

subedinfo-it opened this issue Jul 28, 2023 · 3 comments
Labels
bug stale Please update the issue with current status, unclear if it's still open/needed.

Comments

@subedinfo-it
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

This issue has been answered in the past, answered considering a "sort-of" solution was found, that does not persist between `Reboot`.

https://github.com/mailcow/mailcow-dockerized/issues/4474

The fix:


modprobe -v ip6table_filter
modprobe -v iptable_filter
docker-compose restart netfilter-mailcow

As this issue is closed, I am re-opening on a new issue.



### Logs:

```plain text
Netfilter logs only have ban/unban actions

Steps to reproduce:

1. Updated to the latest mailcow-dockerized
2. Checked if containers were running after update
3. Netfilter crashing and restarting

Which branch are you using?

master

Operating System:

Rocky Linux 9.2

Server/VM specifications:

2 Core 8 RAM

Is Apparmor, SELinux or similar active?

SELinux

Virtualization technology:

KVM

Docker version:

24.0.2

docker-compose version or docker compose version:

v2.19.0

mailcow version:

2023-07

Reverse proxy:

NGINX

Logs of git diff:

# git diff origin/master
diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..20952c05 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFszCCA5ugAwIBAgIUdKqDIm+yLA32fj8JUMlLDls7oRowDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEWMBQGA1UEAwwN
+bWFpbC5tYWdiZS5wdDAeFw0yMzA2MjQxNDE3NDRaFw0yNDA2MjMxNDE3NDRaMGkx
+CzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB1dpbGxpY2gxEDAO
+BgNVBAoMB21haWxjb3cxEDAOBgNVBAsMB21haWxjb3cxFjAUBgNVBAMMDW1haWwu
+bWFnYmUucHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQClBObmisZ8
+B88jRYfrqehXtM2Dq/OVTnYQhPdgt4iUIWSVGpYgYWyDOsl2UTAbymi13AXPn1x1
+FGeL52S0ydlvQyr3/j/KXKXZlROTundYVIA7u6uizz4jeHmpwEDYXscxeUBVpCY9
++HCbIh3bGtyFA75OXiIJA9nTldZw8e0hE+J6SB/o4PPP6uQuYIcbLxAxdKRC96gf
+1wh13DTfwDZYSfQoub5zPZWGbnIC1LGQfFm3dxIj2WmalKAzedx8Z+kSOLcDnVVZ
+fv1tkTHR4QlnSbPElGA/O5CqQubxr/JPqD+KOZj6eTfDA4aQze8V8HVOQQQJUU6S
+gSq/ryrgJdRYVWYdX+bskec7tr6/Tf9CwFnH1QMZD+M6xweHK3b+339KbmfahM+u
+SjNcxAmqb3Fod48FWoRqOkVKLAfRsCeg+sjFohhnt1DsU/cJyqanCSHO4Trv0141
+4XSai3e33bSz9kbAooWghjK25LZKAswVXF829upCyixAbXsZLvTMyd0YFnEiVf7T
+9cu2KT8SCG6sG9IDp3dSSjjSONwAt/HvA3/2roUS9emUVCEyEWOaoXx7uFofOMfv
+RQXWCt45YFEBQ7flkNL3h0lEwwtHMpQx9PxqLf9VYzPmWthQvrigOBtFUJaXB3Y7
+5MgVZupYSI/n4i1HVW8/R2AvwuNZ/zMRxwIDAQABo1MwUTAdBgNVHQ4EFgQU4wZP
+asfRgx8XUDjjp6Xk9PkCje0wHwYDVR0jBBgwFoAU4wZPasfRgx8XUDjjp6Xk9PkC
+je0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAJ8UPBG+iTE4K
+uZj+NE6nAiuAV8gRIk73hYYH9ToOanDO18i30b76xFo0VdiBWpLscA/OHx3yAKHl
+aulBxiOamf2rOIeVKCbrtN3jIi75iZmhvzhS7vpJCZzoFqQOJFo+G5GEoorB5uZm
+GQqZYocVNU3FTXdaz1KSb5wMMtnvAIwIwuN39qEbgxMM8Qzs+AM/7J+g9nhm0Jo2
+2SGWJL1S7OjrSs/0pgvRxhKrZqDr8N0uqbUffUpsWtogYIMIVj5cbE2dgfW2KEQY
+sF71HxBWkzv2wzCv9mZufNuz7Iz5vfSDBxWzn94mLbIYTByojqd6BPE2rDtDtZ4z
+pwi6pqxxgbx8QNrPO18rKrCZKD7ZFLRfGz3MtuLqtfeIC8rzsVIqD9rxhd2AiAGg
+e+Aav1tv0iELYxQ1vfnhBS6BpxIY9f9+vwaAQqMHB+kq38k2OKwILGrlDPKdcc0x
+sDHFSWIqnywyvc67HeofnEi8+KMh1bkg+RbiXrxXnvTRg3sHQ6aMzxtH59KO22JY
+gbap4B7kmgP6XYbc+cHREgvuWjN8b3xRitumcBa0d59haercVwrfHOto6zuOf/Xw
+OwB/zF7wVrmRWKREiq08Hk//WD502PapjiNwHResAPbpzByD8KHrDrgwBUwIG2sU
+Nk921yzqmteE35fT7rFg/Ns27V7fPnA=
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..c528b103 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQClBObmisZ8B88j
+RYfrqehXtM2Dq/OVTnYQhPdgt4iUIWSVGpYgYWyDOsl2UTAbymi13AXPn1x1FGeL
+52S0ydlvQyr3/j/KXKXZlROTundYVIA7u6uizz4jeHmpwEDYXscxeUBVpCY9+HCb
+Ih3bGtyFA75OXiIJA9nTldZw8e0hE+J6SB/o4PPP6uQuYIcbLxAxdKRC96gf1wh1
+3DTfwDZYSfQoub5zPZWGbnIC1LGQfFm3dxIj2WmalKAzedx8Z+kSOLcDnVVZfv1t
+kTHR4QlnSbPElGA/O5CqQubxr/JPqD+KOZj6eTfDA4aQze8V8HVOQQQJUU6SgSq/
+ryrgJdRYVWYdX+bskec7tr6/Tf9CwFnH1QMZD+M6xweHK3b+339KbmfahM+uSjNc
+xAmqb3Fod48FWoRqOkVKLAfRsCeg+sjFohhnt1DsU/cJyqanCSHO4Trv01414XSa
+i3e33bSz9kbAooWghjK25LZKAswVXF829upCyixAbXsZLvTMyd0YFnEiVf7T9cu2
+KT8SCG6sG9IDp3dSSjjSONwAt/HvA3/2roUS9emUVCEyEWOaoXx7uFofOMfvRQXW
+Ct45YFEBQ7flkNL3h0lEwwtHMpQx9PxqLf9VYzPmWthQvrigOBtFUJaXB3Y75MgV
+ZupYSI/n4i1HVW8/R2AvwuNZ/zMRxwIDAQABAoICAAeo3Jbi5ienrSOz/IUh09kO
+WWO9PYc2pyBJK7pfioVlr2eEXmeOXh0RQ3ysdBE2KfoXBmYGvaHpmozR5sjFfcQ+
+V+Y+9PMNrd0VoF0BEL0W3wTmxya9e+LlmrAYbmocrB5NxIC1J9lEiOWKhdw/uPCr
+pc+5atcESL4bfGKtuBYK+D44ztJebrK98m18qYjHfHbvNRiuqi0gLBJccE/aeitK
+83xYctCikSg2RDCBcuSEAR4U9tCXLOGx+GWrSGK16AmifEw8p1OKI3VMggV97pPO
+xftf77+/og1lIZciVZsA8kIWPlWR/taceUiLZoecK7XAKtHL5lvChxtypAjXeK21
+2Vn/imsGL81nOHc2Gm0e0KxVRjb4Blk7CAuc1OwPiCS82Ccwfzm+aPAN6SwRCd4t
+c3Up2+ykUQ7vFJR9WVk9WlstlVAgYKv5rY4DlBEqeD10DHe3JX/7tOTennFZSH0z
+BqtG4F94ap7wzL88HCZEuZ2JZz4xNrh+s4xXUWjeYaDbvfVB5v6BQrtaZ/GTmGaR
+oDCEUVoMAHZKqLFWv+/k0wN/Wl+M8uv5Gh9SmzGxhRu1DEyW7GDs91afbX0yc8cY
+2s8aS0h6A4hFXEJ4Z3lHRggsm8ZVYCjN0XRzkJL80KtZuZStL3Z//O3qL+qRs4P3
+jT3ny5UmjKloBtu8rxMRAoIBAQDALVty2IWhrvZoIwsik5U4850J7j8yN+qEP53E
+ALZ9EyQaMErzbLZIdWsRCO0xL0Z3yTHtd9k6oxoGF3DWCxqI79jDe4db2ISq30dO
+yyYqzopJ5HhWH+iYQstB2zQW68KZXNbNoeMEFFsdZI/oRkv/Vmsbk4hkYjNNSJVI
+ifyaN+0BekeoK1wIXt0aKnGYXarf/Ms/39Hc0FkXlb9VfxlYqnI5RLMwaoC0FI8j
+rdc25Bs0Ro7h5Xrrkjuc+Gyyl2h379pbPRqFmYaz1H5m1eXiu1ZF+fznOO2l0Pmm
+TjmC4UqoaLHTo8WcALvDdjmYDYnK1A0xGumyOn1FDdZyHYs1AoIBAQDb0psjuNpZ
+LQdIZEsYmbEglDAD7Jq6t9TF9KDJ4OqY8BUUBA4VI37aovm0612gDVluNwwJJkaV
+yqVHz2z574lqTrKjqbFBptQw9XNIWQAQ3kx6OgrLEZrGgw4buHT8/pfc1zSZgWr4
+Q8cKgFiUblwOcXabJZ2T/24fA/lOymXU4lQz3VrxdzM8Qja2RZtCSbYqQ8nINoY0
+Tt2EU41W5WZZodGufOPIp4/WEaZm2ZaV86qPLzJ811vUzQK3m7C+eVcaDbpT2Up3
+q9jp+QdZ+GQTqKKUX/xSXcEqp+K1BrcLF/dtBiPq7piqclyS+TCQBKrrUVy6ABl8
+FbYi7JeeWgyLAoIBAHXYWoemduua2scpFh7x2UO/P8FjM6Wb3FeUmy4iMcWpAy58
+BroXJABy4GDl1G2gy9mQqukv4Smv8rlhjnPzAyaNzaKyEWMk9tXBbXzH3nPJi8uc
+Kp7FmmAkNXgA74ROtlpNL/uRFiDeSrFPhV+uG9RMLgoPAkhsX4E4zTJaS2hWeyO4
+1FAvppQLeBIfjOEeLzaDUi+tFIgPy1JHJblL40MX4ktz8V3zMVE8ejoq1Bp47qWz
+ztJ/Yk0qsxuiyyUI66sAjin84lKivpNv7sMoz3ul3VWz4n33zuMrrqtotKOpe5qh
++MoLV5Y+bOWDjfXL939FYYGHO19rtn2t6p63tzECggEATTkkVR1IX5GJAG5zTzYW
+2poUcBx7kuKntc8leSYxY/7beMef5t8sXkRosp0IrARkiWp/KOuwWkjxXVPKNddn
+j9gLu6EOa0DfRD/F+wGBG2vss/eV+Ra7J8e8ehKHzqTl1qgni1HCsWqmDtNdyu8m
+GdDUWNaTD/3owq6Ts5E4ytujtwCpRTCZ6C5eqBO14kig3SIpTdORu+iEu0ra2U8H
+cK9/SOwI3WG4DvzuVy1TUGRkY56x/tdtJEnNDZF9OrzH05hE/9XS6k2Ni0x3v6ya
+A6n3S2aY7pqPFJwb8XplbVlDC6LflVWyfhZk3SD7ZWyuWrKff5wvV78M2CIDdZau
+1wKCAQB+3Pu/kipp8DWEOU572FiBUbCZsREKHiIDJ0WI0Njjk4FMO89XxBaZg8SS
+sokGA07DSXSZv/nA2qUysjIG4iNUCtVtFy6oyXqogQ9RTLT6Pb1RLpoasD98h4oN
+oxHyeTO+c8LpCoyn/8NY6+hn5gjEU0W4APl8kvsu4n7ZQwJj+Sas0EadnQfxC4ds
+kQ3lpJ2SUR6utccAWiL1ZrXE9N1JCi1G7CgGt5/Ur2VWhIakMjwfr5vCYuSNp/a8
+0qixtqxDmKXNHU+nzpOu8LZmmHEwGuyXxSq/skgYLJy4aCupTqoapbZtmZltVzhl
+qwDUXdACZ6U6d4/HljPkXqdjQvu7
+-----END PRIVATE KEY-----
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a5751c65..d6aba683 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -170,3 +170,6 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = mail.asdrubalicos.pt
+



### Logs of iptables -L -vn:

```plain text
# iptables -L -vn
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 222K   52M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 222K   52M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 186K   43M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
16732 1031K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
19959 7665K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
15972  986K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.3           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:3306
   36  2032 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:443
   20  1018 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
  683 40980 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
   12   704 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    9   492 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
19959 7665K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
  68M   15G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
5818K 1464M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  68M   15G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0        



### Logs of ip6tables -L -vn:

```plain text
# ip6tables -L -vn
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
53356   63M DOCKER-USER  all      *      *       ::/0                 ::/0                
  13M 7105M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
  12M 7025M DOCKER     all      *      br-mailcow  ::/0                 ::/0                
  10M 6877M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 302K   80M ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
1922K  137M ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   24  2655 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:80
  487 50934 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:443
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::e  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::e  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::e  tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  874  593K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
53356   63M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
  874  593K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  13M 7105M RETURN     all      *      *       ::/0                 ::/0        



### Logs of iptables -L -vn -t nat:

```plain text
# iptables -L -vn -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1001K   79M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3770  276K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.3           172.22.1.3           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.3:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.8:3306
   36  2032 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.10:443
   20  1018 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.10:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
  725 43500 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
   12   704 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    9   492 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110



### Logs of ip6tables -L -vn -t nat:

```plain text
# ip6tables -L -vn -t nat
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5542  379K DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all      *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
 205K   19M MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::7  fd4d:6169:6c63:6f77::7  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::7  fd4d:6169:6c63:6f77::7  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::8  fd4d:6169:6c63:6f77::8  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::8  fd4d:6169:6c63:6f77::8  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    6   480 RETURN     all      br-mailcow *       ::/0                 ::/0                
    2   168 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::d]:80
    6   504 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::d]:443
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::f]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::f]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::f]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::f]:110
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::f]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::e]:25
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::e]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::e]:587



### DNS check:

```plain text
# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
151.101.129.69
151.101.1.69
151.101.193.69
151.101.65.69
@Sk4y
Copy link

Sk4y commented Jul 30, 2023

Have the same issue with the exeption that my container logs look like this.

docker container logs "containerhash"

Traceback (most recent call last):
  File "/server.py", line 558, in <module>
    clear()
  File "/server.py", line 297, in clear
    filter6_table = iptc.Table6(iptc.Table6.FILTER)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 589, in __new__
    obj._init(name, autocommit)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 606, in _init
    self.refresh()
  File "/usr/lib/python3.10/site-packages/iptc/ip4tc.py", line 1634, in refresh
    raise IPTCError("can't initialize %s: %s" % (self.name,
iptc.ip4tc.IPTCError: can't initialize filter: b'iptables who? (do you need to insmod?)'
Clearing all bans
Traceback (most recent call last):
  File "/server.py", line 558, in <module>
    clear()
  File "/server.py", line 297, in clear
    filter6_table = iptc.Table6(iptc.Table6.FILTER)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 589, in __new__
    obj._init(name, autocommit)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 606, in _init
    self.refresh()
  File "/usr/lib/python3.10/site-packages/iptc/ip4tc.py", line 1634, in refresh
    raise IPTCError("can't initialize %s: %s" % (self.name,
iptc.ip4tc.IPTCError: can't initialize filter: b'iptables who? (do you need to insmod?)'

@l0tzi
Copy link

l0tzi commented Aug 15, 2023

#4802 (comment) fixed it for me

@milkmaker
Copy link
Collaborator

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@milkmaker milkmaker added the stale Please update the issue with current status, unclear if it's still open/needed. label Oct 14, 2023
@milkmaker milkmaker closed this as not planned Won't fix, can't repro, duplicate, stale Oct 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug stale Please update the issue with current status, unclear if it's still open/needed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@l0tzi @Sk4y @subedinfo-it @milkmaker