MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...

[Johnnii360]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Noticed this issue with `MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...` and `MAILCOW target is in position 3 in the ip input table, restarting container to fix it...` first yesterday.

I also know the two existing issues like #https://github.com/mailcow/mailcow-dockerized/issues/5798 and #https://github.com/mailcow/mailcow-dockerized/issues/5735 but want to open a new issue thread for better clarification/differentiation due to different systems. I also tried some possible solutions on this threads but nothing helped.

Btw. in my case UFW is installed but not active.

Logs:

redis-mailcow-1  | 1:M 24 Mar 2024 08:55:22.004 * 100 changes in 300 seconds. Saving...
redis-mailcow-1  | 1:M 24 Mar 2024 08:55:22.005 * Background saving started by pid 26
rspamd-mailcow-1  | 2024-03-24 08:34:52 #47(normal) <58a3b6>; task; rspamd_task_write_log: id: <eiTPrPcvHgT9r7fNvREYUy6YOmaBxeD1lAjggUa9E@hesse>, qid: <E78EC378002A>, ip: 78.138.114.80, from: <[email protected]>, (default: F (no action): [-7.66/15.00] [BAYES_HAM(-5.50){100.00%;},IP_REPUTATION_HAM(-1.25){asn: 61157(-0.35), country: DE(-0.01), ip: 78.138.114.80(-0.90);},DMARC_POLICY_ALLOW(-0.50){booklooker.de;quarantine;},MID_RHS_NOT_FQDN(0.50){},RCVD_DKIM_ARC_DNSWL_MED(-0.50){},FORGED_SENDER(0.30){[email protected];[email protected];},RCVD_IN_DNSWL_MED(-0.20){78.138.114.80:from;},R_DKIM_ALLOW(-0.20){booklooker.de:s=dkim1;},R_SPF_ALLOW(-0.20){+mx;},MIME_GOOD(-0.10){text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){jotoma.de:s=dkim:i=1;},ASN(0.00){asn:61157, ipnet:78.138.112.0/22, country:DE;},BCC(0.00){},DKIM_TRACE(0.00){booklooker.de:+;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){[email protected];[email protected];},HAS_PHPMAILER_SIG(0.00){},MIME_TRACE(0.00){0:+;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){jotoma.de;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 4057, time: 1804.633ms, dns req: 44, digest: <0f1c9b41288db9e66aa31334c73843a7>, rcpts: <***@jotoma.de>, mime_rcpts: <***@jotoma.de>
rspamd-mailcow-1  | 2024-03-24 08:34:52 #47(normal) <58a3b6>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 6 regexps matched, 3463 regexps total, 3221 regexps cached, 0B scanned using pcre, 9.24KiB scanned total
rspamd-mailcow-1  | 2024-03-24 08:37:06 #47(normal) <b7b393>; task; rspamd_task_write_log: id: <undef>, qid: <C2D49378002A>, ip: 2a02:810d:b63f:fdc8:a0f7:d660:5ef7:c628, user: ***@jotoma.de, from: <***@jotoma.de>, (default: F (no action): [-21.99/15.00] [MAILCOW_AUTH(-20.00){},BAYES_HAM(-5.49){99.99%;},MISSING_MID(2.50){},MIME_BASE64_TEXT_BOGUS(1.00){},MIME_BASE64_TEXT(0.10){},MIME_GOOD(-0.10){multipart/mixed;multipart/alternative;text/plain;},ARC_NA(0.00){},ASN(0.00){asn:3209, ipnet:2a02:8100::/27, country:DE;},BCC(0.00){},DKIM_SIGNED(0.00){jotoma.de:s=dkim;},DYN_RL_CHECK(0.00){},FREEMAIL_ENVRCPT(0.00){icloud.com;},FREEMAIL_TO(0.00){icloud.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},HAS_ATTACHMENT(0.00){},MAILCOW_DOMAIN_HEADER_FROM(0.00){jotoma.de;},MIME_TRACE(0.00){0:+;1:+;2:+;3:~;4:~;},MISSING_XM_UA(0.00){},MOO_FOOTER(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_ZERO(0.00){0;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 5874452, time: 1016.566ms, dns req: 6, digest: <e441eeb4108e3e4f8c1ab94741b4cade>, rcpts: <***@icloud.com>, mime_rcpts: <***@icloud.com>
rspamd-mailcow-1  | 2024-03-24 08:37:06 #47(normal) <b7b393>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 1 regexps matched, 3463 regexps total, 3140 regexps cached, 0B scanned using pcre, 931B scanned total
rspamd-mailcow-1  | 2024-03-24 08:52:52 #47(normal) <6b6333>; task; rspamd_task_write_log: id: <[email protected]>, qid: <3B53D378002A>, ip: 192.174.95.199, from: <[email protected]>, (default: F (no action): [-6.57/15.00] [BAYES_HAM(-5.50){100.00%;},DMARC_POLICY_ALLOW(-0.50){mailing.hanf-gesundheit.de;none;},IP_REPUTATION_HAM(-0.34){asn: 23528(-0.33), country: US(-0.01), ip: 192.174.95.199(0.00);},MANY_INVISIBLE_PARTS(0.20){3;},MIME_HTML_ONLY(0.20){},RWL_MAILSPIKE_VERYGOOD(-0.20){192.174.95.199:from;},R_DKIM_ALLOW(-0.20){mailing.hanf-gesundheit.de:s=scph0721;},R_SPF_ALLOW(-0.20){+exists:192.174.95.199._spf.sparkpostmail.com;},MAILLIST(-0.11){generic;},ZERO_FONT(0.10){1;},HAS_LIST_UNSUB(-0.01){},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){jotoma.de:s=dkim:i=1;},ASN(0.00){asn:23528, ipnet:192.174.95.0/24, country:US;},BCC(0.00){},DKIM_TRACE(0.00){mailing.hanf-gesundheit.de:+;},FORGED_SENDER_MAILLIST(0.00){},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){[email protected];[email protected];},HAS_REPLYTO(0.00){[email protected];},MIME_TRACE(0.00){0:~;},MISSING_XM_UA(0.00){},PRECEDENCE_BULK(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){jotoma.de;},RCVD_COUNT_ZERO(0.00){0;},REPLYTO_DOM_NEQ_FROM_DOM(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 70873, time: 1304.613ms, dns req: 65, digest: <db570f9f913debcc81381e3a7a6d66dc>, rcpts: <***@jotoma.de>, mime_rcpts: <***@jotoma.de>
rspamd-mailcow-1  | 2024-03-24 08:52:52 #47(normal) <6b6333>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 2 regexps matched, 3463 regexps total, 3227 regexps cached, 0B scanned using pcre, 79.36KiB scanned total
watchdog-mailcow-1  | 9
watchdog-mailcow-1  | 8
watchdog-mailcow-1  | 7
watchdog-mailcow-1  | 6
watchdog-mailcow-1  | 5
dockerapi-mailcow-1  | -----
watchdog-mailcow-1   | 4
watchdog-mailcow-1   | 3
watchdog-mailcow-1   | 2
watchdog-mailcow-1   | 1
watchdog-mailcow-1   | Sun Mar 24 08:26:24 CET 2024 - USE_WATCHDOG=n, skipping watchdog...
clamd-mailcow-1      | phishtank.ndb
clamd-mailcow-1      | rogue.hdb
clamd-mailcow-1      | 
redis-mailcow-1   | 26:C 24 Mar 2024 08:55:22.183 * DB saved on disk
clamd-mailcow-1      | sent 19,226 bytes  received 35,214 bytes  36,293.33 bytes/sec
clamd-mailcow-1      | total size is 18,185,394  speedup is 334.04
clamd-mailcow-1      | RELOADING
clamd-mailcow-1      | Sun Mar 24 07:35:55 2024 -> Reading databases from /var/lib/clamav
clamd-mailcow-1      | Sun Mar 24 07:36:18 2024 -> Database correctly reloaded (8840662 signatures)
clamd-mailcow-1      | Sun Mar 24 07:36:18 2024 -> Database reload completed.
redis-mailcow-1      | 26:C 24 Mar 2024 08:55:22.184 * Fork CoW for RDB: current 1 MB, peak 1 MB, average 0 MB
clamd-mailcow-1      | Sun Mar 24 07:36:18 2024 -> Activating the newly loaded database...
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:06 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:06 +0100] "POST /pushover.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:28 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:28 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:28 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:28 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:28 +0100] "POST /pushover.php HTTP/1.1" 200 5 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:30 +0100] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:39 +0100] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.7.5"
nginx-mailcow-1      | 172.22.1.10 - - [24/Mar/2024:09:00:39 +0100] "GET /forwardinghosts.php HTTP/1.1" 200 76 "-" "rspamd-3.7.5"
postfix-mailcow-1    | Mar 24 09:00:28 9ce45b3dd19e postfix/lmtp[502]: 3AF48378002A: to=<***@jotoma.de>, relay=dovecot[fd4d:6169:6c63:6f77::b]:24, delay=2.1, delays=2/0.01/0.01/0.02, dsn=2.0.0, status=sent (250 2.0.0 <***@jotoma.de> MMHNNpzd/2XcBQAAG+mSdg Saved)
redis-mailcow-1      | 1:M 24 Mar 2024 08:55:22.206 * Background saving terminated with success
dockerapi-mailcow-1  | INFO:     Started server process [1]
dockerapi-mailcow-1  | INFO:     Waiting for application startup.
dockerapi-mailcow-1  | INFO:     Init APP
dockerapi-mailcow-1  | INFO:     Subscribe to redis channel
dockerapi-mailcow-1  | INFO:     Application startup complete.
dovecot-mailcow-1    | Mar 24 09:00:06 42d19cd3a8da dovecot: lmtp(1500): Connect from 172.22.1.253
dovecot-mailcow-1    | Mar 24 09:00:06 42d19cd3a8da dovecot: lmtp(***@jotoma.de)<1500><7j6bB4bd/2XcBQAAG+mSdg>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
dovecot-mailcow-1    | Mar 24 09:00:06 42d19cd3a8da dovecot: lmtp(1500): Disconnect from 172.22.1.253: Logged out (state=READY)
dovecot-mailcow-1    | Mar 24 09:00:07 42d19cd3a8da dovecot: imap-login: Login: user=<***@jotoma.de>, method=PLAIN, rip=2a02:810d:b63f:fdc8:a0f7:d660:5ef7:c628, lip=fd4d:6169:6c63:6f77::b, mpid=1505, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
dovecot-mailcow-1    | Mar 24 09:00:08 42d19cd3a8da dovecot: imap(***@jotoma.de)<1505><mtkDcmMULswqAoENtj/9yKD31mBe98Yo>: Disconnected: Connection closed (UID FETCH finished 0.423 secs ago) in=531 out=64072 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=505 body_count=2 body_bytes=60469
dovecot-mailcow-1    | Mar 24 09:00:28 42d19cd3a8da dovecot: lmtp(1500): Connect from fd4d:6169:6c63:6f77::11
dovecot-mailcow-1    | Mar 24 09:00:28 42d19cd3a8da dovecot: lmtp(***@jotoma.de)<1500><MMHNNpzd/2XcBQAAG+mSdg>: sieve: msgid=<XTXzVG9SSDGEA5gdXHkXOQ@geopod-ismtpd-5>: stored mail into mailbox 'INBOX'
dovecot-mailcow-1    | Mar 24 09:00:28 42d19cd3a8da dovecot: lmtp(1500): Disconnect from fd4d:6169:6c63:6f77::11: Logged out (state=READY)
dovecot-mailcow-1    | Mar 24 09:00:30 42d19cd3a8da dovecot: imap-login: Login: user=<***@jotoma.de>, method=PLAIN, rip=2a02:810d:b63f:fdc8:a0f7:d660:5ef7:c628, lip=fd4d:6169:6c63:6f77::b, mpid=1559, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
dovecot-mailcow-1    | Mar 24 09:00:31 42d19cd3a8da dovecot: imap(***@jotoma.de)<1559><BtVcc2MUNMwqAoENtj/9yKD31mBe98Yo>: Disconnected: Connection closed (UID FETCH finished 0.575 secs ago) in=531 out=178764 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=351 body_count=2 body_bytes=175267
rspamd-mailcow-1    | 2024-03-24 09:00:06 #47(normal) <03c582>; task; rspamd_task_write_log: id: <[email protected]>, qid: <E2ACD378002A>, ip: 91.211.241.163, from: <[email protected]>, (default: F (no action): [-5.26/15.00] [BAYES_HAM(-5.50){100.00%;},URI_COUNT_ODD(1.00){77;},DMARC_POLICY_ALLOW(-0.50){newsletter.pharmeo.de;reject;},IP_REPUTATION_HAM(-0.33){asn: 199236(-0.32), country: AT(-0.01), ip: 91.211.241.163(0.00);},FORGED_SENDER(0.30){[email protected];[email protected];},R_DKIM_ALLOW(-0.20){newsletter.pharmeo.de:s=03052021;emarsys.net:s=key2;},R_SPF_ALLOW(-0.20){+ip4:91.211.240.0/22;},R_PARTS_DIFFER(0.17){58.9%;},BAD_WORDS_DE(0.10){},MIME_GOOD(-0.10){multipart/alternative;text/plain;},HAS_LIST_UNSUB(-0.01){},MX_GOOD(-0.01){},XM_UA_NO_VERSION(0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){jotoma.de:s=dkim:i=1;},ASN(0.00){asn:199236, ipnet:91.211.241.0/24, country:AT;},BCC(0.00){},DKIM_TRACE(0.00){newsletter.pharmeo.de:+;emarsys.net:+;},DWL_DNSWL_NONE(0.00){emarsys.net:dkim;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){[email protected];[email protected];},MIME_TRACE(0.00){0:+;1:+;2:~;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){jotoma.de;},RCVD_COUNT_ZERO(0.00){0;},RCVD_IN_DNSWL_NONE(0.00){91.211.241.163:from;},RWL_MAILSPIKE_POSSIBLE(0.00){91.211.241.163:from;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 59604, time: 1069.543ms, dns req: 72, digest: <23ff352b8a090dca107b0259257eabf8>, rcpts: <***@jotoma.de>, mime_rcpts: <***@jotoma.de>
rspamd-mailcow-1     | 2024-03-24 09:00:06 #47(normal) <03c582>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 10 regexps matched, 3463 regexps total, 3207 regexps cached, 0B scanned using pcre, 73.83KiB scanned total
rspamd-mailcow-1     | 2024-03-24 09:00:28 #47(normal) <571d02>; task; rspamd_task_write_log: id: <XTXzVG9SSDGEA5gdXHkXOQ@geopod-ismtpd-5>, qid: <3AF48378002A>, ip: 159.183.124.125, from: <[email protected]>, (default: F (no action): [0.70/15.00] [BAYES_HAM(-5.49){99.99%;},HS_BODY_2273(4.00){},IP_REPUTATION_HAM(-1.07){asn: 11377(-0.32), country: US(-0.01), ip: 159.183.124.125(-0.75);},MANY_INVISIBLE_PARTS(1.00){10;},URI_COUNT_ODD(1.00){47;},ZERO_FONT(1.00){11;},DMARC_POLICY_ALLOW(-0.50){myfairtrade.com;none;},MID_RHS_NOT_FQDN(0.50){},MV_CASE(0.50){},FORGED_SENDER(0.30){[email protected];[email protected];},R_DKIM_ALLOW(-0.20){myfairtrade.com:s=kl;},R_SPF_ALLOW(-0.20){+ip4:159.183.0.0/16;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},HAS_LIST_UNSUB(-0.01){},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){jotoma.de:s=dkim:i=1;},ASN(0.00){asn:11377, ipnet:159.183.64.0/18, country:US;},BCC(0.00){},DKIM_TRACE(0.00){myfairtrade.com:+;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){[email protected];[email protected];},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){jotoma.de;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},TAGGED_FROM(0.00){37774040-067c-christiane.mages=jotoma.de;},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 177113, time: 918.510ms, dns req: 48, digest: <b42e9ac626db55c52d3c61e5400544fd>, rcpts: <***@jotoma.de>, mime_rcpts: <***@jotoma.de>
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Confirmed AAAA record with IP 2a01:04f8:0192:148b:0000:0000:0000:0002, but HTTP validation failed
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Validated CAA for parent domain jotoma.de
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Found AAAA record for autoconfig.jotoma.de: 2a01:4f8:192:148b::2 - skipping A record check
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Confirmed AAAA record with IP 2a01:04f8:0192:148b:0000:0000:0000:0002, but HTTP validation failed
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Validated CAA for parent domain jotoma.de
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Found AAAA record for mail.jotoma.de: 2a01:4f8:192:148b::2 - skipping A record check
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Confirmed AAAA record with IP 2a01:04f8:0192:148b:0000:0000:0000:0002
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Validated CAA for parent domain jotoma.de of mail.jotoma.de
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Certificate /var/lib/acme/mail.jotoma.de/cert.pem validation done, neither changed nor due for renewal.
netfilter-mailcow-1  | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
acme-mailcow-1       | Sun Mar 24 08:25:55 CET 2024 - Certificates were successfully validated, no changes or renewals required, sleeping for another day.
unbound-mailcow-1    | #=#=#                                                                          
##O#-#                                                                         
##O=#  #                                                                       

######################################################################## 100.0%
unbound-mailcow-1    | setup in directory /etc/unbound
unbound-mailcow-1    | Certificate request self-signature ok
unbound-mailcow-1    | subject=CN = unbound-control
unbound-mailcow-1    | removing artifacts
unbound-mailcow-1    | Setup success. Certificates created. Enable in unbound.conf file to use
unbound-mailcow-1    | [1711265118] unbound[1:0] notice: init module 0: validator
unbound-mailcow-1    | [1711265118] unbound[1:0] notice: init module 1: iterator
unbound-mailcow-1    | [1711265118] unbound[1:0] info: start of service (unbound 1.17.1).
unbound-mailcow-1    | [1711265119] unbound[1:0] info: generate keytag query _ta-4f66. NULL IN
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
dockerapi-mailcow-1  | INFO:     Uvicorn running on https://0.0.0.0:443 (Press CTRL+C to quit)
dockerapi-mailcow-1  | INFO:     172.22.1.7:46244 - "GET /containers/json HTTP/1.1" 200 OK
dockerapi-mailcow-1  | INFO:     api call: container_post__exec__system__mysql_upgrade, container_id: a4d5d1d5120fefc53219885097e4dda0fbd16dacc2d060ad1bfad7dfe0d0c654
dockerapi-mailcow-1  | INFO:     172.22.1.7:46260 - "POST /containers/a4d5d1d5120fefc53219885097e4dda0fbd16dacc2d060ad1bfad7dfe0d0c654/exec HTTP/1.1" 200 OK
postfix-mailcow-1    | Mar 24 09:00:28 9ce45b3dd19e postfix/qmgr[377]: 3AF48378002A: removed
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | Setting MAILCOW isolation
rspamd-mailcow-1     | 2024-03-24 09:00:28 #47(normal) <571d02>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 3463 regexps total, 3222 regexps cached, 0B scanned using pcre, 197.31KiB scanned total
php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::c -  24/Mar/2024:09:00:28 +0100 "GET /bcc.php" 200
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] InnoDB: 10.5.24 started; log sequence number 692855838; transaction id 3912113
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
solr-mailcow-1       | 2024-03-24 08:00:28.990 INFO  (qtp1819940427-16) [   x:dovecot-fts] o.a.s.u.p.LogUpdateProcessorFactory [dovecot-fts]  webapp=/solr path=/update params={}{add=[15723/3371b5294eff1a5da6040000df6cd9ee/***@jotoma.de (1794393745884446720)]} 0 29
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] InnoDB: Buffer pool(s) load completed at 240324  8:25:17
solr-mailcow-1       | 2024-03-24 08:00:28.992 INFO  (qtp1819940427-22) [   x:dovecot-fts] o.a.s.u.DirectUpdateHandler2 start commit{_version_=1794393745907515392,optimize=false,openSearcher=true,waitSearcher=true,expungeDeletes=false,softCommit=true,prepareCommit=false}
redis-mailcow-1      | 1:M 24 Mar 2024 09:00:23.027 * 100 changes in 300 seconds. Saving...
solr-mailcow-1       | 2024-03-24 08:00:29.007 INFO  (qtp1819940427-22) [   x:dovecot-fts] o.a.s.s.SolrIndexSearcher Opening [Searcher@2c75908a[dovecot-fts] main]
olefy-mailcow-1      | olefy INFO <module> olefy listen address: ['0.0.0.0'] (type: <class 'list'>)
solr-mailcow-1       | 2024-03-24 08:00:29.009 INFO  (qtp1819940427-22) [   x:dovecot-fts] o.a.s.u.DirectUpdateHandler2 end_commit_flush
olefy-mailcow-1      | olefy INFO <module> olefy listen port: 10055
solr-mailcow-1       | 2024-03-24 08:00:29.011 INFO  (searcherExecutor-10-thread-1-processing-x:dovecot-fts) [   x:dovecot-fts] o.a.s.c.SolrCore [dovecot-fts] Registered new searcher Searcher@2c75908a[dovecot-fts] main{ExitableDirectoryReader(UninvertingDirectoryReader(Uninverting(_8uvr(7.7.3):C20667/49:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=2147483647, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=7, os.version=5.10.0-28-amd64, timestamp=1710833376089}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]:delGen=4) Uninverting(_8uvq(7.7.3):c400/20:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=2147483647, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1710833376089}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]:delGen=2) Uninverting(_8uxs(7.7.3):c44/1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=2147483647, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1711004581505}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]:delGen=1) Uninverting(_8uys(7.7.3):c27:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=2147483647, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1711078110120}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8uya(7.7.3):C1:[diagnostics={java.runtime.version=11.0.15+10, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os=Linux, os.arch=amd64, os.version=5.10.0-28-amd64, source=flush, timestamp=1711031855879}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v03(7.7.3):c36/1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=2147483647, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1711207807046}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]:delGen=1) Uninverting(_8v0s(7.7.3):c10:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=-1, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1711265841339}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0f(7.7.3):c10:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, mergeMaxNumSegments=-1, os.arch=amd64, java.runtime.version=11.0.15+10, source=merge, mergeFactor=10, os.version=5.10.0-28-amd64, timestamp=1711220635926}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0c(7.7.3):C1:[diagnostics={java.runtime.version=11.0.15+10, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os=Linux, os.arch=amd64, os.version=5.10.0-28-amd64, source=flush, timestamp=1711217213067}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0d(7.7.3):C1:[diagnostics={java.runtime.version=11.0.15+10, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os=Linux, os.arch=amd64, os.version=5.10.0-28-amd64, source=flush, timestamp=1711217251308}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0j(7.7.3):C1:[diagnostics={java.runtime.version=11.0.15+10, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os=Linux, os.arch=amd64, os.version=5.10.0-28-amd64, source=flush, timestamp=1711245445228}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0m(7.7.3):C1:[diagnostics={java.runtime.version=11.0.15+10, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os=Linux, os.arch=amd64, os.version=5.10.0-28-amd64, source=flush, timestamp=1711263891769}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0p(7.7.3):C1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os.arch=amd64, java.runtime.version=11.0.15+10, source=flush, os.version=5.10.0-28-amd64, timestamp=1711265533899}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0t(7.7.3):C1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os.arch=amd64, java.runtime.version=11.0.15+10, source=flush, os.version=5.10.0-28-amd64, timestamp=1711266772791}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0u(7.7.3):C1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os.arch=amd64, java.runtime.version=11.0.15+10, source=flush, os.version=5.10.0-28-amd64, timestamp=1711267206232}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_8v0v(7.7.3):C1:[diagnostics={os=Linux, java.vendor=Oracle Corporation, java.version=11.0.15, java.vm.version=11.0.15+10, lucene.version=7.7.3, os.arch=amd64, java.runtime.version=11.0.15+10, source=flush, os.version=5.10.0-28-amd64, timestamp=1711267229004}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}])))}
solr-mailcow-1       | 2024-03-24 08:00:29.013 INFO  (qtp1819940427-22) [   x:dovecot-fts] o.a.s.u.p.LogUpdateProcessorFactory [dovecot-fts]  webapp=/solr path=/update params={}{commit=} 0 21
solr-mailcow-1       | 2024-03-24 08:00:43.990 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.DirectUpdateHandler2 start commit{,optimize=false,openSearcher=false,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
solr-mailcow-1       | 2024-03-24 08:00:43.990 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.SolrIndexWriter Calling setCommitData with IW:org.apache.solr.update.SolrIndexWriter@2303ffdc commitCommandVersion:0
postfix-mailcow-1    | Mar 24 09:00:29 9ce45b3dd19e postfix/smtpd[498]: disconnect from o2550.kl.myfairtrade.com[159.183.124.125] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
postfix-mailcow-1    | Mar 24 09:00:30 9ce45b3dd19e postfix/smtps/smtpd[388]: lost connection after AUTH from unknown[194.169.175.17]
postfix-mailcow-1    | Mar 24 09:00:30 9ce45b3dd19e postfix/smtps/smtpd[388]: disconnect from unknown[194.169.175.17] ehlo=1 auth=0/1 rset=1 commands=2/3
postfix-mailcow-1    | Mar 24 09:00:31 9ce45b3dd19e postfix/smtps/smtpd[381]: Anonymous TLS connection established from unknown[194.169.175.17]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix-mailcow-1    | Mar 24 09:00:37 9ce45b3dd19e postfix/smtps/smtpd[381]: discarding EHLO keywords: CHUNKING
postfix-mailcow-1    | Mar 24 09:00:37 9ce45b3dd19e postfix/smtps/smtpd[386]: warning: unknown[194.169.175.10]: SASL LOGIN authentication failed: UGFzc3dvcmQ6, [email protected]
postfix-mailcow-1    | Mar 24 09:00:41 9ce45b3dd19e postfix/smtps/smtpd[386]: lost connection after AUTH from unknown[194.169.175.10]
postfix-mailcow-1    | Mar 24 09:00:41 9ce45b3dd19e postfix/smtps/smtpd[386]: disconnect from unknown[194.169.175.10] ehlo=1 auth=0/1 rset=1 commands=2/3
olefy-mailcow-1      | olefy INFO <module> olefy tmp dir: /tmp
olefy-mailcow-1      | olefy INFO <module> olefy python path: /usr/bin/python3
olefy-mailcow-1      | olefy INFO <module> olefy olvba path: /usr/bin/olevba
olefy-mailcow-1      | olefy INFO <module> olefy log level: 20
olefy-mailcow-1      | olefy INFO <module> olefy min file length: 500
olefy-mailcow-1      | olefy INFO <module> olefy delete tmp file: 1
php-fpm-mailcow-1    | 172.22.1.8 -  24/Mar/2024:09:00:28 +0100 "GET /bcc.php" 200
sogo-mailcow-1       | 2024-03-24 08:25:18,893 INFO success: bootstrap-sogo entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: <0x0x55e6ea2a49a0[SOGoCache]> Cache cleanup interval set every 900.000000 seconds
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: <0x0x55e6ea2a49a0[SOGoCache]> Using host(s) 'memcached' as server(s)
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: <0x0x55e6ea329d30[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: <0x0x55e6ea329d30[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: <0x0x55e6ea329d30[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table
sogo-mailcow-1       | Mar 24 08:32:11 ff4161d40341 sogod [65]: 37.4.230.24 "PROPFIND /SOGo/dav/***@jotoma.de/Calendar/personal/ HTTP/1.0" 207 503/266 0.036 - - 3M - 13
sogo-mailcow-1       | Mar 24 08:32:12 ff4161d40341 sogod [65]: 37.4.230.24 "PROPFIND /SOGo/dav/[email protected]/Calendar/personal/ HTTP/1.0" 207 517/266 0.017 - - 1M - 14
sogo-mailcow-1       | Mar 24 08:33:00 ff4161d40341 sogod [65]: 2a02:810d:b63f:fdc8:a974:d3e9:aac4:a218 "REPORT /SOGo/dav/[email protected]/Calendar/personal/ HTTP/1.0" 207 125/188 0.012 - - 0 - 14
sogo-mailcow-1       | Mar 24 08:33:30 ff4161d40341 sogod [65]: 2a02:810d:b63f:fdc8:a974:d3e9:aac4:a218 "REPORT /SOGo/dav/[email protected]/Contacts/personal/ HTTP/1.0" 207 125/303 0.010 - - 0 - 13
redis-mailcow-1      | 1:M 24 Mar 2024 09:00:23.029 * Background saving started by pid 27
ofelia-mailcow-1     | 2024-03-24T09:00:18.009+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "dovecot_trim_logs" (a0f4ef0f2e28)] Started - /bin/bash -c "[[ ${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0"
redis-mailcow-1      | 27:C 24 Mar 2024 09:00:23.177 * DB saved on disk
ofelia-mailcow-1     | 2024-03-24T09:00:18.01+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "dovecot_imapsync_runner" (ce219dd50d13)] Started - /bin/bash -c "[[ ${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0"
ofelia-mailcow-1     | 2024-03-24T09:00:18.072+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "dovecot_repl_health" (afa323d2fab8)] Finished in "64.00083ms", failed: false, skipped: false, error: none
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
ofelia-mailcow-1     | 2024-03-24T09:00:18.089+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "dovecot_trim_logs" (a0f4ef0f2e28)] Finished in "79.45024ms", failed: false, skipped: false, error: none
solr-mailcow-1       | 2024-03-24 08:00:44.007 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.s.SolrIndexSearcher Opening [Searcher@32db046c[dovecot-fts] realtime]
solr-mailcow-1       | 2024-03-24 08:00:44.008 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.DirectUpdateHandler2 end_commit_flush
redis-mailcow-1      | 27:C 24 Mar 2024 09:00:23.178 * Fork CoW for RDB: current 1 MB, peak 1 MB, average 0 MB
redis-mailcow-1      | 1:M 24 Mar 2024 09:00:23.229 * Background saving terminated with success
php-fpm-mailcow-1    | [24-Mar-2024 09:00:28] WARNING: [pool system-worker] child 38 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: query ***@jotoma.de as username from mailbox"
php-fpm-mailcow-1    | [24-Mar-2024 09:00:28] WARNING: [pool system-worker] child 38 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: mailbox found: ***@jotoma.de"
php-fpm-mailcow-1    | [24-Mar-2024 09:00:28] WARNING: [pool system-worker] child 38 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: goto array count on loop #1 is 0"
php-fpm-mailcow-1    | [24-Mar-2024 09:00:28] WARNING: [pool system-worker] child 38 said into stderr: "NOTICE: PHP message: NOTIFY: pushover pipe: processing pushover message for rcpt ***@jotoma.de"
php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::c -  24/Mar/2024:09:00:28 +0100 "POST /pushover.php" 200
ofelia-mailcow-1     | 2024-03-24T09:00:18.188+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "sogo_sessions" (e46fdda125e4)] StdErr: 2024-03-24 08:00:18.177 sogo-tool[975:975] Remove all sessions older than 480 min
php-fpm-mailcow-1    | 172.22.1.8 -  24/Mar/2024:09:00:30 +0100 "HEAD /settings.php" 304
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] Server socket created on IP: '::'.
php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::c -  24/Mar/2024:09:00:39 +0100 "HEAD /forwardinghosts.php" 200
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Warning] 'proxies_priv' entry '@% root@c41241a14051' ignored in --skip-name-resolve mode.
php-fpm-mailcow-1    | 172.22.1.8 -  24/Mar/2024:09:00:39 +0100 "GET /forwardinghosts.php" 200
mysql-mailcow-1      | 2024-03-24  8:25:17 1 [Note] Event Scheduler: scheduler thread started with id 1
mysql-mailcow-1      | 2024-03-24  8:25:17 0 [Note] mysqld: ready for connections.
mysql-mailcow-1      | Version: '10.5.24-MariaDB-1:10.5.24+maria~ubu2004'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
olefy-mailcow-1      | olefy INFO <module> olefy delete tmp file when failed: 1
olefy-mailcow-1      | olefy INFO <module> serving on ('0.0.0.0', 10055)
ofelia-mailcow-1     | 2024-03-24 08:00:18.184 sogo-tool[975:975] No session to remove
ofelia-mailcow-1     | 2024-03-24T09:00:18.188+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "sogo_sessions" (e46fdda125e4)] Finished in "181.689858ms", failed: false, skipped: false, error: none
ofelia-mailcow-1     | 2024-03-24T09:00:18.192+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "sogo_eautoreply" (d0174ce3e6cc)] Finished in "186.201574ms", failed: false, skipped: false, error: none
ofelia-mailcow-1     | 2024-03-24T09:00:18.214+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "dovecot_imapsync_runner" (ce219dd50d13)] Finished in "204.337966ms", failed: false, skipped: false, error: none
ofelia-mailcow-1     | 2024-03-24T09:00:18.236+01:00 �[32m common.go:125 ▶ NOTICE�[0m [Job "sogo_ealarms" (1a0cf3bbe438)] Finished in "227.095087ms", failed: false, skipped: false, error: none

Steps to reproduce:

Don't know the steps to reproduce. Just keep my system up-to-date and yesterday I firstly noticed this issue.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 11.9

Server/VM specifications:

32 GB DDR3-RAM, Intel Xeon E3-1245 V2 with 4 Cores and 8 Threads

Is Apparmor, SELinux or similar active?

yes, Apparmor

Virtualization technology:

Dedicated Server, no virtualization; MAILCOW is dockerized

Docker version:

26.0.0

docker-compose version or docker compose version:

v2.11.1

mailcow version:

2024-02

Reverse proxy:

Apache

Logs of git diff:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db..42ecca3b 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -114,8 +114,8 @@ smtpd_tls_loglevel = 1
 
 # Mandatory protocols and ciphers are used when a connections is enforced to use TLS
 # Does _not_ apply to enforced incoming TLS settings per mailbox
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_mandatory_ciphers = high
 
@@ -173,3 +173,36 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 22M packets, 27G bytes)
 pkts bytes target     prot opt in     out     source               destination         
 352K   33M f2b-noscript  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
 374K   42M f2b-auth   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
  22M   27G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
1392K  176M f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
  22M   27G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
24068   14M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
24068   14M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
16979 7078K ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 1304 84989 DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 5404 6747K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 1225 80329 ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
  258 40296 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
  288 21162 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  19M   11G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  19M   11G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 25M packets, 32G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.2           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    2   120 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
   71  4260 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    6   280 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5404 6747K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
  288 21162 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
34895   20M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 7050 6962K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  20M   12G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Chain f2b-auth (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 372K   42M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f2b-noscript (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 352K   33M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f2b-sshd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   26  1952 REJECT     all  --  *      *       180.101.88.240       0.0.0.0/0            reject-with icmp-port-unreachable
   19  1504 REJECT     all  --  *      *       72.206.88.130        0.0.0.0/0            reject-with icmp-port-unreachable
 930K  141M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 11M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  11M   11G MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
  11M   11G MAILCOW    all      *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
24609   30M DOCKER-USER  all      *      *       ::/0                 ::/0                
24609   30M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
14700   29M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 4350  297K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
 5559  642K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
 4318  294K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                
8686K   11G MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
8687K   11G MAILCOW    all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 6702K packets, 27G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !docker0 docker0  ::/0                 fd00:dead:beef:c0:0:242:ac11:2  tcp dpt:80
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    9   720 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
   18  1440 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    1    80 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:465
    4   256 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5559  642K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
33923   35M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
 6186  738K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
8927K   11G RETURN     all      *      *       ::/0                 ::/0                

Chain MAILCOW (4 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

iptables v1.8.7 (nf_tables): table `nat' is incompatible, use 'nft' tool.

Logs of ip6tables -L -vn -t nat:

ip6tables v1.8.7 (nf_tables): table `nat' is incompatible, use 'nft' tool.

DNS check:

172.64.155.249
104.18.32.7

[mrclschstr]

Related? #5798

Edit: Sorry, you already commented that...

[Johnnii360]

Related? #5798

Yepp, thanks!

[aronmgv]

Having the same problem.. When I stop the mailcow, clear all the references from the IP and IPv6 table, netfilter container will work for couple days but after a while it starts crashing again.. I did this like 5 times by now.. What is causing this please?? Thanks!

mailcowdockerized-netfilter-mailcow-1  | 9 more attempts in the next 600 seconds until 194.169.175.17/32 is banned
mailcowdockerized-netfilter-mailcow-1  | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | Using NFTables backend
mailcowdockerized-netfilter-mailcow-1  | Clearing all bans
mailcowdockerized-netfilter-mailcow-1  | Clear completed: ip6
mailcowdockerized-netfilter-mailcow-1  | Initializing mailcow netfilter chain
mailcowdockerized-netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
mailcowdockerized-netfilter-mailcow-1  | Setting MAILCOW isolation
mailcowdockerized-netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
mailcowdockerized-netfilter-mailcow-1  | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | Using NFTables backend
mailcowdockerized-netfilter-mailcow-1  | Clearing all bans
mailcowdockerized-netfilter-mailcow-1  | Clear completed: ip6
mailcowdockerized-netfilter-mailcow-1  | Initializing mailcow netfilter chain
mailcowdockerized-netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
mailcowdockerized-netfilter-mailcow-1  | Setting MAILCOW isolation
mailcowdockerized-netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
mailcowdockerized-netfilter-mailcow-1  | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not to^C

[mikeyjoel]

Having same issue on my end with this.

[Johnnii360]

Today I switched from iptables to nftables on my Debian 11 server. After configuration of related services like fail2ban and restart of Docker and Fail2Ban the issue persists. When I do an update I also get the following message: iptables v1.8.7 (nf_tables): table 'nat' is incompatible, use 'nft' tool.

I crawled a bit through the docker-compose.yml and mailcow.conf but didn't find any option to related to the "nat" issue.

[JohnPBee]

Same issue here...

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[gstammw]

same problem here

[cmer-sh]

Same issue for me!

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[aronmgv]

This is still the problem.. why it wont be fixed? Netfilter container will always get screwed and keeps restarting.. always.. it is really annoying:

NAME                                    IMAGE                                        COMMAND                  SERVICE             CREATED        STATUS                 PORTS
mailcowdockerized-acme-mailcow-1        mailcow/acme:1.90                            "/sbin/tini -g -- /s…"   acme-mailcow        2 months ago   Up 2 weeks
mailcowdockerized-certdumper-1          ghcr.io/kereis/traefik-certs-dumper:latest   "/usr/bin/dump --res…"   certdumper          2 weeks ago    Up 2 weeks (healthy)
mailcowdockerized-clamd-mailcow-1       mailcow/clamd:1.66                           "/sbin/tini -g -- /c…"   clamd-mailcow       2 months ago   Up 2 weeks (healthy)
mailcowdockerized-dockerapi-mailcow-1   mailcow/dockerapi:2.08                       "/bin/sh /app/docker…"   dockerapi-mailcow   2 months ago   Up 2 weeks
mailcowdockerized-dovecot-mailcow-1     mailcow/dovecot:2.1                          "/docker-entrypoint.…"   dovecot-mailcow     2 months ago   Up 2 weeks             0.0.0.0:110->110/tcp, :::110->110/tcp, 0.0.0.0:143->143/tcp, :::143->143/tcp, 0.0.0.0:993->993/tcp, :::993->993/tcp, 0.0.0.0:995->995/tcp, :::995->995/tcp, 0.0.0.0:4190->4190/tcp, :::4190->4190/tcp, 127.0.0.1:19991->12345/tcp
mailcowdockerized-memcached-mailcow-1   memcached:alpine                             "docker-entrypoint.s…"   memcached-mailcow   2 months ago   Up 2 weeks             11211/tcp
mailcowdockerized-mysql-mailcow-1       mariadb:10.5                                 "docker-entrypoint.s…"   mysql-mailcow       2 months ago   Up 2 weeks             127.0.0.1:13306->3306/tcp
mailcowdockerized-netfilter-mailcow-1   mailcow/netfilter:1.59                       "/bin/sh -c /app/doc…"   netfilter-mailcow   2 months ago   Up 1 second
mailcowdockerized-nginx-mailcow-1       nginx:mainline-alpine                        "/docker-entrypoint.…"   nginx-mailcow       2 months ago   Up 2 weeks             0.0.0.0:52180->52180/tcp, :::52180->52180/tcp, 80/tcp, 0.0.0.0:52190->52190/tcp, :::52190->52190/tcp
mailcowdockerized-ofelia-mailcow-1      mcuadros/ofelia:latest                       "/usr/bin/ofelia dae…"   ofelia-mailcow      2 months ago   Up 2 weeks
mailcowdockerized-olefy-mailcow-1       mailcow/olefy:1.13                           "python3 -u /app/ole…"   olefy-mailcow       2 months ago   Up 2 weeks
mailcowdockerized-php-fpm-mailcow-1     mailcow/phpfpm:1.89                          "/docker-entrypoint.…"   php-fpm-mailcow     2 months ago   Up 2 weeks             9000/tcp
mailcowdockerized-postfix-mailcow-1     mailcow/postfix:1.76                         "/docker-entrypoint.…"   postfix-mailcow     2 months ago   Up 2 weeks             0.0.0.0:25->25/tcp, :::25->25/tcp, 0.0.0.0:465->465/tcp, :::465->465/tcp, 0.0.0.0:587->587/tcp, :::587->587/tcp, 588/tcp
mailcowdockerized-redis-mailcow-1       redis:7-alpine                               "docker-entrypoint.s…"   redis-mailcow       2 months ago   Up 2 weeks             127.0.0.1:7654->6379/tcp
mailcowdockerized-rspamd-mailcow-1      mailcow/rspamd:1.97                          "/docker-entrypoint.…"   rspamd-mailcow      2 months ago   Up 2 days
mailcowdockerized-sogo-mailcow-1        mailcow/sogo:1.125                           "/docker-entrypoint.…"   sogo-mailcow        2 months ago   Up 2 weeks
mailcowdockerized-solr-mailcow-1        mailcow/solr:1.8.3                           "docker-entrypoint.s…"   solr-mailcow        2 months ago   Up 2 weeks             127.0.0.1:18983->8983/tcp
mailcowdockerized-unbound-mailcow-1     mailcow/unbound:1.23                         "/docker-entrypoint.…"   unbound-mailcow     2 months ago   Up 2 weeks (healthy)   53/tcp, 53/udp
mailcowdockerized-watchdog-mailcow-1    mailcow/watchdog:2.05                        "/watchdog.sh"           watchdog-mailcow    2 months ago   Up 2 weeks

netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
netfilter-mailcow-1  | MAILCOW target is in position 7 in the ip forward table, restarting container to fix it...
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Clear completed: ip6
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
netfilter-mailcow-1  | MAILCOW target is in position 7 in the ip forward table, restarting container to fix it...
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Clear completed: ip6
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
netfilter-mailcow-1  | MAILCOW target is in position 7 in the ip forward table, restarting container to fix it...
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Clear completed: ip6
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
netfilter-mailcow-1  | MAILCOW target is in position 7 in the ip forward table, restarting container to fix it...
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Clear completed: ip6
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL
netfilter-mailcow-1  | MAILCOW target is in position 7 in the ip forward table, restarting container to fix it...
netfilter-mailcow-1 exited with code 2
netfilter-mailcow-1  | # Warning: table ip filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
netfilter-mailcow-1  | Using NFTables backend
netfilter-mailcow-1  | Clearing all bans
netfilter-mailcow-1  | Clear completed: ip6
netfilter-mailcow-1  | Initializing mailcow netfilter chain
netfilter-mailcow-1  | MAILCOW ip6 chain created successfully.
netfilter-mailcow-1  | Setting MAILCOW isolation
netfilter-mailcow-1  | Watching Redis channel F2B_CHANNEL

Every time have to clear it manually.. both ipv4 and ipv6 tables of all MAILCOW references..