Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mailcow 2024-04 - DNS Records TLSA information is not displayed and empty. #5855

Closed
5 tasks done
eakteam opened this issue Apr 24, 2024 · 2 comments
Closed
5 tasks done

Mailcow 2024-04 - DNS Records TLSA information is not displayed and empty. #5855

eakteam opened this issue Apr 24, 2024 · 2 comments
Labels
bug stale Please update the issue with current status, unclear if it's still open/needed.

Comments

@eakteam
Copy link

eakteam commented Apr 24, 2024
edited
Loading

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I'm trying to configure TLSA Records for Mailcow but it doesn't work as expected and TLSA Records are empty in the Domain DNS records.

mailcow tlsa

Output of docker compose logs --tail=200 -f acme-mailcow

acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Waiting for Docker API...
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Docker API OK
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Waiting for Postfix...
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Postfix OK
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Waiting for Dovecot...
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Dovecot OK
acme-mailcow-1  | Tue Apr 23 23:20:27 UTC 2024 - Waiting for database...
acme-mailcow-1  | Tue Apr 23 23:20:29 UTC 2024 - Database OK
acme-mailcow-1  | Tue Apr 23 23:20:29 UTC 2024 - Waiting for Nginx...
acme-mailcow-1  | Tue Apr 23 23:20:29 UTC 2024 - Nginx OK
acme-mailcow-1  | Tue Apr 23 23:20:29 UTC 2024 - Waiting for resolver...
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Resolver OK
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Waiting for domain table...
acme-mailcow-1  | OK
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Initializing, please wait...
acme-mailcow-1  | Could not read certificate from <stdin>
acme-mailcow-1  | Could not read certificate from <stdin>
acme-mailcow-1  | Could not read certificate from <stdin>
acme-mailcow-1  | Could not read certificate from <stdin>
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Found AAAA record for mail.xxxx.eu: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.eu
acme-mailcow-1  | Tue Apr 23 23:20:30 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.eu
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - Found AAAA record for mail.xxxx.al: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:31 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:32 UTC 2024 - Found AAAA record for mail.xxxx.al: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:32 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:32 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:32 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:33 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Found AAAA record for mail.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.com
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Found AAAA record for mail.xxxx.al: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:34 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Found AAAA record for mail.xxxx.al: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - No A or AAAA record found for hostname autodiscover.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - No A or AAAA record found for hostname autoconfig.xxxx.al
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Found AAAA record for server.xxxx.com: 2a01:4f8:xxxx:xxxx::xxxx - skipping A record check
acme-mailcow-1  | (skipping check, returning 0)
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Confirmed AAAA record with IP 2a01:04f8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Certificate /var/lib/acme/server.xxxx.com/cert.pem validation done, neither changed nor due for renewal.
acme-mailcow-1  | Tue Apr 23 23:20:35 UTC 2024 - Certificates were successfully validated, no changes or renewals required, sleeping for another day.

Logs:

n/a

Steps to reproduce:

n/a

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 22.04 LTS

Server/VM specifications:

8

Is Apparmor, SELinux or similar active?

n/a

Virtualization technology:

KVM - Proxmox

Docker version:

26.1.0

docker-compose version or docker compose version:

2.26.1

mailcow version:

2024-04

Reverse proxy:

n/a

Logs of git diff:

n/a

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
59482   46M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
59283   46M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
59283   46M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0
48548   35M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 4476  286K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 6259   10M ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 4412  282K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.3           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:443
    8   480 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:80
   31  1836 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    2   120 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.13          tcp dpt:8983
    8   432 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
   15   888 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 6259   10M DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
59283   46M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 6259   10M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
59283   46M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination
  199 11860 DROP       all  --  *      *       194.169.175.10       0.0.0.0/0
    0     0 DROP       tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
16254   21M MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
16254   21M DOCKER-USER  all      *      *       ::/0                 ::/0
16254   21M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0
10292   20M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 5035  343K DOCKER     all      *      br-mailcow  ::/0                 ::/0
  927 94552 ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0
 5035  343K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:443
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:80
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0
  927 94552 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
16254   21M RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      docker0  ::/0                 ::/0
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
  927 94552 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
16254   21M RETURN     all      *      *       ::/0                 ::/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  243 14428 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
 2539  193K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.3           172.22.1.3           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.9           172.22.1.9           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.9           172.22.1.9           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.13          172.22.1.13          tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.3:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.9:443
    8   480 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.9:80
   19  1116 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
  182 10920 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.13:8983
    8   432 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    1    40 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
   14   828 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0
  849 81254 MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      docker0 *       ::/0                 ::/0
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::9]:443
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::9]:80
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::b]:587
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::b]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::b]:25
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::12]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::12]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::12]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::12]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::12]:110

DNS check:

Not related
@eakteam eakteam added the bug label Apr 24, 2024
@milkmaker
Copy link
Collaborator

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@milkmaker milkmaker added the stale Please update the issue with current status, unclear if it's still open/needed. label Jun 24, 2024
@milkmaker milkmaker closed this as not planned Won't fix, can't repro, duplicate, stale Jul 1, 2024
@SimonVanacco
Copy link

Hi ! I've got the same issue :)

My DNS is configured correctly AFAIK, and mailcow does not see the TLSA one :

image

But i have in my DNS :

_25._tcp.XXX        IN TLSA     3 1 1 XXX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug stale Please update the issue with current status, unclear if it's still open/needed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SimonVanacco @eakteam @milkmaker