Mailcow crashes after startup #6081

Carlgo11 · 2024-09-14T01:13:21Z

Contribution guidelines

I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
... I have understood that answers are voluntary and community-driven, and not commercial support.
... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

For the last day, my mailcow instance has begun to crash on startup. I have not made any configuration changes for at least a few weeks.
Looking at the logs, everything looks fine until a random container logs that it is shutting down. The sequence of which container shuts down first differs so I'm unable to find which system is causing it.

I have disk space and memory space so it shouldn't be because of that.

Logs:

dovecot-mailcow-1    | Uptime: 1  Threads: 2  Questions: 1  Slow queries: 0  Opens: 17  Open tables: 10  Queries per second avg: 1.000
dovecot-mailcow-1    |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
dovecot-mailcow-1    |                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0curl: (6) Could not resolve host: www.spamassassin.heinlein-support.de
dovecot-mailcow-1    | Warning: Problem : timeout. Will retry in 1 seconds. 10 retries left.
100   196  100   196    0     0    909      0 --:--:-- --:--:-- --:--:--   915
dovecot-mailcow-1    | gzip: invalid magic
postfix-mailcow-1    | chown: cannot access '/usr/share/man/man1/mailq.1.gz': No such file or directory
php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::c -  14/Sep/2024:00:49:20 +0000 "POST /pipe.php" 505
php-fpm-mailcow-1    | [14-Sep-2024 00:49:20] WARNING: [pool system-worker] child 48 said into stderr: "NOTICE: PHP message: QUARANTINE: Message too large: 52 b exceeds 0 b"
rspamd-mailcow-1     | 2024-09-14 00:49:20 #44(controller) <baef81>; lua; metadata_exporter.lua:317: got unexpected http status: 505
nginx-mailcow-1      | 172.22.1.10 - - [14/Sep/2024:00:49:20 +0000] "POST /pipe.php HTTP/1.1" 505 5 "-" "rspamd-3.9.1"
rspamd-mailcow-1     | 2024-09-14 00:49:20 #44(controller) <baef81>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3506 regexps total, 2575 regexps cached, 0B scanned using pcre, 102B scanned total
watchdog-mailcow-1   | Sat Sep 14 00:49:20 UTC 2024 Rspamd health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Sat Sep 14 00:49:22 UTC 2024 PHP-FPM health level: 100% (5/5), health trend: 0
rspamd-mailcow-1     | 2024-09-14 00:49:23 #1(main) <ba8f48>; main; rspamd_term_handler: catch termination signal, waiting for 5 children for 16.00 seconds
ofelia-mailcow-1     | 2024-09-14T00:49:23.418Z  daemon.go:70 ▶ WARNING Signal received: terminated, shutting down the process
ofelia-mailcow-1     | 2024-09-14T00:49:23.419Z  daemon.go:84 ▶ WARNING Waiting running jobs.
dockerapi-mailcow-1  | INFO:     Shutting down
dockerapi-mailcow-1  | INFO:     Waiting for application shutdown.
dockerapi-mailcow-1  | /app/main.py:62: DeprecationWarning: Call to deprecated close. (Use aclose() instead) -- Deprecated since version 5.0.1.
dockerapi-mailcow-1  |   await dockerapi.redis_client.close()
ofelia-mailcow-1 exited with code 0
watchdog-mailcow-1 exited with code 0
clamd-mailcow-1 exited with code 143

Steps to reproduce:

1. Start mailcow `docker compose up -d`
2. Wait 10-20 seconds.
3. Each container will receive a sigkill and shut down.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Alpine v3.20

Server/VM specifications:

969MB RAM, Intel Xeon (Cascadelake) 2992MHz

Is Apparmor, SELinux or similar active?

No

Virtualization technology:

KVM

Docker version:

26.1.5

docker-compose version or docker compose version:

v2.27.0

mailcow version:

2024-08a

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6a87f2ec..d2e93bd2 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -173,3 +173,64 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = [redacted]
+
+#https://www.postfix.org/TLS_README.html
+# SMTP = client; SMTPD = server
+
+# Client TLS config
+smtp_tls_protocols = TLSv1.3 !TLSv1.2 !TLSv1.1 !TLSv1 !SSLv3 !SSLv2
+
+# Server TLS config
+smtpd_tls_security_level = may
+smtpd_tls_loglevel = 2
+smtpd_tls_auth_only = yes
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
+smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_eecdh_grade = ultra
+#smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, DES, 3DES, RC4, RC2, SEED, IDEA, eNULL
+tls_high_cipherlist = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+
+#smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
+#  permit_sasl_authenticated,
+#  check_client_access cidr:/opt/postfix/conf/tls_policy,
+#  permit_mynetworks,
+#  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
+#  reject_invalid_helo_hostname,
+#  reject_unauth_destination
+
+smtpd_loglevel = verbose
+smtpd_client_port_logging = yes
+tls_preempt_cipherlist = no
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index df91a390..9958321e 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -6,6 +6,7 @@ smtp       inet  n       -       n       -       1       postscreen
 smtpd      pass  -       -       n       -       -       smtpd
   -o smtpd_sasl_auth_enable=no
   -o smtpd_sender_restrictions=permit_mynetworks,reject_unlisted_sender,reject_unknown_sender_domain
+  -o syslog_name=postfix/25
 
 # smtpd tls-wrapped (smtps) on 465/tcp
 # TLS protocol can be modified by setting smtps_smtpd_tls_mandatory_protocols in extra.cf
@@ -15,7 +16,7 @@ smtps    inet  n       -       n       -       -       smtpd
   -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
   -o tls_preempt_cipherlist=yes
   -o cleanup_service_name=smtp_sender_cleanup
-  -o syslog_name=postfix/smtps
+  -o syslog_name=postfix/465
 10465    inet  n       -       n       -       -       smtpd
   -o smtpd_upstream_proxy_protocol=haproxy
   -o smtpd_tls_wrappermode=yes
@@ -34,7 +35,7 @@ submission inet n       -       n       -       -       smtpd
   -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
   -o tls_preempt_cipherlist=yes
   -o cleanup_service_name=smtp_sender_cleanup
-  -o syslog_name=postfix/submission
+  -o syslog_name=postfix/587
 10587      inet n       -       n       -       -       smtpd
   -o smtpd_upstream_proxy_protocol=haproxy
   -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
diff --git a/data/conf/rspamd/local.d/arc.conf b/data/conf/rspamd/local.d/arc.conf
index a857fc44..8c7fb4b0 100644
--- a/data/conf/rspamd/local.d/arc.conf
+++ b/data/conf/rspamd/local.d/arc.conf
@@ -7,13 +7,13 @@ allow_hdrfrom_multiple = false;
 # If true, username does not need to contain matching domain
 allow_username_mismatch = false;
 # If false, messages from authenticated users are not selected for signing
-sign_authenticated = false;
+sign_authenticated = true;
 # Default path to key, can include '$domain' and '$selector' variables
 path = "/data/dkim/keys/$domain.dkim";
 # Default selector to use
 selector = "dkim";
 # If false, messages from local networks are not selected for signing
-sign_local = false;
+sign_local = true;
 # Symbol to add when message is signed
 symbol = "ARC_SIGNED";
 # Whether to fallback to global config
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index d398eb05..c77c562b 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -5,7 +5,7 @@
         PrivateDAndTViewer
     );
 
-    WOWorkersCount = "20";
+    WOWorkersCount = "5";
     SOGoACLsSendEMailNotifications = YES;
     SOGoAppointmentSendEMailNotifications = YES;
     SOGoDraftsFolderName = "Drafts";
diff --git a/docker-compose.yml b/docker-compose.yml
index cf0a028f..0f4351c1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -516,7 +516,7 @@ services:
         - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
         - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
         - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
-        - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
+        - POSTFIX_THRESHOLD=9999
         - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
         - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
         - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
@@ -613,36 +613,6 @@ services:
           aliases:
             - ofelia
 
-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 179M packets, 49G bytes)
 pkts bytes target     prot opt in     out     source               destination         
 6990  697K MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */

Chain FORWARD (policy DROP 1 packets, 60 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 8719 2894K MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 8741 2901K DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 8741 2901K DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 6971 2741K ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  807 69550 DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
  963 90886 ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
  799 69146 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  627  205K ACCEPT     0    --  *      br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0           
  582 80542 ACCEPT     0    --  br-a996eb68a8a1 !br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-a996eb68a8a1 br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0           
  275 38889 ACCEPT     0    --  br-b172343543f7 !br-b172343543f7  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 196M packets, 25G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    5   252 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    3   152 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  963 90886 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-a996eb68a8a1 !br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0           
2691K  696M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-a996eb68a8a1  0.0.0.0/0            0.0.0.0/0           
 136K   15M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 572M  127G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      *       194.169.175.17       0.0.0.0/0           
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 25M packets, 13G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  351 56648 MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5986 2847K MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 6102 2857K DOCKER-USER  0    --  *      *       ::/0                 ::/0                
 6102 2857K DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
 2075 2562K ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 3767  270K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
  260 24318 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 3767  270K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 8892K packets, 54G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:80

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  260 24318 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-a996eb68a8a1 !br-a996eb68a8a1  ::/0                 ::/0                
 515K  544M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-a996eb68a8a1  ::/0                 ::/0                
12556 1212K RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  95M   74G RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 44M packets, 2834M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  357 19692 DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 15260 packets, 1553K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 4727K packets, 290M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 39M packets, 2392M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  610 45890 MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
  120  8116 MASQUERADE  0    --  *      !br-a996eb68a8a1  172.18.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-a996eb68a8a1 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    5   252 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    1    40 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    3   152 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 6266K packets, 538M bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  1284 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 949 packets, 75740 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 383K packets, 49M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 4503K packets, 378M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  255 23880 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     0    --  docker0 *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::c]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::c]:80

DNS check:

172.64.155.249
104.18.32.7

The text was updated successfully, but these errors were encountered:

kjde · 2024-09-14T20:53:39Z

I don't know, but 963MB RAM seems pretty low.

Carlgo11 · 2024-09-14T21:31:17Z

It hasn't been a problem before, and I have 2GB swap just in case.

DerLinkman · 2024-09-16T07:46:43Z

Only because it "hasn't been a problem before" does not mean it can not become a problem once...

Why do we write system requirements when no one is reading and using them?

Your issue pretty sure is coming from the low memory specs... Even 2GB Swap can be to low...

Carlgo11 added the bug label Sep 14, 2024

DerLinkman closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mailcow crashes after startup #6081

Mailcow crashes after startup #6081

Carlgo11 commented Sep 14, 2024 •

edited

Loading

kjde commented Sep 14, 2024

Carlgo11 commented Sep 14, 2024

DerLinkman commented Sep 16, 2024 •

edited

Loading

Mailcow crashes after startup #6081

Mailcow crashes after startup #6081

Comments

Carlgo11 commented Sep 14, 2024 • edited Loading

Contribution guidelines

I've found a bug and checked that ...

Description

Logs:

Steps to reproduce:

Which branch are you using?

Which architecture are you using?

Operating System:

Server/VM specifications:

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker version:

docker-compose version or docker compose version:

mailcow version:

Reverse proxy:

Logs of git diff:

Logs of iptables -L -vn:

Logs of ip6tables -L -vn:

Logs of iptables -L -vn -t nat:

Logs of ip6tables -L -vn -t nat:

DNS check:

kjde commented Sep 14, 2024

Carlgo11 commented Sep 14, 2024

DerLinkman commented Sep 16, 2024 • edited Loading

Carlgo11 commented Sep 14, 2024 •

edited

Loading

DerLinkman commented Sep 16, 2024 •

edited

Loading