andryyy
commented
3 years ago Hmm. How is this a bug? You sign, SES signs (and does not delete previous signatures) and you have two signatures. Just don't sign. Or tell Amazon not to sign.
Am 12.04.2021 um 18:34 schrieb Tundra_Bit @.***>:
Prior to placing the issue, please check following: (fill out each checkbox with an X once done)
I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue. I have understood that this bug report is dedicated for bugs, and not for support-related inquiries. I have understood that answers are voluntary and community-driven, and not commercial support. I have verified that my issue has not been already answered in the past. I also checked previous issues. Summary
Latest Mailcow update: April 12, 2021 at 11:45am commit d1cc3beaee8313580d7e0b8d1d1e1946da7d8d0c AWS SES as a relayhost for gmail.com works fine except when forwarding. The user setup up a forwarding rule to their gmail address in SoGo.
Received Message: @.***: host email-smtp.us-east-2.amazonaws.com[3.23.145.227] said: 554 Transaction failed: Duplicate header 'DKIM-Signature'. (in reply to end of DATA command)
I've found a similar issue: #1802
Thanks.
Logs
postfix-mailcow_1 | Apr 12 11:34:48 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: connect from mailcow_sogo-mailcow_1.mailcow_mailcow-network[172.22.1.248] postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: 0197840B24: client=mailcow_sogo-mailcow_1.mailcow_mailcow-network[172.22.1.248], sasl_method=PLAIN, @. postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/cleanup[1125]: 0197840B24: replace: header Received: from f9e77037bdc8 (mailcow_sogo-mailcow_1.mailcow_mailcow-network [172.22.1.248])??(Authenticated sender: @.)??by mail.mydomain.com (Postcow) with ESMTPA id 0197840B24??for @. from mailcow_sogo-mailcow_1.mailcow_mailcow-network[172.22.1.248]; @.> @.> proto=ESMTP helo=
: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPA id 0197840B24??for @.>; Mon, 12 Apr 2021 11:34:48 -0400 (EDT) postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/cleanup[1125]: 0197840B24: @.> postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/qmgr[377]: 0197840B24: @.>, size=11067, nrcpt=1 (queue active) postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: disconnect from mailcow_sogo-mailcow_1.mailcow_mailcow-network[172.22.1.248] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: connect from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: 5474740CB2: client=mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/cleanup[1125]: 5474740CB2: replace: header Received: from 411f276c7317 (mailcow_dovecot-mailcow_1.mailcow_mailcow-network [172.22.1.250])??by mail.mydomain.com (Postcow) with ESMTP id 5474740CB2??for @.>; Mon, 12 Apr 2021 11:34:49 -040 from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250]; @.> @.> proto=ESMTP helo=<411f276c7317>: Received: from sieve (sieve [172.22.1.250]) by mail.mydomain.com (Postcow) with ESMTP id 5474740CB2??for @.>; Mon, 12 Apr 2021 11:34:49 -0400 (EDT) postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/cleanup[1125]: 5474740CB2: @.> postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/qmgr[377]: 5474740CB2: @.>, size=12171, nrcpt=1 (queue active) postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: disconnect from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5 postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/lmtp[1221]: 0197840B24: @.>, relay=dovecot[fd4d:6169:6c63:6f77::e]:24, delay=0.64, delays=0.34/0.02/0.01/0.27, dsn=2.0.0, status=sent (250 2.0.0 @.> +CHOEplodGBtBgAAeDbDIw Saved) postfix-mailcow_1 | Apr 12 11:34:49 fa11cf1e8bc2 postfix/qmgr[377]: 0197840B24: removed postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/smtp[1316]: Trusted TLS connection established to email-smtp.us-east-2.amazonaws.com[13.58.248.182]:2587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/smtp[1316]: 5474740CB2: @.@gmail.com>, relay=email-smtp.us-east-2.amazonaws.com[13.58.248.182]:2587, delay=0.97, delays=0.22/0.04/0.57/0.14, dsn=5.0.0, status=bounced (host email-smtp.us-east-2.amazonaws.com[13.58.248.182] said: 554 Transaction failed: Duplicate header 'DKIM-Signature'. (in reply to end of DATA command)) postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/cleanup[1318]: 5077640CB4: @.> postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/qmgr[377]: 5077640CB4: from=<>, size=15741, nrcpt=1 (queue active) postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/bounce[1317]: 5474740CB2: sender non-delivery notification: 5077640CB4 postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/qmgr[377]: 5474740CB2: removed postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: connect from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: 5927B40B24: client=mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/cleanup[1125]: 5927B40B24: replace: header Received: from 411f276c7317 (mailcow_dovecot-mailcow_1.mailcow_mailcow-network [172.22.1.250])??by mail.mydomain.com (Postcow) with ESMTP id 5927B40B24??for @.>; Mon, 12 Apr 2021 11:34:50 -040 from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250]; from=<> @.> proto=ESMTP helo=<411f276c7317>: Received: from sieve (sieve [172.22.1.250]) by mail.mydomain.com (Postcow) with ESMTP id 5927B40B24??for @.>; Mon, 12 Apr 2021 11:34:50 -0400 (EDT) postfix-mailcow_1 | Apr 12 11:34:50 fa11cf1e8bc2 postfix/cleanup[1125]: 5927B40B24: @.> postfix-mailcow_1 | Apr 12 11:34:51 fa11cf1e8bc2 postfix/qmgr[377]: 5927B40B24: from=<>, size=16201, nrcpt=1 (queue active) postfix-mailcow_1 | Apr 12 11:34:51 fa11cf1e8bc2 postfix/sogo/smtpd[1123]: disconnect from mailcow_dovecot-mailcow_1.mailcow_mailcow-network[172.22.1.250] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5 postfix-mailcow_1 | Apr 12 11:34:51 fa11cf1e8bc2 postfix/qmgr[377]: 5077640CB4: removed postfix-mailcow_1 | Apr 12 11:34:51 fa11cf1e8bc2 postfix/lmtp[1221]: 5077640CB4: @.>, relay=dovecot[172.22.1.250]:24, delay=1.2, delays=0.01/0.01/0.01/1.2, dsn=2.0.0, status=sent (250 2.0.0 @.> UP6NFJpodGBtBgAAeDbDIw Saved) postfix-mailcow_1 | Apr 12 11:34:51 fa11cf1e8bc2 postfix/smtp[1316]: Trusted TLS connection established to email-smtp.us-east-2.amazonaws.com[13.58.248.182]:2587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) postfix-mailcow_1 | Apr 12 11:34:52 fa11cf1e8bc2 postfix/smtp[1316]: 5927B40B24: @.***>, relay=email-smtp.us-east-2.amazonaws.com[13.58.248.182]:2587, delay=1.7, delays=1.1/0.01/0.48/0.03, dsn=5.0.0, status=bounced (host email-smtp.us-east-2.amazonaws.com[13.58.248.182] said: 501 Invalid MAIL FROM address provided (in reply to MAIL FROM command)) postfix-mailcow_1 | Apr 12 11:34:52 fa11cf1e8bc2 postfix/qmgr[377]: 5927B40B24: removed ReproductionIt is reproducible, just send email to @.***
I've tried changing sign_local to false in rspamd (data/conf/rspamd/local.d/dkim_signing.conf)
If false, messages from local networks are not selected for signing
sign_local = false; Result: No change
System information
Question Answer My operating system 4.19.0-16-cloud-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux Is Apparmor, SELinux or similar active? Yes Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported KVM Server/VM specifications (Memory, CPU Cores) 8GB / 4 Cores Docker Version (docker version) 20.10.5 Docker-Compose Version (docker-compose version) 1.29.0 build 07737305 Reverse proxy (custom solution) No Output of git diff origin/master, any other changes to the code? If so, please post them. Modified: Certificates +dhparams, SOGoDomainsVisibility, nginx Custom Sites / Webmail redirect All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat. DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output. iptables -L -vn
Chain INPUT (policy ACCEPT 208 packets, 75452 bytes) pkts bytes target prot opt in out source destination 3 153 DROP all -- 0.0.0.0/0 0.0.0.0/0 match-set ipset-blacklist src # No Firewall rules except for this rule 281 83025 MAILCOW all -- 0.0.0.0/0 0.0.0.0/0 328 85272 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 26301 227M MAILCOW all -- 0.0.0.0/0 0.0.0.0/0 27188 227M DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 27188 227M DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 16662 227M ACCEPT all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 264 17107 DOCKER all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 10262 436K ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 259 16843 ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 238 packets, 24405 bytes) pkts bytes target prot opt in out source destination
Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.3 tcp dpt:5443 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.3 tcp dpt:5269 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.3 tcp dpt:5222 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.8 tcp dpt:8983 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:3306 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.12 tcp dpt:587 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.12 tcp dpt:465 3 180 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.12 tcp dpt:25 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110 1 44 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:443 1 40 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 10262 436K DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 27188 227M RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- docker0 0.0.0.0/0 0.0.0.0/0 10262 436K RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 match-set ipset-blacklist src # No Firewall rules except for this rule 27188 227M RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain MAILCOW (2 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- 103.145.13.79 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- 146.88.240.4 0.0.0.0/0 reject-with icmp-port-unreachable ip6tables -L -vn
Chain INPUT (policy ACCEPT 80 packets, 4776 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all ::/0 ::/0 match-set ipset-blacklist6 src # No Firewall rules except for this rule 85 5056 MAILCOW all ::/0 ::/0 115 8128 LOG all ::/0 ::/0 LOG flags 0 level 4
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2755 1129K DOCKER-USER all ::/0 ::/0 3056 1173K MAILCOW all ::/0 ::/0 4104 1269K DOCKER-ISOLATION-STAGE-1 all ::/0 ::/0 1338 1053K ACCEPT all br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED 2487 177K DOCKER all br-mailcow ::/0 ::/0 279 38827 ACCEPT all br-mailcow !br-mailcow ::/0 ::/0 2487 177K ACCEPT all br-mailcow br-mailcow ::/0 ::/0 0 0 ACCEPT all docker0 ::/0 ::/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all docker0 ::/0 ::/0 0 0 ACCEPT all docker0 !docker0 ::/0 ::/0 0 0 ACCEPT all docker0 docker0 ::/0 ::/0 0 0 LOG all ::/0 ::/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 30 packets, 2224 bytes) pkts bytes target prot opt in out source destination
Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:25 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:465 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:587 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:995 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:110 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:143 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:4190 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:993 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::3 tcp dpt:5222 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::3 tcp dpt:5269 0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::3 tcp dpt:5443
Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 202 30676 DOCKER-ISOLATION-STAGE-2 all br-mailcow !br-mailcow ::/0 ::/0 0 0 DOCKER-ISOLATION-STAGE-2 all docker0 !docker0 ::/0 ::/0 2755 1129K RETURN all ::/0 ::/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all br-mailcow ::/0 ::/0 0 0 DROP all docker0 ::/0 ::/0 202 30676 RETURN all ::/0 ::/0
Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all ::/0 ::/0 match-set ipset-blacklist6 src # No Firewall rules except for this rule 2755 1129K RETURN all ::/0 ::/0
Chain MAILCOW (2 references) pkts bytes target prot opt in out source destination iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 875 packets, 57350 bytes) pkts bytes target prot opt in out source destination 68 2773 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 37 packets, 1272 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 17 packets, 1043 bytes) pkts bytes target prot opt in out source destination 1 60 DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 580 packets, 37219 bytes) pkts bytes target prot opt in out source destination 292 20875 MASQUERADE all -- !br-mailcow 172.22.1.0/24 0.0.0.0/0 0 0 MASQUERADE all -- !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- 172.22.1.3 172.22.1.3 tcp dpt:5443 0 0 MASQUERADE tcp -- 172.22.1.3 172.22.1.3 tcp dpt:5269 0 0 MASQUERADE tcp -- 172.22.1.3 172.22.1.3 tcp dpt:5222 0 0 MASQUERADE tcp -- 172.22.1.249 172.22.1.249 tcp dpt:6379 0 0 MASQUERADE tcp -- 172.22.1.8 172.22.1.8 tcp dpt:8983 0 0 MASQUERADE tcp -- 172.22.1.10 172.22.1.10 tcp dpt:3306 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:12345 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:4190 0 0 MASQUERADE tcp -- 172.22.1.12 172.22.1.12 tcp dpt:587 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:995 0 0 MASQUERADE tcp -- 172.22.1.12 172.22.1.12 tcp dpt:465 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:993 0 0 MASQUERADE tcp -- 172.22.1.12 172.22.1.12 tcp dpt:25 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:143 0 0 MASQUERADE tcp -- 172.22.1.250 172.22.1.250 tcp dpt:110 0 0 MASQUERADE tcp -- 172.22.1.11 172.22.1.11 tcp dpt:443 0 0 MASQUERADE tcp -- 172.22.1.11 172.22.1.11 tcp dpt:80
Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 1 60 RETURN all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:5443 to:172.22.1.3:5443 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:5269 to:172.22.1.3:5269 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 to:172.22.1.3:5222 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.22.1.8:8983 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.10:3306 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.12:587 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.12:465 2 120 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.12:25 3 180 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143 0 0 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110 12 620 DNAT tcp -- !br-mailcow 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.22.1.11:443 2 80 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.22.1.11:80 ip6tables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 179 packets, 14992 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 94 packets, 7520 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all br-mailcow ::/0 ::/0 ADDRTYPE match dst-type LOCAL 0 0 MASQUERADE all docker0 ::/0 ::/0 ADDRTYPE match dst-type LOCAL 155 13890 MASQUERADE all !br-mailcow fd4d:6169:6c63:6f77::/64 ::/0 0 0 MASQUERADE all !docker0 fd00::/80 ::/0 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::3 fd4d:6169:6c63:6f77::3 tcp dpt:5443 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::3 fd4d:6169:6c63:6f77::3 tcp dpt:5269 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::3 fd4d:6169:6c63:6f77::3 tcp dpt:5222 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:4190 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:587 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:995 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:465 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:993 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:25 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:143 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:110 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:443 0 0 MASQUERADE tcp fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:80
Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all br-mailcow ::/0 ::/0 0 0 RETURN all docker0 ::/0 ::/0 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:25 to:[fd4d:6169:6c63:6f77::10]:25 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:465 to:[fd4d:6169:6c63:6f77::10]:465 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:587 to:[fd4d:6169:6c63:6f77::10]:587 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:995 to:[fd4d:6169:6c63:6f77::f]:995 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:110 to:[fd4d:6169:6c63:6f77::f]:110 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:143 to:[fd4d:6169:6c63:6f77::f]:143 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::f]:4190 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:993 to:[fd4d:6169:6c63:6f77::f]:993 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:5222 to:[fd4d:6169:6c63:6f77::3]:5222 0 0 DNAT tcp !br-mailcow ::/0 ::/0 tcp dpt:5269 to:[fd4d:6169:6c63:6f77::3]:5269 0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:5443 to:[fd4d:6169:6c63:6f77::3]:5443 DNS:
docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 151.101.1.69 151.101.65.69 151.101.193.69 151.101.129.69 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Tundra-bit
dragoangel
github-actions[bot]
Prior to placing the issue, please check following: (fill out each checkbox with an
Xonce done)Summary
AWS SES as a relayhost for gmail.com works fine except when forwarding. The user setup up a forwarding rule to their gmail address in SoGo.
Received Message: user.emailxyz@gmail.com: host email-smtp.us-east-2.amazonaws.com[3.23.145.227] said: 554 Transaction failed: Duplicate header 'DKIM-Signature'. (in reply to end of DATA command)
I've found a similar issue: https://github.com/mailcow/mailcow-dockerized/issues/1802
Thanks.
Logs
Reproduction
It is reproducible, just send email to receiver1@mydomain.com.
I've tried changing sign_local to false in rspamd (data/conf/rspamd/local.d/dkim_signing.conf)
Result: No change
System information
docker version)docker-compose version)git diff origin/master, any other changes to the code? If so, please post them.iptables -L -vn,ip6tables -L -vn,iptables -L -vn -t natandip6tables -L -vn -t nat.docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254(set the IP accordingly, if you changed the internal mailcow network) and post the output.iptables -L -vn
ip6tables -L -vn
iptables -L -vn -t nat
ip6tables -L -vn -t nat
DNS: