Sogo not working on clean install

Y0ngg4n commented 3 years ago

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

[X] I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
[X] I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] I have understood that answers are voluntary and community-driven, and not commercial support.
[X] I have verified that my issue has not been already answered in the past. I also checked previous issues.

Summary

Commit: 5df8a24c8482c7abeec64eb8b97058c576814bfc

Hello together, i have following problem: after updating my mailcow install with the update.sh Script i can login in Sogo but can´t use it anymore. I updated Sogo from 1.93 to 1.99.

After some tinkering i was going ahead and just fresh installed mailcow complete. I created a test domain and a test user and logged in successfull but also there i got this page:

In the console i can see this:

The Response from the failed urls are always: the called object returned no result

Logs

Full logs are attached. logs.txt

But Sogo logs are pretty empty:

Waiting for database to come up...,
Waiting for database to come up...,
Uptime: 10  Threads: 2  Questions: 3  Slow queries: 0  Opens: 17  Open tables: 10  Queries per second avg: 0.300,
 schema is 09032021_1000,
We are master, preparing sogo_view...,
We are master, preparing _sogo_static_view...,
Updating _sogo_static_view content...,
We are master, preparing update trigger...,
Syncing web content with named volume,
May  1 16:35:14 024cd2544c0c sogod [11]: version 5.1.0 (build @shiva2.inverse 202104160119) -- starting,
May  1 16:35:14 024cd2544c0c sogod [11]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 78 MB,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]>   MainUI.SOGo, CommonUI.SOGo, AdministrationUI.SOGo, Contacts.SOGo, Appointments.SOGo, ContactsUI.SOGo, MailerUI.SOGo, Mailer.SOGo, SchedulerUI.SOGo, ActiveSync.SOGo, MailPartViewers.SOGo, PreferencesUI.SOGo,
May  1 16:35:14 024cd2544c0c sogod [11]: All products loaded - current memory usage at 89 MB,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> listening on 0.0.0.0:20000,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> watchdog process pid: 11,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x7f87b079d360[WOWatchDogChild]> watchdog request timeout set to 30 minutes,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> preparing 20 children,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 101,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 102,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 103,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 104,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 105,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 106,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 107,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 108,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 109,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 110,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 111,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 112,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 113,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 114,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 115,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 116,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 117,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 118,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 119,
May  1 16:35:14 024cd2544c0c sogod [101]: <0x0x55db35b4d5d0[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [103]: <0x0x55db35b47e50[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [102]: <0x0x55db35b47b30[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [104]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [109]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 120May 01 16:35:14 sogod [113]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [112]: <0x0x55db35b21260[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [105]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [120]: <0x0x55db35b22630[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [115]: <0x0x55db35b1c150[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [106]: <0x0x55db35b35d00[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [110]: <0x0x55db35b1d0c0[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [111]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [108]: <0x0x55db35b37590[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [119]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [118]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [117]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [116]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [114]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:35:14 024cd2544c0c sogod [107]: <0x0x55db35b38fb0[WOHttpAdaptor]> notified the watchdog that we are ready,
May  1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Cache cleanup interval set every 900.000000 seconds,
May  1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Using host(s) 'memcached' as server(s),
May  1 16:36:13 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.323 - - 3M - 12,
May  1 16:36:47 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12,
May  1 16:37:48 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12,
May  1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> Expired session received, redirecting to login page.,
May  1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> tried wrong password for user 'ra4O95oHA3ce8K0mD423JdCC0dB93mMJwjWvNsTPpynql32KPrQYixWOC9gfoGzf/cd8vxQH727P/VfKiVKJGsLaIf+YM011VVPzcVEY3DD9G3ZjWGFwcv1EHqEOAjMu3Dov5Q0xyvb2XAxxzw4RGkzUy/C2lhrnbnAiPW9twZfgH58s9v8BHqyNTtkj8+c/E4+DLus0e4Wekvue0uW21g=='!,
May  1 16:38:00 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/folderINBOX/view HTTP/1.0" 200 9482/0 0.264 31471 69% 3M - 12,
May  1 16:38:06 024cd2544c0c sogod [107]: SOGoRootPage successful login from '46.223.150.118' for user 'yonggan@oblivioncoding.pro' - expire = -1  grace = -1,
May  1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table,
May  1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table,
May  1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table,
May  1 16:38:06 024cd2544c0c sogod [107]: 46.223.150.118 "POST /SOGo/connect HTTP/1.0" 200 51/123 0.838 - - 0 - 13,
May  1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro HTTP/1.0" 302 0/0 0.001 - - 0 - 13,
May  1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro/view HTTP/1.0" 302 0/0 0.002 - - 0 - 13,
May  1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail HTTP/1.0" 302 0/0 0.002 - - 0 - 13,
May  1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/view HTTP/1.0" 200 19136/0 0.114 82613 76% 2M - 13,
May  1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Cache cleanup interval set every 900.000000 seconds,
May  1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Using host(s) 'memcached' as server(s),
May  1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Calendar/alarmslist?browserTime=1619879888 HTTP/1.0" 500 36/0 0.005 - - 0 - 13,
May  1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/view HTTP/1.0" 500 36/0 0.601 - - 0 - 14,
May  1 16:38:08 024cd2544c0c sogod [114]: 46.223.150.118 "POST /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.638 - - 2M - 12,
May  1 16:39:02 024cd2544c0c sogod [114]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/view HTTP/1.0" 200 19136/0 0.132 82613 76% 5M - 11,
May  1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table,
May  1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table,
May  1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table,
May  1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Calendar/alarmslist?browserTime=1619879943 HTTP/1.0" 500 36/0 0.005 - - 0 - 12,
May  1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/view HTTP/1.0" 500 36/0 0.276 - - 0 - 13,
May  1 16:39:03 024cd2544c0c sogod [107]: 46.223.150.118 "POST /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.300 - - 0 - 14,
May  1 16:39:07 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.002 - - 0 - 13,
May  1 16:39:11 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan@oblivioncoding.pro/Mail/0/folderINBOX/view HTTP/1.0" 500 36/0 0.127 - - 0 - 14,

Reproduction

First i tried an update and update works fine with other clients, i can write and recieve emails but only sogo is not working. After multiple times getting support i tried with a complete clean install and had the same issue there too. I tried multiple days to fix this but i finally cant explain it to me.

To reproduce this issue just go ahead and install mailcow behind an nginx reverse proxy and create a test account und try login with Sogo.

System information

Question	Answer
My operating system	Debian Buster
Is Apparmor, SELinux or similar active?	No
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	No
Server/VM specifications (Memory, CPU Cores)	32GB, 12
Docker Version (`docker version`)	20.10.6
Docker-Compose Version (`docker-compose version`)	1.29.1
Reverse proxy (custom solution)	nginx

Output of git diff origin/master, any other changes to the code? If so, please post them.

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..95c2fe57 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
-----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFxzCCA6+gAwIBAgIUIiMczyj720txqH8LEPBvyfCOkS0wDQYJKoZIhvcNAQEL
+BQAwczELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEgMB4GA1UEAwwX
+bWFpbC5vYmxpdmlvbmNvZGluZy5wcm8wHhcNMjAxMDIxMTAyNTUxWhcNMjExMDIx
+MTAyNTUxWjBzMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdX
+aWxsaWNoMRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MSAwHgYD
+VQQDDBdtYWlsLm9ibGl2aW9uY29kaW5nLnBybzCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAP15JtXskfsnZGTuVg7/vC6VrEcxOwxfN1f8jQlgm295RnXl
+xvPk+DTeesIyVJ5NVnyJGOD+S4jSNEBQkJFvkd4hlCftx1tqtIHECjwKOTJMkOgR
+zBm32i6yd5EZIWO1A2hPB1kfUVQU0xKkwRySWcMs9RtdCScZ4IY+8PHI184KBPRS
+WiFjJAmZ36hDLqlQLk+BtjA8Sei4YQEw75QhssFmRnU007fnNFqbqpkW8aSUHi8A
+s9qrvWI3oVu30vgE464j9MB/Eq4onOLfLOQBlevSo2oRg4SFvkJYovZF0y0t0Fw9
+ypv8aqEczKNzLs2rCZ25hzSZm+Z3/kpB4Yz1qVT1EH84h6DBja7ExVqD37OiOsno
+VkqMxTMviC+zcp6nlaF4LDyubVPLkKdzF7LNQ2rTOoF8X1XLLk6e4f447A8AjMvg
+N9rS8O28cVBVngk0p6id7Z3/psjtWv8apc1tAWHfiw+PZvDPNfUBjWkRhn8Ysl9J
+ml3gEns04eoHpZaasHgYKzow9a0g9S5aqBo3zXr9kL7h4nX0ic3ZwhboYmBm6yOI
+s6G4f6e93ybTLQhsbwQk1+JzOqlYA48L0oNhq8wbDmvrwnDURnPi5W0NQGEbY+5F

All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat.


iptables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
0     0 ACCEPT     all  --  *      *       172.24.1.0/24        0.0.0.0/0
11   660 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255
0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255
613M  877G LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
644K  579M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
612M  877G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
60  3352 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/sec burst 2
0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED limit: avg 3/sec burst 30
6   232 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 3/sec burst 30
0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0 limit: avg 3/sec burst 30
0     0 LOGDROP    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x04/0x04 limit: avg 2/sec burst 2
271 14104 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255
0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: REMOVE name: portscan side: source mask: 255.255.255.255
7   344 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:"
7   344 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x04/0x04 limit: avg 2/sec burst 2
0     0 http-flood  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 flags:0x17/0x02 #conn src/32 > 10
773 40212 http-flood  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 flags:0x17/0x02 #conn src/32 > 10
0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 flags:0x17/0x02 #conn src/32 > 15
4   208 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 flags:0x17/0x02 #conn src/32 > 15
906 46984            tcp  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
31997 1665K            tcp  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
111K 6138K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 151/sec burst 160
0     0 syn-flood  tcp  --  enp3s0 *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            #conn src/32 > 80 reject-with tcp-reset
613  380K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 60/sec burst 20
0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x04/0x04 limit: avg 2/sec burst 2
0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x04/0x04
0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
13   845 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW,ESTABLISHED tcp dpt:80
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW,ESTABLISHED tcp dpt:443
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 37263
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:18413
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:28967
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:28968
2869 3073K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 192K 2468M DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 192K 2468M DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 25587 37M ACCEPT all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2016 132K DOCKER all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 5520 615K ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 1993 131K ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 58488 23M ACCEPT all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 5854 351K DOCKER all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 5854 351K ACCEPT all -- br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1416 315K ACCEPT all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 1314 621K ACCEPT all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 17053 7059K ACCEPT all -- br-e6d01eb72d2a br-e6d01eb72d2a 0.0.0.0/0 0.0.0.0/0 400K 1651M ACCEPT all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 6184 361K DOCKER all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 310K 93M ACCEPT all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 14M 247G ACCEPT all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 59 3540 DOCKER all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 56652 6426K ACCEPT all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 59 3540 ACCEPT all -- br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 494 2513K ACCEPT all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 15 736 DOCKER all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 301 20174 ACCEPT all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 1956K 427M ACCEPT all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 10221 613K DOCKER all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 38808 3341K ACCEPT all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 9373 562K ACCEPT all -- br-a191514339c8 br-a191514339c8 0.0.0.0/0 0.0.0.0/0 26155 8848K ACCEPT all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 179 10740 DOCKER all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 2930 336K ACCEPT all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 179 10740 ACCEPT all -- br-56488bc6676c br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 193K 233M ACCEPT all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 9 500 DOCKER all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 724 31427 ACCEPT all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 7 420 ACCEPT all -- br-9e392602a823 br-9e392602a823 0.0.0.0/0 0.0.0.0/0 238K 1190M ACCEPT all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 777 46604 DOCKER all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 6105 531K ACCEPT all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 771 46260 ACCEPT all -- br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 br-332c7002e361 0.0.0.0/0 0.0.0.0/0 105K 37M ACCEPT all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3241 194K DOCKER all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 149 16467 ACCEPT all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 3241 194K ACCEPT all -- br-085da7503790 br-085da7503790 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255 0 0 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:" 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 0 0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- docker0 enp3s0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- enp3s0 docker0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 66235 packets, 3974K bytes) pkts bytes target prot opt in out source destination 644K 579M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 606M 1013G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 84 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 3/sec burst 30 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 3/sec burst 30 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 127 7151 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 4354 292K ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 1 60 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:43 11291 677K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80 14329 860K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443 3 180 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 7 420 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 37263 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28967 0 0 ACCEPT tcp -- * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28968

Chain LOGACCEPT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-ACCEPT: " 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain LOGDROP (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-DROP: " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain LOGREJECT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-REJECT: " 0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain RELATED_ICMP (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 0 0 LOGDROP all -- 0.0.0.0/0 0.0.0.0/0

Chain http-flood (2 references) pkts bytes target prot opt in out source destination 773 40212 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 10 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 10 LOG flags 0 level 4 prefix "HTTP-FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain flood (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain syn-flood (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 4 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "/usr/sbin/iptables SYN-FLOOD:" 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain port-scanning (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 2 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (13 references) pkts bytes target prot opt in out source 0 0 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 2 120 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 0 0 ACCEPT tcp -- !br-332c7002e361 br-332c7002e361 0.0.0.0/0 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0 0 ACCEPT tcp -- !br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 3995 232K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 15 736 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0 0 ACCEPT udp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 2 80 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 2169 128K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 17 1012 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 6 344 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 848 50564 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 9 540 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 6 320 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 8 480 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 destination 192.168.64.2 tcp dpt:28967 192.168.64.2 tcp dpt:14003 172.24.0.2 tcp dpt:443 172.24.0.2 tcp dpt:80 192.168.32.2 tcp dpt:80 172.27.0.2 tcp dpt:80 172.20.0.2 tcp dpt:26257 172.18.0.2 tcp dpt:3478 172.26.0.2 tcp dpt:80 172.21.0.2 tcp dpt:80 172.21.0.2 tcp dpt:9000 192.168.64.2 tcp dpt:22 172.27.0.3 tcp dpt:8083 172.27.0.3 tcp dpt:8081 172.24.0.4 udp dpt:10000 172.24.0.4 tcp dpt:4443 172.21.0.3 tcp dpt:80 172.19.0.3 tcp dpt:3306 172.22.0.3 tcp dpt:9000 192.168.64.3 tcp dpt:28967 192.168.64.3 tcp dpt:14002 172.21.0.4 tcp dpt:5432 172.27.0.4 tcp dpt:9999 172.24.0.5 tcp dpt:9001 172.18.0.4 tcp dpt:5432 172.22.0.4 tcp dpt:3100 172.19.0.4 tcp dpt:8080 172.22.0.6 tcp dpt:9090 172.24.0.7 tcp dpt:8080 172.18.0.7 tcp dpt:29318 172.18.0.8 tcp dpt:80 192.168.0.9 tcp dpt:8443 192.168.0.9 tcp dpt:8080 172.22.0.5 tcp dpt:3000 172.21.0.5 tcp dpt:3200 172.18.0.3 tcp dpt:3000 172.18.0.3 tcp dpt:22 172.18.0.5 tcp dpt:8008 172.18.0.6 tcp dpt:9005 172.19.0.2 tcp dpt:2368 172.30.1.6 tcp dpt:8983 172.30.1.249 tcp dpt:6379 172.30.1.8 tcp dpt:5443 172.30.1.8 tcp dpt:5269 172.30.1.8 tcp dpt:5222 172.30.1.9 tcp dpt:3306 172.30.1.11 tcp dpt:587 172.30.1.11 tcp dpt:465 172.30.1.11 tcp dpt:25 172.30.1.250 tcp dpt:12345 172.30.1.250 tcp dpt:4190 172.30.1.250 tcp dpt:995 172.30.1.250 tcp dpt:993 172.30.1.250 tcp dpt:143 172.30.1.250 tcp dpt:110 172.30.1.12 tcp dpt:18104 172.30.1.12 tcp dpt:18103

Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 5520 615K DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1314 621K DOCKER-ISOLATION-STAGE-2 all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a !172.31.0.0/16 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a 0.0.0.0/0 !172.31.0.0/16 310K 93M DOCKER-ISOLATION-STAGE-2 all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 56652 6426K DOCKER-ISOLATION-STAGE-2 all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 301 20174 DOCKER-ISOLATION-STAGE-2 all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 38808 3341K DOCKER-ISOLATION-STAGE-2 all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 2930 336K DOCKER-ISOLATION-STAGE-2 all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 724 31427 DOCKER-ISOLATION-STAGE-2 all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 6105 531K DOCKER-ISOLATION-STAGE-2 all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 149 16467 DOCKER-ISOLATION-STAGE-2 all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 20M 255G RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (13 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 761K 144M RETURN all -- * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 20M 255G RETURN all -- 0.0.0.0/0 0.0.0.0/0


- DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output.

docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.30.1.254 151.101.1.69 151.101.193.69 151.101.65.69 151.101.129.69

andryyy commented 3 years ago

Hi,

It works fine.

Your firewall config is probably the problem. As said in the docs there is no support (while it can work, it's just that you really need to know what you are doing).

Am 01.05.2021 um 16:50 schrieb Yonggan @.***>:

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue. I have understood that this bug report is dedicated for bugs, and not for support-related inquiries. I have understood that answers are voluntary and community-driven, and not commercial support. I have verified that my issue has not been already answered in the past. I also checked previous issues. Summary

Commit: 5df8a24

Hello together, i have following problem: after updating my mailcow install with the update.sh Script i can login in Sogo but can´t use it anymore. I updated Sogo from 1.93 to 1.99.

After some tinkering i was going ahead and just fresh installed mailcow complete. I created a test domain and a test user and logged in successfull but also there i got this page:

In the console i can see this:

The Response from the failed urls are always: the called object returned no result

Logs

Full logs are attached. logs.txt

But Sogo logs are pretty empty:

Waiting for database to come up..., Waiting for database to come up..., Uptime: 10 Threads: 2 Questions: 3 Slow queries: 0 Opens: 17 Open tables: 10 Queries per second avg: 0.300, schema is 09032021_1000, We are master, preparing sogo_view..., We are master, preparing _sogo_static_view..., Updating _sogo_static_view content..., We are master, preparing update trigger..., Syncing web content with named volume, May 1 16:35:14 024cd2544c0c sogod [11]: version 5.1.0 (build @shiva2.inverse 202104160119) -- starting, May 1 16:35:14 024cd2544c0c sogod [11]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 78 MB, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]> MainUI.SOGo, CommonUI.SOGo, AdministrationUI.SOGo, Contacts.SOGo, Appointments.SOGo, ContactsUI.SOGo, MailerUI.SOGo, Mailer.SOGo, SchedulerUI.SOGo, ActiveSync.SOGo, MailPartViewers.SOGo, PreferencesUI.SOGo, May 1 16:35:14 024cd2544c0c sogod [11]: All products loaded - current memory usage at 89 MB, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> listening on 0.0.0.0:20000, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> watchdog process pid: 11, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x7f87b079d360[WOWatchDogChild]> watchdog request timeout set to 30 minutes, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> preparing 20 children, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 101, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 102, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 103, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 104, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 105, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 106, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 107, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 108, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 109, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 110, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 111, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 112, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 113, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 114, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 115, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 116, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 117, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 118, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 119, May 1 16:35:14 024cd2544c0c sogod [101]: <0x0x55db35b4d5d0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [103]: <0x0x55db35b47e50[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [102]: <0x0x55db35b47b30[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [104]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [109]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 120May 01 16:35:14 sogod [113]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [112]: <0x0x55db35b21260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [105]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [120]: <0x0x55db35b22630[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [115]: <0x0x55db35b1c150[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [106]: <0x0x55db35b35d00[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [110]: <0x0x55db35b1d0c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [111]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [108]: <0x0x55db35b37590[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [119]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [118]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [117]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [116]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [114]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [107]: <0x0x55db35b38fb0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Cache cleanup interval set every 900.000000 seconds, May 1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Using host(s) 'memcached' as server(s), May 1 16:36:13 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.323 - - 3M - 12, May 1 16:36:47 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12, May 1 16:37:48 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12, May 1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> Expired session received, redirecting to login page., May 1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> tried wrong password for user 'ra4O95oHA3ce8K0mD423JdCC0dB93mMJwjWvNsTPpynql32KPrQYixWOC9gfoGzf/cd8vxQH727P/VfKiVKJGsLaIf+YM011VVPzcVEY3DD9G3ZjWGFwcv1EHqEOAjMu3Dov5Q0xyvb2XAxxzw4RGkzUy/C2lhrnbnAiPW9twZfgH58s9v8BHqyNTtkj8+c/E4+DLus0e4Wekvue0uW21g=='!, May 1 16:38:00 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/0/folderINBOX/view HTTP/1.0" 200 9482/0 0.264 31471 69% 3M - 12, May 1 16:38:06 024cd2544c0c sogod [107]: SOGoRootPage successful login from '46.223.150.118' for user @.' - expire = -1 grace = -1, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: 46.223.150.118 "POST /SOGo/connect HTTP/1.0" 200 51/123 0.838 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro HTTP/1.0" 302 0/0 0.001 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro/view HTTP/1.0" 302 0/0 0.002 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail HTTP/1.0" 302 0/0 0.002 - - 0 - 13, May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/view HTTP/1.0" 200 19136/0 0.114 82613 76% 2M - 13, May 1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Cache cleanup interval set every 900.000000 seconds, May 1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Using host(s) 'memcached' as server(s), May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Calendar/alarmslist?browserTime=1619879888 HTTP/1.0" 500 36/0 0.005 - - 0 - 13, May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/0/view HTTP/1.0" 500 36/0 0.601 - - 0 - 14, May 1 16:38:08 024cd2544c0c sogod [114]: 46.223.150.118 "POST @./Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.638 - - 2M - 12, May 1 16:39:02 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Mail/view HTTP/1.0" 200 19136/0 0.132 82613 76% 5M - 11, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Calendar/alarmslist?browserTime=1619879943 HTTP/1.0" 500 36/0 0.005 - - 0 - 12, May 1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Mail/0/view HTTP/1.0" 500 36/0 0.276 - - 0 - 13, May 1 16:39:03 024cd2544c0c sogod [107]: 46.223.150.118 "POST @./Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.300 - - 0 - 14, May 1 16:39:07 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.002 - - 0 - 13, May 1 16:39:11 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/0/folderINBOX/view HTTP/1.0" 500 36/0 0.127 - - 0 - 14, Reproduction

First i tried an update and update works fine with other clients, i can write and recieve emails but only sogo is not working. After multiple times getting support i tried with a complete clean install and had the same issue there too. I tried multiple days to fix this but i finally cant explain it to me.

To reproduce this issue just go ahead and install mailcow behind an nginx reverse proxy and create a test account und try login with Sogo.

System information

Question Answer My operating system Debian Buster Is Apparmor, SELinux or similar active? No Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported No Server/VM specifications (Memory, CPU Cores) 32GB, 12 Docker Version (docker version) 20.10.6 Docker-Compose Version (docker-compose version) 1.29.1 Reverse proxy (custom solution) nginx Output of git diff origin/master, any other changes to the code? If so, please post them. diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem index 96d16bec..95c2fe57 100644 --- a/data/assets/ssl-example/cert.pem +++ b/data/assets/ssl-example/cert.pem @@ -1,19 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ -MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa -MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1 -MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8 -y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7 -39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281 -XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI -1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH -AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI -KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB -eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm -VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH -NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw -UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW -jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0 -Bx4Q4KMjuYQ= +MIIFxzCCA6+gAwIBAgIUIiMczyj720txqH8LEPBvyfCOkS0wDQYJKoZIhvcNAQEL +BQAwczELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj +aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEgMB4GA1UEAwwX +bWFpbC5vYmxpdmlvbmNvZGluZy5wcm8wHhcNMjAxMDIxMTAyNTUxWhcNMjExMDIx +MTAyNTUxWjBzMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdX +aWxsaWNoMRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MSAwHgYD +VQQDDBdtYWlsLm9ibGl2aW9uY29kaW5nLnBybzCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAP15JtXskfsnZGTuVg7/vC6VrEcxOwxfN1f8jQlgm295RnXl +xvPk+DTeesIyVJ5NVnyJGOD+S4jSNEBQkJFvkd4hlCftx1tqtIHECjwKOTJMkOgR +zBm32i6yd5EZIWO1A2hPB1kfUVQU0xKkwRySWcMs9RtdCScZ4IY+8PHI184KBPRS +WiFjJAmZ36hDLqlQLk+BtjA8Sei4YQEw75QhssFmRnU007fnNFqbqpkW8aSUHi8A +s9qrvWI3oVu30vgE464j9MB/Eq4onOLfLOQBlevSo2oRg4SFvkJYovZF0y0t0Fw9 +ypv8aqEczKNzLs2rCZ25hzSZm+Z3/kpB4Yz1qVT1EH84h6DBja7ExVqD37OiOsno +VkqMxTMviC+zcp6nlaF4LDyubVPLkKdzF7LNQ2rTOoF8X1XLLk6e4f447A8AjMvg +N9rS8O28cVBVngk0p6id7Z3/psjtWv8apc1tAWHfiw+PZvDPNfUBjWkRhn8Ysl9J +ml3gEns04eoHpZaasHgYKzow9a0g9S5aqBo3zXr9kL7h4nX0ic3ZwhboYmBm6yOI +s6G4f6e93ybTLQhsbwQk1+JzOqlYA48L0oNhq8wbDmvrwnDURnPi5W0NQGEbY+5F All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat. iptables -L -vn Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- 172.24.1.0/24 0.0.0.0/0 11 660 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255 613M 877G LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 644K 579M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 612M 877G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 60 3352 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 2 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 3/sec burst 30 6 232 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 3/sec burst 30 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 limit: avg 3/sec burst 30 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 271 14104 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255 7 344 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:" 7 344 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 0 0 http-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/32 > 10 773 40212 http-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 #conn src/32 > 10 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/32 > 15 4 208 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 #conn src/32 > 15 906 46984 tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 31997 1665K tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 111K 6138K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 151/sec burst 160 0 0 syn-flood tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 0 0 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 #conn src/32 > 80 reject-with tcp-reset 613 380K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 60/sec burst 20 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 13 845 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 37263 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:18413 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28967 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28968 2869 3073K DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 192K 2468M DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 192K 2468M DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 25587 37M ACCEPT all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2016 132K DOCKER all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 5520 615K ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 1993 131K ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 58488 23M ACCEPT all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 5854 351K DOCKER all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 5854 351K ACCEPT all -- br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1416 315K ACCEPT all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 1314 621K ACCEPT all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 17053 7059K ACCEPT all -- br-e6d01eb72d2a br-e6d01eb72d2a 0.0.0.0/0 0.0.0.0/0 400K 1651M ACCEPT all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 6184 361K DOCKER all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 310K 93M ACCEPT all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 14M 247G ACCEPT all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 59 3540 DOCKER all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 56652 6426K ACCEPT all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 59 3540 ACCEPT all -- br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 494 2513K ACCEPT all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 15 736 DOCKER all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 301 20174 ACCEPT all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 1956K 427M ACCEPT all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 10221 613K DOCKER all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 38808 3341K ACCEPT all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 9373 562K ACCEPT all -- br-a191514339c8 br-a191514339c8 0.0.0.0/0 0.0.0.0/0 26155 8848K ACCEPT all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 179 10740 DOCKER all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 2930 336K ACCEPT all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 179 10740 ACCEPT all -- br-56488bc6676c br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 193K 233M ACCEPT all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 9 500 DOCKER all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 724 31427 ACCEPT all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 7 420 ACCEPT all -- br-9e392602a823 br-9e392602a823 0.0.0.0/0 0.0.0.0/0 238K 1190M ACCEPT all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 777 46604 DOCKER all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 6105 531K ACCEPT all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 771 46260 ACCEPT all -- br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 br-332c7002e361 0.0.0.0/0 0.0.0.0/0 105K 37M ACCEPT all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3241 194K DOCKER all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 149 16467 ACCEPT all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 3241 194K ACCEPT all -- br-085da7503790 br-085da7503790 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255 0 0 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:" 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 0 0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- docker0 enp3s0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- enp3s0 docker0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 66235 packets, 3974K bytes) pkts bytes target prot opt in out source destination 644K 579M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 606M 1013G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 84 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 3/sec burst 30 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 3/sec burst 30 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 127 7151 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 4354 292K ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 1 60 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:43 11291 677K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80 14329 860K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443 3 180 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 7 420 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 37263 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28967 0 0 ACCEPT tcp -- * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28968

Chain LOGACCEPT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-ACCEPT: " 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain LOGDROP (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-DROP: " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain LOGREJECT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-REJECT: " 0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain RELATED_ICMP (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 0 0 LOGDROP all -- 0.0.0.0/0 0.0.0.0/0

Chain http-flood (2 references) pkts bytes target prot opt in out source destination 773 40212 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 10 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 10 LOG flags 0 level 4 prefix "HTTP-FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain flood (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain syn-flood (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 4 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "/usr/sbin/iptables SYN-FLOOD:" 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain port-scanning (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 2 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (13 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:28967 2 120 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:14003 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.2 tcp dpt:443 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-332c7002e361 br-332c7002e361 0.0.0.0/0 192.168.32.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 172.20.0.2 tcp dpt:26257 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.2 tcp dpt:3478 0 0 ACCEPT tcp -- !br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 172.26.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.2 tcp dpt:9000 3995 232K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:22 15 736 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.3 tcp dpt:8083 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.3 tcp dpt:8081 0 0 ACCEPT udp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.4 udp dpt:10000 2 80 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.4 tcp dpt:4443 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.3 tcp dpt:80 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.3 tcp dpt:3306 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.3 tcp dpt:9000 2169 128K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.3 tcp dpt:28967 17 1012 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.3 tcp dpt:14002 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.4 tcp dpt:5432 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.4 tcp dpt:9999 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.5 tcp dpt:9001 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.4 tcp dpt:5432 6 344 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.4 tcp dpt:3100 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.4 tcp dpt:8080 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.6 tcp dpt:9090 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.7 tcp dpt:8080 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.7 tcp dpt:29318 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.8 tcp dpt:80 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 192.168.0.9 tcp dpt:8443 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 192.168.0.9 tcp dpt:8080 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.5 tcp dpt:3000 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.5 tcp dpt:3200 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.3 tcp dpt:3000 848 50564 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.3 tcp dpt:22 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.5 tcp dpt:8008 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.6 tcp dpt:9005 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.2 tcp dpt:2368 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.6 tcp dpt:8983 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.249 tcp dpt:6379 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5443 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5269 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5222 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.9 tcp dpt:3306 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:587 9 540 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:465 6 320 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:25 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:12345 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:4190 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:995 8 480 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:993 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:143 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:110 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.12 tcp dpt:18104 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.12 tcp dpt:18103

Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 5520 615K DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1314 621K DOCKER-ISOLATION-STAGE-2 all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a !172.31.0.0/16 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a 0.0.0.0/0 !172.31.0.0/16 310K 93M DOCKER-ISOLATION-STAGE-2 all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 56652 6426K DOCKER-ISOLATION-STAGE-2 all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 301 20174 DOCKER-ISOLATION-STAGE-2 all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 38808 3341K DOCKER-ISOLATION-STAGE-2 all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 2930 336K DOCKER-ISOLATION-STAGE-2 all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 724 31427 DOCKER-ISOLATION-STAGE-2 all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 6105 531K DOCKER-ISOLATION-STAGE-2 all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 149 16467 DOCKER-ISOLATION-STAGE-2 all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 20M 255G RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (13 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 761K 144M RETURN all -- * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 20M 255G RETURN all -- 0.0.0.0/0 0.0.0.0/0 DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output. docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.30.1.254 151.101.1.69 151.101.193.69 151.101.65.69 151.101.129.69

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

Y0ngg4n commented 3 years ago

Hi, It works fine. Your firewall config is probably the problem. As said in the docs there is no support (while it can work, it's just that you really need to know what you are doing). … Am 01.05.2021 um 16:50 schrieb Yonggan @.*>: Prior to placing the issue, please check following: (fill out each checkbox with an X once done) I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue. I have understood that this bug report is dedicated for bugs, and not for support-related inquiries. I have understood that answers are voluntary and community-driven, and not commercial support. I have verified that my issue has not been already answered in the past. I also checked previous issues. Summary Commit: 5df8a24 Hello together, i have following problem: after updating my mailcow install with the update.sh Script i can login in Sogo but can´t use it anymore. I updated Sogo from 1.93 to 1.99. After some tinkering i was going ahead and just fresh installed mailcow complete. I created a test domain and a test user and logged in successfull but also there i got this page: In the console i can see this: The Response from the failed urls are always: the called object returned no result Logs Full logs are attached. logs.txt But Sogo logs are pretty empty: Waiting for database to come up..., Waiting for database to come up..., Uptime: 10 Threads: 2 Questions: 3 Slow queries: 0 Opens: 17 Open tables: 10 Queries per second avg: 0.300, schema is 09032021_1000, We are master, preparing sogo_view..., We are master, preparing _sogo_static_view..., Updating _sogo_static_view content..., We are master, preparing update trigger..., Syncing web content with named volume, May 1 16:35:14 024cd2544c0c sogod [11]: version 5.1.0 (build @shiva2.inverse 202104160119) -- starting, May 1 16:35:14 024cd2544c0c sogod [11]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 78 MB, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a32690[SOGoProductLoader]> MainUI.SOGo, CommonUI.SOGo, AdministrationUI.SOGo, Contacts.SOGo, Appointments.SOGo, ContactsUI.SOGo, MailerUI.SOGo, Mailer.SOGo, SchedulerUI.SOGo, ActiveSync.SOGo, MailPartViewers.SOGo, PreferencesUI.SOGo, May 1 16:35:14 024cd2544c0c sogod [11]: All products loaded - current memory usage at 89 MB, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> listening on 0.0.0.0:20000, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> watchdog process pid: 11, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x7f87b079d360[WOWatchDogChild]> watchdog request timeout set to 30 minutes, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> preparing 20 children, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 101, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 102, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 103, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 104, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 105, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 106, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 107, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 108, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 109, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 110, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 111, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 112, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 113, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 114, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 115, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 116, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 117, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 118, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 119, May 1 16:35:14 024cd2544c0c sogod [101]: <0x0x55db35b4d5d0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [103]: <0x0x55db35b47e50[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [102]: <0x0x55db35b47b30[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [104]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [109]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [11]: <0x0x55db35a67180[WOWatchDog]> child spawned with pid 120May 01 16:35:14 sogod [113]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [112]: <0x0x55db35b21260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [105]: <0x0x55db35b3a1c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [120]: <0x0x55db35b22630[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [115]: <0x0x55db35b1c150[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [106]: <0x0x55db35b35d00[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [110]: <0x0x55db35b1d0c0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [111]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [108]: <0x0x55db35b37590[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [119]: <0x0x55db35b23320[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [118]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [117]: <0x0x55db35b1e260[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [116]: <0x0x55db35b1cd90[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [114]: <0x0x55db35b1c730[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:35:14 024cd2544c0c sogod [107]: <0x0x55db35b38fb0[WOHttpAdaptor]> notified the watchdog that we are ready, May 1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Cache cleanup interval set every 900.000000 seconds, May 1 16:36:13 024cd2544c0c sogod [107]: <0x0x55db35a79ec0[SOGoCache]> Using host(s) 'memcached' as server(s), May 1 16:36:13 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.323 - - 3M - 12, May 1 16:36:47 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12, May 1 16:37:48 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 12, May 1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> Expired session received, redirecting to login page., May 1 16:38:00 024cd2544c0c sogod [107]: <0x0x55db35b12070[SOGoWebAuthenticator]> tried wrong password for user 'ra4O95oHA3ce8K0mD423JdCC0dB93mMJwjWvNsTPpynql32KPrQYixWOC9gfoGzf/cd8vxQH727P/VfKiVKJGsLaIf+YM011VVPzcVEY3DD9G3ZjWGFwcv1EHqEOAjMu3Dov5Q0xyvb2XAxxzw4RGkzUy/C2lhrnbnAiPW9twZfgH58s9v8BHqyNTtkj8+c/E4+DLus0e4Wekvue0uW21g=='!, May 1 16:38:00 024cd2544c0c sogod [107]: 46.223.150.118 "GET *@./Mail/0/folderINBOX/view HTTP/1.0" 200 9482/0 0.264 31471 69% 3M - 12, May 1 16:38:06 024cd2544c0c sogod [107]: SOGoRootPage successful login from '46.223.150.118' for user @.' - expire = -1 grace = -1, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: [WARN] <0x0x55db36030860[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table, May 1 16:38:06 024cd2544c0c sogod [107]: 46.223.150.118 "POST /SOGo/connect HTTP/1.0" 200 51/123 0.838 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro HTTP/1.0" 302 0/0 0.001 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET /SOGo/so/yonggan%40oblivioncoding.pro/view HTTP/1.0" 302 0/0 0.002 - - 0 - 13, May 1 16:38:07 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail HTTP/1.0" 302 0/0 0.002 - - 0 - 13, May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/view HTTP/1.0" 200 19136/0 0.114 82613 76% 2M - 13, May 1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Cache cleanup interval set every 900.000000 seconds, May 1 16:38:08 024cd2544c0c sogod [114]: <0x0x55db35ba2b80[SOGoCache]> Using host(s) 'memcached' as server(s), May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Calendar/alarmslist?browserTime=1619879888 HTTP/1.0" 500 36/0 0.005 - - 0 - 13, May 1 16:38:08 024cd2544c0c sogod [107]: 46.223.150.118 "GET @./Mail/0/view HTTP/1.0" 500 36/0 0.601 - - 0 - 14, May 1 16:38:08 024cd2544c0c sogod [114]: 46.223.150.118 "POST @./Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.638 - - 2M - 12, May 1 16:39:02 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Mail/view HTTP/1.0" 200 19136/0 0.132 82613 76% 5M - 11, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-properties' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: [WARN] <0x0x55db35bc1320[SOGoWebDAVAclManager]> entry '{DAV:}write-content' already exists in DAV permissions table, May 1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Calendar/alarmslist?browserTime=1619879943 HTTP/1.0" 500 36/0 0.005 - - 0 - 12, May 1 16:39:03 024cd2544c0c sogod [114]: 46.223.150.118 "GET @./Mail/0/view HTTP/1.0" 500 36/0 0.276 - - 0 - 13, May 1 16:39:03 024cd2544c0c sogod [107]: 46.223.150.118 "POST @./Mail/0/folderINBOX/view HTTP/1.0" 500 36/126 0.300 - - 0 - 14, May 1 16:39:07 024cd2544c0c sogod [107]: mailcowdockerized_watchdog-mailcow_1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.002 - - 0 - 13, May 1 16:39:11 024cd2544c0c sogod [107]: 46.223.150.118 "GET @.**/Mail/0/folderINBOX/view HTTP/1.0" 500 36/0 0.127 - - 0 - 14, Reproduction First i tried an update and update works fine with other clients, i can write and recieve emails but only sogo is not working. After multiple times getting support i tried with a complete clean install and had the same issue there too. I tried multiple days to fix this but i finally cant explain it to me. To reproduce this issue just go ahead and install mailcow behind an nginx reverse proxy and create a test account und try login with Sogo. System information Question Answer My operating system Debian Buster Is Apparmor, SELinux or similar active? No Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported No Server/VM specifications (Memory, CPU Cores) 32GB, 12 Docker Version (docker version) 20.10.6 Docker-Compose Version (docker-compose version) 1.29.1 Reverse proxy (custom solution) nginx Output of git diff origin/master, any other changes to the code? If so, please post them. diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem index 96d16bec..95c2fe57 100644 --- a/data/assets/ssl-example/cert.pem +++ b/data/assets/ssl-example/cert.pem @@ -1,19 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ -MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa -MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1 -MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8 -y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7 -39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281 -XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI -1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH -AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI -KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB -eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm -VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH -NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw -UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW -jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0 -Bx4Q4KMjuYQ= +MIIFxzCCA6+gAwIBAgIUIiMczyj720txqH8LEPBvyfCOkS0wDQYJKoZIhvcNAQEL +BQAwczELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj +aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEgMB4GA1UEAwwX +bWFpbC5vYmxpdmlvbmNvZGluZy5wcm8wHhcNMjAxMDIxMTAyNTUxWhcNMjExMDIx +MTAyNTUxWjBzMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdX +aWxsaWNoMRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MSAwHgYD +VQQDDBdtYWlsLm9ibGl2aW9uY29kaW5nLnBybzCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAP15JtXskfsnZGTuVg7/vC6VrEcxOwxfN1f8jQlgm295RnXl +xvPk+DTeesIyVJ5NVnyJGOD+S4jSNEBQkJFvkd4hlCftx1tqtIHECjwKOTJMkOgR +zBm32i6yd5EZIWO1A2hPB1kfUVQU0xKkwRySWcMs9RtdCScZ4IY+8PHI184KBPRS +WiFjJAmZ36hDLqlQLk+BtjA8Sei4YQEw75QhssFmRnU007fnNFqbqpkW8aSUHi8A +s9qrvWI3oVu30vgE464j9MB/Eq4onOLfLOQBlevSo2oRg4SFvkJYovZF0y0t0Fw9 +ypv8aqEczKNzLs2rCZ25hzSZm+Z3/kpB4Yz1qVT1EH84h6DBja7ExVqD37OiOsno +VkqMxTMviC+zcp6nlaF4LDyubVPLkKdzF7LNQ2rTOoF8X1XLLk6e4f447A8AjMvg +N9rS8O28cVBVngk0p6id7Z3/psjtWv8apc1tAWHfiw+PZvDPNfUBjWkRhn8Ysl9J +ml3gEns04eoHpZaasHgYKzow9a0g9S5aqBo3zXr9kL7h4nX0ic3ZwhboYmBm6yOI +s6G4f6e93ybTLQhsbwQk1+JzOqlYA48L0oNhq8wbDmvrwnDURnPi5W0NQGEbY+5F All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat. iptables -L -vn Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- 172.24.1.0/24 0.0.0.0/0 11 660 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 10 hit_count: 20 name: DEFAULT side: source mask: 255.255.255.255 613M 877G LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 644K 579M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 612M 877G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 60 3352 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 2 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 3/sec burst 30 6 232 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 3/sec burst 30 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 limit: avg 3/sec burst 30 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 271 14104 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255 7 344 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:" 7 344 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 0 0 http-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/32 > 10 773 40212 http-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 #conn src/32 > 10 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/32 > 15 4 208 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 flags:0x17/0x02 #conn src/32 > 15 906 46984 tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 31997 1665K tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 111K 6138K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 151/sec burst 160 0 0 syn-flood tcp -- enp3s0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 0 0 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 #conn src/32 > 80 reject-with tcp-reset 613 380K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 60/sec burst 20 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 limit: avg 2/sec burst 2 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 13 845 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 37263 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:18413 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28967 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28968 2869 3073K DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 192K 2468M DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 192K 2468M DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 25587 37M ACCEPT all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2016 132K DOCKER all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 5520 615K ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 1993 131K ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 58488 23M ACCEPT all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 5854 351K DOCKER all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 5854 351K ACCEPT all -- br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1416 315K ACCEPT all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 1314 621K ACCEPT all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 17053 7059K ACCEPT all -- br-e6d01eb72d2a br-e6d01eb72d2a 0.0.0.0/0 0.0.0.0/0 400K 1651M ACCEPT all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 6184 361K DOCKER all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 310K 93M ACCEPT all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 14M 247G ACCEPT all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 59 3540 DOCKER all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 56652 6426K ACCEPT all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 59 3540 ACCEPT all -- br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 494 2513K ACCEPT all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 15 736 DOCKER all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 301 20174 ACCEPT all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 1956K 427M ACCEPT all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 10221 613K DOCKER all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 38808 3341K ACCEPT all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 9373 562K ACCEPT all -- br-a191514339c8 br-a191514339c8 0.0.0.0/0 0.0.0.0/0 26155 8848K ACCEPT all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 179 10740 DOCKER all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 2930 336K ACCEPT all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 179 10740 ACCEPT all -- br-56488bc6676c br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 193K 233M ACCEPT all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 9 500 DOCKER all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 724 31427 ACCEPT all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 7 420 ACCEPT all -- br-9e392602a823 br-9e392602a823 0.0.0.0/0 0.0.0.0/0 238K 1190M ACCEPT all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 777 46604 DOCKER all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 6105 531K ACCEPT all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 771 46260 ACCEPT all -- br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-332c7002e361 br-332c7002e361 0.0.0.0/0 0.0.0.0/0 105K 37M ACCEPT all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3241 194K DOCKER all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 149 16467 ACCEPT all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 3241 194K ACCEPT all -- br-085da7503790 br-085da7503790 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 recent: CHECK seconds: 86400 name: portscan side: source mask: 255.255.255.255 0 0 all -- 0.0.0.0/0 0.0.0.0/0 recent: REMOVE name: portscan side: source mask: 255.255.255.255 0 0 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 LOG flags 0 level 4 prefix "Portscan:" 0 0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 recent: SET name: portscan side: source mask: 255.255.255.255 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 0 0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- docker0 enp3s0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- enp3s0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 66235 packets, 3974K bytes) pkts bytes target prot opt in out source destination 644K 579M ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 606M 1013G ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 84 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED limit: avg 3/sec burst 30 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 3/sec burst 30 0 0 LOGDROP icmp -- 0.0.0.0/0 0.0.0.0/0 127 7151 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID 4354 292K ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 1 60 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:43 11291 677K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:80 14329 860K ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED tcp dpt:443 3 180 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 7 420 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 37263 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28967 0 0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:28968 Chain LOGACCEPT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-ACCEPT: " 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (4 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-DROP: " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain LOGREJECT (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "FW-REJECT: " 0 0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain RELATED_ICMP (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 0 0 LOGDROP all -- 0.0.0.0/0 0.0.0.0/0 Chain http-flood (2 references) pkts bytes target prot opt in out source destination 773 40212 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 10 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 10 LOG flags 0 level 4 prefix "HTTP-FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain flood (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FLOOD " 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain syn-flood (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 4 0 0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "/usr/sbin/iptables SYN-FLOOD:" 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain port-scanning (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 2 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER (13 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:28967 2 120 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:14003 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.2 tcp dpt:443 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-332c7002e361 br-332c7002e361 0.0.0.0/0 192.168.32.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-5bea70d192f1 br-5bea70d192f1 0.0.0.0/0 172.20.0.2 tcp dpt:26257 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.2 tcp dpt:3478 0 0 ACCEPT tcp -- !br-df2768a599a1 br-df2768a599a1 0.0.0.0/0 172.26.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.2 tcp dpt:80 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.2 tcp dpt:9000 3995 232K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.2 tcp dpt:22 15 736 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.3 tcp dpt:8083 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.3 tcp dpt:8081 0 0 ACCEPT udp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.4 udp dpt:10000 2 80 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.4 tcp dpt:4443 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.3 tcp dpt:80 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.3 tcp dpt:3306 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.3 tcp dpt:9000 2169 128K ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.3 tcp dpt:28967 17 1012 ACCEPT tcp -- !br-ba6e3c3458bc br-ba6e3c3458bc 0.0.0.0/0 192.168.64.3 tcp dpt:14002 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.4 tcp dpt:5432 0 0 ACCEPT tcp -- !br-c47bf4ba146c br-c47bf4ba146c 0.0.0.0/0 172.27.0.4 tcp dpt:9999 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.5 tcp dpt:9001 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.4 tcp dpt:5432 6 344 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.4 tcp dpt:3100 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.4 tcp dpt:8080 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.6 tcp dpt:9090 0 0 ACCEPT tcp -- !br-9e392602a823 br-9e392602a823 0.0.0.0/0 172.24.0.7 tcp dpt:8080 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.7 tcp dpt:29318 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.8 tcp dpt:80 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 192.168.0.9 tcp dpt:8443 0 0 ACCEPT tcp -- !br-56488bc6676c br-56488bc6676c 0.0.0.0/0 192.168.0.9 tcp dpt:8080 0 0 ACCEPT tcp -- !br-740c4a8f4709 br-740c4a8f4709 0.0.0.0/0 172.22.0.5 tcp dpt:3000 0 0 ACCEPT tcp -- !br-9bafb5e5d32e br-9bafb5e5d32e 0.0.0.0/0 172.21.0.5 tcp dpt:3200 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.3 tcp dpt:3000 848 50564 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.3 tcp dpt:22 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.5 tcp dpt:8008 0 0 ACCEPT tcp -- !br-a191514339c8 br-a191514339c8 0.0.0.0/0 172.18.0.6 tcp dpt:9005 0 0 ACCEPT tcp -- !br-085da7503790 br-085da7503790 0.0.0.0/0 172.19.0.2 tcp dpt:2368 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.6 tcp dpt:8983 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.249 tcp dpt:6379 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5443 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5269 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.8 tcp dpt:5222 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.9 tcp dpt:3306 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:587 9 540 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:465 6 320 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.11 tcp dpt:25 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:12345 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:4190 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:995 8 480 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:993 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:143 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.250 tcp dpt:110 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.12 tcp dpt:18104 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.30.1.12 tcp dpt:18103 Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 5520 615K DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-df2768a599a1 !br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 1314 621K DOCKER-ISOLATION-STAGE-2 all -- br-5bea70d192f1 !br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a !172.31.0.0/16 0.0.0.0/0 0 0 DROP all -- br-e6d01eb72d2a 0.0.0.0/0 !172.31.0.0/16 310K 93M DOCKER-ISOLATION-STAGE-2 all -- br-ba6e3c3458bc !br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 56652 6426K DOCKER-ISOLATION-STAGE-2 all -- br-9bafb5e5d32e !br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 301 20174 DOCKER-ISOLATION-STAGE-2 all -- br-c47bf4ba146c !br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 38808 3341K DOCKER-ISOLATION-STAGE-2 all -- br-a191514339c8 !br-a191514339c8 0.0.0.0/0 0.0.0.0/0 2930 336K DOCKER-ISOLATION-STAGE-2 all -- br-56488bc6676c !br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 724 31427 DOCKER-ISOLATION-STAGE-2 all -- br-9e392602a823 !br-9e392602a823 0.0.0.0/0 0.0.0.0/0 6105 531K DOCKER-ISOLATION-STAGE-2 all -- br-740c4a8f4709 !br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-2 all -- br-332c7002e361 !br-332c7002e361 0.0.0.0/0 0.0.0.0/0 149 16467 DOCKER-ISOLATION-STAGE-2 all -- br-085da7503790 !br-085da7503790 0.0.0.0/0 0.0.0.0/0 20M 255G RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (13 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-df2768a599a1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-5bea70d192f1 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-ba6e3c3458bc 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9bafb5e5d32e 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-c47bf4ba146c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-a191514339c8 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-56488bc6676c 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-9e392602a823 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-740c4a8f4709 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-332c7002e361 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-085da7503790 0.0.0.0/0 0.0.0.0/0 761K 144M RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 20M 255G RETURN all -- * 0.0.0.0/0 0.0.0.0/0 DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output. docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.30.1.254 151.101.1.69 151.101.193.69 151.101.65.69 151.101.129.69 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

Hey @andryyy It can´t be a firewall issue, because when i flush my firewall i have the same Problem. My Firewall looks now like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

maxileith commented 3 years ago

Hi,

you have to consider that by flushing the firewall, you delete the docker firewall rules as well. iptables are not only responsible for blocking traffic but also for forwarding traffic to the right destination. So make sure that there are no custom rules applied on startup and don't flush the rules created by docker.

Using iptables with docker is a bit tricky but it is possible. If you want to, I can share my iptables configuration.

Y0ngg4n commented 3 years ago

@maxileith

Yeah sorry my fault. So i flushed it and restarted the docker Service and recreated the mailcow containers. So i have now a firewall that is accepting everything and exposed mailcow ports. But it doesn´t work either. It would be nice if you could share me yours.

my iptables looks now like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (13 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.20.0.2           tcp dpt:26257
ACCEPT     tcp  --  anywhere             172.27.0.2           tcp dpt:9999
ACCEPT     tcp  --  anywhere             192.168.64.2         tcp dpt:28967
ACCEPT     tcp  --  anywhere             192.168.64.2         tcp dpt:14002
ACCEPT     tcp  --  anywhere             172.22.0.2           tcp dpt:9090
ACCEPT     tcp  --  anywhere             192.168.32.2         tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:3478
ACCEPT     tcp  --  anywhere             192.168.64.3         tcp dpt:ssh
ACCEPT     tcp  --  anywhere             172.19.0.3           tcp dpt:mysql
ACCEPT     tcp  --  anywhere             172.27.0.3           tcp dpt:8083
ACCEPT     tcp  --  anywhere             172.27.0.3           tcp dpt:tproxy
ACCEPT     tcp  --  anywhere             172.21.0.3           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.22.0.3           tcp dpt:9000
ACCEPT     tcp  --  anywhere             172.26.0.4           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.24.0.4           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.24.0.4           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.19.0.4           tcp dpt:2368
ACCEPT     tcp  --  anywhere             172.27.0.4           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.22.0.4           tcp dpt:3000
ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:29318
ACCEPT     tcp  --  anywhere             172.21.0.5           tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             172.24.0.5           tcp dpt:9001
ACCEPT     tcp  --  anywhere             172.21.0.6           tcp dpt:9000
ACCEPT     tcp  --  anywhere             172.21.0.6           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.7           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.24.0.7           tcp dpt:http-alt
ACCEPT     udp  --  anywhere             172.24.0.8           udp dpt:10000
ACCEPT     tcp  --  anywhere             172.24.0.8           tcp dpt:4443
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             172.22.0.7           tcp dpt:3100
ACCEPT     tcp  --  anywhere             192.168.0.8          tcp dpt:8443
ACCEPT     tcp  --  anywhere             192.168.0.8          tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             172.19.0.2           tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             172.21.0.2           tcp dpt:3200
ACCEPT     tcp  --  anywhere             172.30.1.249         tcp dpt:6379
ACCEPT     tcp  --  anywhere             172.30.1.7           tcp dpt:5443
ACCEPT     tcp  --  anywhere             172.30.1.7           tcp dpt:xmpp-server
ACCEPT     tcp  --  anywhere             172.30.1.7           tcp dpt:xmpp-client
ACCEPT     tcp  --  anywhere             172.30.1.8           tcp dpt:8983
ACCEPT     tcp  --  anywhere             172.30.1.10          tcp dpt:mysql
ACCEPT     tcp  --  anywhere             172.30.1.12          tcp dpt:submission
ACCEPT     tcp  --  anywhere             172.30.1.12          tcp dpt:submissions
ACCEPT     tcp  --  anywhere             172.30.1.12          tcp dpt:smtp
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:12345
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:sieve
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:imaps
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:imap2
ACCEPT     tcp  --  anywhere             172.30.1.250         tcp dpt:pop3
ACCEPT     tcp  --  anywhere             172.30.1.13          tcp dpt:18104
ACCEPT     tcp  --  anywhere             172.30.1.13          tcp dpt:18103
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:3000
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:ssh

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DROP       all  -- !172.31.0.0/16        anywhere
DROP       all  --  anywhere            !172.31.0.0/16
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (13 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

andryyy commented 3 years ago

What about the nat table we ask for in the template? :)

Y0ngg4n commented 3 years ago

@andryyy

 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

maxileith commented 3 years ago

@Y0ngg4n

Here are my iptables configurations. However if the problem occurs when using clean iptables, it is very unlikely that the problem will be resvoled by using my iptables configurations.

/etc/iptables/rules.v4

*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]

-F INPUT
-F DOCKER-USER
-F FILTERS

-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -j FILTERS

-A DOCKER-USER -i eth0 -j FILTERS

-A FILTERS -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FILTERS -m state --state INVALID -j DROP
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 4190 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5269 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5443 -j ACCEPT
-A FILTERS -j DROP

COMMIT

/etc/iptables/rules.v6

*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]

-F INPUT
-F DOCKER-USER
-F FILTERS

-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -j FILTERS

-A DOCKER-USER -i eth0 -j FILTERS

-A FILTERS -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FILTERS -m state --state INVALID -j DROP
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 4190 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5269 -j ACCEPT
-A FILTERS -m state --state NEW -m tcp -p tcp --dport 5443 -j ACCEPT
-A FILTERS -j DROP

COMMIT

/etc/systemd/system/iptables.service

[Unit]
Description=Restore iptables firewall rules
Before=network-pre.target

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore -n /etc/iptables/rules.v4
ExecStart=/sbin/ip6tables-restore -n /etc/iptables/rules.v6

[Install]
WantedBy=multi-user.target

After creating those files, you can run systemctl enable --now iptables to apply the rules directly and on every startup.

Y0ngg4n commented 3 years ago

@maxileith Doesn´t work with your configuration either :/

maxileith commented 3 years ago

@andryyy

 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

It looks like your nat is configured incorrectly.

Mine looks like that

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.22.1.0/24        anywhere            
MASQUERADE  all  --  172.17.0.0/16        anywhere            
MASQUERADE  tcp  --  172.22.1.5           172.22.1.5           tcp dpt:8983
MASQUERADE  tcp  --  172.22.1.249         172.22.1.249         tcp dpt:6379
MASQUERADE  tcp  --  172.22.1.8           172.22.1.8           tcp dpt:5443
MASQUERADE  tcp  --  172.22.1.8           172.22.1.8           tcp dpt:xmpp-server
MASQUERADE  tcp  --  172.22.1.8           172.22.1.8           tcp dpt:xmpp-client
MASQUERADE  tcp  --  172.22.1.9           172.22.1.9           tcp dpt:mysql
MASQUERADE  tcp  --  172.22.1.12          172.22.1.12          tcp dpt:submission
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:12345
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:sieve
MASQUERADE  tcp  --  172.22.1.12          172.22.1.12          tcp dpt:submissions
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:pop3s
MASQUERADE  tcp  --  172.22.1.12          172.22.1.12          tcp dpt:smtp
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:imaps
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:imap2
MASQUERADE  tcp  --  172.22.1.250         172.22.1.250         tcp dpt:pop3
MASQUERADE  tcp  --  172.22.1.11          172.22.1.11          tcp dpt:https
MASQUERADE  tcp  --  172.22.1.11          172.22.1.11          tcp dpt:http

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            
DNAT       tcp  --  anywhere             localhost            tcp dpt:18983 to:172.22.1.5:8983
DNAT       tcp  --  anywhere             localhost            tcp dpt:7654 to:172.22.1.249:6379
DNAT       tcp  --  anywhere             anywhere             tcp dpt:5443 to:172.22.1.8:5443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:xmpp-server to:172.22.1.8:5269
DNAT       tcp  --  anywhere             anywhere             tcp dpt:xmpp-client to:172.22.1.8:5222
DNAT       tcp  --  anywhere             localhost            tcp dpt:13306 to:172.22.1.9:3306
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submission to:172.22.1.12:587
DNAT       tcp  --  anywhere             localhost            tcp dpt:19991 to:172.22.1.250:12345
DNAT       tcp  --  anywhere             anywhere             tcp dpt:sieve to:172.22.1.250:4190
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submissions to:172.22.1.12:465
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3s to:172.22.1.250:995
DNAT       tcp  --  anywhere             anywhere             tcp dpt:smtp to:172.22.1.12:25
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imaps to:172.22.1.250:993
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imap2 to:172.22.1.250:143
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3 to:172.22.1.250:110
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:172.22.1.11:443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:172.22.1.11:80
# Warning: iptables-legacy tables present, use iptables-legacy to see them

Y0ngg4n commented 3 years ago

@maxileith Im on a dedicated Server at Hetzner, with a public IP. I don´t think i need NAT either 🤔

maxileith commented 3 years ago

@Y0ngg4n Did you complete the Hetzner specific steps from the documentation?

Y0ngg4n commented 3 years ago

@maxileith Yes having accepted all:

I can send emails with other clients and can do everything with mailcow. Its just Sogo that is not working.

andryyy commented 3 years ago

Docker uses NAT. Your NAT table is completely broken.

maxileith commented 3 years ago

You should make sure that your NAT is working properly. If the problem remains I would suggest checking the config of your custom nginx reverse proxy.

Y0ngg4n commented 3 years ago

@maxileith The Problem that i have with thinking that its a firewall Problem is that Sogo worked fine with the Version 1.93 of the Docker Container and when i restored the Version to 1.93 from my Backups it worked fine. So i can only assume there changed something while updating from 1.93 to 1.99 🤔

maxileith commented 3 years ago

@Y0ngg4n Can you roll back to 1.93 and check your NAT again?

Y0ngg4n commented 3 years ago

@maxileith Yes but this will take some time

maxileith commented 3 years ago

Why do you updated from 1.93 to 1.99? The last time the version was updated in commit 334bbdf7c83395bf1fe6e03961536c667480f0ec. However from 1.98 to 1.99.

Y0ngg4n commented 3 years ago

@maxileith i just where on the old version 1.93 and updated it to the current with update.sh Restore finished and with the older version i can access Sogo and there are also no errors in the Browser console:

maxileith commented 3 years ago

What does your output from iptables -t nat -L look like now?

maxileith commented 3 years ago

It seems like your SOGo can't connect to IMAP. Probably the nat.

From your error log:

[33;1msogo-mailcow_1       |[0m May  1 16:10:21 5b25593a4de1 sogod [128]: [ERROR] <0x55639161ebe0[SOGoMailAccount]:0> Could not connect IMAP4

Y0ngg4n commented 3 years ago

@maxileith Ok i don´t know what happens to my nat table last time i posted it(maybe docker was not fully running) but without mailcow running it looks like this now:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  172.19.0.0/16        anywhere
MASQUERADE  all  --  172.26.0.0/16        anywhere
MASQUERADE  all  --  172.24.0.0/16        anywhere
MASQUERADE  all  --  172.18.0.0/16        anywhere
MASQUERADE  all  --  192.168.0.0/20       anywhere
MASQUERADE  all  --  192.168.32.0/20      anywhere
MASQUERADE  all  --  172.20.0.0/16        anywhere
MASQUERADE  all  --  172.27.0.0/16        anywhere
MASQUERADE  all  --  192.168.64.0/20      anywhere
MASQUERADE  all  --  172.21.0.0/16        anywhere
MASQUERADE  all  --  172.22.0.0/16        anywhere
MASQUERADE  tcp  --  172.20.0.2           172.20.0.2           tcp dpt:26257
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:28967
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:14002
MASQUERADE  tcp  --  172.26.0.3           172.26.0.3           tcp dpt:http
MASQUERADE  tcp  --  172.19.0.2           172.19.0.2           tcp dpt:mysql
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:http
MASQUERADE  tcp  --  192.168.32.2         192.168.32.2         tcp dpt:http
MASQUERADE  tcp  --  172.27.0.2           172.27.0.2           tcp dpt:http
MASQUERADE  tcp  --  172.22.0.2           172.22.0.2           tcp dpt:9090
MASQUERADE  tcp  --  172.21.0.3           172.21.0.3           tcp dpt:http
MASQUERADE  udp  --  172.24.0.3           172.24.0.3           udp dpt:10000
MASQUERADE  tcp  --  172.24.0.3           172.24.0.3           tcp dpt:4443
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:8083
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:tproxy
MASQUERADE  tcp  --  192.168.64.3         192.168.64.3         tcp dpt:ssh
MASQUERADE  tcp  --  172.19.0.3           172.19.0.3           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.3           172.22.0.3           tcp dpt:3100
MASQUERADE  tcp  --  172.19.0.4           172.19.0.4           tcp dpt:2368
MASQUERADE  tcp  --  172.24.0.4           172.24.0.4           tcp dpt:9001
MASQUERADE  tcp  --  172.21.0.4           172.21.0.4           tcp dpt:postgresql
MASQUERADE  tcp  --  172.27.0.4           172.27.0.4           tcp dpt:9999
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:postgresql
MASQUERADE  tcp  --  172.18.0.6           172.18.0.6           tcp dpt:3478
MASQUERADE  tcp  --  172.22.0.6           172.22.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:https
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.18.0.8           172.18.0.8           tcp dpt:29318
MASQUERADE  tcp  --  172.24.0.8           172.24.0.8           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.7           172.22.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.21.0.5           172.21.0.5           tcp dpt:3200
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:ssh
MASQUERADE  tcp  --  172.18.0.3           172.18.0.3           tcp dpt:9005
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:8008

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             172.20.0.0           tcp dpt:26257 to:172.20.0.2:26257
DNAT       tcp  --  anywhere             anywhere             tcp dpt:28967 to:192.168.64.2:28967
DNAT       tcp  --  anywhere             anywhere             tcp dpt:14002 to:192.168.64.2:14002
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18301 to:172.26.0.3:80
DNAT       tcp  --  anywhere             172.19.0.0           tcp dpt:mysql to:172.19.0.2:3306
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18402 to:172.18.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18703 to:192.168.32.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18410 to:172.27.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18003 to:172.22.0.2:9090
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19321 to:172.21.0.3:80
DNAT       udp  --  anywhere             anywhere             udp dpt:10000 to:172.24.0.3:10000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:4443 to:172.24.0.3:4443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:8083 to:172.27.0.3:8083
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18409 to:172.27.0.3:8081
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:192.168.64.3:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18408 to:172.19.0.3:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18006 to:172.22.0.3:3100
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18502 to:172.19.0.4:2368
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18605 to:172.24.0.4:9001
DNAT       tcp  --  anywhere             172.21.0.0           tcp dpt:postgresql to:172.21.0.4:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18411 to:172.27.0.4:9999
DNAT       tcp  --  anywhere             172.18.0.0           tcp dpt:postgresql to:172.18.0.5:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18702 to:172.18.0.6:3478
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18001 to:172.22.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:9123 to:172.21.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18951 to:172.21.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18602 to:172.24.0.6:443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18601 to:172.24.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18705 to:172.18.0.8:29318
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18606 to:172.24.0.8:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18002 to:172.22.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19320 to:172.21.0.5:3200
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18403 to:172.18.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:2222 to:172.18.0.7:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18704 to:172.18.0.3:9005
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18701 to:172.18.0.4:8008

And with mailcow running it looks like this:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.30.1.0/24        anywhere
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  172.19.0.0/16        anywhere
MASQUERADE  all  --  172.26.0.0/16        anywhere
MASQUERADE  all  --  172.24.0.0/16        anywhere
MASQUERADE  all  --  172.18.0.0/16        anywhere
MASQUERADE  all  --  192.168.0.0/20       anywhere
MASQUERADE  all  --  192.168.32.0/20      anywhere
MASQUERADE  all  --  172.20.0.0/16        anywhere
MASQUERADE  all  --  172.27.0.0/16        anywhere
MASQUERADE  all  --  192.168.64.0/20      anywhere
MASQUERADE  all  --  172.21.0.0/16        anywhere
MASQUERADE  all  --  172.22.0.0/16        anywhere
MASQUERADE  tcp  --  172.20.0.2           172.20.0.2           tcp dpt:26257
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:28967
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:14002
MASQUERADE  tcp  --  172.26.0.3           172.26.0.3           tcp dpt:http
MASQUERADE  tcp  --  172.19.0.2           172.19.0.2           tcp dpt:mysql
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:http
MASQUERADE  tcp  --  192.168.32.2         192.168.32.2         tcp dpt:http
MASQUERADE  tcp  --  172.27.0.2           172.27.0.2           tcp dpt:http
MASQUERADE  tcp  --  172.22.0.2           172.22.0.2           tcp dpt:9090
MASQUERADE  tcp  --  172.21.0.3           172.21.0.3           tcp dpt:http
MASQUERADE  udp  --  172.24.0.3           172.24.0.3           udp dpt:10000
MASQUERADE  tcp  --  172.24.0.3           172.24.0.3           tcp dpt:4443
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:8083
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:tproxy
MASQUERADE  tcp  --  192.168.64.3         192.168.64.3         tcp dpt:ssh
MASQUERADE  tcp  --  172.19.0.3           172.19.0.3           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.3           172.22.0.3           tcp dpt:3100
MASQUERADE  tcp  --  172.19.0.4           172.19.0.4           tcp dpt:2368
MASQUERADE  tcp  --  172.24.0.4           172.24.0.4           tcp dpt:9001
MASQUERADE  tcp  --  172.21.0.4           172.21.0.4           tcp dpt:postgresql
MASQUERADE  tcp  --  172.27.0.4           172.27.0.4           tcp dpt:9999
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:postgresql
MASQUERADE  tcp  --  172.18.0.6           172.18.0.6           tcp dpt:3478
MASQUERADE  tcp  --  172.22.0.6           172.22.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:https
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.18.0.8           172.18.0.8           tcp dpt:29318
MASQUERADE  tcp  --  172.24.0.8           172.24.0.8           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.7           172.22.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.21.0.5           172.21.0.5           tcp dpt:3200
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:ssh
MASQUERADE  tcp  --  172.18.0.3           172.18.0.3           tcp dpt:9005
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:8008
MASQUERADE  tcp  --  172.30.1.249         172.30.1.249         tcp dpt:6379
MASQUERADE  tcp  --  172.30.1.2           172.30.1.2           tcp dpt:8983
MASQUERADE  tcp  --  172.30.1.8           172.30.1.8           tcp dpt:mysql
MASQUERADE  tcp  --  172.30.1.11          172.30.1.11          tcp dpt:submission
MASQUERADE  tcp  --  172.30.1.11          172.30.1.11          tcp dpt:submissions
MASQUERADE  tcp  --  172.30.1.11          172.30.1.11          tcp dpt:smtp
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:12345
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:sieve
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:pop3s
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:imaps
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:imap2
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:pop3
MASQUERADE  tcp  --  172.30.1.10          172.30.1.10          tcp dpt:18104
MASQUERADE  tcp  --  172.30.1.10          172.30.1.10          tcp dpt:18103

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             172.20.0.0           tcp dpt:26257 to:172.20.0.2:26257
DNAT       tcp  --  anywhere             anywhere             tcp dpt:28967 to:192.168.64.2:28967
DNAT       tcp  --  anywhere             anywhere             tcp dpt:14002 to:192.168.64.2:14002
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18301 to:172.26.0.3:80
DNAT       tcp  --  anywhere             172.19.0.0           tcp dpt:mysql to:172.19.0.2:3306
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18402 to:172.18.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18703 to:192.168.32.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18410 to:172.27.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18003 to:172.22.0.2:9090
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19321 to:172.21.0.3:80
DNAT       udp  --  anywhere             anywhere             udp dpt:10000 to:172.24.0.3:10000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:4443 to:172.24.0.3:4443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:8083 to:172.27.0.3:8083
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18409 to:172.27.0.3:8081
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:192.168.64.3:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18408 to:172.19.0.3:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18006 to:172.22.0.3:3100
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18502 to:172.19.0.4:2368
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18605 to:172.24.0.4:9001
DNAT       tcp  --  anywhere             172.21.0.0           tcp dpt:postgresql to:172.21.0.4:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18411 to:172.27.0.4:9999
DNAT       tcp  --  anywhere             172.18.0.0           tcp dpt:postgresql to:172.18.0.5:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18702 to:172.18.0.6:3478
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18001 to:172.22.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:9123 to:172.21.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18951 to:172.21.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18602 to:172.24.0.6:443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18601 to:172.24.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18705 to:172.18.0.8:29318
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18606 to:172.24.0.8:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18002 to:172.22.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19320 to:172.21.0.5:3200
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18403 to:172.18.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:2222 to:172.18.0.7:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18704 to:172.18.0.3:9005
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18701 to:172.18.0.4:8008
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:7654 to:172.30.1.249:6379
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:18983 to:172.30.1.2:8983
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:13306 to:172.30.1.8:3306
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submission to:172.30.1.11:587
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submissions to:172.30.1.11:465
DNAT       tcp  --  anywhere             anywhere             tcp dpt:smtp to:172.30.1.11:25
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:19991 to:172.30.1.250:12345
DNAT       tcp  --  anywhere             anywhere             tcp dpt:sieve to:172.30.1.250:4190
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3s to:172.30.1.250:995
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imaps to:172.30.1.250:993
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imap2 to:172.30.1.250:143
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3 to:172.30.1.250:110
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18104 to:172.30.1.10:18104
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18103 to:172.30.1.10:18103

maxileith commented 3 years ago

Looks okay to me. Between the commit where SOGo 1.93 was introduced (6f6f52f380e91cba07365b8502f28bcae8e55293) and the commit where 1.99 was introduced some things happened. Rigth now, I don't know what exactly breaks your NAT.

Y0ngg4n commented 3 years ago

@maxileith so i restored the latest snapshot of mailcow where Sogo is not working and i tried iptables -t nat -L again and it looks like this now:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.30.1.0/24        anywhere
MASQUERADE  all  --  172.17.0.0/16        anywhere
MASQUERADE  all  --  172.19.0.0/16        anywhere
MASQUERADE  all  --  172.26.0.0/16        anywhere
MASQUERADE  all  --  172.24.0.0/16        anywhere
MASQUERADE  all  --  172.18.0.0/16        anywhere
MASQUERADE  all  --  192.168.0.0/20       anywhere
MASQUERADE  all  --  192.168.32.0/20      anywhere
MASQUERADE  all  --  172.20.0.0/16        anywhere
MASQUERADE  all  --  172.27.0.0/16        anywhere
MASQUERADE  all  --  192.168.64.0/20      anywhere
MASQUERADE  all  --  172.21.0.0/16        anywhere
MASQUERADE  all  --  172.22.0.0/16        anywhere
MASQUERADE  tcp  --  172.20.0.2           172.20.0.2           tcp dpt:26257
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:28967
MASQUERADE  tcp  --  192.168.64.2         192.168.64.2         tcp dpt:14002
MASQUERADE  tcp  --  172.26.0.3           172.26.0.3           tcp dpt:http
MASQUERADE  tcp  --  172.19.0.2           172.19.0.2           tcp dpt:mysql
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:http
MASQUERADE  tcp  --  192.168.32.2         192.168.32.2         tcp dpt:http
MASQUERADE  tcp  --  172.27.0.2           172.27.0.2           tcp dpt:http
MASQUERADE  tcp  --  172.22.0.2           172.22.0.2           tcp dpt:9090
MASQUERADE  tcp  --  172.21.0.3           172.21.0.3           tcp dpt:http
MASQUERADE  udp  --  172.24.0.3           172.24.0.3           udp dpt:10000
MASQUERADE  tcp  --  172.24.0.3           172.24.0.3           tcp dpt:4443
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:8083
MASQUERADE  tcp  --  172.27.0.3           172.27.0.3           tcp dpt:tproxy
MASQUERADE  tcp  --  192.168.64.3         192.168.64.3         tcp dpt:ssh
MASQUERADE  tcp  --  172.19.0.3           172.19.0.3           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.3           172.22.0.3           tcp dpt:3100
MASQUERADE  tcp  --  172.19.0.4           172.19.0.4           tcp dpt:2368
MASQUERADE  tcp  --  172.24.0.4           172.24.0.4           tcp dpt:9001
MASQUERADE  tcp  --  172.21.0.4           172.21.0.4           tcp dpt:postgresql
MASQUERADE  tcp  --  172.27.0.4           172.27.0.4           tcp dpt:9999
MASQUERADE  tcp  --  172.18.0.5           172.18.0.5           tcp dpt:postgresql
MASQUERADE  tcp  --  172.18.0.6           172.18.0.6           tcp dpt:3478
MASQUERADE  tcp  --  172.22.0.6           172.22.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:9000
MASQUERADE  tcp  --  172.21.0.6           172.21.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:https
MASQUERADE  tcp  --  172.24.0.6           172.24.0.6           tcp dpt:http
MASQUERADE  tcp  --  172.18.0.8           172.18.0.8           tcp dpt:29318
MASQUERADE  tcp  --  172.24.0.8           172.24.0.8           tcp dpt:http-alt
MASQUERADE  tcp  --  172.22.0.7           172.22.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.21.0.5           172.21.0.5           tcp dpt:3200
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:3000
MASQUERADE  tcp  --  172.18.0.7           172.18.0.7           tcp dpt:ssh
MASQUERADE  tcp  --  172.18.0.3           172.18.0.3           tcp dpt:9005
MASQUERADE  tcp  --  172.18.0.4           172.18.0.4           tcp dpt:8008
MASQUERADE  tcp  --  172.30.1.249         172.30.1.249         tcp dpt:6379
MASQUERADE  tcp  --  172.30.1.2           172.30.1.2           tcp dpt:8983
MASQUERADE  tcp  --  172.30.1.4           172.30.1.4           tcp dpt:5443
MASQUERADE  tcp  --  172.30.1.4           172.30.1.4           tcp dpt:xmpp-server
MASQUERADE  tcp  --  172.30.1.4           172.30.1.4           tcp dpt:xmpp-client
MASQUERADE  tcp  --  172.30.1.8           172.30.1.8           tcp dpt:18104
MASQUERADE  tcp  --  172.30.1.8           172.30.1.8           tcp dpt:18103
MASQUERADE  tcp  --  172.30.1.10          172.30.1.10          tcp dpt:mysql
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:12345
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:sieve
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:pop3s
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:imaps
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:imap2
MASQUERADE  tcp  --  172.30.1.250         172.30.1.250         tcp dpt:pop3
MASQUERADE  tcp  --  172.30.1.12          172.30.1.12          tcp dpt:submission
MASQUERADE  tcp  --  172.30.1.12          172.30.1.12          tcp dpt:submissions
MASQUERADE  tcp  --  172.30.1.12          172.30.1.12          tcp dpt:smtp

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
DNAT       tcp  --  anywhere             172.20.0.0           tcp dpt:26257 to:172.20.0.2:26257
DNAT       tcp  --  anywhere             anywhere             tcp dpt:28967 to:192.168.64.2:28967
DNAT       tcp  --  anywhere             anywhere             tcp dpt:14002 to:192.168.64.2:14002
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18301 to:172.26.0.3:80
DNAT       tcp  --  anywhere             172.19.0.0           tcp dpt:mysql to:172.19.0.2:3306
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18402 to:172.18.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18703 to:192.168.32.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18410 to:172.27.0.2:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18003 to:172.22.0.2:9090
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19321 to:172.21.0.3:80
DNAT       udp  --  anywhere             anywhere             udp dpt:10000 to:172.24.0.3:10000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:4443 to:172.24.0.3:4443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:8083 to:172.27.0.3:8083
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18409 to:172.27.0.3:8081
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:192.168.64.3:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18408 to:172.19.0.3:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18006 to:172.22.0.3:3100
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18502 to:172.19.0.4:2368
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18605 to:172.24.0.4:9001
DNAT       tcp  --  anywhere             172.21.0.0           tcp dpt:postgresql to:172.21.0.4:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18411 to:172.27.0.4:9999
DNAT       tcp  --  anywhere             172.18.0.0           tcp dpt:postgresql to:172.18.0.5:5432
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18702 to:172.18.0.6:3478
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18001 to:172.22.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:9123 to:172.21.0.6:9000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18951 to:172.21.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18602 to:172.24.0.6:443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18601 to:172.24.0.6:80
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18705 to:172.18.0.8:29318
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18606 to:172.24.0.8:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18002 to:172.22.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:19320 to:172.21.0.5:3200
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18403 to:172.18.0.7:3000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:2222 to:172.18.0.7:22
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18704 to:172.18.0.3:9005
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18701 to:172.18.0.4:8008
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:7654 to:172.30.1.249:6379
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:18983 to:172.30.1.2:8983
DNAT       tcp  --  anywhere             anywhere             tcp dpt:5443 to:172.30.1.4:5443
DNAT       tcp  --  anywhere             anywhere             tcp dpt:xmpp-server to:172.30.1.4:5269
DNAT       tcp  --  anywhere             anywhere             tcp dpt:xmpp-client to:172.30.1.4:5222
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18104 to:172.30.1.8:18104
DNAT       tcp  --  anywhere             anywhere             tcp dpt:18103 to:172.30.1.8:18103
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:13306 to:172.30.1.10:3306
DNAT       tcp  --  anywhere             localhost.localdomain  tcp dpt:19991 to:172.30.1.250:12345
DNAT       tcp  --  anywhere             anywhere             tcp dpt:sieve to:172.30.1.250:4190
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3s to:172.30.1.250:995
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imaps to:172.30.1.250:993
DNAT       tcp  --  anywhere             anywhere             tcp dpt:imap2 to:172.30.1.250:143
DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3 to:172.30.1.250:110
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submission to:172.30.1.12:587
DNAT       tcp  --  anywhere             anywhere             tcp dpt:submissions to:172.30.1.12:465
DNAT       tcp  --  anywhere             anywhere             tcp dpt:smtp to:172.30.1.12:25

Y0ngg4n commented 3 years ago

@maxileith @andryyy If you want i can provide you all my mailcow files if they help you.

Y0ngg4n commented 3 years ago

@andryyy @maxileith any updates here?

andryyy commented 3 years ago

Probably broken/wrong masquerading. The list is a mess and not really a clean installation. I'm sure some of these rules is applied before mailcows NAT.

patbel-pwr commented 3 years ago

Hi, I'm facing similiar issue, my sogo isn't working, but my question is quite different. EDIT1: logs deleted for privacy matter.

Mailcow unbound is not working at all, as I have configured my own unbound instances that use only DoT. My firewall is blocking everything that uses port 53/UDP.

Is there a way to skip creating mailcow unbound and use mine that is already configured? Or maybe I should reconfigure mailcows' unbound to use DoT as well? Or forward mailcow unbound to my dns?

EDIT2: I just pointed mailcow unbound to my dns server and sogo is working. My emails are still not getting in or out, but that will be subject of another investigation.

Adorfer commented 3 years ago

to summarize: unbound container not working stable -> Mailcow dead in the water!

Master13011 commented 3 years ago

I have the same error on a fresh install.

the sogo docker version: 1.96 and earlier works.

As soon as I upgrade to a higher version of the sogo package, it doesn't work.

andryyy commented 3 years ago

See my previous answer.

How is that link even related?

Master13011 commented 3 years ago

I deleted all my IPTABLES rules and restarted the docker service

iptables -I INPUT -j ACCEPT iptables -F iptables -X systemctl restart docker

iptables -nvL

Chain INPUT (policy ACCEPT 791 packets, 889K bytes) pkts bytes target prot opt in out source destination 791 889K MAILCOW all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 898 94773 MAILCOW all -- 0.0.0.0/0 0.0.0.0/0 1064 278K DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 1064 278K DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 942 269K ACCEPT all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 43 2849 DOCKER all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 79 6144 ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 43 2849 ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 606 packets, 36124 bytes) pkts bytes target prot opt in out source destination

Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.2 tcp dpt:8983 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.8 tcp dpt:8443 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.8 tcp dpt:8080 0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:3306

Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 79 6144 DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 1064 278K RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- br-mailcow 0.0.0.0/0 0.0.0.0/0 79 6144 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 1064 278K RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain MAILCOW (2 references) pkts bytes target prot opt in out source destination

As soon as I upgrade to a higher version of the sogo package, it doesn't work.

Y0ngg4n commented 3 years ago

I can say i have fixed it for my installation by tweaking the nginx config. i will close this issue

Master13011 commented 3 years ago

I can say i have fixed it for my installation by tweaking the nginx config. i will close this issue

What did you do as a modification?

Y0ngg4n commented 3 years ago

@Master13011 i just used the recommended config in the docs. I cant say what exactly maked it work, but it works now.

Master13011 commented 3 years ago

Problem solved.

It was the Opera browser that was blocking

mailcow / mailcow-dockerized