On system with IPV6 disabled netfilter, nginx and phpfm images crash

[esvarc]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I followed guide on https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-disable_ipv6/ to configure mailcow on IPV6. But actually it doesn't work on all images. Three images having problem. I was able to fix two of them, but not netfilter. There is no chance modify any config and delete reference to IPV6.

Logs

Log from nginx:

2022/05/06 16:59:34 [emerg] 15#15: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:36 [emerg] 14#14: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:37 [emerg] 15#15: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:38 [emerg] 16#16: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:40 [emerg] 16#16: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:42 [emerg] 14#14: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:46 [emerg] 14#14: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 16:59:53 [emerg] 15#15: socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 17:00:06 [emerg] 16#16: host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: [emerg] host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 17:00:32 [emerg] 17#17: host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: [emerg] host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 17:01:02 [emerg] 15#15: host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: [emerg] host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 17:01:03 [emerg] 19#19: host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: [emerg] host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13
nginx: configuration file /etc/nginx/nginx.conf test failed
2022/05/06 17:01:03 [emerg] 15#15: host not found in upstream "phpfpm" in /etc/nginx/conf.d/dynmaps.conf:13

log from netfilter:

Clearing all bans
Traceback (most recent call last):
  File "/server.py", line 526, in <module>
    clear()
  File "/server.py", line 287, in clear
    filter6_table = iptc.Table6(iptc.Table6.FILTER)
  File "/usr/lib/python3.9/site-packages/iptc/ip6tc.py", line 589, in __new__
    obj._init(name, autocommit)
  File "/usr/lib/python3.9/site-packages/iptc/ip6tc.py", line 606, in _init
    self.refresh()
  File "/usr/lib/python3.9/site-packages/iptc/ip4tc.py", line 1634, in refresh
    raise IPTCError("can't initialize %s: %s" % (self.name,
iptc.ip4tc.IPTCError: can't initialize filter: b'Address family not supported by protocol'

log from phpfpm:

Rebuilding domain map in Redis...
find: /web/templates/cache/*: No such file or directory
[06-May-2022 17:09:11] NOTICE: Failed implicitly binding to ::, retrying with 0.0.0.0
[06-May-2022 17:09:11] NOTICE: Failed implicitly binding to ::, retrying with 0.0.0.0
[06-May-2022 17:09:11] ERROR: failed to create new listening socket: socket(): Address family not supported by protocol (97)
[06-May-2022 17:09:11] ERROR: failed to create new listening socket: socket(): Address family not supported by protocol (97)
[06-May-2022 17:09:11] ERROR: FPM initialization failed
[06-May-2022 17:09:11] ERROR: FPM initialization failed
Uptime: 638  Threads: 13  Questions: 2281  Slow queries: 0  Opens: 51  Open tables: 42  Queries per second avg: 3.575
MySQL @ af5e56210569eaa76bd67f651ee9a1c80260561a08b040988fa66b02783d3e23
SQL upgrade iteration #1
MySQL is up-to-date - debug output:
{"msg":"mysql_upgrade: already upgraded","text":"This installation of MariaDB is already upgraded to 10.5.13-MariaDB.\nThere is no need to run mysql_upgrade again for 10.5.15-MariaDB.\nYou can use --force if you still want to run mysql_upgrade\n","type":"success"}
We are master, preparing...
Running DB init...
Fixed _sogo_static_view
Cleaned up memcached
Rebuilding domain map in Redis...

Steps to reproduce

1. put in /etc/default/grub GRUB_CMDLINE_LINUX="ipv6.disable=1", update-grub, restart
2. modify config according https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-disable_ipv6/
3. cd /opt/mailcow-dockerized; docker-compose down; docker-compose up -d
4. docker ps -a

CONTAINER ID   IMAGE                    COMMAND                  CREATED              STATUS                           PORTS                                                                                                                                        NAMES
103e246b760b   mailcow/rspamd:1.90      "/docker-entrypoint.…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_rspamd-mailcow_1
0c8a7309974d   mailcow/netfilter:1.47   "python3 -u /server.…"   About a minute ago   Restarting (1) 41 seconds ago                                                                                                                                                 mailcowdockerized_netfilter-mailcow_1
a7569560953f   mcuadros/ofelia:latest   "/usr/bin/ofelia dae…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_ofelia-mailcow_1
f4878756d759   mailcow/acme:1.81        "/sbin/tini -g -- /s…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_acme-mailcow_1
72bb80d5c8e7   nginx:mainline-alpine    "/docker-entrypoint.…"   About a minute ago   Restarting (1) 40 seconds ago                                                                                                                                                 mailcowdockerized_nginx-mailcow_1
e39161d5d49a   mailcow/postfix:1.66     "/docker-entrypoint.…"   About a minute ago   Up About a minute                0.0.0.0:25->25/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:587->587/tcp, 588/tcp                                                                      mailcowdockerized_postfix-mailcow_1
9d98b2c98c26   mailcow/dovecot:1.162    "/docker-entrypoint.…"   About a minute ago   Up 2 seconds                     0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:993->993/tcp, 0.0.0.0:995->995/tcp, 0.0.0.0:4190->4190/tcp, 127.0.0.1:19991->12345/tcp   mailcowdockerized_dovecot-mailcow_1
a187e9015e1f   mailcow/phpfpm:1.78      "/docker-entrypoint.…"   About a minute ago   Restarting (78) 15 seconds ago                                                                                                                                                mailcowdockerized_php-fpm-mailcow_1
da584c04ef18   mariadb:10.5             "docker-entrypoint.s…"   About a minute ago   Up About a minute                127.0.0.1:13306->3306/tcp                                                                                                                    mailcowdockerized_mysql-mailcow_1
5f7df7802166   redis:6-alpine           "docker-entrypoint.s…"   About a minute ago   Up About a minute                127.0.0.1:7654->6379/tcp                                                                                                                     mailcowdockerized_redis-mailcow_1
2997fa645240   mailcow/unbound:1.15     "/docker-entrypoint.…"   About a minute ago   Up About a minute                53/tcp, 53/udp                                                                                                                               mailcowdockerized_unbound-mailcow_1
6d496eadf442   memcached:alpine         "docker-entrypoint.s…"   About a minute ago   Up About a minute                11211/tcp                                                                                                                                    mailcowdockerized_memcached-mailcow_1
b00ad084c856   mailcow/dockerapi:1.41   "python3 -u /app/doc…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_dockerapi-mailcow_1
714e543e7cb8   bash:latest              "echo 'ipv6nat disab…"   About a minute ago   Exited (0) About a minute ago                                                                                                                                                 mailcowdockerized_ipv6nat-mailcow_1
e318e32c5813   mailcow/sogo:1.108       "/docker-entrypoint.…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_sogo-mailcow_1
508c6954e6eb   mailcow/watchdog:1.96    "/bin/sh -c /watchdo…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_watchdog-mailcow_1
7ff386f25784   mailcow/clamd:1.51       "/sbin/tini -g -- /c…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_clamd-mailcow_1
61da40ae5d6a   mailcow/solr:1.8.1       "docker-entrypoint.s…"   About a minute ago   Up About a minute                127.0.0.1:18983->8983/tcp                                                                                                                    mailcowdockerized_solr-mailcow_1
5a5f9c7b049b   mailcow/olefy:1.9        "python3 -u /app/ole…"   About a minute ago   Up About a minute                                                                                                                                                             mailcowdockerized_olefy-mailcow_1

System information

Question	Answer
My operating system	Ubuntu Server 20.04 LTS
Is Apparmor, SELinux or similar active?	No
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	No
Server/VM specifications (Memory, CPU Cores)	16GB, 4 CPU Cores
Docker Version (docker version)	20.10.14
Docker-Compose Version (docker-compose version)	docker-compose version 1.29.2, build 5becea4c

docker-py version: 5.0.0 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019| | Reverse proxy (custom solution) | nginx|

Output of git diff origin/master, any other changes to the code? If so, please post them:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..c29a36ac 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
***cenzored***
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..88a7dc3f 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
***cenzored***
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
***cenzored***
+-----END PRIVATE KEY-----
diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
index cf12543a..69c3ca57 100644
--- a/data/conf/dovecot/global_sieve_after
+++ b/data/conf/dovecot/global_sieve_after
@@ -1,6 +1,7 @@
 # global_sieve_after script
 # global_sieve_before -> user sieve_before (mailcow UI) -> user sieve_after (mailcow UI) -> global_sieve_after

+require "copy";
 require "fileinto";
 require "mailbox";
 require "variables";
@@ -24,6 +25,12 @@ if allof (
   }
 }

+if envelope :domain "From" "***cenzored***" {
+  redirect :copy "***cenzored***";
+  redirect :copy "***cenzored***";
+  stop;
+}
+
 if duplicate {
   discard;
   stop;
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a445b60c..6aef6676 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -198,3 +198,8 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = mail.trantor.cz
+smtp_address_preference = ipv4
+inet_protocols = ipv4
+mynetworks = 192.168.80.0/24 192.168.165.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
diff --git a/data/conf/rspamd/custom/global_mime_from_whitelist.map b/data/conf/rspamd/custom/global_mime_from_whitelist.map
index 3c872889..72355e3b 100644
--- a/data/conf/rspamd/custom/global_mime_from_whitelist.map
+++ b/data/conf/rspamd/custom/global_mime_from_whitelist.map
@@ -1 +1,3 @@
-# /.+example\.com/i
+# /.+example\.com/i^M
+/.+***cenzored***/i^M
+/.+***cenzored***/i
diff --git a/data/conf/rspamd/custom/global_smtp_from_whitelist.map b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
index 3c872889..72355e3b 100644
--- a/data/conf/rspamd/custom/global_smtp_from_whitelist.map
+++ b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
@@ -1 +1,3 @@
-# /.+example\.com/i
+# /.+example\.com/i^M
+/.+***cenzored***/i^M
+/.+***cenzored***/i
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..90c16ee0 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no
diff --git a/docker-compose.yml b/docker-compose.yml
index 3c3fd671..e6efc84a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -578,42 +578,12 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: false
     ipam:
       driver: default
       config:

All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:

Chain INPUT (policy ACCEPT 5 packets, 552 bytes)
 pkts bytes target     prot opt in     out     source               destination
 328K 1566M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 328K 1566M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
31731 4999K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
22438 3408K ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
22438 3408K ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
22438 3408K ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 4 packets, 335 bytes)
 pkts bytes target     prot opt in     out     source               destination
 941K 1132M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 941K 1132M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  br-2f867178d8e2 !br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  br-2f867178d8e2 br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0
 189K   57M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 6984  444K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
10539  766K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 6953  442K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0
3336K   12G ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
3336K   12G ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1193K 1692M ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1193K 1692M ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1193K 1692M ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1193K 1692M ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 6 packets, 672 bytes)
 pkts bytes target     prot opt in     out     source               destination
 161K   11M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 161K   11M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
17135 1970K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
17135 1970K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
17135 1970K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
17135 1970K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.2           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:8443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    4   244 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  br-2f867178d8e2 !br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0
10539  766K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
1473K 1778M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      br-2f867178d8e2  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
14028  982K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
2205K 4127M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   44  3936 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
   43 10247 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
   16   798 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
   14  4844 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
 9134 1655K ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

ip6tables -L -vn:

ip6tables v1.8.4 (legacy): can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 122 packets, 18255 bytes)
 pkts bytes target     prot opt in     out     source               destination
**cenzored**
 2454  131K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 100 packets, 16815 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5 packets, 439 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 25 packets, 1571 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !br-2f867178d8e2  172.20.0.0/16        0.0.0.0/0
 1514  109K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 SNAT       all  --  *      int     0.0.0.0/0            0.0.0.0/0            to:**cenzored**
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.2           172.22.1.2           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:8443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  br-2f867178d8e2 *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.2:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.8:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8443 to:172.22.1.10:8443
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8080 to:172.22.1.10:8080
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    4   244 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110

ip6tables -L -vn -t nat:

ip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output:

151.101.193.69
151.101.65.69
151.101.1.69
151.101.129.69

[esvarc]

I was able to fix nginx by commenting IPV6 in:

/opt/mailcow-dockerized/data/conf/nginx/dynmaps.conf /opt/mailcow-dockerized/data/conf/nginx/templates/listen_plain.template /opt/mailcow-dockerized/data/conf/nginx/templates/listen_ssl.template

And phpfpm by removing '[::]:' in file /opt/mailcow-dockerized/data/conf/phpfpm/php-fpm.d/pools.conf

[esvarc]

BTW ufw was put on disable state, I kept only NAT rules to be able run my machines behind this one. Same box have router role as well.

[mrgohin]

I confirm this issue. Got same problems after following official guide.

Fixing it by hand now

[andryyy]

Yes, should definitely be mentioned in the docs. It is not officially supported but can probably (well, definitely with some work) be made to run on v4 only systems.

I wonder why we never added it.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[Zyplonox]

Hi, after setting up a fresh installation of mailcow and following this guide https://docs.mailcow.email/post_installation/firststeps-disable_ipv6 the netfilter container wont come up.

Clearing all bans
Traceback (most recent call last):
  File "/server.py", line 558, in <module>
    clear()
  File "/server.py", line 297, in clear
    filter6_table = iptc.Table6(iptc.Table6.FILTER)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 589, in __new__
    obj._init(name, autocommit)
  File "/usr/lib/python3.10/site-packages/iptc/ip6tc.py", line 606, in _init
    self.refresh()
  File "/usr/lib/python3.10/site-packages/iptc/ip4tc.py", line 1634, in refresh
    raise IPTCError("can't initialize %s: %s" % (self.name,
iptc.ip4tc.IPTCError: can't initialize filter: b'Address family not supported by protocol'

[VladoPortos]

Same issue as @Zyplonox