Sogo filters no longer work / Sogo filters still not work after last update

[omexlu]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Sogo filters (sending) no longer work, since when I unfortunately do not know but have seen that there were problems with Sogo and have tested.

Has always worked in the past, problem only hits since the last updates. Everything goes without problems except that.

SEE SCREENSHOT FROM SOGO FILTER-SETTING: https://imgur.com/a/0ZJLm7B

Logs

The only thing I found about this, the reject and delete works but no email is sent, the warning should perhaps be heeded.

DOVECOT:

10.09.2022, 06:55:25    info    lmtp(noreply@the-greenleaf.in)<103777><+MGJILwYHGNhlQEAe7znIg>: sieve: msgid=<20220910045519.AA87E8040EA@smtp.hushmail.com>: reject action: rejected message from <tgl@hushmail.me> (reject)
10.09.2022, 06:55:24    warning lmtp(noreply@the-greenleaf.in)<103777><+MGJILwYHGNhlQEAe7znIg>: Warning: smtp-client: conn postfix:588 (172.22.1.253:588) [1]: Received invalid EHLO response line: Unexpected character in EHLO keyword
10.09.2022, 06:55:24    info    lmtp(noreply@the-greenleaf.in)<103777><+MGJILwYHGNhlQEAe7znIg>: sieve: msgid=<20220910045519.AA87E8040EA@smtp.hushmail.com>: discard action: Marked message to be discarded if not explicitly delivered (discard action)

Steps to reproduce

1. Create a filter in SOGO as shown in the screenshot above.
2. Send an email to the recipient.
3. The reply email is not sent.
4. Email is correctly rejected by the recipient.

(See screenshot above for the setting that worked in the past without any problem).

System information

Question	Answer
My operating system	20.04.5 LTS (Focal Fossa)
Is Apparmor, SELinux or similar active?	NO
Virtualization technology (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	KVM
Server/VM specifications (Memory, CPU Cores)	https://www.hetzner.com/de/cloud (CX21)
Docker version (docker version)	20.10.17
docker-compose version (docker-compose version)	v2.10.2
mailcow version (git describe --tags `git rev-list --tags --max-count=1`)	2022-08b
Reverse proxy (custom solution)	NO

Output of git diff origin/master, any other changes to the code? If so, please post them:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a445b60c..cfaa9f22 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -198,3 +198,7 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = mx.s3cured.pw
+# ANONYMIZE HEADERS
+header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 97a34e9e..9788ea67 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -5,7 +5,7 @@
         PrivateDAndTViewer
     );

-    WOWorkersCount = "20";
+    WOWorkersCount = "8";
     SOGoACLsSendEMailNotifications = YES;
     SOGoAppointmentSendEMailNotifications = YES;
     SOGoDraftsFolderName = "Drafts";
diff --git a/docker-compose.yml b/docker-compose.yml
index ad78670d..c4578032 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -580,36 +580,6 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge

All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:

Chain INPUT (policy DROP 12755 packets, 734K bytes)
 pkts bytes target     prot opt in     out     source               destination
 329K  421M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0
 329K  421M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 329K  421M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
16239  913K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
12756  734K ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
12756  734K ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
12756  734K ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
3407K 2362M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0
3407K 2362M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
3407K 2362M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0
2780K 1867M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 243K   15M DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 383K  480M ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 236K   15M ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 20 packets, 800 bytes)
 pkts bytes target     prot opt in     out     source               destination
 380K  383M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 380K  383M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5908  349K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5908  349K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5908  349K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5908  349K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
 2172  127K ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
 1344 78175 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.12          tcp dpt:3306
 2989  155K ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.13          tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    4   224 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
  124  7108 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
   42  2428 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
  114  6160 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
   17   900 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
  132  7772 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
   99  5744 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 383K  480M DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
3407K 2362M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 383K  480M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
3407K 2362M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13  1014 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
   14   596 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
 3456  178K ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
    0     0 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
 6885  333K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
  264 18264 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 307K  419M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 4015  197K ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 4015  197K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
 1522 78599 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
16276  933K ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
16276  933K ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
  264 18264 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
 374K  383M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 5908  349K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination
 3808  188K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
  129  6403 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination
16276  933K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination
 3483  179K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
  156  8736 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
 5728  339K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2218
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:2218
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:25
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    3   148 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:110
    1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:143
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
   17 19262 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:465
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:587
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:993
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:995
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4190
    6   248 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5222
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5222
    3   124 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5269
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5269
    6   244 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5443
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5443

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

ip6tables -L -vn:

Chain INPUT (policy DROP 36 packets, 2232 bytes)
 pkts bytes target     prot opt in     out     source               destination
 139K  236M MAILCOW    all      *      *       ::/0                 ::/0
 139K  236M ufw6-before-logging-input  all      *      *       ::/0                 ::/0
 139K  236M ufw6-before-input  all      *      *       ::/0                 ::/0
   38  2352 ufw6-after-input  all      *      *       ::/0                 ::/0
   36  2232 ufw6-after-logging-input  all      *      *       ::/0                 ::/0
   36  2232 ufw6-reject-input  all      *      *       ::/0                 ::/0
   36  2232 ufw6-track-input  all      *      *       ::/0                 ::/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 710K  989M MAILCOW    all      *      *       ::/0                 ::/0
 711K  989M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0
 558K  951M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
90078 6364K DOCKER     all      *      br-mailcow  ::/0                 ::/0
63498   31M ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0
89194 6294K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0
    0     0 ufw6-before-logging-forward  all      *      *       ::/0                 ::/0
    0     0 ufw6-before-forward  all      *      *       ::/0                 ::/0
    0     0 ufw6-after-forward  all      *      *       ::/0                 ::/0
    0     0 ufw6-after-logging-forward  all      *      *       ::/0                 ::/0
    0     0 ufw6-reject-forward  all      *      *       ::/0                 ::/0
    0     0 ufw6-track-forward  all      *      *       ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 66 packets, 4908 bytes)
 pkts bytes target     prot opt in     out     source               destination
 103K  459M ufw6-before-logging-output  all      *      *       ::/0                 ::/0
 103K  459M ufw6-before-output  all      *      *       ::/0                 ::/0
  430 39161 ufw6-after-output  all      *      *       ::/0                 ::/0
  430 39161 ufw6-after-logging-output  all      *      *       ::/0                 ::/0
  430 39161 ufw6-reject-output  all      *      *       ::/0                 ::/0
  430 39161 ufw6-track-output  all      *      *       ::/0                 ::/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
   76  5668 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:443
   30  2356 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:80
   47  3680 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:4190
    4   320 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:995
    9   656 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:993
  718 57416 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0
63498   31M DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
 711K  989M RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      docker0  ::/0                 ::/0
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
63498   31M RETURN     all      *      *       ::/0                 ::/0

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:137
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:138
    0     0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:139
    2   120 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:445
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:547

Chain ufw6-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   36  2232 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ufw6-user-forward  all      *      *       ::/0                 ::/0

Chain ufw6-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
 124K  235M ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
  787 55080 ufw6-logging-deny  all      *      *       ::/0                 ::/0                 ctstate INVALID
  787 55080 DROP       all      *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    8   832 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
  809 45304 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
 5278  380K ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
 7377  472K ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 144
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 145
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 146
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 147
    0     0 ACCEPT     udp      *      *       fe80::/10            fe80::/10            udp spt:547 dpt:546
    0     0 ACCEPT     udp      *      *       ::/0                 ff02::fb             udp dpt:5353
    0     0 ACCEPT     udp      *      *       ::/0                 ff02::f              udp dpt:1900
   75  5304 ufw6-user-input  all      *      *       ::/0                 ::/0

Chain ufw6-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
89392  458M ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
 5278  338K ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
 7413  534K ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
  112 11992 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
  430 39161 ufw6-user-output  all      *      *       ::/0                 ::/0

Chain ufw6-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
 pkts bytes target     prot opt in     out     source               destination
  138  8412 RETURN     all      *      *       ::/0                 ::/0                 ctstate INVALID limit: avg 3/min burst 10
   15  1020 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      *       ::/0                 ::/0

Chain ufw6-skip-to-policy-input (6 references)
 pkts bytes target     prot opt in     out     source               destination
    2   120 DROP       all      *      *       ::/0                 ::/0

Chain ufw6-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      *       ::/0                 ::/0

Chain ufw6-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
   98  7448 ACCEPT     tcp      *      *       ::/0                 ::/0                 ctstate NEW
  225 22729 ACCEPT     udp      *      *       ::/0                 ::/0                 ctstate NEW

Chain ufw6-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   22  1752 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:2218
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:2218
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:25
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:25
   14  1120 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:80
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:80
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:110
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:110
    1    80 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:143
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:143
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:443
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:443
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:465
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:465
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:587
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:587
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:993
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:993
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:995
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:995
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:4190
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:4190
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:5222
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:5222
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:5269
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:5269
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:5443
    0     0 ACCEPT     udp      *      *       ::/0                 ::/0                 udp dpt:5443

Chain ufw6-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all      *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      *       ::/0                 ::/0

Chain ufw6-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 311K packets, 20M bytes)
 pkts bytes target     prot opt in     out     source               destination
24829 1387K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1544 packets, 81985 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 5106 packets, 286K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 248K packets, 15M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
57418 4299K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.12          172.22.1.12          tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.13          172.22.1.13          tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
 2173  127K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
 1344 78175 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.12:3306
 2989  155K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.13:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    4   224 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
  124  7108 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
   42  2428 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
  114  6160 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
   17   900 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
  132  7772 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
   99  5744 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110

ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 38239 packets, 3174K bytes)
 pkts bytes target     prot opt in     out     source               destination
  966 76152 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 44 packets, 3704 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 174 packets, 14789 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 30071 packets, 2406K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0
 9144  846K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      docker0 *       ::/0                 ::/0
   14  1120 RETURN     all      br-mailcow *       ::/0                 ::/0
   76  5668 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::b]:443
   30  2356 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::b]:80
   47  3680 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::10]:587
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::12]:4190
    4   320 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::10]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::12]:995
    9   656 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::10]:25
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::12]:993
  718 57416 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::12]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::12]:110

DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output:

151.101.1.69
151.101.193.69
151.101.65.69
151.101.129.69

[omexlu]

@DerLinkman

I have just tested it again but it does not work.

Postfix log (Note here perhaps that from=<> remains empty here, and no email is sent.):

12.09.2022, 14:28:40    info    D263C3F940: from=<>, size=6254, nrcpt=1 (queue active)
12.09.2022, 14:28:39    info    D263C3F940: message-id=<dovecot-1662985719-777011-0@cd822d26d8e4>
12.09.2022, 14:28:39    info    D263C3F940: replace: header Received: from cd822d26d8e4 (mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network [172.22.1.250])??by mx.s3cured.pw (Postcow) with ESMTP id D263C3F940??for <tgl@hushmail.me>; Mon, 12 from mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]; from=<> to=<tgl@hushmail.me> proto=ESMTP helo=<cd822d26d8e4>: Received: from sieve (sieve [172.22.1.250]) by mx.s3cured.pw (Postcow) with ESMTP id D263C3F940??for <tgl@hushmail.me>; Mon, 12 Sep 2022 14:28:39 +0200 (CEST)
12.09.2022, 14:28:39    info    D263C3F940: client=mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]

Dovecot log: 12.09.2022, 14:28:39 warning lmtp(noreply@the-greenleaf.in)<256097><+JMZLfclH2Nh6AMAe7znIg>: Warning: smtp-client: conn postfix:588 (172.22.1.253:588) [1]: Received invalid EHLO response line: Unexpected character in EHLO keyword

Somehow the email is queued but not sent.

Thanks in advance.

[DerLinkman]

Can you try something for me? Downgrade your sogo version to 1.109 in docker-compose.yml and restart your stack with docker-compose up -d again to see if this error persists or not.

[omexlu]

Hello,

I'm not that professional to dare to mess in there now, sorry.

But I'm sure it's either sogo itself or some connection, because it has always worked in the past (a few updates before).

I'd rather leave the troubleshooting here to the devs or users who have more idea than me :)

I'm sure you will find the problem.

Thanks in advance.

[omexlu]

@DerLinkman Something new in this case?

[DerLinkman]

Not really it hasn't been reported anymore since your report. And I didn't had time to investigate. But in the issue #4743 we came across the idea of a MySQL connector issue. Maybe it's also related to that.

[omexlu]

@DerLinkman

Ok thanks. I will wait until your team has time to investigate more.

I could be related to this. Maybe you could test on your test-machine soon 💪👍

[DerLinkman]

Can you try something for me?

Disable the Sieve Protocol for the User in the mailcow UI and re-enable it.

Then try to save/use the filter.

[omexlu]

@DerLinkman

Still not working, the email is rejected but the email is not sent out.

I have done the following:

• In the email setup of the user under "Allowed protocols for direct access (does not affect app password protocols)", removed Sieve, then saved.
• In email setup of the user, under "Allowed protocols for direct access (does not affect app password logs)", enabled Sieve, then saved.
• An email sent to the reciever is rejected, but no mail is sent.

Did I do this correctly?

PS. So unfortunately still does not work.

Thanks in advance.

[DerLinkman]

Cannot reproduce it sorry.

On all mailcows on three different maschines i cannot reproduce your error.

But i´ve noticed something. You are using ufw. According to our docs: There are several problems with running mailcow on a firewalld/ufw enabled system.

Maybe this is one of those.

All maschines i´ve used used IPTables instead of ufw.

[omexlu]

@DerLinkman

First of all, thank you for testing.

So I don't really have an error message but the mail is just not sent which is set in Sieve.

Furthermore, I had never had problems with UFW and MailCow before, everything works without problems except for the Sieve and the sending.

Is only since a few updates that it no longer works.

I could try to disable UFW completely.

Is there perhaps an extra port that I still have to release?

My configuration has not changed since the beginning, so it is a bit suspicious that it suddenly no longer works since a few updates.

Is the reply mail sent with your 3 machines?

The communication seems to work with me, otherwise the mail would not be correctly rejected.

Thanks in advance.

[DerLinkman]

Yes it works just fine without any issue on my tested maschines

[omexlu]

Hm okay, thanks, I must look but is very strange.

[omexlu]

@DerLinkman

I have now tried from another sender and there it works 🙈

It seems that hushmail cannot receive rejected mails, from any other email account it works without problems.

What I noticed is that the sender of the rejected mails is "postmaster@domain.tld".

Would be better if the sender here is also the recipient of the actual mail.

Maybe this is possible somehow?

Sorry for the extra work I have done, but now everything works as intended again :)

Thanks again.