Dovecot / Postfix are not really working

Contribution guidelines

[X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

[X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
[X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
[X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

End of April I've updated mailcow via update.sh to the current latest version. After that I've got messages from users that they cannot use Mailcow anymore. I checked the logs.

Today I've updated a second instance of Mailcow and it shows the exact same behaviour and problem. Because the log is not really helpful, I cannot say, what's really wrong. I wish I could see a little bit more in the logs. Also all container say, they are up.

All services are marked as running. But the queue from postfix is filled, because "Connection refused" when it tries to deliver the mail to Dovecot. Also clients dont get access f.e to TCP:110. 

Because this happens twice on totally different machines and both worked before 2023-04b I don't believe that the problem is "in front of the computer".

Logs:

watchdoc

mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:43:56 CEST 2023 Nginx health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:43:56 CEST 2023 Dovecot health level: 17% (2/12), health trend: -10
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:00 CEST 2023 Postfix health level: 25% (2/8), health trend: -3
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:00 CEST 2023 Ratelimit health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:02 CEST 2023 ACME health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:03 CEST 2023 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:05 CEST 2023 Redis health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:07 CEST 2023 Mail queue health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:11 CEST 2023 Fail2ban health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:14 CEST 2023 PHP-FPM health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:17 CEST 2023 MySQL/MariaDB health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:18 CEST 2023 Unbound health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:23 CEST 2023 Clamd health level: 100% (15/15), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:29 CEST 2023 Dovecot replication health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:31 CEST 2023 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:35 CEST 2023 Mail queue health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:35 CEST 2023 SOGo health level: 100% (3/3), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:36 CEST 2023 Olefy health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:39 CEST 2023 Redis health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:39 CEST 2023 MySQL/MariaDB health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:53 CEST 2023 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:58 CEST 2023 Postfix health level: 0% (0/8), health trend: -3
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:58 CEST 2023 Ratelimit health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1  | Tue May 2 12:44:59 CEST 2023 Postfix hit error limit

dovecot

mailcowdockerized-dovecot-mailcow-1  | Uptime: 1  Threads: 2  Questions: 1  Slow queries: 0  Opens: 17  Open tables: 10  Queries per second avg: 1.000
mailcowdockerized-dovecot-mailcow-1  | Adding user `vmail' to group `tty' ...
mailcowdockerized-dovecot-mailcow-1  | Adding user vmail to group tty
mailcowdockerized-dovecot-mailcow-1  | Done.
mailcowdockerized-dovecot-mailcow-1  |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
mailcowdockerized-dovecot-mailcow-1  |                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:15 --:--:--     0
mailcowdockerized-dovecot-mailcow-1  | curl: (28) Connection timed out after 15001 milliseconds
mailcowdockerized-dovecot-mailcow-1  | Warning: Problem : timeout. Will retry in 1 seconds. 10 retries left.
  0     0    0     0    0     0      0      0 --:--:--  0:00:15 --:--:--     0
mailcowdockerized-dovecot-mailcow-1  | curl: (28) Connection timed out after 15001 milliseconds
mailcowdockerized-dovecot-mailcow-1  | Warning: Problem : timeout. Will retry in 2 seconds. 9 retries left.
  0     0    0     0    0     0      0      0 --:--:--  0:00:15 --:--:--     0
mailcowdockerized-dovecot-mailcow-1  | curl: (28) Connection timed out after 15001 milliseconds
mailcowdockerized-dovecot-mailcow-1  | Warning: Problem : timeout. Will retry in 4 seconds. 8 retries left.
  0     0    0     0    0     0      0      0 --:--:--  0:00:15 --:--:--     0
mailcowdockerized-dovecot-mailcow-1  | curl: (28) Connection timed out after 15001 milliseconds
mailcowdockerized-dovecot-mailcow-1  | Warning: Problem : timeout. Will retry in 8 seconds. 7 retries left.
....

postfix:

mailcowdockerized-postfix-mailcow-1  | 2023-05-02 12:45:15,037 INFO success: processes entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
mailcowdockerized-postfix-mailcow-1  | 2023-05-02 12:45:15,037 INFO success: postfix entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
mailcowdockerized-postfix-mailcow-1  | 2023-05-02 12:45:15,037 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
mailcowdockerized-postfix-mailcow-1  | May  2 12:45:15 a1484be4e7b8 postfix/postfix-script[338]: starting the Postfix mail system
mailcowdockerized-postfix-mailcow-1  | May  2 12:45:15 a1484be4e7b8 postfix/master[340]: daemon started -- version 3.5.17, configuration /opt/postfix/conf
mailcowdockerized-postfix-mailcow-1  | May  2 12:45:53 a1484be4e7b8 postfix/master[340]: warning: process /usr/lib/postfix/sbin/smtpd pid 346 exit status 1
mailcowdockerized-postfix-mailcow-1  | May  2 12:46:56 a1484be4e7b8 postfix/master[340]: warning: process /usr/lib/postfix/sbin/smtpd pid 353 exit status 1
mailcowdockerized-postfix-mailcow-1  | May  2 12:46:56 a1484be4e7b8 postfix/master[340]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling


### Steps to reproduce:

```plain text
Actually, I'm able to reproduce it, by using an older version (which runs fine) and the update to latest version. After the restart, some container get problems.

Which branch are you using?

master

Operating System:

Debian 11.6

Server/VM specifications:

32GB, 12 vCPU

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

KVM

Docker version:

23.0.3

docker-compose version or docker compose version:

v2.17.2

mailcow version:

2023-04b

Reverse proxy:

none

Logs of git diff:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a445b60c..555ceb9d 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -198,3 +198,6 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = mail.mydomain.de
+
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..bcd7e473 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -43,3 +43,9 @@ remote-control:
   server-cert-file: "/etc/unbound/unbound_server.pem"
   control-key-file: "/etc/unbound/unbound_control.key"
   control-cert-file: "/etc/unbound/unbound_control.pem"
+
+#forward-zone:
+#  name: "."
+#  forward-addr: 10.255.0.2
+#  forward-addr: 10.255.0.1
+#  forward-addr: 10.255.0.3
diff --git a/docker-compose.yml b/docker-compose.yml
index 23bd308f..350a201f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -378,8 +378,8 @@ services:
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
         - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
       ports:
-        - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
-        - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
+        - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
+        - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
       restart: always
       networks:
         mailcow-network:


### Logs of iptables -L -vn:

```plain text
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
32357   20M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
32357   20M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
23192   18M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 3463  227K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 4313  314K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 3447  226K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
  841 53927 ACCEPT     all  --  *      br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   25  1500 DOCKER     all  --  *      br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0           
  362 1225K ACCEPT     all  --  br-e3155c8b947f !br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-e3155c8b947f br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0           
   80  8966 ACCEPT     all  --  *      br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0           
   81  6814 ACCEPT     all  --  br-7613ccd5d61e !br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-7613ccd5d61e br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-7613ccd5d61e br-7613ccd5d61e  0.0.0.0/0            172.48.1.2           tcp dpt:80
   25  1500 ACCEPT     tcp  --  !br-e3155c8b947f br-e3155c8b947f  0.0.0.0/0            172.40.0.3           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 4313  314K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
  362 1225K DOCKER-ISOLATION-STAGE-2  all  --  br-e3155c8b947f !br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0           
   81  6814 DOCKER-ISOLATION-STAGE-2  all  --  br-7613ccd5d61e !br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0           
32357   20M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-e3155c8b947f  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-7613ccd5d61e  0.0.0.0/0            0.0.0.0/0           
 4756 1545K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
32357   20M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
15678   11M DOCKER-USER  all      *      *       ::/0                 ::/0                
15678   11M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                
 6998   10M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 6013  419K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
 2625  240K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
 5640  389K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     all      *      br-e3155c8b947f  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
   22  1424 DOCKER     all      *      br-e3155c8b947f  ::/0                 ::/0                
    0     0 ACCEPT     all      br-e3155c8b947f !br-e3155c8b947f  ::/0                 ::/0                
   22  1424 ACCEPT     all      br-e3155c8b947f br-e3155c8b947f  ::/0                 ::/0                
   10  5344 ACCEPT     all      *      br-7613ccd5d61e  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      br-7613ccd5d61e  ::/0                 ::/0                
   10  1537 ACCEPT     all      br-7613ccd5d61e !br-7613ccd5d61e  ::/0                 ::/0                
    0     0 ACCEPT     all      br-7613ccd5d61e br-7613ccd5d61e  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !br-e3155c8b947f br-e3155c8b947f  ::/0                 fc00:ac0b::4000:0:0:3  tcp dpt:80
    0     0 ACCEPT     tcp      !br-7613ccd5d61e br-7613ccd5d61e  ::/0                 fc00:ac0b::4800:1:0:2  tcp dpt:80
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:993
   44  3520 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   10  1537 DOCKER-ISOLATION-STAGE-2  all      br-7613ccd5d61e !br-7613ccd5d61e  ::/0                 ::/0                
 2598  239K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-e3155c8b947f !br-e3155c8b947f  ::/0                 ::/0                
15678   11M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-7613ccd5d61e  ::/0                 ::/0                
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      br-e3155c8b947f  ::/0                 ::/0                
 2608  240K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
15678   11M RETURN     all      *      *       ::/0                 ::/0

Logs of iptables -L -vn -t nat:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  440 32856 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  153  9180 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
 3570  267K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
  102  7140 MASQUERADE  all  --  *      !br-e3155c8b947f  172.40.0.0/24        0.0.0.0/0           
   84  7072 MASQUERADE  all  --  *      !br-7613ccd5d61e  172.48.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.48.1.2           172.48.1.2           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.40.0.3           172.40.0.3           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.9           172.22.1.9           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
   51  3060 RETURN     all  --  br-e3155c8b947f *       0.0.0.0/0            0.0.0.0/0           
   28  1680 RETURN     all  --  br-7613ccd5d61e *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-7613ccd5d61e *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4801 to:172.48.1.2:80
   26  1560 DNAT       tcp  --  !br-e3155c8b947f *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4000 to:172.40.0.3:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.9:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.10:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25

Logs of ip6tables -L -vn -t nat:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  549 46372 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  222 17760 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all      *      br-7613ccd5d61e  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  all      *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  all      *      br-e3155c8b947f  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  all      *      !docker0  2a01:4f8:251:1616:4:1:4:0/110  ::/0                
 2102  198K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  all      *      !br-e3155c8b947f  fc00:ac0b:0:0:4000::/110  ::/0                
    1    80 MASQUERADE  all      *      !br-7613ccd5d61e  fc00:ac0b::4800:1:0:0/110  ::/0                
    0     0 MASQUERADE  tcp      *      *       fc00:ac0b::4800:1:0:2  fc00:ac0b::4800:1:0:2  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fc00:ac0b::4000:0:0:3  fc00:ac0b::4000:0:0:3  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   28  2240 RETURN     all      br-7613ccd5d61e *       ::/0                 ::/0                
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0                
   49  3920 RETURN     all      br-e3155c8b947f *       ::/0                 ::/0                
   24  1920 DNAT       tcp      !br-e3155c8b947f *       ::/0                 ::/0                 tcp dpt:4000 to:[fc00:ac0b::4000:0:0:3]:80
   25  2000 DNAT       tcp      !br-7613ccd5d61e *       ::/0                 ::/0                 tcp dpt:4801 to:[fc00:ac0b::4800:1:0:2]:80
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::c]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::c]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::c]:993
   44  3520 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::c]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::c]:110
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::11]:587
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::11]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::11]:25

DNS check:

$> docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
151.101.129.69
151.101.193.69
151.101.65.69
151.101.1.69

mailcow / mailcow-dockerized

Dovecot / Postfix are not really working #5217

Contribution guidelines

I've found a bug and checked that ...

Description

Logs:

Which branch are you using?

Operating System:

Server/VM specifications:

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker version:

docker-compose version or docker compose version:

mailcow version:

Reverse proxy:

Logs of git diff:

Logs of ip6tables -L -vn:

Logs of iptables -L -vn -t nat:

Logs of ip6tables -L -vn -t nat:

DNS check: