Watchdog ALERT: postfix-mailcow alerts after update today (Temporary lookup failure - Socket timeout)

[ro78]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hello,

Today, I've run an upgrade of mailcow using the update.sh as usual.

A few minutes after a successful upgrade, I started to receive some alerts from watchdog.

From: whatdog@mydomain.com
Subject: Watchdog ALERT: postfix-mailcow
`SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
CRITICAL - Socket timeout
SMTP OK - 0.006 sec. response time|time=0.005768s;;;0.000000
SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
CRITICAL - Socket timeout
SMTP OK - 0.010 sec. response time|time=0.010350s;;;0.000000
SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
CRITICAL - Socket timeout
SMTP OK - 0.008 sec. response time|time=0.007840s;;;0.000000
SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
CRITICAL - Socket timeout
SMTP OK - 0.005 sec. response time|time=0.005381s;;;0.000000
SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
CRITICAL - Socket timeout`

All containers are running.

Logs:

`mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.005 sec. response time|time=0.005442s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.025 sec. response time|time=0.024828s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.007668s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.028 sec. response time|time=0.028106s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.007657s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.005 sec. response time|time=0.005479s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.005 sec. response time|time=0.005161s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.028 sec. response time|time=0.028157s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.027 sec. response time|time=0.027054s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.008490s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.014 sec. response time|time=0.013517s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.007805s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.005 sec. response time|time=0.005459s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.008458s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.008 sec. response time|time=0.007714s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.005 sec. response time|time=0.005452s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.006 sec. response time|time=0.006058s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost'
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.006 sec. response time|time=0.005541s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:21:39 CEST 2023 Wait for restarted container to settle and continue watching...
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:14 CEST 2023 ACME health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:14 CEST 2023 Dovecot replication health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:14 CEST 2023 Mail queue health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:14 CEST 2023 Fail2ban health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:14 CEST 2023 MySQL/MariaDB health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 SOGo health level: 100% (3/3), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 Redis health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 Nginx health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 PHP-FPM health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 Ratelimit health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:15 CEST 2023 Unbound health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:19 CEST 2023 Olefy health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:21 CEST 2023 Dovecot health level: 100% (12/12), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Fri May 19 17:22:25 CEST 2023 Postfix health level: 75% (6/8), health trend: -2`

Steps to reproduce:

N/A (just upgrade to the last version).

Which branch are you using?

master

Operating System:

Debian 11

Server/VM specifications:

12 cores, 32 GB of RAM

Is Apparmor, SELinux or similar active?

No

Virtualization technology:

Baremetal

Docker version:

24.0.0

docker-compose version or docker compose version:

v2.10.2

mailcow version:

2023-04b

Reverse proxy:

Apache

Logs of git diff:

`diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..60968689 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFtzCCA5+gAwIBAgIUCzAZK8Gf4UQbKirkcsfyqFGnlgAwDQYJKoZIhvcNAQEL
+BQAwazELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEYMBYGA1UEAwwP
+cmJ4LmJvcmV6by5pbmZvMB4XDTIxMTEyOTIwMjkwN1oXDTIyMTEyOTIwMjkwN1ow
+azELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGljaDEQ
+MA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEYMBYGA1UEAwwPcmJ4
+LmJvcmV6by5pbmZvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA78TL
+ZeR7PBzPM1xiE0iK/yE4jDpMhAA4c3a81X/5H7Pb29uTrCZgMZ7nm65jzykMHO+G
+SlWa54uB3DmjqhMrzopzrlDG43n8DYivmYt6RGeiMDbB1N6P1BRntj3L39XV5YCA
+a/WlI56cgI864NrOHcDu2/Kq1VNPXZuiX/JVt9xSJYbS9JL+xLdxV+BfERLv7Pj0
+JjcYcW7S1rcwTvq3b2jAFl6Cmw9SyWHl0h2oaccOLKdIjZUvKCRfn467BOCXZFRf
+JFwQveZiX0x6Z70Vt8mPgRj7wCqXWJnpO7u1bZUY4wlGilMK1RrZswfYcxG6+Atn
+bdZclG4fCxdM8ruLoO2Gdy5Pu8OnXIpSIOyTmXhjHbdo4oUKNit/Th/8ciniWu93
+tkw8kmVoh501KOHLf+whHczeDd7VoqWww11zsyWwE/1NM8IZ1gfFXE6sfwozGMAx
+6HdocyC5vJcuAPhevkw9G0h/MSmTD8e/pVCVzroEr+uIw84PlI1jcARWP2ksF+wF
+ZM8lQlK6AThRVw+e/8WyyF1swozIzLjyh9gUhOi0QFUOm3OH40aj6voTnDMYgS8V
+XtYkaIru4hcvnITIafqrlphTPc+K5zxK04nEP+fRFvj+soqOdRu39YbzbXYPPaQk
++Hm1L+jo6kgaergOXwu2x6WyHeLO96uJNRGyr+cCAwEAAaNTMFEwHQYDVR0OBBYE
+FDvwD4Zm9rLHdfg7/CiMs0QjRKz7MB8GA1UdIwQYMBaAFDvwD4Zm9rLHdfg7/CiM
+s0QjRKz7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKyltnOn
+P3EJ2k0MxHxxQbpxpGtYUsXQYKg/GWa2FoCPtCuJ1xVf6stQ6PAmg6DIwyU2yLd9
+ZULv2+C2e8dSqZqZtpUJKnPBXTHYESMWBfdjK0BH721vhcQjGkbPjLke2eMXSj8l
+wbqbkQqx2AFU2EsO/gt5fzpCjzMggzpq39CwD9tqeOAZ/6SScsCVyJiMkZ4fDLry
+CUCp8ddqhjzr4QtfQ85QFuxJH1hOny/MUIN84pmfA5UfhqQj0fnI6R+QAc9AprXR
+ZHMA0l4Jx76+TJTcC7MEKjr8ihzChAZXJp81DymFTPDnOMNb+5mG9IOzkPlHhRxq
+9zwkcGvgd6GuBJoGD5/d1AmR0J8sOU6xzmal+qnhxOAAOWJeIHwfGe90RR/9DwEv
+hGf8cjY/XGVyZju8eYe8T4FlvZPcls/oe0YCeTPUokQRKfO5Z1cdZxm53hpxNiWN
+iOGe1+CX5sF2vZQ0S1iDUs42E8Fr/YJyayR6NPJWrz34/84rmzdSSn6oQ5rRJOfU
+Zzm+dgOQZSRw6/yxgxr7RcLEtDwzaE2WqyYBXjXS9V5oOcG2Kkf7sVhHnW52hoXL
+MWlijceWZgCu+XjoWr3iyUn19UMViuScL85liqxpeSe5gQdQnUD5E3wFIIE4o44d
+MotlxLsSaSY7FYH597F7QDdNf32EgbTAesHt
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..c9da919a 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDvxMtl5Hs8HM8z
+XGITSIr/ITiMOkyEADhzdrzVf/kfs9vb25OsJmAxnuebrmPPKQwc74ZKVZrni4Hc
+OaOqEyvOinOuUMbjefwNiK+Zi3pEZ6IwNsHU3o/UFGe2Pcvf1dXlgIBr9aUjnpyA
+jzrg2s4dwO7b8qrVU09dm6Jf8lW33FIlhtL0kv7Et3FX4F8REu/s+PQmNxhxbtLW
+tzBO+rdvaMAWXoKbD1LJYeXSHahpxw4sp0iNlS8oJF+fjrsE4JdkVF8kXBC95mJf
+THpnvRW3yY+BGPvAKpdYmek7u7VtlRjjCUaKUwrVGtmzB9hzEbr4C2dt1lyUbh8L
+F0zyu4ug7YZ3Lk+7w6dcilIg7JOZeGMdt2jihQo2K39OH/xyKeJa73e2TDySZWiH
+nTUo4ct/7CEdzN4N3tWipbDDXXOzJbAT/U0zwhnWB8VcTqx/CjMYwDHod2hzILm8
+ly4A+F6+TD0bSH8xKZMPx7+lUJXOugSv64jDzg+UjWNwBFY/aSwX7AVkzyVCUroB
+OFFXD57/xbLIXWzCjMjMuPKH2BSE6LRAVQ6bc4fjRqPq+hOcMxiBLxVe1iRoiu7i
+Fy+chMhp+quWmFM9z4rnPErTicQ/59EW+P6yio51G7f1hvNtdg89pCT4ebUv6Ojq
+SBp6uA5fC7bHpbId4s73q4k1EbKv5wIDAQABAoICADgU3sJhc9W2o1xPEn2SLTjJ
+q3FZPYZuisWvEzIY8ctRhW5iaKMOgtd4ZJIMczoETtoByHZgmY/pGKHLNZXVUBzK
+U46FRE/2u1brDq+qaRnQ56XBWQsSV6/yaeO9ho8/c/1vVhpqZYr0UYTce5gWdbmN
+5BC8LOsixmCNw6gPha8wsGIoq/Ua4M5gXfmA+JuEw2u5O1oo7uWxV01zobAHgppj
+dPKGfqQILIQACwJff4HmVlFpe1XqfBI2l8s5VlMouSB1f5+AjUXtujqyJ7tWBdts
+IM3AazoifC30KhKXsDMGecC47a/zBoib9Cmk/yLDFelouXN+fT8WltpAQ/ZOmbTB
+jwjfprrGoJDHp+ABof9FrHbhwMywEWWujTElWwgZiveIVcJH2evl69x8gff25TOU
+Co5t4wfEZCAe/2Cv/3nbZNkqUiUa/NdOoJZMhCx7C4Kg0aoLRjkUXMcc0y+V18hZ
+D2jBB113JQGlCTTib7hk4EjmSUREJZJkKqWauYrXm7NnyVP4bqqH8PQ2ZMscuPSx
+06j77Fib8OQNA+QkgUnGapSqCAeQaVHb0SJMMDzrIRXOodnRV8gNdPoNwqoO57Zy
+DhsCubL6gtVMg7ssbqd0zkAvuEST3zwcfZqJcuP4JxIqmdwPvJvLbjMGuc5ugr2q
+oMzUA/8gkltlkOwwrhGpAoIBAQD8PfKVB20pVEv3U3ppv71NwsaSoC+xdrobkPGH
+LyhEh9aI2E/tSfohDHyVPemog5lHiC6/9ePwH2Qa+8mjY56oqrdth0GPCFFzvF/u
+LQgv4r/JWLWQaDK/jtfvs/Z6xt8xpPCIafHegckoJY4j6IOd9FaJe7+pT0Dp7cNL
+fd6Dg7oMg2KtkuKQ+EqrGN57tWoYfCL0PVc4A4G5xA0L5ITyzxCSTwj4Fj8VaCVH
+gGAUgzoA8fmBaCoWcVL8IBsShfkd1tMtOy/kzBOnEEBHrkw/vfSIG23OuB0I8l1T
+b7PxMj9OJA3LKMV3W4zrkS0JO8YoqDr/IffRsYmRS+6H0ialAoIBAQDzV0YceHJz
+25mlq+feKW8vdQbtnHw8M9iELzsjC2xSjmMlOBkJuOYxjxbdkppGxaFQzzO/k5UK
+p0WwAdpBzPr47QlXQQVNcHAYhVrQ2aEvQImoM5VirfI2SIuMMzU1rOCcCwS/6fwq
+eihg3HFDJUFHo/etIghg6KHmnHk2PvFWCsghIMhm5q2alhKMVdrvMg6sqAt5S6ra
+xB/C2BYFXMTUVpjyN0VAl/9kCUBwnc3snZRGG+gTMWyCvEKn4gAK1oRn61dWGz/D
+mlbgHN7XX41b7QqGyoN5hfLfqCJ2dY5H8ItXuSkubcMBRpS1L0krIygnPJWwSR6g
+LdBNTcNMCAKbAoIBAHPijflT0R4EwWXeb0X4NiNskcg5WdABSN1zSNOfobNiaPiz
+0Hym2Qin8PCr4hZuZ1RKx5efg1oFQft3pBqxoOnCjMUAN+lbm/g9GiGVhMZjOVNq
+svemN3J0UNaqalnb1hy7t1okul9MZztPja8HmrhN0hgVx2ckpyESAABF0p2/PhGT
+pxkxe2+48q0KnuRc42JeXbyyFckBK29KF+hX05Ct+uIM94Tqy46tKztfSkUCSPq4
+MLX4QiXPaJ22rlljPaEs2hZUs9s8uuas+6sy84rxXU/OsjMfuQ8sMh4sGpJ8UEM5
+IzEsCRSd9e8f4n30fUSejYQ7edxX4WjkZrD1ppUCggEBAKt9c/GYiMBRoKR607tj
+Y/ID/U/zGjKrLwlo57o40KwVoJWYRTzuy3tdpfWc3ZDGsnrqq0N11HFflOMHSzNY
+K/7FvfF55yy98qG1SV0qIkfUqa6aO8sBX1MWKRIy/GrJXLlbootFcOrWkCJC+Kcj
+WDAOw/uFonX5PC/zUhECpr3Gd2exXMn4A5yP6p5v2wz7MBBJlVx0EQJ/eQqtkkdR
+K32hUcRRY0K0W826H2m+LGN2YgpOnGz6RciUuDzsLq90ondCCZirN3K4EEV80ybh
+NhP0p5h6m9FGrvUj3rWw/wZ/5RN7cCRCQk1h2mcd3ejCrAeK0MsdnLGx17zC8sFg
+W8UCggEAY8Nwfm5QRgqAMJfhbs6jFoNs0Cpmv0GhpwPH3gfuROB7kARPGqXjLJy8
+HivuuAYce3iADofxiPFLw7WrjDm6+c8JUGh/UWAg9skt73KaWBPuo8GWi52qx8M6
+RYLNYlEjsXUawBKjJHLrUZkDJVOSAZ36tHVc33aEYc7gXbvmOfuhOgs6Vv7AP29s
+VU1mbqZWuJYTBFPpmiqw78eNf1qRVXuVUHEHQY0OI1Q4Djb0qKe1mi0OJnHngiFf
+5+10MuOcQLTQ3DURR3HXeCSdzeq84Vp0N7VLmP6qddN7GNutw4akOIY6usmoqh6S
+COSWjJS/5+uOvzyzm5D8OAVPpWqBaA==
+-----END PRIVATE KEY-----
diff --git a/data/conf/postfix/anonymize_headers.pcre b/data/conf/postfix/anonymize_headers.pcre
index 739237be..3ab2a26d 100644
--- a/data/conf/postfix/anonymize_headers.pcre
+++ b/data/conf/postfix/anonymize_headers.pcre
@@ -17,3 +17,4 @@ endif
 /^\s*X-Forward/         IGNORE
 # Not removing UA by default, might be signed
 #/^\s*User-Agent/        IGNORE
+/^\s*User-Agent/        IGNORE
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index a445b60c..58a536fb 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -198,3 +198,16 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # User overrides #
+
+myhostname = myhostname.com
+#srs
+sender_canonical_classes = envelope_sender
+recipient_canonical_maps = tcp:172.22.1.42:10002, proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+recipient_canonical_classes = envelope_recipient, header_recipient
+#!srs
+#smtpbanner
+smtpd_banner = myhostname.com ESMTP
+#!smtpbanner
+#delimeter
+#recipient_delimiter = +-
+#!delimeter
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 63ce875d..c36f9879 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -145,3 +145,16 @@ watchdog_discard    unix  -       -       n       -       -       discard
    -o syslog_facility=local7
    -o syslog_name=watchdog
 # end watchdog-specific
+# SRS config
+cleanup-srs unix  n       -       -       -       0       cleanup
+      -o sender_canonical_maps=tcp:172.22.1.42:10001
+      -o sender_canonical_classes=envelope_sender
+      -o recipient_canonical_maps=regexp:/opt/postfix/conf/regex_sender_canonical_srs
+
+127.0.0.1:10029 inet    n       -       -       -       -       smtpd
+        -o cleanup_service_name=cleanup-srs
+        -o smtpd_tls_security_level=none
+        -o content_filter=smtp:
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_milters=
+        
\ No newline at end of file
diff --git a/data/conf/rspamd/custom/ip_wl.map b/data/conf/rspamd/custom/ip_wl.map
index c8bb5529..22bcc402 100644
--- a/data/conf/rspamd/custom/ip_wl.map
+++ b/data/conf/rspamd/custom/ip_wl.map
@@ -2,3 +2,5 @@
 # 127.0.0.1
 # 1.2.3.4
 # ...
+#IPv6 Orange
+2a01:cb00:7d9:600::/56
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 5e6d72e7..84b288b8 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -113,7 +113,7 @@ $AVAILABLE_LANGUAGES = array(
 $UI_THEME = "lumen";

 // Show DKIM private keys - false by default
-$SHOW_DKIM_PRIV_KEYS = false;
+$SHOW_DKIM_PRIV_KEYS = true;

 // mailcow Apps - buttons on login screen
 $MAILCOW_APPS = array(
diff --git a/docker-compose.yml b/docker-compose.yml
index 23bd308f..d42778d4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -582,36 +582,6 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
`

Logs of iptables -L -vn:

`└─# iptables -L -vn
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  673 53431 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set crowdsec-blacklists src

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
82158   24M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
82158   24M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
62687   21M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 5552  356K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
13919 2902K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 5150  332K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.7           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:8443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:8082
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    1    44 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    2   120 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
   54  3240 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    5   300 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
13919 2902K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
98397   28M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
16733 3405K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 828M  207G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0 `

Logs of ip6tables -L -vn:

`└─# ip6tables -L -vn
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    7   490 DROP       all      *      *       ::/0                 ::/0                 match-set crowdsec6-blacklists src

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
27825   15M DOCKER-USER  all      *      *       ::/0                 ::/0                
27825   15M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
16653   14M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 7046  488K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
 4126  510K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
 7020  486K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:4190
    3   240 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:995
   17  1333 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    4   320 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4126  510K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
36119   19M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
 4958  619K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  74M   49G RETURN     all      *      *       ::/0                 ::/0                
`

Logs of iptables -L -vn -t nat:

`└─# iptables -L -vn -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 129K   14M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   50  2992 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 6727  522K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.6           172.22.1.6           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.7           172.22.1.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:8443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:8082
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.6:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.7:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8443 to:172.22.1.10:8443
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8082 to:172.22.1.10:8082
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    1    44 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    2   120 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
   58  3480 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    5   300 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25`

Logs of ip6tables -L -vn -t nat:

`└─# ip6tables -L -vn -t nat
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
19068 2494K DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2392  225K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     all      docker0 *       ::/0                 ::/0                
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::10]:4190
    3   240 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::10]:995
   17  1333 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::10]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::10]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::10]:110
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    4   320 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25`

DNS check:

`└─# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
151.101.193.69
151.101.1.69
151.101.129.69
151.101.65.69`

[MAGICCC]

Related to https://github.com/mailcow/mailcow-dockerized/issues/5239, tldr, downgrade your docker version

[ro78]

@MAGICCC can you please reopen? Still have the same issue after downgrade to 23.0.6.

[ro78]

@FreddleSpl0it maybe?

[MAGICCC]

Since 24.0.1 is released, it should be ok now

[ro78]

@MAGICCC upgraded to 24.0.1

SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost' CRITICAL - Socket timeout SMTP OK - 0.016 sec. response time|time=0.016363s;;;0.000000 SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost' CRITICAL - Socket timeout SMTP OK - 0.007 sec. response time|time=0.006753s;;;0.000000 SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost' CRITICAL - Socket timeout SMTP OK - 0.006 sec. response time|time=0.005661s;;;0.000000 SMTP WARNING - Invalid response '451 4.3.0 <watchdog@localhost>: Temporary lookup failure' to command 'RCPT TO:watchdog@localhost' CRITICAL - Socket timeout

[MAGICCC]

Can you try and resolve a domain in your watchdog container using the unbound container? Also we don't offer support here on GitHub you can join our telegram channel or in our forum to get some help.