Issue sending emails (hotmail.com - mail-tester.com - dkimvalidator.com)

Contribution guidelines

[X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

[X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
[X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
[X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I have setup a mailcow dockerized container, hosted on OCI (Oracle). I understand that oracle to block outgoing ports 25, so I have requested for these to be opened. 

The issue I am facing is that I am unable to send emails to icloud.com - hotmail.com - mail-tester.com - dkimvalidator.com probably other too, however, I can send emails to google.com hosted emails, and I am able to receive from almost any email. 

Its very strange as I am able to communicate with google mail servers @ port:25, but not hotmail.

Logs:

ubuntu@mailcow:~$ telnet gmail-smtp-in.l.google.com 25                        Trying 2a00:1450:400c:c09::1b...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP j5-20020a5d5645000000b0031435ce98dasi697293wrw.58 - gsmtp
HELO mail.mydomain.com
250 mx.google.com at your service
QUIT
221 2.0.0 closing connection j5-20020a5d5645000000b0031435ce98dasi697293wrw.58 - gsmtp
Connection closed by foreign host.
ubuntu@mailcow:~$ telnet hotmail-com.olc.protection.outlook.com 25            Trying 104.47.70.33...

Steps to reproduce:

1. Login into webmail
2. Compose new email to hotmail.com address
3. Send email

Which branch are you using?

master

Operating System:

Ubuntu 22.04.2 LTS

Server/VM specifications:

6GB, 1 Core

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker Compose / Portainer

Docker version:

24.0.2

docker-compose version or docker compose version:

v2.19.0

mailcow version:

2.1

Reverse proxy:

Oracle Cloud

Logs of git diff:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# sudo apparmor_status
apparmor module is loaded.
38 profiles are loaded.
33 profiles are in enforce mode.
   /snap/snapd/19127/usr/lib/snapd/snap-confine
   /snap/snapd/19127/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /snap/snapd/19459/usr/lib/snapd/snap-confine
   /snap/snapd/19459/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/snapd/snap-confine
   /usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /{,usr/}sbin/dhclient
   docker-default
   lsb_release
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
   snap-update-ns.lxd
   snap-update-ns.oracle-cloud-agent
   snap.lxd.activate
   snap.lxd.benchmark
   snap.lxd.buginfo
   snap.lxd.check-kernel
   snap.lxd.daemon
   snap.lxd.hook.configure
   snap.lxd.hook.install
   snap.lxd.hook.remove
   snap.lxd.lxc
   snap.lxd.lxc-to-lxd
   snap.lxd.lxd
   snap.lxd.migrate
   snap.lxd.user-daemon
   tcpdump
5 profiles are in complain mode.
   snap.oracle-cloud-agent.hook.install
   snap.oracle-cloud-agent.hook.post-refresh
   snap.oracle-cloud-agent.hook.remove
   snap.oracle-cloud-agent.oracle-cloud-agent
   snap.oracle-cloud-agent.oracle-cloud-agent-updater
0 profiles are in kill mode.
0 profiles are in unconfined mode.
151 processes have profiles defined.
147 processes are in enforce mode.
   /usr/local/sbin/php-fpm (1563) docker-default
   /usr/bin/python3.10 (1582) docker-default
   /usr/bin/busybox (1740) docker-default
   /sbin/tini (1801) docker-default
   /usr/local/bin/memcached (1809) docker-default
   /usr/bin/bash (1915) docker-default
   /usr/bin/rspamd (1964) docker-default
   /usr/local/bin/redis-server (2059) docker-default
   /usr/sbin/unbound (2214) docker-default
   /usr/bin/ofelia (2272) docker-default
   /usr/bin/python3.9 (2312) docker-default
   /usr/sbin/mariadbd (2353) docker-default
   /sbin/tini (2394) docker-default
   /usr/bin/python3.9 (2420) docker-default
   /usr/bin/tini (2440) docker-default
   /usr/sbin/nginx (2448) docker-default
   /usr/bin/python3.9 (2465) docker-default
   /usr/bin/bash (2683) docker-default
   /usr/bin/bash (2825) docker-default
   /usr/sbin/nginx (3021) docker-default
   /usr/sbin/nginx (3022) docker-default
   /usr/local/openjdk-11/bin/java (3024) docker-default
   /usr/bin/bash (3148) docker-default
   /usr/sbin/syslog-ng (3150) docker-default
   /usr/sbin/sogod (3154) docker-default
   /usr/bin/bash (3198) docker-default
   /usr/bin/bash (3202) docker-default
   /usr/sbin/syslog-ng (3204) docker-default
   /usr/sbin/sogod (3370) docker-default
   /usr/sbin/sogod (3371) docker-default
   /usr/sbin/sogod (3372) docker-default
   /usr/sbin/sogod (3373) docker-default
   /usr/sbin/sogod (3374) docker-default
   /usr/sbin/sogod (3375) docker-default
   /usr/sbin/sogod (3376) docker-default
   /usr/sbin/sogod (3377) docker-default
   /usr/sbin/sogod (3378) docker-default
   /usr/sbin/sogod (3379) docker-default
   /usr/sbin/sogod (3380) docker-default
   /usr/sbin/sogod (3381) docker-default
   /usr/sbin/sogod (3382) docker-default
   /usr/sbin/sogod (3383) docker-default
   /usr/sbin/sogod (3384) docker-default
   /usr/sbin/sogod (3385) docker-default
   /usr/sbin/sogod (3386) docker-default
   /usr/sbin/sogod (3387) docker-default
   /usr/sbin/sogod (3388) docker-default
   /usr/sbin/sogod (3390) docker-default
   /usr/lib/postfix/sbin/master (3927) docker-default
   /usr/bin/sleep (3928) docker-default
   /usr/lib/postfix/sbin/pickup (3929) docker-default
   /usr/lib/postfix/sbin/qmgr (3930) docker-default
   /usr/lib/postfix/sbin/qmgr (3931) docker-default
   /usr/lib/postfix/sbin/trivial-rewrite (3933) docker-default
   /usr/lib/postfix/sbin/trivial-rewrite (3934) docker-default
   /usr/lib/postfix/sbin/tlsmgr (3937) docker-default
   /usr/bin/bash (3969) docker-default
   /usr/bin/bash (3970) docker-default
   /usr/sbin/clamd (3971) docker-default
   /usr/bin/busybox (3973) docker-default
   /usr/bin/python3.10 (3977) docker-default
   /usr/bin/bash (4013) docker-default
   /usr/sbin/dovecot (4014) docker-default
   /usr/sbin/syslog-ng (4015) docker-default
   /usr/libexec/dovecot/replicator (4025) docker-default
   /usr/libexec/dovecot/anvil (4026) docker-default
   /usr/libexec/dovecot/log (4027) docker-default
   /usr/libexec/dovecot/managesieve-login (4028) docker-default
   /usr/libexec/dovecot/config (4029) docker-default
   /usr/libexec/dovecot/stats (4030) docker-default
   /usr/libexec/dovecot/auth (4042) docker-default
   /usr/local/sbin/php-fpm (4122) docker-default
   /usr/local/sbin/php-fpm (4123) docker-default
   /usr/local/sbin/php-fpm (4124) docker-default
   /usr/local/sbin/php-fpm (4125) docker-default
   /usr/local/sbin/php-fpm (4126) docker-default
   /usr/local/sbin/php-fpm (4127) docker-default
   /usr/local/sbin/php-fpm (4128) docker-default
   /usr/local/sbin/php-fpm (4129) docker-default
   /usr/local/sbin/php-fpm (4130) docker-default
   /usr/local/sbin/php-fpm (4132) docker-default
   /usr/local/sbin/php-fpm (4133) docker-default
   /usr/local/sbin/php-fpm (4134) docker-default
   /usr/local/sbin/php-fpm (4135) docker-default
   /usr/local/sbin/php-fpm (4136) docker-default
   /usr/libexec/dovecot/imap-login (4245) docker-default
   /usr/libexec/dovecot/imap (4250) docker-default
   /usr/local/sbin/php-fpm (4251) docker-default
   /usr/bin/busybox (4655) docker-default
   /usr/bin/bash (4662) docker-default
   /usr/bin/bash (4663) docker-default
   /usr/bin/bash (4664) docker-default
   /usr/bin/bash (4666) docker-default
   /usr/bin/bash (4668) docker-default
   /usr/bin/bash (4671) docker-default
   /usr/bin/bash (4674) docker-default
   /usr/bin/bash (4675) docker-default
   /usr/bin/bash (4680) docker-default
   /usr/bin/bash (4684) docker-default
   /usr/bin/bash (4687) docker-default
   /usr/bin/bash (4693) docker-default
   /usr/bin/bash (4695) docker-default
   /usr/bin/bash (4703) docker-default
   /usr/bin/bash (4708) docker-default
   /usr/bin/bash (4712) docker-default
   /usr/bin/bash (4721) docker-default
   /usr/bin/bash (4727) docker-default
   /usr/bin/bash (4731) docker-default
   /usr/lib/postfix/sbin/smtpd (4805) docker-default
   /usr/lib/postfix/sbin/cleanup (4835) docker-default
   /usr/lib/postfix/sbin/discard (4839) docker-default
   /usr/lib/postfix/sbin/smtpd (4850) docker-default
   /usr/bin/rspamd (4905) docker-default
   /usr/bin/rspamd (4906) docker-default
   /usr/bin/rspamd (4907) docker-default
   /usr/bin/rspamd (4908) docker-default
   /usr/bin/rspamd (4909) docker-default
   /usr/libexec/dovecot/imap-login (6308) docker-default
   /usr/libexec/dovecot/imap (6317) docker-default
   /usr/libexec/dovecot/imap-login (8454) docker-default
   /usr/libexec/dovecot/imap (8458) docker-default
   /usr/bin/busybox (8736) docker-default
   /usr/lib/postfix/sbin/proxymap (10987) docker-default
   /usr/local/sbin/php-fpm (12893) docker-default
   /usr/libexec/dovecot/auth (16242) docker-default
   /usr/bin/coreutils (16752) docker-default
   /usr/bin/coreutils (16909) docker-default
   /usr/bin/coreutils (16920) docker-default
   /usr/bin/coreutils (17018) docker-default
   /usr/bin/coreutils (17043) docker-default
   /usr/libexec/dovecot/lmtp (17051) docker-default
   /usr/bin/coreutils (17130) docker-default
   /usr/bin/coreutils (17186) docker-default
   /usr/bin/coreutils (17206) docker-default
   /usr/bin/coreutils (17212) docker-default
   /usr/bin/coreutils (17225) docker-default
   /usr/libexec/dovecot/managesieve-login (17243) docker-default
   /usr/bin/coreutils (17248) docker-default
   /usr/bin/coreutils (17265) docker-default
   /usr/bin/coreutils (17327) docker-default
   /usr/bin/busybox (17336) docker-default
   /usr/bin/coreutils (17352) docker-default
   /usr/bin/coreutils (17358) docker-default
   /usr/bin/coreutils (17360) docker-default
   /usr/bin/coreutils (17374) docker-default
   /usr/bin/coreutils (17383) docker-default
   /usr/bin/coreutils (17476) docker-default
4 processes are in complain mode.
   /snap/oracle-cloud-agent/59/agent (914) snap.oracle-cloud-agent.oracle-cloud-agent
   /snap/oracle-cloud-agent/59/plugins/gomon/gomon (1076) snap.oracle-cloud-agent.oracle-cloud-agent
   /snap/oracle-cloud-agent/59/plugins/oci-wlp/oci-wlp (1151) snap.oracle-cloud-agent.oracle-cloud-agent
   /snap/oracle-cloud-agent/59/updater/updater (913) snap.oracle-cloud-agent.oracle-cloud-agent-updater
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# sestatus
Command 'sestatus' not found, but can be installed with:
apt install policycoreutils
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

Logs of iptables -L -vn:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# iptables -L -vn
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 3891 1344K ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 3891 1344K ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   21   952 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   21   952 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   21   952 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   21   952 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:123
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
   20   888 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
39318 9276K DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
39318 9276K DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0
32222 7306K ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 3190  199K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 3906 1772K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 3136  196K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 4 packets, 160 bytes)
 pkts bytes target     prot opt in     out     source               destination
 4491 1906K ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 4491 1906K ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  149 11639 ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  149 11639 ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  149 11639 ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
  149 11639 ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 InstanceServices  all  --  *      *       0.0.0.0/0            169.254.0.0/16

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:8983
    2    92 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
   37  2132 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.12          tcp dpt:443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    7   332 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.12          tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    1    64 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    5   320 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    2   100 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 3906 1772K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
39318 9276K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 3906 1772K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
39318 9276K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain InstanceServices (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.0.2          owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.2.0/24       owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.4.0/24       owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.5.0/24       owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.0.2          tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            169.254.169.254      udp dpt:53 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.169.254      tcp dpt:53 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.0.3          owner UID match 0 tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.0.4          tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            169.254.169.254      tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            169.254.169.254      udp dpt:67 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            169.254.169.254      udp dpt:69 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            169.254.169.254      udp dpt:123 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            169.254.0.0/16       tcp /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */ reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            169.254.0.0/16       udp /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
    0     0 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   18   760 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
  174 23838 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 3684 1318K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    2   696 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
   30  1452 ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
   28  1324 ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
  174 23838 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
 4169 1871K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  148 11599 ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination
   30  1452 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
   73  4380 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
   71  7059 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
   10   564 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22,25,80,110,143,443,465,587,993,995,4190
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

Logs of ip6tables -L -vn:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# ip6tables -L -vn
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  281 20040 ufw6-before-logging-input  all      *      *       ::/0                 ::/0
  281 20040 ufw6-before-input  all      *      *       ::/0                 ::/0
    0     0 ufw6-after-input  all      *      *       ::/0                 ::/0
    0     0 ufw6-after-logging-input  all      *      *       ::/0                 ::/0
    0     0 ufw6-reject-input  all      *      *       ::/0                 ::/0
    0     0 ufw6-track-input  all      *      *       ::/0                 ::/0

Chain FORWARD (policy DROP 1321 packets, 107K bytes)
 pkts bytes target     prot opt in     out     source               destination
 8388 4954K DOCKER-USER  all      *      *       ::/0                 ::/0
 8388 4954K DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
 7649 4885K DOCKER     all      *      br-mailcow  ::/0                 ::/0
 4575 4695K ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
  737 68632 ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0
 3074  190K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0
 1321  107K ufw6-before-logging-forward  all      *      *       ::/0                 ::/0
 1321  107K ufw6-before-forward  all      *      *       ::/0                 ::/0
 1321  107K ufw6-after-forward  all      *      *       ::/0                 ::/0
 1321  107K ufw6-after-logging-forward  all      *      *       ::/0                 ::/0
 1321  107K ufw6-reject-forward  all      *      *       ::/0                 ::/0
 1321  107K ufw6-track-forward  all      *      *       ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 38 packets, 3888 bytes)
 pkts bytes target     prot opt in     out     source               destination
  234 21864 ufw6-before-logging-output  all      *      *       ::/0                 ::/0
  234 21864 ufw6-before-output  all      *      *       ::/0                 ::/0
   58  6808 ufw6-after-output  all      *      *       ::/0                 ::/0
   58  6808 ufw6-after-logging-output  all      *      *       ::/0                 ::/0
   58  6808 ufw6-reject-output  all      *      *       ::/0                 ::/0
   58  6808 ufw6-track-output  all      *      *       ::/0                 ::/0

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:443
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:80
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::8  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::8  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::8  tcp dpt:587
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::12  tcp dpt:995

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
  737 68632 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
 8388 4954K RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
  737 68632 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
 8388 4954K RETURN     all      *      *       ::/0                 ::/0

Chain ufw6-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:137
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:138
    0     0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:139
    0     0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:445
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:547

Chain ufw6-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
   12  1072 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
 1321  107K ufw6-user-forward  all      *      *       ::/0                 ::/0

Chain ufw6-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ufw6-logging-deny  all      *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 DROP       all      *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
  153  8568 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
   36  3168 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
   37  2664 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
   35  2360 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 144
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 145
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 146
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 147
   20  3280 ACCEPT     udp      *      *       fe80::/10            fe80::/10            udp spt:547 dpt:546
    0     0 ACCEPT     udp      *      *       ::/0                 ff02::fb             udp dpt:5353
    0     0 ACCEPT     udp      *      *       ::/0                 ff02::f              udp dpt:1900
    0     0 ufw6-user-input  all      *      *       ::/0                 ::/0

Chain ufw6-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0
    0     0 DROP       all      *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 129
    1    56 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
   37  2392 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
   55  3960 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 132
   83  8648 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
   58  6808 ufw6-user-output  all      *      *       ::/0                 ::/0

Chain ufw6-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      *      *       ::/0                 ::/0                 ctstate INVALID limit: avg 3/min burst 10
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      *       ::/0                 ::/0

Chain ufw6-skip-to-policy-input (6 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      *       ::/0                 ::/0

Chain ufw6-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      *       ::/0                 ::/0

Chain ufw6-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 ctstate NEW
   20  2920 ACCEPT     udp      *      *       ::/0                 ::/0                 ctstate NEW

Chain ufw6-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 multiport dports 22,25,80,110,143,443,465,587,993,995,4190
    0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:25

Chain ufw6-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all      *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all      *      *       ::/0                 ::/0

Chain ufw6-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw6-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

Logs of iptables -L -vn -t nat:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# iptables -L -vn -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   82  4364 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
 1955  144K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.9           172.22.1.9           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.12          172.22.1.12          tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.12          172.22.1.12          tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.9:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.10:8983
    2    92 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
   37  2132 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.12:443
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    7   332 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.12:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    1    64 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    5   320 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    2   100 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

Logs of ip6tables -L -vn -t nat:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# ip6tables -L -vn -t nat
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   16  2624 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all      *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
  718 67112 MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::8  fd4d:6169:6c63:6f77::8  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::8  fd4d:6169:6c63:6f77::8  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::8  fd4d:6169:6c63:6f77::8  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::12  fd4d:6169:6c63:6f77::12  tcp dpt:995

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::10]:443
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::10]:80
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::8]:25
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::8]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::8]:587
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::12]:110
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::12]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::12]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::12]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::12]:995
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

DNS check:

root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
151.101.65.69
151.101.1.69
151.101.193.69
151.101.129.69
root@mailcow-instance-20230626-2244:/opt/mailcow-dockerized#

mailcow / mailcow-dockerized

Issue sending emails (hotmail.com - mail-tester.com - dkimvalidator.com) #5308

Contribution guidelines

I've found a bug and checked that ...

Description

Logs:

Steps to reproduce:

Which branch are you using?

Operating System:

Server/VM specifications:

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker version:

docker-compose version or docker compose version:

mailcow version:

Reverse proxy:

Logs of git diff:

Logs of iptables -L -vn:

Logs of ip6tables -L -vn:

Logs of iptables -L -vn -t nat:

Logs of ip6tables -L -vn -t nat:

DNS check: