Adding forwarding host failure - latest version 10-4-23

[OSXGroupFL]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Adding forwarding host (delivery.antispamcloud.com) returns Invalid host specified: delivery.antispamcloud.com

Logs:

no log entries found

root@mailcow:/opt/mailcow# docker-compose logs | grep -i "invalid host"
root@mailcow:/opt/mailcow# docker-compose logs | grep -i "invalid host specified"

Steps to reproduce:

System Configuration > Forwarding hosts
enter delivery.antispamcloud.com
select Inactive for SPAM
click Add

Which branch are you using?

master

Operating System:

Ubuntu 20.04.6 LTS

Server/VM specifications:

16GB / 4 CPU

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

Synology Virtual Machine Manager

Docker version:

24.0.5

docker-compose version or docker compose version:

v2.9.0

mailcow version:

2023-09

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..b2485bde 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFwTCCA6mgAwIBAgIULnA/0XmE7Z595Zz5MP3jOZ4yV50wDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEdMBsGA1UEAwwU
+bWFpbGNvdy5yb3lmYXJtcy5jb20wHhcNMjEwMjE0MjM1MTQ3WhcNMjIwMjE0MjM1
+MTQ3WjBwMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdXaWxs
+aWNoMRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MR0wGwYDVQQD
+DBRtYWlsY293LnJveWZhcm1zLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBANGRAuy/1pNrZiYpLL4Eugue33fQDjewBHsP3WsfXllo1wzoMwaVaanj
+TvFl01ORqkztASGghGZ8srKoIjyxpWJM16V3onT6iGotXlewgebNNjcRCWcTzfUF
+7JjKLbYY0NgzDW/7a60Zfx2ttF092cS//S4klMSbLVtfbv419/VizEYgQ/EOodQN
+XfXMXZ1TBCnVNR/PUP/ZBoqXP15py7jynMeotYtdl9YXW+vk6gc7tRcYR78YjjdS
+jNi6gW8YFjIBkpb0XNKNx6qqGO8PhW5/VBKTuTTSQ6Q4NO2fut6Jk2z6PGfxNyy8
+i3g+sbN1cG4/RaP76wKSxoSNSYmPMnvf+z3dsKeZjAdq7AeVTWpxoy3HpiWbmn6t
+5tufQxkp35BYW69Sh3sBj9aaCv8kslhUB+vqgPfDM8VXIANSjnYfWq+C4ZQYhwnz
+SB6yJKU74G2d8wUNcPyVWqXCu85bFac3QY93e9hWV1bVNdDhHJKME8ojtp6U1R3f
+CchvMlR1F4fiHkctU0+qH13IBdobpYw3kb5yUnK+VqTux6yS7gmAQ43YtX161nkH
+zQLVnVwhnH7/cMuAbAQUbygFelDMv2o5LxKlkPcmWU4bLS40iHdqNFwen4BDyxhh
+P3pVQEsSOx98lhAianQbjXXakR3bBlD/nd3rk0Gd2mCGa3C27pajAgMBAAGjUzBR
+MB0GA1UdDgQWBBSMlah6Y6kFlIiJY3dHHZyznsAIczAfBgNVHSMEGDAWgBSMlah6
+Y6kFlIiJY3dHHZyznsAIczAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4ICAQC9QW4GNBl2gAHbr3JmXaSiIfexCYwWEXHBok71sPV65v2VENg9rJeLEjas
+y1YpY0dq3IB/L5c8CNoeKciMbRkYo2HcrFLDSqn74Qln8wXLy6ZjnvwC0wmZ1XAa
+ktZGcwaQP11DfYaLZ+3wn1E4A/T1b62A/jHlPcTlSmG6IiAAWBIlIoks3/cR7o2u
+CW43OPQxDfgml4HUsip99cJOLXKvXOtkocOVWoC3LUrViClCAj7qWRpO0g+keob2
+tzoi4dzRdCwDs+z8QIeh6SJZwyEPSaQEWMmkUGXlnzsgW6fNVn7pMEHHovKFBVuE
+Lv73EOi/2dAf6hZDxAjiF5XMJmVW6HJbZY6Or00tB+HPVQksYRwCx71UPaU0BpW3
+scb5n/p1NiwBA3K9qEh4GBGIz/w67m9aO+lLFnQIx5B/OWCN2pDhf2KASvQT6EJc
+lZ+IHU3oguTwhFLIEDp5ZGNp99CIW10uJLTmFHixd3pd9hffjDP59MSuswCu8PBo
+77FEbN+MFNt3zPbdW0YxIxNST1L0jiQcQlkXe7j9TGoTlW1NE/OGkDeVLyRLS494
+1Kuda86ufaLIt8xoJJgiViTuIktYvFCaT45yf/CdrHSkYudZtZ5VMZ7y8Ns3buiH
+HH3821lckuGd3YHZHLqPiuk2dxgYg91wnA14YAanr7WoxZVvUg==
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..ac3ecb3e 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
:

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 9096 packets, 3170K bytes)
 pkts bytes target     prot opt in     out     source               destination
 341K  136M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
2956K 1708M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0
2951K 1708M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2951K 1708M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2068K 1335M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 120K 8702K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
 763K  365M ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 110K 8071K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 8832 packets, 1039K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:3306
   48  2944 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
 1780  107K ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
  809 47080 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
 4702  299K ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
 1333 85915 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
 1245 74260 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:443
  304 15057 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:80

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
 763K  365M DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 501M  216G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
 139M   80G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
1076M  632G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination
   23  1657 REJECT     all  --  *      *       46.148.40.190        0.0.0.0/0            reject-with icmp-port-unreachable
   24  1697 REJECT     all  --  *      *       46.148.40.86         0.0.0.0/0            reject-with icmp-port-unreachable
   24  1717 REJECT     all  --  *      *       46.148.40.88         0.0.0.0/0            reject-with icmp-port-unreachable
   24  1717 REJECT     all  --  *      *       46.148.40.111        0.0.0.0/0            reject-with icmp-port-unreachable
   23  1657 REJECT     all  --  *      *       46.148.40.185        0.0.0.0/0            reject-with icmp-port-unreachable
   23  1657 REJECT     all  --  *      *       46.148.40.192        0.0.0.0/0            reject-with icmp-port-unreachable
   23  1630 REJECT     all  --  *      *       46.148.40.197        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1757 REJECT     all  --  *      *       46.148.40.81         0.0.0.0/0            reject-with icmp-port-unreachable
   24  1717 REJECT     all  --  *      *       46.148.40.62         0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.107        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.191        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.193        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.117        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.116        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.82         0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.85         0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.198        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.115        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1765 REJECT     all  --  *      *       46.148.40.79         0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.120        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.76         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1877 REJECT     all  --  *      *       46.148.40.163        0.0.0.0/0            reject-with icmp-port-unreachable
   24  1713 REJECT     all  --  *      *       46.148.40.114        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.110        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.92         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1877 REJECT     all  --  *      *       46.148.40.64         0.0.0.0/0            reject-with icmp-port-unreachable
   26  1817 REJECT     all  --  *      *       46.148.40.83         0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.119        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.121        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1837 REJECT     all  --  *      *       46.148.40.113        0.0.0.0/0            reject-with icmp-port-unreachable
   25  1777 REJECT     all  --  *      *       46.148.40.118        0.0.0.0/0            reject-with icmp-port-unreachable
   27  1877 REJECT     all  --  *      *       46.148.40.68         0.0.0.0/0            reject-with icmp-port-unreachable
   28  1937 REJECT     all  --  *      *       46.148.40.78         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1897 REJECT     all  --  *      *       46.148.40.71         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1877 REJECT     all  --  *      *       46.148.40.135        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1837 REJECT     all  --  *      *       46.148.40.90         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1897 REJECT     all  --  *      *       46.148.40.196        0.0.0.0/0            reject-with icmp-port-unreachable
   26  1837 REJECT     all  --  *      *       46.148.40.183        0.0.0.0/0            reject-with icmp-port-unreachable
   28  1980 REJECT     all  --  *      *       46.148.40.63         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1897 REJECT     all  --  *      *       46.148.40.186        0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.91         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1897 REJECT     all  --  *      *       46.148.40.162        0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.87         0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.122        0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.72         0.0.0.0/0            reject-with icmp-port-unreachable
   29  2017 REJECT     all  --  *      *       46.148.40.70         0.0.0.0/0            reject-with icmp-port-unreachable
   27  1897 REJECT     all  --  *      *       46.148.40.160        0.0.0.0/0            reject-with icmp-port-unreachable
   29  2017 REJECT     all  --  *      *       46.148.40.69         0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.73         0.0.0.0/0            reject-with icmp-port-unreachable
   39  2776 REJECT     all  --  *      *       46.148.40.74         0.0.0.0/0            reject-with icmp-port-unreachable
   28  1957 REJECT     all  --  *      *       46.148.40.61         0.0.0.0/0            reject-with icmp-port-unreachable
   29  1997 REJECT     all  --  *      *       46.148.40.65         0.0.0.0/0            reject-with icmp-port-unreachable
   30  2057 REJECT     all  --  *      *       46.148.40.84         0.0.0.0/0            reject-with icmp-port-unreachable
   29  2017 REJECT     all  --  *      *       46.148.40.75         0.0.0.0/0            reject-with icmp-port-unreachable
   30  2100 REJECT     all  --  *      *       46.148.40.67         0.0.0.0/0            reject-with icmp-port-unreachable
   31  2117 REJECT     all  --  *      *       46.148.40.60         0.0.0.0/0            reject-with icmp-port-unreachable
  155  9112 REJECT     all  --  *      *       141.98.11.82         0.0.0.0/0            reject-with icmp-port-unreachable
   47  3049 REJECT     all  --  *      *       46.148.40.161        0.0.0.0/0            reject-with icmp-port-unreachable
   28  1910 REJECT     all  --  *      *       46.148.40.66         0.0.0.0/0            reject-with icmp-port-unreachable
   31  2117 REJECT     all  --  *      *       46.148.40.112        0.0.0.0/0            reject-with icmp-port-unreachable
   32  2177 REJECT     all  --  *      *       46.148.40.148        0.0.0.0/0            reject-with icmp-port-unreachable
   31  2137 REJECT     all  --  *      *       46.148.40.144        0.0.0.0/0            reject-with icmp-port-unreachable
   33  2237 REJECT     all  --  *      *       46.148.40.149        0.0.0.0/0            reject-with icmp-port-unreachable
   32  2185 REJECT     all  --  *      *       46.148.40.140        0.0.0.0/0            reject-with icmp-port-unreachable
   33  2237 REJECT     all  --  *      *       46.148.40.147        0.0.0.0/0            reject-with icmp-port-unreachable
   34  2297 REJECT     all  --  *      *       46.148.40.141        0.0.0.0/0            reject-with icmp-port-unreachable
   33  2257 REJECT     all  --  *      *       46.148.40.142        0.0.0.0/0            reject-with icmp-port-unreachable
   33  2257 REJECT     all  --  *      *       46.148.40.145        0.0.0.0/0            reject-with icmp-port-unreachable
   33  2257 REJECT     all  --  *      *       46.148.40.146        0.0.0.0/0            reject-with icmp-port-unreachable
   34  2297 REJECT     all  --  *      *       46.148.40.199        0.0.0.0/0            reject-with icmp-port-unreachable
   34  2297 REJECT     all  --  *      *       46.148.40.143        0.0.0.0/0            reject-with icmp-port-unreachable
   40  2677 REJECT     all  --  *      *       46.148.40.58         0.0.0.0/0            reject-with icmp-port-unreachable
   44  2897 REJECT     all  --  *      *       46.148.40.49         0.0.0.0/0            reject-with icmp-port-unreachable
   40  2753 REJECT     all  --  *      *       46.148.40.13         0.0.0.0/0            reject-with icmp-port-unreachable
   46  3037 REJECT     all  --  *      *       46.148.40.80         0.0.0.0/0            reject-with icmp-port-unreachable
   45  2957 REJECT     all  --  *      *       46.148.40.130        0.0.0.0/0            reject-with icmp-port-unreachable
   45  2977 REJECT     all  --  *      *       46.148.40.153        0.0.0.0/0            reject-with icmp-port-unreachable
   46  3017 REJECT     all  --  *      *       46.148.40.151        0.0.0.0/0            reject-with icmp-port-unreachable
   45  2957 REJECT     all  --  *      *       46.148.40.136        0.0.0.0/0            reject-with icmp-port-unreachable
   45  2977 REJECT     all  --  *      *       46.148.40.152        0.0.0.0/0            reject-with icmp-port-unreachable
   55  3577 REJECT     all  --  *      *       46.148.40.77         0.0.0.0/0            reject-with icmp-port-unreachable
   55  3577 REJECT     all  --  *      *       46.148.40.189        0.0.0.0/0            reject-with icmp-port-unreachable
   55  3577 REJECT     all  --  *      *       46.148.40.195        0.0.0.0/0            reject-with icmp-port-unreachable
   56  3637 REJECT     all  --  *      *       46.148.40.94         0.0.0.0/0            reject-with icmp-port-unreachable

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 164K packets, 9188K bytes)
 pkts bytes target     prot opt in     out     source               destination
 164K 9188K MAILCOW    all      *      *       ::/0                 ::/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MAILCOW    all      *      *       ::/0                 ::/0
    0     0 DOCKER-USER  all      *      *       ::/0                 ::/0
    0     0 DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 1 packets, 49 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
    0     0 DROP       all      *      docker0  ::/0                 ::/0
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 437K packets, 93M bytes)
 pkts bytes target     prot opt in     out     source               destination
3840K  244M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 83343 packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2885 packets, 332K bytes)
 pkts bytes target     prot opt in     out     source               destination
 8923 1697K DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 123K packets, 9060K bytes)
 pkts bytes target     prot opt in     out     source               destination
84027 7752K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.9           172.22.1.9           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:80

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.9:3306
   48  2944 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
 3616  217K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
  809 47080 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
 4708  299K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
 1334 85979 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
 1251 74524 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.10:443
  308 15217 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.10:80

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 24M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 28850 packets, 5303K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1 packets, 49 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1 packets, 49 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      docker0 *       ::/0                 ::/0

DNS check:

root@mailcow:/opt/mailcow# docker exec -it 974d19c642bf dig +short delivery.antispamcloud.com
206.148.0.47
206.148.0.48
206.148.0.49
38.107.142.46
38.133.190.182
38.133.191.228
38.133.191.232
38.133.191.234
38.133.191.235
38.133.191.237
38.133.191.238
38.133.191.240
38.133.191.241
38.133.191.243
38.71.17.10
38.71.17.12
38.71.17.13
38.71.17.15
38.71.17.16
38.71.17.18
38.71.17.19
38.71.17.21
38.71.17.22
38.71.17.24
38.71.17.247
38.71.17.25
38.71.17.42
38.71.17.43
38.71.17.45
38.71.17.46
38.71.17.54
38.71.17.55
38.71.17.57
38.71.17.58
38.71.17.6
38.71.17.60
38.71.17.61
38.71.17.66
38.71.17.67
38.71.17.7
38.71.17.9
46.165.223.16
62.138.14.204
94.75.244.176
130.117.251.15
130.117.251.6
130.117.251.7
130.117.53.25
130.117.53.26
130.117.54.73
130.117.54.74
149.13.73.12
149.13.73.13
149.13.73.29
149.13.73.30
149.13.73.31
149.13.73.32
149.13.73.33
149.13.73.34
149.13.73.35
149.13.73.36
149.13.73.4
149.13.73.6
149.13.75.10
149.13.75.11
149.13.75.19
149.13.75.20
154.59.194.245
154.59.194.248
154.59.194.249
154.59.194.251
154.59.194.252
154.61.86.40
154.61.86.47
154.61.86.49
154.61.86.52
154.61.86.53
154.61.86.54
154.61.86.55
154.61.86.57
185.201.16.200
185.201.16.201
185.201.17.200
185.201.17.201
185.201.18.200
185.201.18.201
185.201.19.200
185.201.19.201
193.200.214.134
193.200.214.136
193.200.214.137
193.200.214.138
199.115.117.7
206.148.0.34
206.148.0.46

[DerLinkman]

Can confirm. I think it might be a character limit at this point as the general translation of domains to ips works here.

We'll take a look at this!

[FreddleSpl0it]

Not sure about that, but I think we have a problem with the dns_get_record function in php https://www.php.net/manual/en/function.dns-get-record.php. In the php-fpm container, I have created the following script, which will return an empty string for delivery.antispamcloud.com (Run with php dns_test.php):

<?php
  $domain = "delivery.antispamcloud.com";

  $a_records = dns_get_record($domain, DNS_A);
  echo var_dump($a_records);
?>

Running dig a +short delivery.antispamcloud.com from within the php-fpm container works