Mailcow seems to keep using hardcoded IPs

[mrdmiller2]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

In trying to get mailcow working, I noticed that even if I define alternative IP's in the configuration (docker-compose.yml), it seems to want to hard code some values.. (.249) and .254. 

This seems to also impact DNS resolution (can't actually resolve any external values per the compose launch).  And because things would never fully launch, even though NGINX would come up, it would never pass a connection to the internal web server. (not to mention other ports would never connect internally).

While we are on the subject, is there a reason why the configuration tries to use multiple ips internally? 

With the launch, I see these ip's defined:
172.22.1.248
172.22.1.249
172.22.1.250
172.22.1.253
172.22.1.254

Logs:

this is from the compose launch:

mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:48:44 PDT 2023 Ratelimit health level: 100% (1/1), health trend: 0
mailcowdockerized-postfix-mailcow-1    | Oct  5 17:48:44 ce4b003a9de5 postfix/master[362]: warning: process /usr/lib/postfix/sbin/smtpd pid 378 exit status 1
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:48:44 PDT 2023 Postfix health level: 0% (0/8), health trend: -3
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:48:45 PDT 2023 Postfix hit error limit
mailcowdockerized-watchdog-mailcow-1   |
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.129 sec. response time|time=0.129191s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 3.484 sec. response time|time=3.484392s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.044 sec. response time|time=0.044255s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.042 sec. response time|time=0.042247s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.044 sec. response time|time=0.044240s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.058 sec. response time|time=0.058332s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.047 sec. response time|time=0.046747s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | CRITICAL - Socket timeout
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.102 sec. response time|time=0.102013s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.053 sec. response time|time=0.053385s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | SMTP OK - 0.045 sec. response time|time=0.044954s;;;0.000000
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-php-fpm-mailcow-1    | 10.10.10.10 -  05/Oct/2023:17:48:48 -0700 "HEAD /settings.php" 304
mailcowdockerized-nginx-mailcow-1      | 10.10.10.11 - - [05/Oct/2023:17:48:48 -0700] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.4"
mailcowdockerized-php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::f -  05/Oct/2023:17:48:49 -0700 "HEAD /forwardinghosts.php" 200
mailcowdockerized-nginx-mailcow-1      | 10.10.10.11 - - [05/Oct/2023:17:48:49 -0700] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.4"
mailcowdockerized-php-fpm-mailcow-1    | 10.10.10.10 -  05/Oct/2023:17:48:49 -0700 "GET /forwardinghosts.php" 200
mailcowdockerized-nginx-mailcow-1      | 10.10.10.11 - - [05/Oct/2023:17:48:49 -0700] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "rspamd-3.4"
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-dockerapi-mailcow-1  | INFO:     10.10.10.7:55692 - "GET /containers/json HTTP/1.1" 200 OK
mailcowdockerized-dockerapi-mailcow-1  | INFO:     10.10.10.7:55694 - "GET /containers/a2aa841ed4909adbe873d413c54b9c501705f7a52b873fe6cb34e02e78fe059b/json HTTP/1.1" 200 OK
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 Container is running for less than 360 seconds, skipping action...
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 Postfix health level: 63% (5/8), health trend: -3
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 PHP-FPM health level: 100% (5/5), health trend: 0
mailcowdockerized-rspamd-mailcow-1     | 2023-10-05 17:49:07 #62(controller) <df2e90>; csession; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_SPAM of classifier bayes: not enough learns 0; 5 required
mailcowdockerized-rspamd-mailcow-1     | 2023-10-05 17:49:07 #62(controller) <df2e90>; csession; rspamd_redis_connected: skip obtaining bayes tokens for BAYES_HAM of classifier bayes: not enough learns 0; 5 required
mailcowdockerized-rspamd-mailcow-1     | 2023-10-05 17:49:07 #62(controller) <df2e90>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 172 regexps total, 21 regexps cached, 0B scanned using pcre, 84B scanned total
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 Redis health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 Dovecot health level: 17% (2/12), health trend: -10
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:07 PDT 2023 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:08 PDT 2023 Cert check hit error limit
mailcowdockerized-watchdog-mailcow-1   |
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | connect to address 10.10.10.165 and port 993: Connection refused
mailcowdockerized-watchdog-mailcow-1   | SMTP UNKNOWN - Cannot read EHLO response via TLS.
mailcowdockerized-watchdog-mailcow-1   | connect to address 10.10.10.165 and port 993: Connection refused
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:08 PDT 2023 Certificates are about to expire
mailcowdockerized-postfix-mailcow-1    | Oct  5 17:49:09 ce4b003a9de5 postfix/master[362]: warning: process /usr/lib/postfix/sbin/smtpd pid 384 exit status 1
mailcowdockerized-postfix-mailcow-1    | Oct  5 17:49:09 ce4b003a9de5 postfix/master[362]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:09 PDT 2023 Primary certificate expiry check health level: 29% (2/7), health trend: -5
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:10 PDT 2023 Dovecot replication health level: 100% (20/20), health trend: 0
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:15 PDT 2023 ACME health level: 100% (1/1), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:16 PDT 2023 MySQL/MariaDB health level: 100% (5/5), health trend: 0
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:22 PDT 2023 Mail queue health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Thu Oct 5 17:49:22 PDT 2023 Olefy health level: 100% (5/5), health trend: 0
mailcowdockerized-netfilter-mailcow-1  | Error 113 connecting to 10.10.10.249:6379. Host is unreachable. - trying again in 3 seconds

Steps to reproduce:

Literally following the steps from the documentation..

Which branch are you using?

master

Operating System:

Ubuntu 22.-4 LTS

Server/VM specifications:

8GB RAM, 512GB HD, 4vCPU

Is Apparmor, SELinux or similar active?

No

Virtualization technology:

Vmware (Esx 7.0)

Docker version:

24.0.6

docker-compose version or docker compose version:

docker-compose version 1.25.0

mailcow version:

2023-09

Reverse proxy:

nginx

Logs of git diff:

No changes to the code

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 56680 packets, 67M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
13777 6371K DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
13777 6371K DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 20974 packets, 1681K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 277K  283M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
   24  1416 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
25498 1489K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
 277K  283M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 66 packets, 3928 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 4844  369K DOCKER-USER  all      *      *       ::/0                 ::/0
41502 3214K DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
41502 3214K DOCKER     all      *      br-mailcow  ::/0                 ::/0
 8214  854K ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0
33288 2360K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 93 packets, 10204 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
 4844  369K RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
41454 3211K RETURN     all      *      *       ::/0                 ::/0

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 2509 packets, 171K bytes)
 pkts bytes target     prot opt in     out     source               destination
   54  2860 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 309 packets, 56888 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 620 packets, 42410 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 620 packets, 42410 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 105 packets, 8132 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

DNS check:

N/A

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.