Domain Wide Disclaimer breaks attachments visualization on Gmail and Outlook

[thomisus]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Enabling Domain Wide Disclaimer breaks visualization of email and attachment in Gmail, sent from SOGO web ui.
Disabling does not fix the error.

Logs:

`
MIME-Version: 1.0
Message-ID: <46-65524400-f-37436000@186720726>
Subject: test email
User-Agent: SOGoMail 5.9.0
X-Last-TLS-Session-Version: None

------=_=-_OpenGroupware_org_NGMime-70-1699890218.060232-8------
Content-Type: multipart/alternative; boundary="----=_=-_OpenGroupware_org_NGMime-70-1699890218.059984-7------"

------=_=-_OpenGroupware_org_NGMime-70-1699890218.059984-7------
Content-Type: text/plain; charset=utf-8
Content-Length: 16

test attachment

------=_=-_OpenGroupware_org_NGMime-70-1699890218.059984-7------
Content-Type: text/html; charset=utf-8
Content-Length: 28

<html>test attachment</html>

------=_=-_OpenGroupware_org_NGMime-70-1699890218.059984-7--------
------=_=-_OpenGroupware_org_NGMime-70-1699890218.060232-8------
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="invoice.pdf"
Content-Length: 110140

------=_=-_OpenGroupware_org_NGMime-70-1699890218.060232-8--------
`

`
MIME-Version: 1.0
Message-ID: <46-65524480-17-37436000@186722145>
Subject: test email
User-Agent: SOGoMail 5.9.0
X-Last-TLS-Session-Version: None

------=_=-_OpenGroupware_org_NGMime-70-1699890326.762918-14------

--
Content-Type: multipart/alternative; boundary="----=_=-_OpenGroupware_org_NGMime-70-1699890326.762686-13------"

------=_=-_OpenGroupware_org_NGMime-70-1699890326.762686-13------
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

test attachment email

------=_=-_OpenGroupware_org_NGMime-70-1699890326.762686-13------
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>test attachment email</html>

------=_=-_OpenGroupware_org_NGMime-70-1699890326.762686-13--------

------=_=-_OpenGroupware_org_NGMime-70-1699890326.762918-14------

--
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="invoice.pdf"
Content-Length: 110140

JVBERi0xLjQKJeLjz9MKMyAwIG9iaiA8PC9Db2xvclNwYWNlWy9JbmRleGVkWy9DYWxSR0I8
PC9HYW1tYVsyLjIyIDIuMjIgMi4yMl0vV2hpdGVQb2ludFswLjk1MDQzIDEgMS4wOV0vTWF0
cml4WzAuNDEyMzkgMC4yMTI2NCAwLjAxOTMzIDAuMzU3NTggMC43MTUxNyAwLjExOTE5IDAu
MTgwNDUgMC4wNzIxOCAwLjk1MDRdPj5dIDI1NSjniJPzxMnga3j54uXOESb///8AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
`

`
Message-ID: <46-65524480-13-37436000@186720792>
Subject: test email
User-Agent: SOGoMail 5.9.0
X-Last-TLS-Session-Version: None

------=_=-_OpenGroupware_org_NGMime-70-1699890282.516758-11------

--
Content-Type: multipart/alternative; boundary="----=_=-_OpenGroupware_org_NGMime-70-1699890282.516519-10------"

------=_=-_OpenGroupware_org_NGMime-70-1699890282.516519-10------
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

test attachment email

test domain wide disclaimer

------=_=-_OpenGroupware_org_NGMime-70-1699890282.516519-10------
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>test attachment email</html>

test domain wide disclaimer

------=_=-_OpenGroupware_org_NGMime-70-1699890282.516519-10--------

------=_=-_OpenGroupware_org_NGMime-70-1699890282.516758-11------

--
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="invoice.pdf"
Content-Length: 110140

JVBERi0xLjQKJeLjz9MKMyAwIG9iaiA8PC9Db2xvclNwYWNlWy9JbmRleGVkWy9DYWxSR0I8
PC9HYW1tYVsyLjIyIDIuMjIgMi4yMl0vV2hpdGVQb2ludFswLjk1MDQzIDEgMS4wOV0vTWF0
cml4WzAuNDEyMzkgMC4yMTI2NCAwLjAxOTMzIDAuMzU3NTggMC43MTUxNyAwLjExOTE5IDAu
MTgwNDUgMC4wNzIxOCAwLjk1MDRdPj5dIDI1NSjniJPzxMnga3j54uXOESb///8AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
`

Steps to reproduce:

1. From a clean installation, enable domain wide disclaimer.
Attachment sent from SOGO web ui breaks visualization.
2. Disabling domain wide diclaimer doesn't fix.
3. Restoring a full backup to a clean install fix the problem.

I noticed that even after removing Domain Wide Disclaimer, a double "--" remains after the boundary part.

Which branch are you using?

master

Operating System:

debian 11.8

Server/VM specifications:

16gb ram, xeon E3-1230 v6

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM

Docker version:

24.0.5

docker-compose version or docker compose version:

v2.7.0

mailcow version:

2023-10a

Reverse proxy:

traefik

Logs of git diff:

diff --git a/create_cold_standby.sh b/create_cold_standby.sh
index 924339af..1d436cd7 100755
--- a/create_cold_standby.sh
+++ b/create_cold_standby.sh
@@ -2,6 +2,6 @@

 export REMOTE_SSH_KEY=/root/.ssh/id_rsa
 export REMOTE_SSH_PORT=22
-export REMOTE_SSH_HOST=my.remote.host
+export REMOTE_SSH_HOST=*.*.*.*

 /opt/mailcow-dockerized/helper-scripts/_cold-standby.sh
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 237b4263..97f10cee 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -170,3 +170,36 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = *.*.*
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 8d84e3a7..040e5308 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -598,42 +598,12 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: false
     ipam:
       driver: default
       config:

Logs of iptables -L -vn:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
52015   33M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
52015   33M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
36844   30M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 2611  165K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 3939  872K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 2588  164K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
3352K  236M ACCEPT     all  --  *      br-f279b89bb283  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 279K   19M DOCKER     all  --  *      br-f279b89bb283  0.0.0.0/0            0.0.0.0/0           
1280K  118M ACCEPT     all  --  br-f279b89bb283 !br-f279b89bb283  0.0.0.0/0            0.0.0.0/0           
  721 43260 ACCEPT     all  --  br-f279b89bb283 br-f279b89bb283  0.0.0.0/0            0.0.0.0/0           
7213K 2046M ACCEPT     all  --  *      br-b04410647005  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
59872 9249K DOCKER     all  --  *      br-b04410647005  0.0.0.0/0            0.0.0.0/0           
  14M 2163M ACCEPT     all  --  br-b04410647005 !br-b04410647005  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  br-b04410647005 br-b04410647005  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (4 references)
 pkts bytes target     prot opt in     out     source               destination         
 1377 70570 ACCEPT     tcp  --  !br-f279b89bb283 br-f279b89bb283  0.0.0.0/0            172.18.0.2           tcp dpt:1883
34705 2079K ACCEPT     tcp  --  !br-f279b89bb283 br-f279b89bb283  0.0.0.0/0            172.18.0.5           tcp dpt:8883
43770 3692K ACCEPT     tcp  --  !br-f279b89bb283 br-f279b89bb283  0.0.0.0/0            172.18.0.5           tcp dpt:443
51261 4003K ACCEPT     tcp  --  !br-f279b89bb283 br-f279b89bb283  0.0.0.0/0            172.18.0.5           tcp dpt:80
17064 2808K ACCEPT     udp  --  !br-b04410647005 br-b04410647005  0.0.0.0/0            172.23.0.2           udp dpt:9993
 1923  113K ACCEPT     tcp  --  !br-b04410647005 br-b04410647005  0.0.0.0/0            172.23.0.2           tcp dpt:3443
  102  5624 ACCEPT     tcp  --  !br-b04410647005 br-b04410647005  0.0.0.0/0            172.23.0.2           tcp dpt:3180
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.7           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    1    52 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
   14   820 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    2   112 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 3939  872K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
1280K  118M DOCKER-ISOLATION-STAGE-2  all  --  br-f279b89bb283 !br-f279b89bb283  0.0.0.0/0            0.0.0.0/0           
  14M 2163M DOCKER-ISOLATION-STAGE-2  all  --  br-b04410647005 !br-b04410647005  0.0.0.0/0            0.0.0.0/0           
 103M   87G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-f279b89bb283  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-b04410647005  0.0.0.0/0            0.0.0.0/0           
  26M 6920M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 103M   87G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-USER  all      *      *       ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-f279b89bb283 !br-f279b89bb283  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-b04410647005 !br-b04410647005  ::/0                 ::/0                
    0     0 RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
    0     0 DROP       all      *      br-f279b89bb283  ::/0                 ::/0                
    0     0 DROP       all      *      br-b04410647005  ::/0                 ::/0                
    0     0 RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      *      *       ::/0                 ::/0

Logs of iptables -L -vn -t nat:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
2308K  129M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2446  182K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
  704 50494 MASQUERADE  all  --  *      !br-f279b89bb283  172.18.0.0/16        0.0.0.0/0           
 500K   82M MASQUERADE  all  --  *      !br-b04410647005  172.23.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.18.0.2           172.18.0.2           tcp dpt:1883
    0     0 MASQUERADE  tcp  --  *      *       172.18.0.5           172.18.0.5           tcp dpt:8883
    0     0 MASQUERADE  tcp  --  *      *       172.18.0.5           172.18.0.5           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.18.0.5           172.18.0.5           tcp dpt:80
    0     0 MASQUERADE  udp  --  *      *       172.23.0.2           172.23.0.2           udp dpt:9993
    0     0 MASQUERADE  tcp  --  *      *       172.23.0.2           172.23.0.2           tcp dpt:3443
    0     0 MASQUERADE  tcp  --  *      *       172.23.0.2           172.23.0.2           tcp dpt:3180
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.7           172.22.1.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-f279b89bb283 *       0.0.0.0/0            0.0.0.0/0           
23459  704K RETURN     all  --  br-b04410647005 *       0.0.0.0/0            0.0.0.0/0           
 1377 70570 DNAT       tcp  --  !br-f279b89bb283 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1883 to:172.18.0.2:1883
34702 2079K DNAT       tcp  --  !br-f279b89bb283 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8883 to:172.18.0.5:8883
43773 3692K DNAT       tcp  --  !br-f279b89bb283 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.18.0.5:443
51356 4007K DNAT       tcp  --  !br-f279b89bb283 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.18.0.5:80
 1238  197K DNAT       udp  --  !br-b04410647005 *       0.0.0.0/0            0.0.0.0/0            udp dpt:9993 to:172.23.0.2:9993
 1924  113K DNAT       tcp  --  !br-b04410647005 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3443 to:172.23.0.2:3443
  102  5624 DNAT       tcp  --  !br-b04410647005 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3180 to:172.23.0.2:3180
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.7:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8443 to:172.22.1.8:8443
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8080 to:172.22.1.8:8080
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    1    52 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
  109  6520 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    2   112 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25

Logs of ip6tables -L -vn -t nat:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0                

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      docker0 *       ::/0                 ::/0

DNS check:

172.64.155.249
104.18.32.7

[thomisus]

Making some progress.. after a clean install, domain wide value in redis database is NIL ( you can check with HGET "DOMAIN_WIDE_FOOTER domain_name" or "HGETALL DOMAIN_WIDE_FOOTER" ) , after saving domain wide disclaimer with an empty value, the value is "{\"html\":\"\",\"plain\":\"\"}" Deleting this value from redis with "HDEL DOMAIN_WIDE_FOOTER domain_name" fix the bug.

[FreddleSpl0it]

can you check out this PR https://github.com/mailcow/mailcow-dockerized/pull/5546 in my tests the workaround was successfull