curl doesn't resolve dockerapi with latest release `Janmooary 2024` on some machines

[FingerlessGlov3s]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I been running Mailcow on Debian for years now. Today I came to upgrade Mailcow, using the usual `update.sh`. After running the update, Mailcow didn't fully come up correctly. Stuck on "starting up" webpage even after 20 minutes of waiting.

After lots of debugging, I noticed the `php-fpm` container, wasn't fully starting because it was waiting for a response from the dockerapi linked below.
https://github.com/mailcow/mailcow-dockerized/blob/b5db5dd0b4f26f8ec843254412affff395d40621/data/Dockerfiles/phpfpm/docker-entrypoint.sh#L26

When I get a bash prompt within the container and try curl dockerapi it doesn't work, but I can ping or wget it. So I knew something wasn't quite right with DNS.

912e8b47c99c:/var/www/html# wget dockerapi -O -
Connecting to dockerapi (172.22.1.3:80)
wget: can't connect to remote host (172.22.1.3): Connection refused

912e8b47c99c:/var/www/html# curl -v dockerapi
* Could not resolve host: dockerapi
* Closing connection
curl: (6) Could not resolve host: dockerapi

912e8b47c99c:/var/www/html# ping dockerapi
PING dockerapi (172.22.1.3): 56 data bytes
64 bytes from 172.22.1.3: seq=0 ttl=64 time=0.102 ms

Other containers using curl were also having issues trying to resolve, I didn't check them all but there were others, plus a person in Telegram said they had acme container stuck waiting for nginx, which also uses curl to check for connectivity.

After lots of debugging, if I remove the search option from the containers /etc/resolv.conf mailcow it springs in to life. I have the search option set on my Debian host, so the container had inherited the same value, but that's been set for I can't remember how long.

Sounds as if there's a bug in the new alpine containers, as there was a new curl version last month, which maybe the issue, unless something else was changed.

### Logs:

```plain text
912e8b47c99c:/var/www/html# wget dockerapi -O -
Connecting to dockerapi (172.22.1.3:80)
wget: can't connect to remote host (172.22.1.3): Connection refused

912e8b47c99c:/var/www/html# curl -v dockerapi
* Could not resolve host: dockerapi
* Closing connection
curl: (6) Could not resolve host: dockerapi

912e8b47c99c:/var/www/html# ping dockerapi
PING dockerapi (172.22.1.3): 56 data bytes

Steps to reproduce:

1. Install Debian 11 and install docker from docker's repo
2. Checkout the Mailcow as of Janmooary 2024 release
3. Include a `search` option within the hosts /etc/resolv.conf
4. Bring up the mailcow container stack

Which branch are you using?

master

Operating System:

Debian 11

Server/VM specifications:

5GB, 4 Cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM

Docker version:

24.0.7

docker-compose version or docker compose version:

Docker Compose version v2.21.0

mailcow version:

2024-01

Reverse proxy:

None

Logs of git diff:

diff --git a/data/conf/phpfpm/php-fpm.d/pools.conf b/data/conf/phpfpm/php-fpm.d/pools.conf
index 605e686c..30cc7ad3 100644
--- a/data/conf/phpfpm/php-fpm.d/pools.conf
+++ b/data/conf/phpfpm/php-fpm.d/pools.conf
@@ -26,4 +26,4 @@ access.log = /proc/self/fd/2
 clear_env = no
 catch_workers_output = yes
 php_admin_value[memory_limit] = 512M
-php_admin_value[disable_functions] = show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen, system, shell_exec, passthru, popen, proc_open, exec, ini_alter, pcntl_exec, proc_close, proc_get_status, proc_terminate, symlink
+;php_admin_value[disable_functions] = show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen, system, shell_exec, passthru, popen, proc_open, exec, ini_alter, pcntl_exec, proc_close, proc_get_status, proc_terminate, symlink
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db..7a6163cb 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -173,3 +173,43 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+  redacted.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+  redacted.zen.dq.spamhaus.net=127.0.0.[10;11]*8
+  redacted.zen.dq.spamhaus.net=127.0.0.3*4
+  redacted.zen.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+
+# User Overrides
+myhostname = mail.redacted.com
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 10.111.0.0/16 10.112.0.0/16 10.113.0.0/16 192.168.10.0/24 192.168.20.0/24 10.1.0.0/24
+smtp_address_preference = ipv4
+inet_protocols = ipv4
+
+sender_canonical_classes = envelope_sender
+recipient_canonical_maps = socketmap:inet:172.22.1.42:10003:reverse, proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+recipient_canonical_classes = envelope_recipient, header_recipient
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 63ce875d..c064e2a3 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -145,3 +145,16 @@ watchdog_discard    unix  -       -       n       -       -       discard
    -o syslog_facility=local7
    -o syslog_name=watchdog
 # end watchdog-specific
+
+# SRS config
+cleanup-srs unix  n       -       -       -       0       cleanup
+      -o sender_canonical_maps=socketmap:inet:172.22.1.42:10003:forward
+      -o sender_canonical_classes=envelope_sender
+      -o recipient_canonical_maps=regexp:/opt/postfix/conf/regex_sender_canonical_srs
+
+127.0.0.1:10029 inet    n       -       -       -       -       smtpd
+        -o cleanup_service_name=cleanup-srs
+        -o smtpd_tls_security_level=none
+        -o content_filter=smtp:
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_milters=
diff --git a/data/conf/rspamd/custom/fishy_tlds.map b/data/conf/rspamd/custom/fishy_tlds.map
index 1b8b2b0d..a75e4f18 100644
--- a/data/conf/rspamd/custom/fishy_tlds.map
+++ b/data/conf/rspamd/custom/fishy_tlds.map
@@ -1,65 +1,64 @@
-/.+\.accountant$/i
-/.+\.art$/i
-/.+\.asia$/i
-/.+\.bid$/i
-/.+\.biz$/i
-/.+\.care$/i
-/.+\.cf$/i
-/.+\.click$/i
-/.+\.cloud$/i
-/.+\.co$/i
-/.+\.construction$/i
-/.+\.country$/i
-/.+\.cricket$/i
-/.+\.date$/i
-/.+\.desi$/i
-/.+\.download$/i
-/.+\.estate$/i
-/.+\.faith$/i
-/.+\.fit$/i
-/.+\.flights$/i
-/.+\.ga$/i
-/.+\.gdn$/i
-/.+\.gq$/i
-/.+\.guru$/i
-/.+\.icu$/i
-/.+\.id$/i
-/.+\.info$/i
-/.+\.in.net$/i
-/.+\.ir$/i
-/.+\.jetzt$/i
-/.+\.kim$/i
-/.+\.life$/i
-/.+\.link$/i
-/.+\.loan$/i
-/.+\.mk$/i
-/.+\.ml$/i
-/.+\.ninja$/i
-/.+\.online$/i
-/.+\.ooo$/i
-/.+\.party$/i
-/.+\.pro$/i
-/.+\.ps$/i
-/.+\.pw$/i
-/.+\.racing$/i
-/.+\.review$/i
-/.+\.rocks$/i
-/.+\.ryukyu$/i
-/.+\.science$/i
-/.+\.site$/i
-/.+\.space$/i
-/.+\.stream$/i
-/.+\.sucks$/i
-/.+\.tk$/i
-/.+\.top$/i
-/.+\.topica\.com$/i
-/.+\.town$/i
-/.+\.trade$/i
-/.+\.uno$/i
-/.+\.vip$/i
-/.+\.webcam$/i
-/.+\.website$/i
-/.+\.win$/i
-/.+\.work$/i
-/.+\.world$/i
+/.+\.accountant$/i
+/.+\.art$/i
+/.+\.asia$/i
+/.+\.bid$/i
+/.+\.biz$/i
+/.+\.care$/i
+/.+\.cf$/i
+/.+\.click$/i
+/.+\.cloud$/i
+/.+\.co$/i
+/.+\.construction$/i
+/.+\.country$/i
+/.+\.cricket$/i
+/.+\.date$/i
+/.+\.desi$/i
+/.+\.download$/i
+/.+\.estate$/i
+/.+\.faith$/i
+/.+\.fit$/i
+/.+\.flights$/i
+/.+\.ga$/i
+/.+\.gdn$/i
+/.+\.gq$/i
+/.+\.guru$/i
+/.+\.icu$/i
+/.+\.id$/i
+/.+\.info$/i
+/.+\.in.net$/i
+/.+\.ir$/i
+/.+\.jetzt$/i
+/.+\.kim$/i
+/.+\.life$/i
+/.+\.link$/i
+/.+\.loan$/i
+/.+\.mk$/i
+/.+\.ml$/i
+/.+\.ninja$/i
+/.+\.online$/i
+/.+\.ooo$/i
+/.+\.party$/i
+/.+\.pro$/i
+/.+\.ps$/i
+/.+\.pw$/i
+/.+\.racing$/i
+/.+\.review$/i
+/.+\.rocks$/i
+/.+\.ryukyu$/i
+/.+\.science$/i
+/.+\.site$/i
+/.+\.space$/i
+/.+\.stream$/i
+/.+\.sucks$/i
+/.+\.top$/i
+/.+\.topica\.com$/i
+/.+\.town$/i
+/.+\.trade$/i
+/.+\.uno$/i
+/.+\.vip$/i
+/.+\.webcam$/i
+/.+\.website$/i
+/.+\.win$/i
+/.+\.work$/i
+/.+\.world$/i
 /.+\.xyz$/i
diff --git a/data/conf/rspamd/custom/global_rcpt_blacklist.map b/data/conf/rspamd/custom/global_rcpt_blacklist.map
index 3c872889..aae12671 100644
--- a/data/conf/rspamd/custom/global_rcpt_blacklist.map
+++ b/data/conf/rspamd/custom/global_rcpt_blacklist.map
@@ -1 +1,20 @@
-# /.+example\.com/i
+# /.+example\.com/i
+# BL for not existing (or badly configured) recipients
+/^dmarc_aggregate_reports@comodoca\.net$/i
+/^dmarc\.reports@chainreactioncycles\.com$/i
+/^dmarcreport@web\.de$/i
diff --git a/data/conf/rspamd/custom/global_smtp_from_whitelist.map b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
index 3c872889..3a0cd378 100644
--- a/data/conf/rspamd/custom/global_smtp_from_whitelist.map
+++ b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
@@ -1 +1,31 @@
-# /.+example\.com/i
+# /.+example\.com/i
+/.*\.mcsv\.net$/i
+/.*\.mcdlv\.net$/i
+/.*soyoustart\.com$/i
+/.*\.account\.sony\.com$/i
diff --git a/data/conf/rspamd/local.d/history_redis.conf b/data/conf/rspamd/local.d/history_redis.conf
index 68a59b0c..73dbf1e6 100644
--- a/data/conf/rspamd/local.d/history_redis.conf
+++ b/data/conf/rspamd/local.d/history_redis.conf
@@ -1 +1 @@
-nrows = 1000;
+nrows = 3000;
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 8d4dd93d..7922f191 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -59,7 +59,7 @@
     WONoDetach = YES;

     SOGoIMAPAclConformsToIMAPExt = Yes;
-    SOGoPageTitle = "SOGo Groupware";
+    SOGoPageTitle = "My Mail";
     SOGoFirstDayOfWeek = "1";

     SOGoSieveFolderEncoding = "UTF-8";
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..847aeba5 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no
@@ -35,6 +35,23 @@ server:
   unwanted-reply-threshold: 10000
   ipsecmod-enabled: no

+  private-domain: "lynx"
+  domain-insecure: "lynx"
+  private-domain: "mist"
+  domain-insecure: "mist"
+  private-domain: "icy.li"
+  domain-insecure: "icy.li"
+  forward-zone:
+    name: "lynx"
+    forward-addr: 10.111.1.10
+  forward-zone:
+    name: "mist"
+    forward-addr: 10.111.1.10
+  forward-zone:
+    name: "icy.li"
+    forward-addr: 10.10.0.10
+
+
 remote-control:
   control-enable: yes
   control-interface: 127.0.0.1
diff --git a/data/web/thunderbird-plugins.php b/data/web/thunderbird-plugins.php
new file mode 100644
index 00000000..889cdf35
--- /dev/null
+++ b/data/web/thunderbird-plugins.php
@@ -0,0 +1,118 @@
+<?php
+/* updates.php - this file is part of SOGo
+ *
+ *  Copyright (C) 2006-2014 Inverse inc.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+/* This script handles the automatic propagation of extensions pertaining to a
+   SOGo site. It requires PHP 4.1.0 or later. */
+$plugin_dir = 'thunderbird-plugins';
+chdir($plugin_dir);
+$plugins = array();
+
+if (file_exists('version.csv'))
+{
+  $fh = fopen('version.csv', 'r');
+  if ($fh)
+  {
+    while (($row = fgetcsv($fh, 1000, ';')) !== FALSE)
+    {
+      $plugins[$row[0]] = array(
+        'application' => 'thunderbird',
+        'version' => $row[1],
+        'filename' => str_replace('__DOMAIN__', $_GET["domain"], $row[2]),
+      );
+      if (count($row) > 3)
+      {
+          $plugins[$row[0]]['min_version'] = $row[3];
+      }
+      else
+      {
+          $plugins[$row[0]]['min_version'] = '30.0';
+      }
+    }
+    fclose($fh);
+  }
+}
+
+$applications
+= array( "thunderbird" => "<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
+                <em:minVersion>__MIN_VERSION__</em:minVersion>
+                <em:maxVersion>99.*</em:maxVersion>" );
+
+$pluginname = $_GET["plugin"];
+$plugin =& $plugins[$pluginname];
+$application =& $applications[$plugin["application"]];
+
+if ( $plugin ) {
+  $platform = $_GET["platform"];
+  if ( $platform
+       && file_exists( $platform . "/" . $plugin["filename"] ) ) {
+    $plugin["filename"] = $platform . "/" . $plugin["filename"];
+  }
+  elseif ( !file_exists( $plugin["filename"] ) ) {
+    $plugin = false;
+  }
+}
+
+if (preg_match('/Thunderbird\/([0-9\.]+)/', $_SERVER['HTTP_USER_AGENT'], $client_ver))
+{
+   $client_ver = $client_ver[1];
+}
+else
+{
+   $client_ver = $plugin['min_version'];
+}
+
+if ( $plugin ) {
+  if (version_compare($client_ver, $plugin['min_version'], '<')) {
+    header("Content-type: text/plain; charset=utf-8", true, 404);
+    echo( 'Plugin not compatible with client version' );
+    exit;
+  }
+  header("Content-type: text/xml; charset=utf-8");
+  echo ('<?xml version="1.0"?>' . "\n");
+?>
+<!DOCTYPE RDF>
+<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+  xmlns:em="http://www.mozilla.org/2004/em-rdf#">
+  <Description about="urn:mozilla:extension:<?php echo $pluginname ?>">
+    <em:updates>
+      <Seq>
+        <li>
+          <Description>
+            <em:version><?php echo $plugin["version"] ?></em:version>
+            <em:targetApplication>
+              <Description>
+                <?php echo str_replace('__MIN_VERSION__', $plugin['min_version'], $applications[$plugin["application"]]); ?>
+                
+                <em:updateLink><?php echo 'https://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/' .  $plugin_dir . '/' . $plugin["filename"] ?></em:updateLink>
+              </Description>
+            </em:targetApplication>
+          </Description>
+        </li>
+      </Seq>
+    </em:updates>
+  </Description>
+</RDF>
+<?php
+} else {
+  header("Content-type: text/plain; charset=utf-8", true, 404);
+  echo( 'Plugin not found' );
+}
+?>
diff --git a/data/web/thunderbird-plugins/build-plugins.sh b/data/web/thunderbird-plugins/build-plugins.sh
new file mode 100755
index 00000000..1d4e40b6
--- /dev/null
+++ b/data/web/thunderbird-plugins/build-plugins.sh
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+set -e
+
+MAILHOST=$1
+if [ "$MAILHOST" = "" ]; then
+   echo "Usage: echo example.com example.org | $0 mailcow.example.com"
+   exit 1
+fi
+
+cd $(dirname $0)
+
+wget -O integrator.tar.gz https://github.com/inverse-inc/sogo-integrator/archive/master.tar.gz
+wget -O connector.tar.gz https://github.com/inverse-inc/sogo-connector/archive/master.tar.gz
+
+mkdir -p integrator connector
+tar --strip-components=1 -C integrator -xf integrator.tar.gz
+tar --strip-components=1 -C connector -xf connector.tar.gz
+
+# build custom integrator
+while read DOMAINS; do
+   for DOMAIN in $DOMAINS; do
+       echo "Building SOGo Integrator for $DOMAIN hosted on $MAILHOST"
+       cd integrator
+       echo > defaults/preferences/site.js
+       mkdir -p custom/${DOMAIN}
+       cp -r custom/sogo-demo/* custom/${DOMAIN}/
+       sed -i "s/http:\/\/sogo-demo\.inverse\.ca/https:\/\/${MAILHOST}/g" custom/${DOMAIN}/chrome/content/extensions.rdf
+       sed -i "s/plugins\/updates\.php[?]/thunderbird-plugins.php?domain=${DOMAIN}\&amp;/g" custom/${DOMAIN}/chrome/content/extensions.rdf
+       echo 'pref("sogo-integrator.autocomplete.server.urlid", "'${DOMAIN}'");' > custom/${DOMAIN}/defaults/preferences/site.js
+       echo 'pref("mail.collect_email_address_outgoing", false);' >> custom/${DOMAIN}/defaults/preferences/site.js
+       sed -i 's/<\/Seq>/<li><Description em:id="sieve@mozdev.org" em:name="Sieve"\/><\/li><li><Description em:id="imap-acl@sirphreak.com" em:name="Imap-ACL-Extension"\/><\/li><\/Seq>/g' custom/${DOMAIN}/chrome/content/extensions.rdf
+       make build=${DOMAIN}
+       INTEGRATOR_VER=$(grep em:version install.rdf | awk -F '"' '{print $2}')
+       INTEGRATOR_MIN_VER=$(grep em:minVersion install.rdf | grep -Eo '[0-9\.]+' | head -n 1)
+       cp sogo-integrator-*-${DOMAIN}.xpi ../sogo-integrator-${INTEGRATOR_VER}-${DOMAIN}.xpi
+       cd ..
+   done
+done
+
+# build connector
+cd connector
+make
+CONNECTOR_VER=$(grep em:version install.rdf | awk -F '"' '{print $2}')
+CONNECTOR_MIN_VER=$(grep em:minVersion install.rdf | grep -Eo '[0-9\.]+' | head -n 1)
+cp sogo-connector-*.xpi ../sogo-connector-${CONNECTOR_VER}.xpi
+cd ..
+
+# download Sieve plugin
+SIEVE_RELEASES=$(wget --header="Accept: application/vnd.github.v3+json" -qO - https://api.github.com/repos/thsmi/sieve/releases)
+SIEVE_VER=$(echo "$SIEVE_RELEASES" | grep -o '"tag_name": *"[^"]*"' | head -n 1 | awk -F '"' '{print $4}')
+SIEVE_URL=$(echo "$SIEVE_RELEASES" | grep -o '"browser_download_url": *"[^"]*"' | head -n 1 | awk -F '"' '{print $4}')
+wget -O sieve-${SIEVE_VER}.xpi ${SIEVE_URL}
+unset SIEVE_RELEASES
+
+# download ACL plugin
+IMAP_ACL_RELEASES=$(wget -qO - 'https://addons.thunderbird.net/en-US/thunderbird/addon/imap-acl-extension/')
+IMAP_ACL_VER=$(echo "$IMAP_ACL_RELEASES" | grep version-number | awk -F '[<>]' '{print $3}' | head -n 1)
+IMAP_ACL_URL=$(echo "$IMAP_ACL_RELEASES" | grep -o 'https://.*\.xpi' | head -n 1)
+wget -O imap_acl_extension-${IMAP_ACL_VER}-tb.xpi ${IMAP_ACL_URL}
+unset IMAP_ACL_RELEASES
+
+# update version file
+echo "sogo-connector@inverse.ca;${CONNECTOR_VER};sogo-connector-${CONNECTOR_VER}.xpi;${CONNECTOR_MIN_VER}" > version.csv
+echo "sogo-integrator@inverse.ca;${INTEGRATOR_VER};sogo-integrator-${INTEGRATOR_VER}-__DOMAIN__.xpi;${INTEGRATOR_MIN_VER}" >> version.csv
+echo "sieve@mozdev.org;${SIEVE_VER};sieve-${SIEVE_VER}.xpi" >> version.csv
+echo "imap-acl@sirphreak.com;${IMAP_ACL_VER};imap_acl_extension-${IMAP_ACL_VER}-tb.xpi" >> version.csv
+
+rm -rf connector integrator *.tar.gz
diff --git a/data/web/thunderbird-plugins/imap_acl_extension-0.2.7-tb.xpi b/data/web/thunderbird-plugins/imap_acl_extension-0.2.7-tb.xpi
new file mode 100644
index 00000000..1cf02b2e
Binary files /dev/null and b/data/web/thunderbird-plugins/imap_acl_extension-0.2.7-tb.xpi differ
diff --git a/data/web/thunderbird-plugins/sieve-0.3.1.xpi b/data/web/thunderbird-plugins/sieve-0.3.1.xpi
new file mode 100644
index 00000000..0646b59f
Binary files /dev/null and b/data/web/thunderbird-plugins/sieve-0.3.1.xpi differ
diff --git a/data/web/thunderbird-plugins/sogo-connector-60.0.2.xpi b/data/web/thunderbird-plugins/sogo-connector-60.0.2.xpi
new file mode 100644
index 00000000..106beeac
Binary files /dev/null and b/data/web/thunderbird-plugins/sogo-connector-60.0.2.xpi differ
diff --git a/data/web/thunderbird-plugins/sogo-integrator-60.0.2-redacted.com.xpi b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-redacted.com.xpi
new file mode 100644
index 00000000..413b508e
Binary files /dev/null and b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-redacted.com.xpi differ
diff --git a/data/web/thunderbird-plugins/sogo-integrator-60.0.2-lemonjuice.tk.xpi b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-lemonjuice.tk.xpi
new file mode 100644
index 00000000..9765cfab
Binary files /dev/null and b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-lemonjuice.tk.xpi differ
diff --git a/data/web/thunderbird-plugins/sogo-integrator-60.0.2-wheels.tk.xpi b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-wheels.tk.xpi
new file mode 100644
index 00000000..19b59e17
Binary files /dev/null and b/data/web/thunderbird-plugins/sogo-integrator-60.0.2-wheels.tk.xpi differ
diff --git a/data/web/thunderbird-plugins/version.csv b/data/web/thunderbird-plugins/version.csv
new file mode 100644
index 00000000..f238b3a8
--- /dev/null
+++ b/data/web/thunderbird-plugins/version.csv
@@ -0,0 +1,4 @@
+sogo-connector@inverse.ca;60.0.2;sogo-connector-60.0.2.xpi;60.0
+sogo-integrator@inverse.ca;60.0.2;sogo-integrator-60.0.2-__DOMAIN__.xpi;60.0
+sieve@mozdev.org;0.3.1;sieve-0.3.1.xpi
+imap-acl@sirphreak.com;0.2.7;imap_acl_extension-0.2.7-tb.xpi
diff --git a/docker-compose.yml b/docker-compose.yml
index 26a0cfe1..3fbad9b1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -262,8 +262,8 @@ services:
         - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
         - "${IMAP_PORT:-143}:143"
         - "${IMAPS_PORT:-993}:993"
-        - "${POP_PORT:-110}:110"
-        - "${POPS_PORT:-995}:995"
+#        - "${POP_PORT:-110}:110"
+#        - "${POPS_PORT:-995}:995"
         - "${SIEVE_PORT:-4190}:4190"
       restart: always
       tty: true
@@ -604,42 +604,12 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: false
     ipam:
       driver: default
       config:
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 03390927..a186cfca 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -39,12 +39,12 @@ if [[ ! -d ${BACKUP_LOCATION} ]]; then
     exit 1
   else
     mkdir -p ${BACKUP_LOCATION}
-    chmod 755 ${BACKUP_LOCATION}
+    chmod 750 ${BACKUP_LOCATION}
   fi
 else
   if [[ ${1} == "backup" ]] && [[ -z $(echo $(stat -Lc %a ${BACKUP_LOCATION}) | grep -oE '[0-9][0-9][5-7]') ]]; then
     echo "${BACKUP_LOCATION} is not write-able for others, that's required for a backup."
-    exit 1
+#    exit 1
   fi
 fi

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 159K   60M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 166K   66M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 166K   66M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 123K   58M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10129  636K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
32837 6951K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 9810  617K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.7           tcp dpt:3306
   77  4556 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    2    88 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80
   13   756 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   71  4260 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
   70  4192 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
   11   640 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
   75  4500 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
32837 6951K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 341K  116M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
66227   12M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
 341K  116M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
    0     0 DOCKER-USER  all      *      *       ::/0                 ::/0
    0     0 DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0
    0     0 DROP       all      *      docker0  ::/0                 ::/0
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      *      *       ::/0                 ::/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1480  103K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
11537  787K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.7           172.22.1.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.7:3306
   77  4556 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    2    88 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80
   13   756 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   71  4260 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
   71  4252 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
   11   640 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
   76  4560 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all      docker0 *       ::/0                 ::/0

DNS check:

104.18.32.7
172.64.155.249

[DerLinkman]

In my tests i cannot reproduce this but i heard about this issue even earlier then the last update.

However it's very very hard to debug as the normal startup is working in general.

I'll try my best to look around.

[FingerlessGlov3s]

After investigation with @DerLinkman's help, we believe the issue to be related to recent c-ares changes and being included in Alpine 3.19, the fix exists, but they've not released a new release since the merge, so we need to wait for that plus for it to hit the Alpine repo. Then hopefully it fixes the problem I and a few others are experiencing.

https://github.com/c-ares/c-ares/pull/685

Workaround until the fix reachs Alpine is to remove search option for the moment.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.