Closed kwisatz closed 7 months ago
Hi, yes Docker changed their way of enabling_ipv6 automatically when a ipv6 subnet is specified within the compose.yml like in mailcow's case.
Try to remove the IPv6 Subnet from your docker-compose.yml and see if it is working afterwards.
I disabled (commented out) the ipv6 subnet in docker-compose.yml
and while it's possible (we'll see) that further sieve rules will not make dovecot
attempt to use ipv6
for connecting to the postfix
container, it didn't help with the mails already in the queue.
They continue to try and connect using ipv6:
dovecot-mailcow-1 | Jan 24 08:35:46 3f91e5fdd654 dovecot: lmtp(email@domain.tld)<317><4K1GF+HLsGU9AQAA1Pm2Ig:T7>: Error: smtp-client: conn postfix:588 ([fd4d:6169:6c63:6f77::13]:588) [1]: connect(postfix:588) failed: Connection refused
dovecot-mailcow-1 | Jan 24 08:35:46 3f91e5fdd654 dovecot: lmtp(email@domain.tld)<317><4K1GF+HLsGU9AQAA1Pm2Ig:T7>: Error: sieve: msgid=<7I3R.9QSD.8A43189E18F7509E6HO6KL7433F7B2DF630E9B.c47d36fe-a647-4e92-844c-7ab8a2154852@wakelet.email>: redirect action: failed to redirect message to <cpull@ausgespillt.lu>: smtp(postfix:588): RCPT TO failed: Failed to connect to remote server (temporary failure)
dovecot-mailcow-1 | Jan 24 08:35:46 3f91e5fdd654 dovecot: lmtp(email@domain.tld)<317><4K1GF+HLsGU9AQAA1Pm2Ig:T7>: Error: sieve: Execution of script /var/vmail/sieve/email@domain.tld.sieve was aborted due to temporary failure (user logfile /var/vmail/sieve/email@domain.tld.sieve.log may reveal additional details)
Edit: --force-recreate
is not enough to make a container lose its ipv6
. Indeed, the containers have to be removed, together with the network (docker compose down
) to then bring them back up without ipv6
addresses.
However the watchdog message remains:
Wed Jan 24 09:47:53 CET 2024 - enable_ipv6 is true in docker-compose.yml, but an IPv6 link could not be established. Please verify your IPv6 connection.
When I had just run docker compose up -d --force-recreate
:
Inspecting the postfix container, I can see it still gets assigned IPv6 addresses:
"Gateway": "172.22.1.1",
"IPAddress": "172.22.1.253",
"IPPrefixLen": 24,
"IPv6Gateway": "fd4d:6169:6c63:6f77::1",
"GlobalIPv6Address": "fd4d:6169:6c63:6f77::13",
"GlobalIPv6PrefixLen": 64,
To be clear, my host supports ipv6
, only it does not get assigned a global ipv6
. So while the containers could theoretically use ipv6 for internal communication, what I do not want is for them to try and use ipv6 for outbound connections.
So maybe what I can also try was to remove the ipv4 restriction on my postfix configuration… if I could somehow restrict that to inbound traffic to postgres only.
smtp_address_preference = ipv4
inet_protocols = ipv4
Hi, yes Docker changed their way of enabling_ipv6 automatically when a ipv6 subnet is specified within the compose.yml like in mailcow's case.
Try to remove the IPv6 Subnet from your docker-compose.yml and see if it is working afterwards.
Has any post been made about the issue? I have seen two or three users report it just today between Telegram and community forums.
Hi, I can confirm the very same behavior. Even if I removed all the IPV6 references in the docker-compose.yml and rebooted the whole machine, still messages in the queue trying to connect via IPV6 and in the log:
Error: smtp-client: conn postfix:588 ([fd4d:6169:6c63:6f77::11]:588) [1]: connect(postfix:588) failed: Connection refused
Are they undeliverable?
before it worked since 1 year without any issue. after upgrade to 2024-01b:
_Wed Jan 31 21:54:42 CET 2024 - enableipv6 is true in docker-compose.yml, but an IPv6 link could not be established. Please verify your IPv6 connection.
disabling of ipv6 is done according to: https://docs.mailcow.email/de/post_installation/firststeps-disable_ipv6/
Hello,
it is a change that came with Docker 25.0.
We'll release 2024-01c today and will update the docs accordingly for this bug.
Updated the Docs Page: https://docs.mailcow.email/post_installation/firststeps-disable_ipv6/ accordingly.
Contribution guidelines
I've found a bug and checked that ...
Description
Upon container start, I'm receiving the following watchdog email:
However,
enable_ipv6
is not true in mydocker-compose.yml
, nor in theoverride
file:I have followed https://docs.mailcow.email/post_installation/firststeps-disable_ipv6/ to the letter and this has worked in the past.
Logs:
Steps to reproduce:
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Debian 11.8
Server/VM specifications:
8Gb, 4 cores
Is Apparmor, SELinux or similar active?
no
Virtualization technology:
KVM
Docker version:
25.0.0
docker-compose version or docker compose version:
v2.24.1
mailcow version:
2024-01b
Reverse proxy:
Nginx
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check: