Update to 2024-01c breaks Dovecot replicator

[ro78]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

After upgrading from 2024-01b to 2024-01c, I'm getting this error reported by watchdog by email:
Fri Feb  2 16:24:01 CET 2024 - Please check the Dovecot replicator status

Logs:

watchdog-mailcow-1   | Fri Feb 2 16:23:01 CET 2024 Dovecot replication health level: 0% (0/20), health trend: -1
watchdog-mailcow-1   | Fri Feb 2 16:23:07 CET 2024 PHP-FPM health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:07 CET 2024 SOGo health level: 100% (3/3), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:08 CET 2024 Dovecot health level: 100% (12/12), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:10 CET 2024 Redis health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:10 CET 2024 Postfix health level: 100% (8/8), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:13 CET 2024 Olefy health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:18 CET 2024 Nginx health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:21 CET 2024 ACME health level: 100% (1/1), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:26 CET 2024 MySQL/MariaDB health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:29 CET 2024 PHP-FPM health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:37 CET 2024 Ratelimit health level: 100% (1/1), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:42 CET 2024 Rspamd health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:43 CET 2024 SOGo health level: 100% (3/3), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:54 CET 2024 ACME health level: 100% (1/1), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:58 CET 2024 Nginx health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:59 CET 2024 Unbound health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:23:59 CET 2024 Mail queue health level: 100% (20/20), health trend: 0
watchdog-mailcow-1   | Fri Feb 2 16:24:01 CET 2024 Dovecot hit error limit
watchdog-mailcow-1   | Fri Feb 2 16:24:01 CET 2024 Dovecot replication is not working properly
watchdog-mailcow-1   | Fri Feb 2 16:24:01 CET 2024 Dovecot replication health level: 95% (19/20), health trend: -1
watchdog-mailcow-1   | OK

Steps to reproduce:

1. Upgrading from 2024-01b to 2024-01c

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12

Server/VM specifications:

12 cores, 32 GB of RAM

Is Apparmor, SELinux or similar active?

No

Virtualization technology:

Baremetal

Docker version:

25.0.1

docker-compose version or docker compose version:

v2.24.2

mailcow version:

2024-01c

Reverse proxy:

Apache

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..c3de0bcc 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFuTCCA6GgAwIBAgIUOGb1PBTNRcOqahnrsq2wPOujzBswDQYJKoZIhvcNAQEL
+BQAwbDELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEZMBcGA1UEAwwQ
+bWFpbC5ib3Jlem8uaW5mbzAeFw0yMzA4MzExMzEyNDJaFw0yNDA4MzAxMzEyNDJa
+MGwxCzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB1dpbGxpY2gx
+EDAOBgNVBAoMB21haWxjb3cxEDAOBgNVBAsMB21haWxjb3cxGTAXBgNVBAMMEG1h
+aWwuYm9yZXpvLmluZm8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCh
+1W39wkaHBkXoM1I5q1Qai2kdRNOOdaGT44TEPL3xUP71o1ATIgbsISWjQ8GTsefy
+Gb0AyTtRKgiZ5+cq9QhJUpJZEGCr+D4R8fknbs+M+NRo1tYFhHSNb0vsdy5CxWl0
+Qp3xuDbUdFIoxGXnfjh60xHOqrDlhO4qIw9llj6Vbr0+tN9qHJj3PnC7DU6EUO/s
+Rr/pTayzkC10lA4tqh7mfgSOGC0qJfzjJpd/SfiXyYU9gRkWWuJpEYmAGOqMT+Oj
+flMAORWILWqbZ0GJEuUeJIpS+ok/53a4qHiWHUJqcC98d6sxYA+z8SrLTuclFqHy
+q1poLhBCqjzum2gUKyeuZx/94A0cfzx5STZMVAhihM+gmnoZ8KmMTyoE5w+5u3N9
+X+eRD176pNnvZmA76Vazc9znl6Ns262iKpSavnVao1YhOq1A3pQipUHyRML7YZqw
+fdD00q5Sg0Qg2EtteFIejtAhZ/d4leSwLU4tDfFvyNxwF5QbwuvLnJemQDesmGlu
+ecKD31AX61hQPRu0JoAqMwYy4ukSCFoV8ZjB9zwHj5SAb4en3eV1AIE9tqQwC0ey
+iJzXYRjFbhLRS0LOXQMzcO4ApsOR2g6jcsP4E9HM8TQSzOJBxbJDUnALe2E7WHyA
+iJf77imivHiX2EJav+6JmdBa0dbMLJehfbDrPfddmwIDAQABo1MwUTAdBgNVHQ4E
+FgQUf28stIRqqRK1UDhck8N7s+pRrIgwHwYDVR0jBBgwFoAUf28stIRqqRK1UDhc
+k8N7s+pRrIgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAl9Sy
+0yr8pBMrYoxDf7GRwDcPp0Bxrdhyw08Q8PTXCBRfdSBqBoj+006WXJ/C1b1S2DIa
+IwfTa6Msj4yKYQUvuOygDlQ4mrS5oJ5mQJOxHVSyqrvq6CuwG6VloLjXqGsoD8F0
+fy/GfSU4KurFUtrmsFtQX2CijeLkGFm9EWkNcNxA26x3Pwoa8/3LPLbnqn2dE/ks
+5TsEzMjGeaGL44UnmoQyHc7NVLD0Xh2hqbwm9Ed8uuH9g+8WI2bBUMPB3u3aK1QY
+9H2l0MqWSGSYk7mIyRl5cUnanoCPtzXfIjdqSmrCYg//Ggi4+W0hQfkyCPJS7GmG
+4DX7bU8vPODKkpJV9yhWWPkw8w4ItuOMnkS1D33sqxD1VSoxI0WDVBFxtAqODXcl
+ItB4DtP8d5jkBhFPQE5CG1aC4AfsmYcX9RuLo0qF+oq2YM2ILM98WOeIJ9Hk2Zv7
+2E/JMhhlPGhmQFyrMt2O8oxxjhYODrz2y1XvxTCVOOkubuIWncP2rnFK+V5e0lwV
+PdhAfSXlEe+2SNFUFJXx+/iJLKxXB+V5aL3+TqzIGTVLyH7fqAm8hTgV9tqDX3yK
+bYUY6BNDdJPUgN4x6YkmmAgKsBpm89UWPdgmOhhfT0EJmiIsx+hRHC6izwyDO1aj
+EuhU54RKfnZJWqX+lxxlgiKThLS12gAqkhkmx8E=
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..a555fc73 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCh1W39wkaHBkXo
+M1I5q1Qai2kdRNOOdaGT44TEPL3xUP71o1ATIgbsISWjQ8GTsefyGb0AyTtRKgiZ
+5+cq9QhJUpJZEGCr+D4R8fknbs+M+NRo1tYFhHSNb0vsdy5CxWl0Qp3xuDbUdFIo
+xGXnfjh60xHOqrDlhO4qIw9llj6Vbr0+tN9qHJj3PnC7DU6EUO/sRr/pTayzkC10
+lA4tqh7mfgSOGC0qJfzjJpd/SfiXyYU9gRkWWuJpEYmAGOqMT+OjflMAORWILWqb
+Z0GJEuUeJIpS+ok/53a4qHiWHUJqcC98d6sxYA+z8SrLTuclFqHyq1poLhBCqjzu
+m2gUKyeuZx/94A0cfzx5STZMVAhihM+gmnoZ8KmMTyoE5w+5u3N9X+eRD176pNnv
+ZmA76Vazc9znl6Ns262iKpSavnVao1YhOq1A3pQipUHyRML7YZqwfdD00q5Sg0Qg
+2EtteFIejtAhZ/d4leSwLU4tDfFvyNxwF5QbwuvLnJemQDesmGluecKD31AX61hQ
+PRu0JoAqMwYy4ukSCFoV8ZjB9zwHj5SAb4en3eV1AIE9tqQwC0eyiJzXYRjFbhLR
+S0LOXQMzcO4ApsOR2g6jcsP4E9HM8TQSzOJBxbJDUnALe2E7WHyAiJf77imivHiX
+2EJav+6JmdBa0dbMLJehfbDrPfddmwIDAQABAoICABBF49+Gb40YRmNI9dWysqxQ
+pGs7BoLmtS6nzCvnZ7oiSODuYRjrbQLFeoFmSMrPMuGXUPgJRBuvPFothYM+TG0D
+DpBCI1ZnieZIDKO4cspcIw+/upmnbgjiziGjAlXYf/ge0r8BpRHL+I784LpcaNWA
+7+N2Kn+J1GEMUXoHl5dzIThy+5wx7/e8oZ1Ngz2u3dFGc/nDw7/ymX+Fe79/wcev
+mEmpiLEaTMmSkd1M1OB+dRVwK9Oho+6owsjMuJkPV3aTN0lodA/TcUrbIS3lZoCX
+cAlUBAUXA0siNa3yl0EYss2zQtWeMTYI5CK5dmi2U+aQ8HBVYXEyqRndKqQMitrH
+ltQKLWH+ElRgkZFfkzB4Ijq9os4GVLzPaQeZHL/KcO+Rtt+yugBhKdclxx5q4HA6
+YGL6qxnfDUuDXSlgKRoxgFzUCiaz1LN1hY6clz8Q8jArFlHRSLpWyd5itT6MRWmh
+n+uLfbp4DZ4owywMeQuNcmUHafolhrg0MLGK/TwOkazs8wg59klPHuLyrqks7rvD
+4uKMoeivh8uoti9Dz0n+GQycOpcrYEq4ODOWjOWOeb93Hlkt4jxS8TopRBFt8MG+
+uTPCnWM67jKkrI+N8oD4fH6tmed3Covo8WL+h+CLVBZwWcOVg4E6AuhrinR6nYxz
+TWe6t0KOWbjHsC8WV3TRAoIBAQDckA6Px0X8XbhVyk3Ew06UwyC27Rdcu8+DMM4D
+EUwuBR/thAxbj2/9ZKfR80ztMtIUNkz20ms70U6ks2hmZdf91XRNNWEvGpln2www
+j1SEsAm1PK+l5p9+dARdm4M5A3BxwYwZsF1W7Tl/XG9dqgaxDK4dVvBO8o2qihB2
+7+8HIl0Z1baVjWIhHtHNv9xb7LFqUk7NKbyrmU9gMBk4xm1R2s3Vk5xUBuMGqYNE
+3g2fc3uni2iRBGTpV0MulOKeClHdM7ng/dtzQLcsw6+XQYbpRXiY1Dfmy6GyEzvZ
+z2ngwfnLl13jEgB5RHgUG6P10ZmbZOTOQzc7+2vonaRhKXgVAoIBAQC71cuw3kQU
+iGs4Vo2gaxF6UOneNSbk7u+uJTo51OeQC2IVS3TKbmG9+w5Bv9Mru6aHLEMG0ykq
+HBc1DWAhu/nh7TNSWqHXlnc00PH11EHugRm4ZmVa/IuloV8yDuKm87Rxrr3id6qZ
+Uh+l4+FJNwQma4PAoQXeYUi1pn8IzaS2lLQKYtmuMsW9eaqBAqgGjxgIE0gYXwUg
+cbcWWTL1/RuL//uVZoLMoQiELdH00vMhWRKQCoGu7V3oqfQaumcLkhrbesg3jHVc
+GtslokPiB2tw1shtXrh9KX0NeLSY1YZyV91ZeBzKGSiw5s1kyY8L6xg0u62jRp2o
+HIPXsugiPbrvAoIBAQC7DKR8xJeStXxtrRqU4rlSqcSlvZ4Rc+lBLfOYYGQFpyzz
+hgfg4l0sPN+hyr8TbgUBRSeyLrLoUNJsFQZVyMsLJqnyDHH1u44bqIXG7NbVjGE/
+RU8E1/etCwDkzczUXhlPL7/7zTjrTlVzsFV1zorMPZ+vnBpCKauA1IOwCjzhBQCF
+t1uXqwZsZjGxVqOvhaTUMSdJELtDn8nUHhZVstnlEDV9iiiKjiicbse3cMWG0y4r
+4at1SI+339xGtdcWBlR0zrg1mbQxItH1caMJGHYsgFEM8vTRkyH23h7k0eTNylNo
+mF70AkFKlolrLCG5h97IDSGJ1zERemCCLqbIC54dAoIBAH47OM9dH+2YnE3ZRQaY
+zb8g33p4x/G0bZjf5dh1r0ULkVf0RMHCGqe9L6CaFIVgb5KJ+WV9xT1KcYIywfcJ
+x+3AJexjgj5LHUN+ZA0sHz70vd9B2T2jWQnvf/U5MbK3Nv3rTCsE9r5hBWnL0lwM
+wBo9yOZMkJAZWu7QvLCi2t3k43XTZqz97Avg1ugqa9c0lRbgNmRCf0SFh2Bag7fy
+6G9WkbGemaqBUiLaVC4vEjvIC4SHuw1e8expQuYvfQ62mpwDUMib+UbzuXD6MpqV
+F+xWO43cySk8F5FVHDFV1ivDxrrY0Kg07jasdT4Vgq+kx7iwpAmFbHBM8YGk9wID
+8DsCggEBANWZbpVRP9aPixiOpCw1bxrlZsYD7vQxMBgGUUAVtpVYs9XYhJSTaQDl
+oKmum8GoGtOew5nMn2GMs87yUHr99/19FpfD/k/Bm3ZKn9BG5xY8m7ZR/dZn8IMz
+UUltboMvCwNDurJgZuGGuMfe7bYPtGOQobcdzYC6J8EIEYKG22gvqRJQNTcgpuW3
+QzY1K1owKYn/rw7lNH/nslHSgfrpgDiQqOv7NNI16dlFP8fE7nbwpNKF+NoA29QO
+SorTXkv9DQ/XU3HiHjRM+29LtLXeclhaxiifyqVMuz+bZMvrPGTMub6GSNL6emHb
+CwsENCeuxd7Ajqu9plX1sqcWz5gopbE=
+-----END PRIVATE KEY-----
diff --git a/data/conf/postfix/anonymize_headers.pcre b/data/conf/postfix/anonymize_headers.pcre
index 061a4bc0..a0343b36 100644
--- a/data/conf/postfix/anonymize_headers.pcre
+++ b/data/conf/postfix/anonymize_headers.pcre
@@ -17,4 +17,4 @@ endif
 /^\s*X-Originating-IP/  IGNORE
 /^\s*X-Forward/         IGNORE
 # Not removing UA by default, might be signed
-#/^\s*User-Agent/        IGNORE
+/^\s*User-Agent/        IGNORE
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db..a1b6d684 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -173,3 +173,48 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+
+
+# User Overrides
+myhostname = mail.borezo.info
+#srs
+#sender_canonical_maps = socketmap:inet:172.22.1.42:10003:forward
+sender_canonical_classes = envelope_sender
+recipient_canonical_maps = socketmap:inet:172.22.1.42:10003:reverse, proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+recipient_canonical_classes = envelope_recipient, header_recipient
+#!srs
+#smtpbanner
+smtpd_banner = mail.borezo.info ESMTP
+#!smtpbanner
+#delimeter
+#recipient_delimiter = +-
+#!delimeter
+#bounces
+notify_classes = bounce
+bounce_notice_recipient = bounce@bnc.borezo.info
+#!bounces
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 63ce875d..5d46e0c0 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -145,3 +145,16 @@ watchdog_discard    unix  -       -       n       -       -       discard
    -o syslog_facility=local7
    -o syslog_name=watchdog
 # end watchdog-specific
+# SRS config
+cleanup-srs unix  n       -       -       -       0       cleanup
+      -o sender_canonical_maps=socketmap:inet:172.22.1.42:10003:forward
+      -o sender_canonical_classes=envelope_sender
+      -o recipient_canonical_maps=regexp:/opt/postfix/conf/regex_sender_canonical_srs
+
+127.0.0.1:10029 inet    n       -       -       -       -       smtpd
+        -o cleanup_service_name=cleanup-srs
+        -o smtpd_tls_security_level=none
+        -o content_filter=smtp:
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_milters=
+        
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index d75d61cb..5884174a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -609,36 +609,6 @@ services:
           aliases:
             - ofelia

-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge

Logs of iptables -L -vn:

└─# iptables -L -vn
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
2871K 1638M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
5394K  489M DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            match-set crowdsec-blacklists src
 1281  140K DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28960
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "BANNED_CDKEY" ALGO name bm udp spt:20500 dpt:28960
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961
    0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            STRING match  "INVALID_CDKEY" ALGO name bm udp spt:20500 dpt:28961

Chain FORWARD (policy DROP 6 packets, 312 bytes)
 pkts bytes target     prot opt in     out     source               destination         
77750   29M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
77750   29M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
77750   29M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
52762   19M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 4797  277K DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
20191 8829K ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 3658  229K ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    7   420 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    1    60 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8082
   18  1048 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
  118  7016 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
  995 39872 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
20191 8829K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
  31M 6166M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
8413K  794M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 306M   79G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

└─# ip6tables -L -vn
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 883K  100M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
1156K   93M DROP       0    --  *      *       ::/0                 ::/0                 match-set crowdsec6-blacklists src

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
23397   21M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
23397   21M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
23397   21M DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
13360   20M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 5134  349K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
 4903  475K ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 5123  348K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:4190
    2   160 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:993
    6   432 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:465
    3   240 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4903  475K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
8100K 4826M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
2206K  266M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  81M   62G RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

└─# iptables -L -vn -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  35M 3834M DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4807  284K DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 6838  469K MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8443
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8082
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    7   420 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    1    60 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8443 to:172.22.1.8:8443
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:8082 to:172.22.1.8:8082
   18  1048 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
  118  7016 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
 1006 40312 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25

Logs of ip6tables -L -vn -t nat:

└─# ip6tables -L -vn -t nat
# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
5366K  678M DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 8484  679K DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2372  206K MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     0    --  docker0 *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::c]:4190
    2   160 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::c]:995
    6   480 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::c]:993
    6   432 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::c]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::c]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::11]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::11]:465
    3   240 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::11]:25

DNS check:

└─# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
172.64.155.249
104.18.32.7

[FreddleSpl0it]

Does it work if you set DISABLE_NETFILTER_ISOLATION_RULE=y in mailcow.conf and do a docker compose up -d?

[ro78]

I just did a docker compose down && docker compose up -d, and it's OK for the moment. 02/02/2024 16:40:30 Dovecot replication 0 Health level: 100% (20/20)

[DerLinkman]

That will return. Can reproduce it on my side as well. Fix is on the way for this.

[ro78]

Updated after https://github.com/mailcow/mailcow-dockerized/pull/5699, for the moment no problem.

[wblondel]

Does it work if you set DISABLE_NETFILTER_ISOLATION_RULE=y in mailcow.conf and do a docker compose up -d?

I tried this, docker compose down and up again, unfortunately the issue came back shortly after

[ro78]

Fixed on 2024-01d.

[kilo666mj]

Should we be setting DISABLE_NETFILTER_ISOLATION_RULE to n with this fix? I did this and I am getting broken replication again even with the fix in #5699

[DerLinkman]

Should not make a difference. But you might be affected by: https://github.com/mailcow/mailcow-dockerized/issues/5697 which will be available in a few minutes.