dovecot high CPU usage when searching

[Daniel15]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I recently upgraded from a release from December, and now whenever I do a full-text search from my phone (using K9 Mail), Dovecot starts using 100% CPU for a long period of time. CPU usage was high for over 1.5 hours when I did a search earlier today.

Previously, the CPU usage would be high when it was searching, but it'd drop down quickly.

My mailbox is very large (maybe 500k total emails) so I suspect something is going wrong with Solr.

Logs:

Solr log from a search for "Lowes":

solr-mailcow-1  | 2024-06-25 04:48:48.296 INFO  (qtp1819940427-16) [   x:dovecot-fts] o.a.s.c.S.Request [dovecot-fts]  webapp=/solr path=/select params={q={!lucene+q.op%3DAND}subject:Lowes+OR+from:Lowes+OR+to:Lowes+OR+cc:Lowes+OR+bcc:Lowes&fl=uid,score&sort=uid+asc&fq=%2Bbox:8012a202fe124960055b00002ad6c079+%2Buser:example@example.com&rows=342673&wt=xml} hits=5889 status=0 QTime=5

Dovecot log just shows my login:

dovecot-mailcow-1  | Jun 24 21:50:07 8ee6e73aef15 dovecot: imap-login: Login: user=<example@example.com>, method=PLAIN, rip=23.93.xxx.xxx, lip=172.22.1.250, mpid=149, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)

I don't see any other logs.

### Steps to reproduce:

```plain text
1. Do a search for something. I searched for "Lowes" but other search terms cause the issue too.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12

Server/VM specifications:

4 cores, 16GB RAM, 120GB disk

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM

Docker version:

26.1.4

docker-compose version or docker compose version:

v2.27.1

mailcow version:

2024-04

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db..73ec6428 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -173,3 +173,37 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = mail.example.com
+smtpd_banner = mail.example.com
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64
diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf
index 888bf363..14bc99e1 100644
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -179,3 +179,12 @@ BAD_SUBJECT_00 {
   score = 6.0;
   symbols_set = ["BAD_SUBJECT_00"];
 }
+
+RCPT_SPAMLIST {
+  type = "rcpt";
+  map = "file:///etc/rspamd/local.d/rcpt_spamlist.map";
+  regexp = true;
+  prefilter = true;
+  action = "reject";
+  message = "Address disabled to prevent spam. Contact daniel@ with any questions";
+}
diff --git a/data/conf/rspamd/local.d/rbl.conf b/data/conf/rspamd/local.d/rbl.conf
index f132b4d6..5b277af0 100644
--- a/data/conf/rspamd/local.d/rbl.conf
+++ b/data/conf/rspamd/local.d/rbl.conf
@@ -35,4 +35,13 @@ rbls {
       RBL_INTERSERVER_BAD_URI = "127.0.0.2";
     }
   }
+  # RBL_MXRBL
+  mxrbl {
+    symbol = "RBL_MXRBL";
+    rbl = "bl.mxrbl.com";
+    returncodes {
+      RBL_MXRBL_BLOCK = "127.0.0.2";
+      RBL_MXRBL_BLOCK_3 = "127.0.0.3";
+    }
+  }
 }

Logs of iptables -L -vn:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1331K 1594M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 426K   25M DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            match-set crowdsec-blacklists src

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
5826K 1541M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
5801K 1539M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
5801K 1539M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3668K 1118M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 304K   20M DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 861K  140M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 282K   19M ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  15M 4034M ACCEPT     0    --  *      br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 116K 6984K DOCKER     0    --  *      br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0           
 5688  663K ACCEPT     0    --  br-601b3380a1fa !br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0           
 116K 6984K ACCEPT     0    --  br-601b3380a1fa br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-601b3380a1fa br-601b3380a1fa  0.0.0.0/0            172.20.0.2           tcp dpt:9443
    0     0 ACCEPT     6    --  !br-601b3380a1fa br-601b3380a1fa  0.0.0.0/0            172.20.0.2           tcp dpt:9000
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8444
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8080
  774 46408 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
  779 46720 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
  818 48976 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
   29  1769 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   13   780 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 861K  140M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
  375 43922 DOCKER-ISOLATION-STAGE-2  0    --  br-601b3380a1fa !br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0           
5813K 1543M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0           
 863K  140M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  78M   22G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 1613 99225 DROP       0    --  *      *       194.169.175.66       0.0.0.0/0           
 3661  220K DROP       0    --  *      *       194.169.175.20       0.0.0.0/0           
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
51944   99M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
  224 15442 DROP       0    --  *      *       ::/0                 ::/0                 match-set crowdsec6-blacklists src

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 762K  636M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 762K  636M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
 762K  636M DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
 576K  620M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
92290 6632K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
93882 9423K ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
92199 6625K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:465
   13  1040 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
93882 9423K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-601b3380a1fa !br-601b3380a1fa  ::/0                 ::/0                
 767K  637M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-601b3380a1fa  ::/0                 ::/0                
94298 9467K RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  13M   10G RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
88521 5149K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3059  184K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3010  181K MASQUERADE  0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
 317K   25M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
   69  4135 MASQUERADE  0    --  *      br-601b3380a1fa  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
 1409 92028 MASQUERADE  0    --  *      !br-601b3380a1fa  172.20.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.20.0.2           172.20.0.2           tcp dpt:9443
    0     0 MASQUERADE  6    --  *      *       172.20.0.2           172.20.0.2           tcp dpt:9000
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8444
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:9443 to:172.20.0.2:9443
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:9000 to:172.20.0.2:9000
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
   12   720 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:8444 to:172.22.1.8:8444
 2977  179K DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:8080 to:172.22.1.8:8080
  775 46468 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
 6088  365K DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
  819 49036 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       6    --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
   30  1829 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   14   840 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110

Logs of ip6tables -L -vn -t nat:

# Warning: ip6tables-legacy tables present, use ip6tables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  450 33126 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match src-type LOCAL
91799 8860K MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      docker0  ::/0                 ::/0                 ADDRTYPE match src-type LOCAL
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::10]:587
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::10]:465
   13  1040 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::10]:25
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  *      *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110

DNS check:

172.64.155.249
104.18.32.7

[DerLinkman]

Hi,

we introduce a new FTS engine tomorrow which is meant to be less ressourceful :) Due to this we did not plan to support solr or change anything with this from now on as we will slowly roll it out until december.

Maybe the switch to Flatcurve (the new engine) will help here.

We'll post a how to on how to switch and what to do in our docs for this.