Remote instance created with create_cold_standby.sh can not start due to external volumes

jurgenhaas commented 1 month ago

Contribution guidelines

[X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

[X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
[X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
[X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

We followed the guide at https://docs.mailcow.email/backup_restore/b_n_r-coldstandby and all worked without any issue. But starting the remote instance with `docker compose up -d` doesn't start and outputs the following error messages:

WARN[0000] volume "mailcowdockerized_vmail-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_redis-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_vmail-index-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_mysql-socket-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_rspamd-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_solr-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_sogo-web-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_borg-cache-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_mysql-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_crypt-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_clamd-db-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_borg-config-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_sogo-userdata-backup-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_postfix-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume

When we added external: true to all volumes in docker-composer.yml and docker-composer.override.yml as the error message suggests, then the volumes can not be found. Validation error of docker compose states:

external volume "postfix-vol-1" not found

We had to prefix all references to volumes with mailcowdockerized_ and all works like a charm.

But that modification of the yaml files doesn't persist updates. So, that should be fixed otherwise, but we couldn't find anything helpful.


### Logs:

```plain text
WARN[0000] volume "mailcowdockerized_vmail-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_redis-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_vmail-index-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_mysql-socket-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_rspamd-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_solr-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_sogo-web-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_borg-cache-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_mysql-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_crypt-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_clamd-db-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_borg-config-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_sogo-userdata-backup-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume 
WARN[0000] volume "mailcowdockerized_postfix-vol-1" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume

Steps to reproduce:

Follow the instructions of https://docs.mailcow.email/backup_restore/b_n_r-coldstandby and afterwards use `docker compose up -d` on the remote host.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 22.04 LTS

Server/VM specifications:

8 Cores, 32 GB RAM

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

n/a

Docker version:

27.1.1

docker-compose version or docker compose version:

2.27.3

mailcow version:

2024-06c

Reverse proxy:

n/a

Logs of git diff:

diff --git a/create_cold_standby.sh b/create_cold_standby.sh
index 924339af..cb18f3cc 100755
--- a/create_cold_standby.sh
+++ b/create_cold_standby.sh
@@ -2,6 +2,6 @@

 export REMOTE_SSH_KEY=/root/.ssh/id_rsa
 export REMOTE_SSH_PORT=22
-export REMOTE_SSH_HOST=my.remote.host
+export REMOTE_SSH_HOST=REDACTED

-/opt/mailcow-dockerized/helper-scripts/_cold-standby.sh
+/apps/mailcow/helper-scripts/_cold-standby.sh
diff --git a/docker-compose.yml b/docker-compose.yml
index 41d541b2..f8e60127 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,8 +23,8 @@ services:
         - netfilter-mailcow
       stop_grace_period: 45s
       volumes:
-        - mysql-vol-1:/var/lib/mysql/
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_mysql-vol-1:/var/lib/mysql/
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
       environment:
         - TZ=${TZ}
@@ -44,7 +44,7 @@ services:
     redis-mailcow:
       image: redis:7-alpine
       volumes:
-        - redis-vol-1:/data/
+        - mailcowdockerized_redis-vol-1:/data/
       restart: always
       depends_on:
         - netfilter-mailcow
@@ -73,7 +73,7 @@ services:
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
       volumes:
         - ./data/conf/clamav/:/etc/clamav/:Z
-        - clamd-db-vol-1:/var/lib/clamav
+        - mailcowdockerized_clamd-db-vol-1:/var/lib/clamav
       networks:
         mailcow-network:
           aliases:
@@ -99,7 +99,7 @@ services:
         - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
         - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
         - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
-        - rspamd-vol-1:/var/lib/rspamd
+        - mailcowdockerized_rspamd-vol-1:/var/lib/rspamd
       restart: always
       hostname: rspamd
       dns:
@@ -119,8 +119,8 @@ services:
         - ./data/web:/web:z
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
         - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
-        - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_rspamd-vol-1:/var/lib/rspamd
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
         - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
@@ -200,9 +200,9 @@ services:
         - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
         - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
         - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
-        - mysql-socket-vol-1:/var/run/mysqld/
-        - sogo-web-vol-1:/sogo_web
-        - sogo-userdata-backup-vol-1:/sogo_backup
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_sogo-web-vol-1:/sogo_web
+        - mailcowdockerized_sogo-userdata-backup-vol-1:/sogo_backup
       labels:
         ofelia.enabled: "true"
         ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
@@ -235,13 +235,13 @@ services:
         - ./data/assets/ssl:/etc/ssl/mail/:ro,z
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
-        - vmail-vol-1:/var/vmail
-        - vmail-index-vol-1:/var/vmail_index
-        - crypt-vol-1:/mail_crypt/
+        - mailcowdockerized_vmail-vol-1:/var/vmail
+        - mailcowdockerized_vmail-index-vol-1:/var/vmail_index
+        - mailcowdockerized_crypt-vol-1:/mail_crypt/
         - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
         - ./data/assets/templates:/templates:z
-        - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_rspamd-vol-1:/var/lib/rspamd
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
       environment:
         - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
         - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
@@ -315,10 +315,10 @@ services:
         - ./data/hooks/postfix:/hooks:Z
         - ./data/conf/postfix:/opt/postfix/conf:z
         - ./data/assets/ssl:/etc/ssl/mail/:ro,z
-        - postfix-vol-1:/var/spool/postfix
-        - crypt-vol-1:/var/lib/zeyple
-        - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_postfix-vol-1:/var/spool/postfix
+        - mailcowdockerized_crypt-vol-1:/var/lib/zeyple
+        - mailcowdockerized_rspamd-vol-1:/var/lib/rspamd
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
       environment:
         - LOG_LINES=${LOG_LINES:-9999}
         - TZ=${TZ}
@@ -389,7 +389,7 @@ services:
         - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
         - ./data/conf/nginx/:/etc/nginx/conf.d/:z
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
-        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
+        - mailcowdockerized_sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
       ports:
         - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
         - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
@@ -434,7 +434,7 @@ services:
         - ./data/web/.well-known/acme-challenge:/var/www/acme:z
         - ./data/assets/ssl:/var/lib/acme/:z
         - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
-        - mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
       restart: always
       networks:
         mailcow-network:
@@ -467,9 +467,9 @@ services:
       tmpfs:
         - /tmp
       volumes:
-        - rspamd-vol-1:/var/lib/rspamd
-        - mysql-socket-vol-1:/var/run/mysqld/
-        - postfix-vol-1:/var/spool/postfix
+        - mailcowdockerized_rspamd-vol-1:/var/lib/rspamd
+        - mailcowdockerized_mysql-socket-vol-1:/var/run/mysqld/
+        - mailcowdockerized_postfix-vol-1:/var/spool/postfix
         - ./data/assets/ssl:/etc/ssl/mail/:ro,z
       restart: always
       depends_on:
@@ -559,7 +559,7 @@ services:
       depends_on:
         - netfilter-mailcow
       volumes:
-        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
+        - mailcowdockerized_solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
       ports:
         - "${SOLR_PORT:-127.0.0.1:18983}:8983"
       environment:
@@ -624,15 +624,27 @@ networks:
         - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

 volumes:
-  vmail-vol-1:
-  vmail-index-vol-1:
-  mysql-vol-1:
-  mysql-socket-vol-1:
-  redis-vol-1:
-  rspamd-vol-1:
-  solr-vol-1:
-  postfix-vol-1:
-  crypt-vol-1:
-  sogo-web-vol-1:
-  sogo-userdata-backup-vol-1:
-  clamd-db-vol-1:
+  mailcowdockerized_vmail-vol-1:
+    external: true
+  mailcowdockerized_vmail-index-vol-1:
+    external: true
+  mailcowdockerized_mysql-vol-1:
+    external: true
+  mailcowdockerized_mysql-socket-vol-1:
+    external: true
+  mailcowdockerized_redis-vol-1:
+    external: true
+  mailcowdockerized_rspamd-vol-1:
+    external: true
+  mailcowdockerized_solr-vol-1:
+    external: true
+  mailcowdockerized_postfix-vol-1:
+    external: true
+  mailcowdockerized_crypt-vol-1:
+    external: true
+  mailcowdockerized_sogo-web-vol-1:
+    external: true
+  mailcowdockerized_sogo-userdata-backup-vol-1:
+    external: true
+  mailcowdockerized_clamd-db-vol-1:
+    external: true

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 675 packets, 29515 bytes)
 pkts bytes target     prot opt in     out     source               destination         
84826   34M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 101K   39M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 101K   39M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
79844   30M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 7162  452K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
13651 8435K ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 7056  446K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.7           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    3   180 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
   16   944 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    2   100 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:80
   31  1840 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.10          tcp dpt:443
   26  1528 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    2   120 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
13651 8435K DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 104K   41M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
14072 8484K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 104K   41M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       194.169.175.0/24     0.0.0.0/0           
    0     0 DROP       all  --  *      *       80.244.11.0/24       0.0.0.0/0           
    0     0 DROP       tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
16882   22M MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
24496   27M DOCKER-USER  all      *      *       ::/0                 ::/0                
24496   27M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
13887   26M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 9283  639K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
 1326  128K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
 9283  639K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:110
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::e  tcp dpt:80
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::e  tcp dpt:443
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1326  128K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
27233   27M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
 1439  138K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
27233   27M RETURN     all      *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  882 45120 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4822  373K MASQUERADE  all  --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  169.254.0.0/24       0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.5           172.22.1.5           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.7           172.22.1.7           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.10          172.22.1.10          tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   10   600 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.5:3306
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.7:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    3   180 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
   16   944 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    2   100 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.10:80
   33  1960 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.10:443
   26  1528 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    2   120 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   160 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1276  124K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:80
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:443
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0                
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::d]:110
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::d]:143
    2   160 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::d]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::d]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::d]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::e]:80
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::e]:443
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587

DNS check:

172.64.155.249
104.18.32.7

mrclschstr commented 1 month ago

This is kind of "works as designed": https://community.mailcow.email/d/2126-backup-restore/2 (unfortunately in German)

Thats why I migrated my Mailcow instance using the normal restore procedure.

jurgenhaas commented 1 month ago

Thanks @mrclschstr for the link. This is disappointing in 2 ways: I would have gone for the restore option too, but the cold standby option explicitly mentions that it is suitable for moving to a different mail server. That's misleading then. What's also disappointing, that the community platform doesn't provide that search result, even when I searched for the error message that the reporter used. I wonder how I should best recover from this scenario now.

ralphtheninja commented 1 month ago

@jurgenhaas I'm curious about what has happened here. I followed you on Mastodon if you need someone to rubber duck this. Both how you can recover and what we can do to prevent similar issues in the future with respect to documentation and what not. Note though that I'm a mailcow beginner myself.

mrclschstr commented 1 month ago

I wonder how I should best recover from this scenario now.

It's actually ‘only’ a cosmetic problem and, as far as I know, the functionality is not restricted. But I can absolutely understand that the warnings are annoying, which is why I chose a different way to migrate my mailcow instance.

Idea for a solution on an already migrated system: Theoretically, it should be enough to make a backup of the Mailcow instance, delete everything on the system and then perform a restore.

jurgenhaas commented 1 month ago

@mrclschstr well, the warnings are gone since I prefixed all the volumes with the project name and declared them external. And yes, functionality is not broken.

However, my concern is about the next update. My changes to docker-compose.yml would then be lost, and I have to redo them.

So. maybe a rest is the best option indeed. Let me think about it.

jurgenhaas commented 1 month ago

Turns out, the update script is smart enough to keep my local changes, so I don't have to reset.

DerLinkman commented 1 month ago

Thanks @mrclschstr for the link. This is disappointing in 2 ways: I would have gone for the restore option too, but the cold standby option explicitly mentions that it is suitable for moving to a different mail server. That's misleading then. What's also disappointing, that the community platform doesn't provide that search result, even when I searched for the error message that the reporter used. I wonder how I should best recover from this scenario now.

It is... you must do something wrong then, we use it on daily basis!

The warning you get is only a warning. Please do not change anything docker says you should as it could break other things.

milkmaker commented 1 month ago

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug. Therefore we highly advise you to get support!

You can get support either by:

ordering a paid support contract at Servercow (Directly from the developers) or
using the community forum (Based on volunteers! NO guaranteed answer) or
using the Telegram support channel (Based on volunteers! NO guaranteed answer)

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.

jurgenhaas commented 1 month ago

OK, I've reverted the changes and live with the warnings. Thanks @DerLinkman for the hint. It's a bit worrysome and I hope docker is not going to change its mind eventually and turn this from warning into error.

Maybe an update to the documentation would be helpful to let other users know about this?

DerLinkman commented 1 month ago

I did not saw this to be necessary but yeah, why not.

DerLinkman commented 1 month ago

It's a bit worrysome and I hope docker is not going to change its mind eventually and turn this from warning into error.

If they do we adjust our script then. But i don't think so.

mailcow / mailcow-dockerized