Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Messages are marked as spam because of HFILTER_HELO_BADIP(4.50)[172.17.0.2,1] #6222

Open
5 tasks done
gabviv73 opened this issue Dec 19, 2024 · 0 comments
Open
5 tasks done
Labels

Comments

@gabviv73
Copy link

gabviv73 commented Dec 19, 2024

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Messages received as secondary MX are flagged as spam, becasue of this rule:

X-Spamd-Result: default: False [12.82 / 15.00];
	HFILTER_HELO_BADIP(4.50)[172.17.0.2,1];

This is not an IP of any container.

I only have

inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

Logs:

postfix-mailcow-1    | Dec 19 16:53:10 e3267ec97ed3 postfix/postscreen[446]: CONNECT from [123.8.198.233]:42586 to [172.16.1.253]:25
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:10 +0100 "GET /forwardinghosts.php" 200
nginx-mailcow-1      | 172.16.1.253 - - [19/Dec/2024:16:53:10 +0100] "GET /forwardinghosts.php?host=123.8.198.233 HTTP/1.1" 200 19 "-" "curl/7.88.1"
postfix-mailcow-1    | Dec 19 16:53:10 e3267ec97ed3 whitelist_forwardinghosts: Look up 123.8.198.233 on whitelist, result 200 DUNNO
watchdog-mailcow-1   | Thu Dec 19 16:53:11 CET 2024 Fail2ban health level: 100% (1/1), health trend: 0
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/postscreen[446]: PASS OLD [123.8.198.233]:42586
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: warning: hostname host-233-198-8-123.retail.pianetafibra.it does not resolve to address 123.8.198.233: Name or service not known
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: connect from unknown[123.8.198.233]
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: 404A7E18D9: client=unknown[123.8.198.233]
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/cleanup[465]: 404A7E18D9: message-id=<>
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; lua; arc.lua:723: signing failure: cannot make request to load DKIM selector for domain example.com: nil
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; finalize_item: slow asynchronous rule: SEM_URIBL_FRESH15_UNKNOWN(604): 351.76 ms; no idle timer is needed
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; finalize_item: slow asynchronous rule: SEM_URIBL_UNKNOWN(607): 367.76 ms; no idle timer is needed
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200
nginx-mailcow-1      | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2"
nginx-mailcow-1      | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2"
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200
nginx-mailcow-1      | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2"
nginx-mailcow-1      | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2"
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_task_process: skip learning: <undef> has been already learned as spam, ignore it
php-fpm-mailcow-1    | 172.16.1.13 -  19/Dec/2024:16:53:11 +0100 "POST /pipe.php" 505
php-fpm-mailcow-1    | [19-Dec-2024 16:53:11] WARNING: [pool system-worker] child 56 said into stderr: "NOTICE: PHP message: QUARANTINE: Message too large: 218 b exceeds 0 b"
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; lua; metadata_exporter.lua:317: got unexpected http status: 505
nginx-mailcow-1      | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "POST /pipe.php HTTP/1.1" 505 5 "-" "rspamd-3.10.2"
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_task_write_log: id: <undef>, qid: <404A7E18D9>, ip: 123.8.198.233, from: <pippo@pippopluto.it>, (default: T (reject): [17.11/15.00] [HFILTER_HELO_BADIP(4.50){172.17.0.2;1;},IP_REPUTATION_SPAM(4.32){asn: 202613(0.31), country: IT(0.01), ip: 123.8.198.233(0.77);},MISSING_MID(2.50){},MISSING_FROM(2.00){},MISSING_TO(2.00){},HFILTER_HOSTNAME_2(1.00){host-233-198-8-123.retail.pianetafibra.it;},MISSING_DATE(1.00){},R_SPF_ALLOW(-0.20){+mx;},MIME_GOOD(-0.10){text/plain;},ONCE_RECEIVED(0.10){},MX_GOOD(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:202613, ipnet:123.8.196.0/22, country:IT;},BCC(0.00){},DMARC_NA(0.00){No From header;},MIME_TRACE(0.00){0:+;},MISSING_XM_UA(0.00){},RCPT_MAILCOW_DOMAIN(0.00){example.com;},RCVD_COUNT_ZERO(0.00){0;},R_DKIM_NA(0.00){}]), len: 218, time: 451.082ms, dns req: 47, digest: <1d4f69048872598dc2ba139a416e1900>, rcpts: <pippo.pluto@example.com>
rspamd-mailcow-1     | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3529 regexps total, 2616 regexps cached, 0B scanned using pcre, 612B scanned total
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/cleanup[465]: 404A7E18D9: milter-reject: END-OF-MESSAGE from unknown[123.8.198.233]: 5.7.1 This message does not meet our delivery requirements; from=<pippo@pippopluto.it> to=<pippo.pluto@example.com> proto=SMTP helo=<[172.17.0.2]>
postfix-mailcow-1    | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: disconnect from unknown[123.8.198.233] helo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5
rspamd-mailcow-1     | 2024-12-19 16:53:14 #38(controller) <c4ea58>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3529 regexps total, 2584 regexps cached, 0B scanned using pcre, 102B scanned total
watchdog-mailcow-1   | Thu Dec 19 16:53:14 CET 2024 Rspamd health level: 100% (5/5), health trend: 0

Steps to reproduce:

Send message to mailcow server configured as backup mx

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

docker debian bookworm

Server/VM specifications:

32GB RAM

Is Apparmor, SELinux or similar active?

Apparmor

Virtualization technology:

openstack

Docker version:

Docker version 27.3.1, build ce12230

docker-compose version or docker compose version:

Docker Compose version v2.29.7

mailcow version:

2024-11b

Reverse proxy:

Nginx Proxy Manager

Logs of git diff:

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index c230c349..01c18610 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -165,7 +165,7 @@ service lmtp {
   }
   user = vmail
 }
-listen = *,[::]
+listen = *
 ssl_cert = </etc/ssl/mail/cert.pem
 ssl_key = </etc/ssl/mail/key.pem
 userdb {
@@ -237,10 +237,10 @@ plugin {
   # -- Global keys
   mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
   mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
-  mail_crypt_save_version = 2
+  mail_crypt_save_version = 0
 
   # Enable compression while saving, lz4 Dovecot v2.2.11+
-  zlib_save = lz4
+  zlib_save = 
 
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size
diff --git a/data/conf/nginx/dynmaps.conf b/data/conf/nginx/dynmaps.conf
index 99c0c6aa..91ecba07 100644
--- a/data/conf/nginx/dynmaps.conf
+++ b/data/conf/nginx/dynmaps.conf
@@ -1,6 +1,5 @@
 server {
   listen 8081;
-  listen [::]:8081;
   index index.php index.html;
   server_name _;
   error_log  /var/log/nginx/error.log;
diff --git a/data/conf/nginx/templates/listen_plain.template b/data/conf/nginx/templates/listen_plain.template
index a044b22f..68133480 100644
--- a/data/conf/nginx/templates/listen_plain.template
+++ b/data/conf/nginx/templates/listen_plain.template
@@ -1,2 +1 @@
 listen ${HTTP_PORT};
-listen [::]:${HTTP_PORT};
diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template
index 40c402d0..413b20db 100644
--- a/data/conf/nginx/templates/listen_ssl.template
+++ b/data/conf/nginx/templates/listen_ssl.template
@@ -1,3 +1,2 @@
 listen ${HTTPS_PORT} ssl;
-listen [::]:${HTTPS_PORT} ssl;
 http2 on;
diff --git a/data/conf/phpfpm/php-fpm.d/pools.conf b/data/conf/phpfpm/php-fpm.d/pools.conf
index 605e686c..d6df1243 100644
--- a/data/conf/phpfpm/php-fpm.d/pools.conf
+++ b/data/conf/phpfpm/php-fpm.d/pools.conf
@@ -6,7 +6,7 @@ pm.max_children = 15
 pm.start_servers = 2
 pm.min_spare_servers = 2
 pm.max_spare_servers = 4
-listen = [::]:9001
+listen = 9001
 access.log = /proc/self/fd/2
 clear_env = no
 catch_workers_output = yes
@@ -21,7 +21,7 @@ pm.max_children = 50
 pm.start_servers = 10
 pm.min_spare_servers = 10
 pm.max_spare_servers = 15
-listen = [::]:9002
+listen = 9002
 access.log = /proc/self/fd/2
 clear_env = no
 catch_workers_output = yes
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204c..3f6d502d 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -175,3 +175,31 @@ lmtp_destination_recipient_limit=1
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = mail.cloud04.rvmgroup.it
+smtp_address_preference = ipv4
+inet_protocols = ipv4
diff --git a/data/conf/rspamd/local.d/greylist.conf b/data/conf/rspamd/local.d/greylist.conf
index c43c907f..6b2ed8b8 100644
--- a/data/conf/rspamd/local.d/greylist.conf
+++ b/data/conf/rspamd/local.d/greylist.conf
@@ -2,3 +2,4 @@ whitelisted_ip = "http://nginx:8081/forwardinghosts.php";
 ipv4_mask = 24;
 ipv6_mask = 64;
 message = "Greylisted, please try again later";
+enabled = false;
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..90c16ee0 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no
diff --git a/docker-compose.yml b/docker-compose.yml
index b0324521..9c430117 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -649,12 +649,12 @@ networks:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: false
     ipam:
       driver: default
       config:
         - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
-        - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
+        #- subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
 
 volumes:
   vmail-vol-1:

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 126K  245M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
1900K  210M f2b-sshd   6    --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 763K  310M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 763K  310M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 763K  310M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 3555 9352K ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   33  1644 DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 3555  351K ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
89987   42M ACCEPT     0    --  *      br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   28  1392 DOCKER     0    --  *      br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0           
84376   10M ACCEPT     0    --  br-de105bd8ebbc !br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-892c9d952a41 br-892c9d952a41  0.0.0.0/0            0.0.0.0/0           
  20M 4963M ACCEPT     0    --  *      br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 389K   23M DOCKER     0    --  *      br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0           
  23M 1527M ACCEPT     0    --  br-49d0fa9b4b80 !br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-49d0fa9b4b80 br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0           
 422K   35M ACCEPT     0    --  *      br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2867K  217M DOCKER     0    --  *      br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0           
3198K  373M ACCEPT     0    --  br-dd829b1dba73 !br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-dd829b1dba73 br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0           
 4050   75M ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 3820  232K ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
 2780  241K ACCEPT     0    --  *      br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  676 38156 DOCKER     0    --  *      br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0           
 3043  356K ACCEPT     0    --  br-91aa69d87f09 !br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-91aa69d87f09 br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0           
  601 43859 ACCEPT     0    --  *      br-7522f6c56519  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   65  3632 DOCKER     0    --  *      br-7522f6c56519  0.0.0.0/0            0.0.0.0/0           
  717  984K ACCEPT     0    --  br-7522f6c56519 !br-7522f6c56519  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-7522f6c56519 br-7522f6c56519  0.0.0.0/0            0.0.0.0/0           
51150   55M ACCEPT     0    --  *      br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 1115 64336 DOCKER     0    --  *      br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0           
49480   22M ACCEPT     0    --  br-67c58082f2cf !br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-67c58082f2cf br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0           
  79M   23G ACCEPT     0    --  *      br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
3770K  188M DOCKER     0    --  *      br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0           
  82M  167G ACCEPT     0    --  br-48fe467ff6b9 !br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-48fe467ff6b9 br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0           
38640 3770K ACCEPT     0    --  *      br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 2038  114K DOCKER     0    --  *      br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0           
38694   27M ACCEPT     0    --  br-ddd4df464c56 !br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-ddd4df464c56 br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0           
 297K  243M ACCEPT     0    --  *      br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  356 21052 DOCKER     0    --  *      br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0           
 287K   35M ACCEPT     0    --  br-e550ea429d8e !br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-e550ea429d8e br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0           
46089   19M ACCEPT     0    --  *      br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  271 15788 DOCKER     0    --  *      br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0           
46978   12M ACCEPT     0    --  br-cabf8d0e609f !br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-cabf8d0e609f br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0           
32733 2620K ACCEPT     0    --  *      br-a661437bbf29  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 3966  216K DOCKER     0    --  *      br-a661437bbf29  0.0.0.0/0            0.0.0.0/0           
33513   46M ACCEPT     0    --  br-a661437bbf29 !br-a661437bbf29  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-a661437bbf29 br-a661437bbf29  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (13 references)
 pkts bytes target     prot opt in     out     source               destination         
  256 14956 ACCEPT     6    --  !br-67c58082f2cf br-67c58082f2cf  0.0.0.0/0            172.21.0.2           tcp dpt:80
  676 38156 ACCEPT     6    --  !br-91aa69d87f09 br-91aa69d87f09  0.0.0.0/0            172.25.0.2           tcp dpt:80
 3966  216K ACCEPT     6    --  !br-a661437bbf29 br-a661437bbf29  0.0.0.0/0            172.26.0.2           tcp dpt:9000
1654K   73M ACCEPT     6    --  !br-48fe467ff6b9 br-48fe467ff6b9  0.0.0.0/0            172.18.0.2           tcp dpt:80
    0     0 ACCEPT     6    --  !br-48fe467ff6b9 br-48fe467ff6b9  0.0.0.0/0            172.18.0.2           tcp dpt:81
2116K  116M ACCEPT     6    --  !br-48fe467ff6b9 br-48fe467ff6b9  0.0.0.0/0            172.18.0.2           tcp dpt:443
 2038  114K ACCEPT     6    --  !br-ddd4df464c56 br-ddd4df464c56  0.0.0.0/0            172.24.0.2           tcp dpt:443
   65  3632 ACCEPT     6    --  !br-7522f6c56519 br-7522f6c56519  0.0.0.0/0            172.23.0.2           tcp dpt:80
  859 49380 ACCEPT     6    --  !br-67c58082f2cf br-67c58082f2cf  0.0.0.0/0            172.21.0.4           tcp dpt:80
  271 15788 ACCEPT     6    --  !br-cabf8d0e609f br-cabf8d0e609f  0.0.0.0/0            172.19.0.3           tcp dpt:80
  356 21052 ACCEPT     6    --  !br-e550ea429d8e br-e550ea429d8e  0.0.0.0/0            172.22.0.3           tcp dpt:80
38904 2326K ACCEPT     6    --  !br-dd829b1dba73 br-dd829b1dba73  0.0.0.0/0            172.27.0.2           tcp dpt:53
2828K  215M ACCEPT     17   --  !br-dd829b1dba73 br-dd829b1dba73  0.0.0.0/0            172.27.0.2           udp dpt:53
    6   252 ACCEPT     6    --  !br-dd829b1dba73 br-dd829b1dba73  0.0.0.0/0            172.27.0.2           tcp dpt:5380
 389K   23M ACCEPT     6    --  !br-49d0fa9b4b80 br-49d0fa9b4b80  0.0.0.0/0            172.16.238.2         tcp dpt:10051
   16   836 ACCEPT     6    --  !br-49d0fa9b4b80 br-49d0fa9b4b80  0.0.0.0/0            172.16.238.3         tcp dpt:8080
  242 13240 ACCEPT     6    --  !br-49d0fa9b4b80 br-49d0fa9b4b80  0.0.0.0/0            172.16.238.3         tcp dpt:8443
    4   172 ACCEPT     6    --  !br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            172.20.0.2           tcp dpt:8080
   24  1220 ACCEPT     6    --  !br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            172.20.0.3           tcp dpt:6379
    0     0 ACCEPT     6    --  !br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            172.20.0.4           tcp dpt:80
    0     0 ACCEPT     6    --  !br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            172.20.0.6           tcp dpt:80
    0     0 ACCEPT     6    --  !br-de105bd8ebbc br-de105bd8ebbc  0.0.0.0/0            172.20.0.8           tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.6           tcp dpt:3306
    2   100 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:995
    2   104 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.250         tcp dpt:12345
   20   972 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.253         tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.253         tcp dpt:465
    9   468 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.253         tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.13          tcp dpt:4123
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.16.1.13          tcp dpt:8123

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 3555  351K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
84376   10M DOCKER-ISOLATION-STAGE-2  0    --  br-de105bd8ebbc !br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-892c9d952a41 !172.16.239.0/24      0.0.0.0/0           
    0     0 DROP       0    --  br-892c9d952a41 *       0.0.0.0/0           !172.16.239.0/24     
  23M 1527M DOCKER-ISOLATION-STAGE-2  0    --  br-49d0fa9b4b80 !br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0           
3198K  373M DOCKER-ISOLATION-STAGE-2  0    --  br-dd829b1dba73 !br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0           
 3820  232K DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 3043  356K DOCKER-ISOLATION-STAGE-2  0    --  br-91aa69d87f09 !br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0           
  717  984K DOCKER-ISOLATION-STAGE-2  0    --  br-7522f6c56519 !br-7522f6c56519  0.0.0.0/0            0.0.0.0/0           
49480   22M DOCKER-ISOLATION-STAGE-2  0    --  br-67c58082f2cf !br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0           
  82M  167G DOCKER-ISOLATION-STAGE-2  0    --  br-48fe467ff6b9 !br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0           
38694   27M DOCKER-ISOLATION-STAGE-2  0    --  br-ddd4df464c56 !br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0           
 287K   35M DOCKER-ISOLATION-STAGE-2  0    --  br-e550ea429d8e !br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0           
46978   12M DOCKER-ISOLATION-STAGE-2  0    --  br-cabf8d0e609f !br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0           
33513   46M DOCKER-ISOLATION-STAGE-2  0    --  br-a661437bbf29 !br-a661437bbf29  0.0.0.0/0            0.0.0.0/0           
1181M  346G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (13 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-de105bd8ebbc  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-49d0fa9b4b80  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-dd829b1dba73  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-91aa69d87f09  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-7522f6c56519  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-67c58082f2cf  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-48fe467ff6b9  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-ddd4df464c56  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-e550ea429d8e  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-cabf8d0e609f  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-a661437bbf29  0.0.0.0/0            0.0.0.0/0           
 614M  204G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1181M  346G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Chain f2b-sshd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   21  1208 REJECT     0    --  *      *       77.91.100.124        0.0.0.0/0            reject-with icmp-port-unreachable
   20  1152 REJECT     0    --  *      *       159.65.245.126       0.0.0.0/0            reject-with icmp-port-unreachable
    1    60 REJECT     0    --  *      *       89.39.121.161        0.0.0.0/0            reject-with icmp-port-unreachable
1413K  177M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
    0     0 DOCKER-USER  0    --  *      *       ::/0                 ::/0                
    0     0 DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                
  452  124K DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-de105bd8ebbc !br-de105bd8ebbc  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-49d0fa9b4b80 !br-49d0fa9b4b80  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-de105bd8ebbc  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-49d0fa9b4b80  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
21643 5645K RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  33M 2001M DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 785K   47M DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1740  136K MASQUERADE  0    --  *      !br-mailcow  172.16.1.0/24        0.0.0.0/0           
38418 2366K MASQUERADE  0    --  *      !br-de105bd8ebbc  172.20.0.0/16        0.0.0.0/0           
7624K  483M MASQUERADE  0    --  *      !br-49d0fa9b4b80  172.16.238.0/24      0.0.0.0/0           
11397  833K MASQUERADE  0    --  *      !br-dd829b1dba73  172.27.0.0/16        0.0.0.0/0           
   80  5138 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !br-91aa69d87f09  172.25.0.0/16        0.0.0.0/0           
    9   596 MASQUERADE  0    --  *      !br-7522f6c56519  172.23.0.0/16        0.0.0.0/0           
16827 1038K MASQUERADE  0    --  *      !br-67c58082f2cf  172.21.0.0/16        0.0.0.0/0           
17875 1243K MASQUERADE  0    --  *      !br-48fe467ff6b9  172.18.0.0/16        0.0.0.0/0           
21091 1455K MASQUERADE  0    --  *      !br-ddd4df464c56  172.24.0.0/16        0.0.0.0/0           
 143K   10M MASQUERADE  0    --  *      !br-e550ea429d8e  172.22.0.0/16        0.0.0.0/0           
22403 1422K MASQUERADE  0    --  *      !br-cabf8d0e609f  172.19.0.0/16        0.0.0.0/0           
   60  4214 MASQUERADE  0    --  *      !br-a661437bbf29  172.26.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.25.0.2           172.25.0.2           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.21.0.2           172.21.0.2           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.26.0.2           172.26.0.2           tcp dpt:9000
    0     0 MASQUERADE  6    --  *      *       172.18.0.2           172.18.0.2           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.18.0.2           172.18.0.2           tcp dpt:81
    0     0 MASQUERADE  6    --  *      *       172.18.0.2           172.18.0.2           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.24.0.2           172.24.0.2           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.23.0.2           172.23.0.2           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.21.0.4           172.21.0.4           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.19.0.3           172.19.0.3           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.22.0.3           172.22.0.3           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.27.0.2           172.27.0.2           tcp dpt:53
    0     0 MASQUERADE  17   --  *      *       172.27.0.2           172.27.0.2           udp dpt:53
    0     0 MASQUERADE  6    --  *      *       172.27.0.2           172.27.0.2           tcp dpt:5380
    0     0 MASQUERADE  6    --  *      *       172.16.238.2         172.16.238.2         tcp dpt:10051
    0     0 MASQUERADE  6    --  *      *       172.16.238.3         172.16.238.3         tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       172.16.238.3         172.16.238.3         tcp dpt:8443
    0     0 MASQUERADE  6    --  *      *       172.20.0.2           172.20.0.2           tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       172.20.0.3           172.20.0.3           tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.20.0.4           172.20.0.4           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.20.0.6           172.20.0.6           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.20.0.8           172.20.0.8           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.16.1.249         172.16.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.16.1.5           172.16.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.16.1.6           172.16.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.16.1.250         172.16.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.16.1.253         172.16.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.16.1.253         172.16.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.16.1.253         172.16.1.253         tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       172.16.1.13          172.16.1.13          tcp dpt:4123
    0     0 MASQUERADE  6    --  *      *       172.16.1.13          172.16.1.13          tcp dpt:8123

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   226 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
11564  694K RETURN     0    --  br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0           
 482K   29M RETURN     0    --  br-49d0fa9b4b80 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-dd829b1dba73 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-91aa69d87f09 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-7522f6c56519 *       0.0.0.0/0            0.0.0.0/0           
 3928  236K RETURN     0    --  br-67c58082f2cf *       0.0.0.0/0            0.0.0.0/0           
4718K  283M RETURN     0    --  br-48fe467ff6b9 *       0.0.0.0/0            0.0.0.0/0           
10536  632K RETURN     0    --  br-ddd4df464c56 *       0.0.0.0/0            0.0.0.0/0           
49703 2982K RETURN     0    --  br-e550ea429d8e *       0.0.0.0/0            0.0.0.0/0           
 7541  452K RETURN     0    --  br-cabf8d0e609f *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-a661437bbf29 *       0.0.0.0/0            0.0.0.0/0           
  676 38156 DNAT       6    --  !br-91aa69d87f09 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8999 to:172.25.0.2:80
  256 14956 DNAT       6    --  !br-67c58082f2cf *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8912 to:172.21.0.2:80
 3966  216K DNAT       6    --  !br-a661437bbf29 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9000 to:172.26.0.2:9000
1654K   73M DNAT       6    --  !br-48fe467ff6b9 *       0.0.0.0/0            195.231.80.215       tcp dpt:80 to:172.18.0.2:80
    0     0 DNAT       6    --  !br-48fe467ff6b9 *       0.0.0.0/0            192.168.44.254       tcp dpt:81 to:172.18.0.2:81
2120K  116M DNAT       6    --  !br-48fe467ff6b9 *       0.0.0.0/0            195.231.80.215       tcp dpt:443 to:172.18.0.2:443
 2038  114K DNAT       6    --  !br-ddd4df464c56 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8086 to:172.24.0.2:443
   65  3632 DNAT       6    --  !br-7522f6c56519 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8913 to:172.23.0.2:80
  859 49380 DNAT       6    --  !br-67c58082f2cf *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8908 to:172.21.0.4:80
  271 15788 DNAT       6    --  !br-cabf8d0e609f *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8902 to:172.19.0.3:80
  356 21052 DNAT       6    --  !br-e550ea429d8e *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8906 to:172.22.0.3:80
38931 2328K DNAT       6    --  !br-dd829b1dba73 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 to:172.27.0.2:53
2827K  215M DNAT       17   --  !br-dd829b1dba73 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 to:172.27.0.2:53
    6   252 DNAT       6    --  !br-dd829b1dba73 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5380 to:172.27.0.2:5380
 424K   25M DNAT       6    --  !br-49d0fa9b4b80 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:10051 to:172.16.238.2:10051
   16   836 DNAT       6    --  !br-49d0fa9b4b80 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8881 to:172.16.238.3:8080
  242 13240 DNAT       6    --  !br-49d0fa9b4b80 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443 to:172.16.238.3:8443
    4   172 DNAT       6    --  !br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8918 to:172.20.0.2:8080
   24  1220 DNAT       6    --  !br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6379 to:172.20.0.3:6379
    0     0 DNAT       6    --  !br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8916 to:172.20.0.4:80
    0     0 DNAT       6    --  !br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8914 to:172.20.0.6:80
    0     0 DNAT       6    --  !br-de105bd8ebbc *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8915 to:172.20.0.8:80
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.16.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.16.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.16.1.6:3306
    2   100 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.16.1.250:110
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.16.1.250:143
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.16.1.250:993
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.16.1.250:995
    2   104 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.16.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.16.1.250:12345
   28  1456 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.16.1.253:25
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.16.1.253:465
    9   468 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.16.1.253:587
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            192.168.44.254       tcp dpt:4123 to:172.16.1.13:4123
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            192.168.44.254       tcp dpt:8123 to:172.16.1.13:8123

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1184 79676 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c64:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::e  fd4d:6169:6c63:6f77::e  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::2  fd4d:6169:6c63:6f77::2  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::2  fd4d:6169:6c63:6f77::2  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::2  fd4d:6169:6c63:6f77::2  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::c  fd4d:6169:6c64:6f77::c  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::c  fd4d:6169:6c64:6f77::c  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::c  fd4d:6169:6c64:6f77::c  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::e  fd4d:6169:6c64:6f77::e  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::e  fd4d:6169:6c64:6f77::e  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::e  fd4d:6169:6c64:6f77::e  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::f  fd4d:6169:6c64:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::f  fd4d:6169:6c64:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::f  fd4d:6169:6c64:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::b  fd4d:6169:6c64:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::b  fd4d:6169:6c64:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::b  fd4d:6169:6c64:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::b  fd4d:6169:6c64:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c64:6f77::b  fd4d:6169:6c64:6f77::b  tcp dpt:4190

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0

DNS check:

104.18.32.7
172.64.155.249
@gabviv73 gabviv73 added the bug label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant