We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Messages received as secondary MX are flagged as spam, becasue of this rule:
X-Spamd-Result: default: False [12.82 / 15.00]; HFILTER_HELO_BADIP(4.50)[172.17.0.2,1];
This is not an IP of any container.
I only have
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
postfix-mailcow-1 | Dec 19 16:53:10 e3267ec97ed3 postfix/postscreen[446]: CONNECT from [123.8.198.233]:42586 to [172.16.1.253]:25 php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:10 +0100 "GET /forwardinghosts.php" 200 nginx-mailcow-1 | 172.16.1.253 - - [19/Dec/2024:16:53:10 +0100] "GET /forwardinghosts.php?host=123.8.198.233 HTTP/1.1" 200 19 "-" "curl/7.88.1" postfix-mailcow-1 | Dec 19 16:53:10 e3267ec97ed3 whitelist_forwardinghosts: Look up 123.8.198.233 on whitelist, result 200 DUNNO watchdog-mailcow-1 | Thu Dec 19 16:53:11 CET 2024 Fail2ban health level: 100% (1/1), health trend: 0 postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/postscreen[446]: PASS OLD [123.8.198.233]:42586 postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: warning: hostname host-233-198-8-123.retail.pianetafibra.it does not resolve to address 123.8.198.233: Name or service not known postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: connect from unknown[123.8.198.233] postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: 404A7E18D9: client=unknown[123.8.198.233] postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/cleanup[465]: 404A7E18D9: message-id=<> rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; lua; arc.lua:723: signing failure: cannot make request to load DKIM selector for domain example.com: nil rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; finalize_item: slow asynchronous rule: SEM_URIBL_FRESH15_UNKNOWN(604): 351.76 ms; no idle timer is needed rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; finalize_item: slow asynchronous rule: SEM_URIBL_UNKNOWN(607): 367.76 ms; no idle timer is needed php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200 php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200 nginx-mailcow-1 | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2" nginx-mailcow-1 | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2" php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200 php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:11 +0100 "GET /bcc.php" 200 nginx-mailcow-1 | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2" nginx-mailcow-1 | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.10.2" rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_task_process: skip learning: <undef> has been already learned as spam, ignore it php-fpm-mailcow-1 | 172.16.1.13 - 19/Dec/2024:16:53:11 +0100 "POST /pipe.php" 505 php-fpm-mailcow-1 | [19-Dec-2024 16:53:11] WARNING: [pool system-worker] child 56 said into stderr: "NOTICE: PHP message: QUARANTINE: Message too large: 218 b exceeds 0 b" rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; lua; metadata_exporter.lua:317: got unexpected http status: 505 nginx-mailcow-1 | 172.16.1.12 - - [19/Dec/2024:16:53:11 +0100] "POST /pipe.php HTTP/1.1" 505 5 "-" "rspamd-3.10.2" rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_task_write_log: id: <undef>, qid: <404A7E18D9>, ip: 123.8.198.233, from: <pippo@pippopluto.it>, (default: T (reject): [17.11/15.00] [HFILTER_HELO_BADIP(4.50){172.17.0.2;1;},IP_REPUTATION_SPAM(4.32){asn: 202613(0.31), country: IT(0.01), ip: 123.8.198.233(0.77);},MISSING_MID(2.50){},MISSING_FROM(2.00){},MISSING_TO(2.00){},HFILTER_HOSTNAME_2(1.00){host-233-198-8-123.retail.pianetafibra.it;},MISSING_DATE(1.00){},R_SPF_ALLOW(-0.20){+mx;},MIME_GOOD(-0.10){text/plain;},ONCE_RECEIVED(0.10){},MX_GOOD(-0.01){},ARC_NA(0.00){},ASN(0.00){asn:202613, ipnet:123.8.196.0/22, country:IT;},BCC(0.00){},DMARC_NA(0.00){No From header;},MIME_TRACE(0.00){0:+;},MISSING_XM_UA(0.00){},RCPT_MAILCOW_DOMAIN(0.00){example.com;},RCVD_COUNT_ZERO(0.00){0;},R_DKIM_NA(0.00){}]), len: 218, time: 451.082ms, dns req: 47, digest: <1d4f69048872598dc2ba139a416e1900>, rcpts: <pippo.pluto@example.com> rspamd-mailcow-1 | 2024-12-19 16:53:11 #39(normal) <404A7E>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3529 regexps total, 2616 regexps cached, 0B scanned using pcre, 612B scanned total postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/cleanup[465]: 404A7E18D9: milter-reject: END-OF-MESSAGE from unknown[123.8.198.233]: 5.7.1 This message does not meet our delivery requirements; from=<pippo@pippopluto.it> to=<pippo.pluto@example.com> proto=SMTP helo=<[172.17.0.2]> postfix-mailcow-1 | Dec 19 16:53:11 e3267ec97ed3 postfix/smtpd[464]: disconnect from unknown[123.8.198.233] helo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5 rspamd-mailcow-1 | 2024-12-19 16:53:14 #38(controller) <c4ea58>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3529 regexps total, 2584 regexps cached, 0B scanned using pcre, 102B scanned total watchdog-mailcow-1 | Thu Dec 19 16:53:14 CET 2024 Rspamd health level: 100% (5/5), health trend: 0
Send message to mailcow server configured as backup mx
master
x86
docker debian bookworm
32GB RAM
Apparmor
openstack
Docker version 27.3.1, build ce12230
Docker Compose version v2.29.7
2024-11b
Nginx Proxy Manager
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index c230c349..01c18610 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -165,7 +165,7 @@ service lmtp { } user = vmail } -listen = *,[::] +listen = * ssl_cert = </etc/ssl/mail/cert.pem ssl_key = </etc/ssl/mail/key.pem userdb { @@ -237,10 +237,10 @@ plugin { # -- Global keys mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem - mail_crypt_save_version = 2 + mail_crypt_save_version = 0 # Enable compression while saving, lz4 Dovecot v2.2.11+ - zlib_save = lz4 + zlib_save = mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size diff --git a/data/conf/nginx/dynmaps.conf b/data/conf/nginx/dynmaps.conf index 99c0c6aa..91ecba07 100644 --- a/data/conf/nginx/dynmaps.conf +++ b/data/conf/nginx/dynmaps.conf @@ -1,6 +1,5 @@ server { listen 8081; - listen [::]:8081; index index.php index.html; server_name _; error_log /var/log/nginx/error.log; diff --git a/data/conf/nginx/templates/listen_plain.template b/data/conf/nginx/templates/listen_plain.template index a044b22f..68133480 100644 --- a/data/conf/nginx/templates/listen_plain.template +++ b/data/conf/nginx/templates/listen_plain.template @@ -1,2 +1 @@ listen ${HTTP_PORT}; -listen [::]:${HTTP_PORT}; diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template index 40c402d0..413b20db 100644 --- a/data/conf/nginx/templates/listen_ssl.template +++ b/data/conf/nginx/templates/listen_ssl.template @@ -1,3 +1,2 @@ listen ${HTTPS_PORT} ssl; -listen [::]:${HTTPS_PORT} ssl; http2 on; diff --git a/data/conf/phpfpm/php-fpm.d/pools.conf b/data/conf/phpfpm/php-fpm.d/pools.conf index 605e686c..d6df1243 100644 --- a/data/conf/phpfpm/php-fpm.d/pools.conf +++ b/data/conf/phpfpm/php-fpm.d/pools.conf @@ -6,7 +6,7 @@ pm.max_children = 15 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 4 -listen = [::]:9001 +listen = 9001 access.log = /proc/self/fd/2 clear_env = no catch_workers_output = yes @@ -21,7 +21,7 @@ pm.max_children = 50 pm.start_servers = 10 pm.min_spare_servers = 10 pm.max_spare_servers = 15 -listen = [::]:9002 +listen = 9002 access.log = /proc/self/fd/2 clear_env = no catch_workers_output = yes diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf index 6721204c..3f6d502d 100644 --- a/data/conf/postfix/main.cf +++ b/data/conf/postfix/main.cf @@ -175,3 +175,31 @@ lmtp_destination_recipient_limit=1 # DO NOT EDIT ANYTHING BELOW # # Overrides # + +postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 + hostkarma.junkemailfilter.com=127.0.0.1*-2 + list.dnswl.org=127.0.[0..255].0*-2 + list.dnswl.org=127.0.[0..255].1*-4 + list.dnswl.org=127.0.[0..255].2*-6 + list.dnswl.org=127.0.[0..255].3*-8 + ix.dnsbl.manitu.net*2 + bl.spamcop.net*2 + bl.suomispam.net*2 + hostkarma.junkemailfilter.com=127.0.0.2*3 + hostkarma.junkemailfilter.com=127.0.0.4*2 + hostkarma.junkemailfilter.com=127.0.1.2*1 + backscatter.spameatingmonkey.net*2 + bl.ipv6.spameatingmonkey.net*2 + bl.spameatingmonkey.net*2 + b.barracudacentral.org=127.0.0.2*7 + bl.mailspike.net=127.0.0.2*5 + bl.mailspike.net=127.0.0.[10;11;12]*4 + zen.spamhaus.org=127.0.0.[10;11]*8 + zen.spamhaus.org=127.0.0.[4..7]*6 + zen.spamhaus.org=127.0.0.3*4 + zen.spamhaus.org=127.0.0.2*3 + +# User Overrides +myhostname = mail.cloud04.rvmgroup.it +smtp_address_preference = ipv4 +inet_protocols = ipv4 diff --git a/data/conf/rspamd/local.d/greylist.conf b/data/conf/rspamd/local.d/greylist.conf index c43c907f..6b2ed8b8 100644 --- a/data/conf/rspamd/local.d/greylist.conf +++ b/data/conf/rspamd/local.d/greylist.conf @@ -2,3 +2,4 @@ whitelisted_ip = "http://nginx:8081/forwardinghosts.php"; ipv4_mask = 24; ipv6_mask = 64; message = "Greylisted, please try again later"; +enabled = false; diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf index 27110c04..90c16ee0 100644 --- a/data/conf/unbound/unbound.conf +++ b/data/conf/unbound/unbound.conf @@ -4,7 +4,7 @@ server: interface: ::0 logfile: /dev/console do-ip4: yes - do-ip6: yes + do-ip6: no do-udp: yes do-tcp: yes do-daemonize: no diff --git a/docker-compose.yml b/docker-compose.yml index b0324521..9c430117 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -649,12 +649,12 @@ networks: driver: bridge driver_opts: com.docker.network.bridge.name: br-mailcow - enable_ipv6: true + enable_ipv6: false ipam: driver: default config: - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 - - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} + #- subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} volumes: vmail-vol-1:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 126K 245M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */ 1900K 210M f2b-sshd 6 -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 763K 310M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */ 763K 310M DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0 763K 310M DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0 3555 9352K ACCEPT 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 33 1644 DOCKER 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 3555 351K ACCEPT 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 89987 42M ACCEPT 0 -- * br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 28 1392 DOCKER 0 -- * br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 84376 10M ACCEPT 0 -- br-de105bd8ebbc !br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-892c9d952a41 br-892c9d952a41 0.0.0.0/0 0.0.0.0/0 20M 4963M ACCEPT 0 -- * br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 389K 23M DOCKER 0 -- * br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 23M 1527M ACCEPT 0 -- br-49d0fa9b4b80 !br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-49d0fa9b4b80 br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 422K 35M ACCEPT 0 -- * br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2867K 217M DOCKER 0 -- * br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 3198K 373M ACCEPT 0 -- br-dd829b1dba73 !br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-dd829b1dba73 br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 4050 75M ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 3820 232K ACCEPT 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 2780 241K ACCEPT 0 -- * br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 676 38156 DOCKER 0 -- * br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 3043 356K ACCEPT 0 -- br-91aa69d87f09 !br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-91aa69d87f09 br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 601 43859 ACCEPT 0 -- * br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 65 3632 DOCKER 0 -- * br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 717 984K ACCEPT 0 -- br-7522f6c56519 !br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-7522f6c56519 br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 51150 55M ACCEPT 0 -- * br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 1115 64336 DOCKER 0 -- * br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 49480 22M ACCEPT 0 -- br-67c58082f2cf !br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-67c58082f2cf br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 79M 23G ACCEPT 0 -- * br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3770K 188M DOCKER 0 -- * br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 82M 167G ACCEPT 0 -- br-48fe467ff6b9 !br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-48fe467ff6b9 br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 38640 3770K ACCEPT 0 -- * br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2038 114K DOCKER 0 -- * br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 38694 27M ACCEPT 0 -- br-ddd4df464c56 !br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-ddd4df464c56 br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 297K 243M ACCEPT 0 -- * br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 356 21052 DOCKER 0 -- * br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 287K 35M ACCEPT 0 -- br-e550ea429d8e !br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-e550ea429d8e br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 46089 19M ACCEPT 0 -- * br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 271 15788 DOCKER 0 -- * br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 46978 12M ACCEPT 0 -- br-cabf8d0e609f !br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-cabf8d0e609f br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 32733 2620K ACCEPT 0 -- * br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 3966 216K DOCKER 0 -- * br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 33513 46M ACCEPT 0 -- br-a661437bbf29 !br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- br-a661437bbf29 br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain DOCKER (13 references) pkts bytes target prot opt in out source destination 256 14956 ACCEPT 6 -- !br-67c58082f2cf br-67c58082f2cf 0.0.0.0/0 172.21.0.2 tcp dpt:80 676 38156 ACCEPT 6 -- !br-91aa69d87f09 br-91aa69d87f09 0.0.0.0/0 172.25.0.2 tcp dpt:80 3966 216K ACCEPT 6 -- !br-a661437bbf29 br-a661437bbf29 0.0.0.0/0 172.26.0.2 tcp dpt:9000 1654K 73M ACCEPT 6 -- !br-48fe467ff6b9 br-48fe467ff6b9 0.0.0.0/0 172.18.0.2 tcp dpt:80 0 0 ACCEPT 6 -- !br-48fe467ff6b9 br-48fe467ff6b9 0.0.0.0/0 172.18.0.2 tcp dpt:81 2116K 116M ACCEPT 6 -- !br-48fe467ff6b9 br-48fe467ff6b9 0.0.0.0/0 172.18.0.2 tcp dpt:443 2038 114K ACCEPT 6 -- !br-ddd4df464c56 br-ddd4df464c56 0.0.0.0/0 172.24.0.2 tcp dpt:443 65 3632 ACCEPT 6 -- !br-7522f6c56519 br-7522f6c56519 0.0.0.0/0 172.23.0.2 tcp dpt:80 859 49380 ACCEPT 6 -- !br-67c58082f2cf br-67c58082f2cf 0.0.0.0/0 172.21.0.4 tcp dpt:80 271 15788 ACCEPT 6 -- !br-cabf8d0e609f br-cabf8d0e609f 0.0.0.0/0 172.19.0.3 tcp dpt:80 356 21052 ACCEPT 6 -- !br-e550ea429d8e br-e550ea429d8e 0.0.0.0/0 172.22.0.3 tcp dpt:80 38904 2326K ACCEPT 6 -- !br-dd829b1dba73 br-dd829b1dba73 0.0.0.0/0 172.27.0.2 tcp dpt:53 2828K 215M ACCEPT 17 -- !br-dd829b1dba73 br-dd829b1dba73 0.0.0.0/0 172.27.0.2 udp dpt:53 6 252 ACCEPT 6 -- !br-dd829b1dba73 br-dd829b1dba73 0.0.0.0/0 172.27.0.2 tcp dpt:5380 389K 23M ACCEPT 6 -- !br-49d0fa9b4b80 br-49d0fa9b4b80 0.0.0.0/0 172.16.238.2 tcp dpt:10051 16 836 ACCEPT 6 -- !br-49d0fa9b4b80 br-49d0fa9b4b80 0.0.0.0/0 172.16.238.3 tcp dpt:8080 242 13240 ACCEPT 6 -- !br-49d0fa9b4b80 br-49d0fa9b4b80 0.0.0.0/0 172.16.238.3 tcp dpt:8443 4 172 ACCEPT 6 -- !br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 172.20.0.2 tcp dpt:8080 24 1220 ACCEPT 6 -- !br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 172.20.0.3 tcp dpt:6379 0 0 ACCEPT 6 -- !br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 172.20.0.4 tcp dpt:80 0 0 ACCEPT 6 -- !br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 172.20.0.6 tcp dpt:80 0 0 ACCEPT 6 -- !br-de105bd8ebbc br-de105bd8ebbc 0.0.0.0/0 172.20.0.8 tcp dpt:80 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.249 tcp dpt:6379 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.5 tcp dpt:8983 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.6 tcp dpt:3306 2 100 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:110 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:143 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:993 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:995 2 104 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:4190 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.250 tcp dpt:12345 20 972 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.253 tcp dpt:25 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.253 tcp dpt:465 9 468 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.253 tcp dpt:587 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.13 tcp dpt:4123 0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.16.1.13 tcp dpt:8123 Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 3555 351K DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0 84376 10M DOCKER-ISOLATION-STAGE-2 0 -- br-de105bd8ebbc !br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-892c9d952a41 !172.16.239.0/24 0.0.0.0/0 0 0 DROP 0 -- br-892c9d952a41 * 0.0.0.0/0 !172.16.239.0/24 23M 1527M DOCKER-ISOLATION-STAGE-2 0 -- br-49d0fa9b4b80 !br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 3198K 373M DOCKER-ISOLATION-STAGE-2 0 -- br-dd829b1dba73 !br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 3820 232K DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 3043 356K DOCKER-ISOLATION-STAGE-2 0 -- br-91aa69d87f09 !br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 717 984K DOCKER-ISOLATION-STAGE-2 0 -- br-7522f6c56519 !br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 49480 22M DOCKER-ISOLATION-STAGE-2 0 -- br-67c58082f2cf !br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 82M 167G DOCKER-ISOLATION-STAGE-2 0 -- br-48fe467ff6b9 !br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 38694 27M DOCKER-ISOLATION-STAGE-2 0 -- br-ddd4df464c56 !br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 287K 35M DOCKER-ISOLATION-STAGE-2 0 -- br-e550ea429d8e !br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 46978 12M DOCKER-ISOLATION-STAGE-2 0 -- br-cabf8d0e609f !br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 33513 46M DOCKER-ISOLATION-STAGE-2 0 -- br-a661437bbf29 !br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 1181M 346G RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (13 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-de105bd8ebbc 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-49d0fa9b4b80 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-dd829b1dba73 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-91aa69d87f09 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-7522f6c56519 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-67c58082f2cf 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-48fe467ff6b9 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-ddd4df464c56 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-e550ea429d8e 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-cabf8d0e609f 0.0.0.0/0 0.0.0.0/0 0 0 DROP 0 -- * br-a661437bbf29 0.0.0.0/0 0.0.0.0/0 614M 204G RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 1181M 346G RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 Chain MAILCOW (2 references) pkts bytes target prot opt in out source destination 0 0 DROP 6 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 /* mailcow isolation */ Chain f2b-sshd (1 references) pkts bytes target prot opt in out source destination 21 1208 REJECT 0 -- * * 77.91.100.124 0.0.0.0/0 reject-with icmp-port-unreachable 20 1152 REJECT 0 -- * * 159.65.245.126 0.0.0.0/0 reject-with icmp-port-unreachable 1 60 REJECT 0 -- * * 89.39.121.161 0.0.0.0/0 reject-with icmp-port-unreachable 1413K 177M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */ 0 0 DOCKER-USER 0 -- * * ::/0 ::/0 0 0 DOCKER 0 -- * br-mailcow ::/0 ::/0 0 0 ACCEPT 0 -- * br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT 0 -- br-mailcow !br-mailcow ::/0 ::/0 0 0 ACCEPT 0 -- br-mailcow br-mailcow ::/0 ::/0 452 124K DOCKER-ISOLATION-STAGE-1 0 -- * * ::/0 ::/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain DOCKER (1 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 0 0 DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow ::/0 ::/0 0 0 DOCKER-ISOLATION-STAGE-2 0 -- br-de105bd8ebbc !br-de105bd8ebbc ::/0 ::/0 0 0 DOCKER-ISOLATION-STAGE-2 0 -- br-49d0fa9b4b80 !br-49d0fa9b4b80 ::/0 ::/0 0 0 RETURN 0 -- * * ::/0 ::/0 Chain DOCKER-ISOLATION-STAGE-2 (3 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * br-mailcow ::/0 ::/0 0 0 DROP 0 -- * br-de105bd8ebbc ::/0 ::/0 0 0 DROP 0 -- * br-49d0fa9b4b80 ::/0 ::/0 0 0 RETURN 0 -- * * ::/0 ::/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 21643 5645K RETURN 0 -- * * ::/0 ::/0 Chain MAILCOW (1 references) pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 33M 2001M DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 785K 47M DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1740 136K MASQUERADE 0 -- * !br-mailcow 172.16.1.0/24 0.0.0.0/0 38418 2366K MASQUERADE 0 -- * !br-de105bd8ebbc 172.20.0.0/16 0.0.0.0/0 7624K 483M MASQUERADE 0 -- * !br-49d0fa9b4b80 172.16.238.0/24 0.0.0.0/0 11397 833K MASQUERADE 0 -- * !br-dd829b1dba73 172.27.0.0/16 0.0.0.0/0 80 5138 MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE 0 -- * !br-91aa69d87f09 172.25.0.0/16 0.0.0.0/0 9 596 MASQUERADE 0 -- * !br-7522f6c56519 172.23.0.0/16 0.0.0.0/0 16827 1038K MASQUERADE 0 -- * !br-67c58082f2cf 172.21.0.0/16 0.0.0.0/0 17875 1243K MASQUERADE 0 -- * !br-48fe467ff6b9 172.18.0.0/16 0.0.0.0/0 21091 1455K MASQUERADE 0 -- * !br-ddd4df464c56 172.24.0.0/16 0.0.0.0/0 143K 10M MASQUERADE 0 -- * !br-e550ea429d8e 172.22.0.0/16 0.0.0.0/0 22403 1422K MASQUERADE 0 -- * !br-cabf8d0e609f 172.19.0.0/16 0.0.0.0/0 60 4214 MASQUERADE 0 -- * !br-a661437bbf29 172.26.0.0/16 0.0.0.0/0 0 0 MASQUERADE 6 -- * * 172.25.0.2 172.25.0.2 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.21.0.2 172.21.0.2 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.26.0.2 172.26.0.2 tcp dpt:9000 0 0 MASQUERADE 6 -- * * 172.18.0.2 172.18.0.2 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.18.0.2 172.18.0.2 tcp dpt:81 0 0 MASQUERADE 6 -- * * 172.18.0.2 172.18.0.2 tcp dpt:443 0 0 MASQUERADE 6 -- * * 172.24.0.2 172.24.0.2 tcp dpt:443 0 0 MASQUERADE 6 -- * * 172.23.0.2 172.23.0.2 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.21.0.4 172.21.0.4 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.19.0.3 172.19.0.3 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.22.0.3 172.22.0.3 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.27.0.2 172.27.0.2 tcp dpt:53 0 0 MASQUERADE 17 -- * * 172.27.0.2 172.27.0.2 udp dpt:53 0 0 MASQUERADE 6 -- * * 172.27.0.2 172.27.0.2 tcp dpt:5380 0 0 MASQUERADE 6 -- * * 172.16.238.2 172.16.238.2 tcp dpt:10051 0 0 MASQUERADE 6 -- * * 172.16.238.3 172.16.238.3 tcp dpt:8080 0 0 MASQUERADE 6 -- * * 172.16.238.3 172.16.238.3 tcp dpt:8443 0 0 MASQUERADE 6 -- * * 172.20.0.2 172.20.0.2 tcp dpt:8080 0 0 MASQUERADE 6 -- * * 172.20.0.3 172.20.0.3 tcp dpt:6379 0 0 MASQUERADE 6 -- * * 172.20.0.4 172.20.0.4 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.20.0.6 172.20.0.6 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.20.0.8 172.20.0.8 tcp dpt:80 0 0 MASQUERADE 6 -- * * 172.16.1.249 172.16.1.249 tcp dpt:6379 0 0 MASQUERADE 6 -- * * 172.16.1.5 172.16.1.5 tcp dpt:8983 0 0 MASQUERADE 6 -- * * 172.16.1.6 172.16.1.6 tcp dpt:3306 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:110 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:143 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:993 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:995 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:4190 0 0 MASQUERADE 6 -- * * 172.16.1.250 172.16.1.250 tcp dpt:12345 0 0 MASQUERADE 6 -- * * 172.16.1.253 172.16.1.253 tcp dpt:25 0 0 MASQUERADE 6 -- * * 172.16.1.253 172.16.1.253 tcp dpt:465 0 0 MASQUERADE 6 -- * * 172.16.1.253 172.16.1.253 tcp dpt:587 0 0 MASQUERADE 6 -- * * 172.16.1.13 172.16.1.13 tcp dpt:4123 0 0 MASQUERADE 6 -- * * 172.16.1.13 172.16.1.13 tcp dpt:8123 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 3 226 RETURN 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0 11564 694K RETURN 0 -- br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 482K 29M RETURN 0 -- br-49d0fa9b4b80 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- br-dd829b1dba73 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- br-91aa69d87f09 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- br-7522f6c56519 * 0.0.0.0/0 0.0.0.0/0 3928 236K RETURN 0 -- br-67c58082f2cf * 0.0.0.0/0 0.0.0.0/0 4718K 283M RETURN 0 -- br-48fe467ff6b9 * 0.0.0.0/0 0.0.0.0/0 10536 632K RETURN 0 -- br-ddd4df464c56 * 0.0.0.0/0 0.0.0.0/0 49703 2982K RETURN 0 -- br-e550ea429d8e * 0.0.0.0/0 0.0.0.0/0 7541 452K RETURN 0 -- br-cabf8d0e609f * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- br-a661437bbf29 * 0.0.0.0/0 0.0.0.0/0 676 38156 DNAT 6 -- !br-91aa69d87f09 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8999 to:172.25.0.2:80 256 14956 DNAT 6 -- !br-67c58082f2cf * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8912 to:172.21.0.2:80 3966 216K DNAT 6 -- !br-a661437bbf29 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9000 to:172.26.0.2:9000 1654K 73M DNAT 6 -- !br-48fe467ff6b9 * 0.0.0.0/0 195.231.80.215 tcp dpt:80 to:172.18.0.2:80 0 0 DNAT 6 -- !br-48fe467ff6b9 * 0.0.0.0/0 192.168.44.254 tcp dpt:81 to:172.18.0.2:81 2120K 116M DNAT 6 -- !br-48fe467ff6b9 * 0.0.0.0/0 195.231.80.215 tcp dpt:443 to:172.18.0.2:443 2038 114K DNAT 6 -- !br-ddd4df464c56 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8086 to:172.24.0.2:443 65 3632 DNAT 6 -- !br-7522f6c56519 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8913 to:172.23.0.2:80 859 49380 DNAT 6 -- !br-67c58082f2cf * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8908 to:172.21.0.4:80 271 15788 DNAT 6 -- !br-cabf8d0e609f * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8902 to:172.19.0.3:80 356 21052 DNAT 6 -- !br-e550ea429d8e * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8906 to:172.22.0.3:80 38931 2328K DNAT 6 -- !br-dd829b1dba73 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 to:172.27.0.2:53 2827K 215M DNAT 17 -- !br-dd829b1dba73 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 to:172.27.0.2:53 6 252 DNAT 6 -- !br-dd829b1dba73 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5380 to:172.27.0.2:5380 424K 25M DNAT 6 -- !br-49d0fa9b4b80 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10051 to:172.16.238.2:10051 16 836 DNAT 6 -- !br-49d0fa9b4b80 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8881 to:172.16.238.3:8080 242 13240 DNAT 6 -- !br-49d0fa9b4b80 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:172.16.238.3:8443 4 172 DNAT 6 -- !br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8918 to:172.20.0.2:8080 24 1220 DNAT 6 -- !br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6379 to:172.20.0.3:6379 0 0 DNAT 6 -- !br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8916 to:172.20.0.4:80 0 0 DNAT 6 -- !br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8914 to:172.20.0.6:80 0 0 DNAT 6 -- !br-de105bd8ebbc * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8915 to:172.20.0.8:80 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.16.1.249:6379 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.16.1.5:8983 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.16.1.6:3306 2 100 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.16.1.250:110 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.16.1.250:143 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.16.1.250:993 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.16.1.250:995 2 104 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.16.1.250:4190 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.16.1.250:12345 28 1456 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.16.1.253:25 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.16.1.253:465 9 468 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.16.1.253:587 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 192.168.44.254 tcp dpt:4123 to:172.16.1.13:4123 0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 192.168.44.254 tcp dpt:8123 to:172.16.1.13:8123
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1184 79676 DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE 0 -- * !br-mailcow fd4d:6169:6c64:6f77::/64 ::/0 0 0 MASQUERADE 0 -- * br-mailcow ::/0 ::/0 ADDRTYPE match dst-type LOCAL 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::2 fd4d:6169:6c63:6f77::2 tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::2 fd4d:6169:6c63:6f77::2 tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::2 fd4d:6169:6c63:6f77::2 tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::b fd4d:6169:6c63:6f77::b tcp dpt:110 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::b fd4d:6169:6c63:6f77::b tcp dpt:143 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::b fd4d:6169:6c63:6f77::b tcp dpt:993 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::b fd4d:6169:6c63:6f77::b tcp dpt:995 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::b fd4d:6169:6c63:6f77::b tcp dpt:4190 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::c fd4d:6169:6c64:6f77::c tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::c fd4d:6169:6c64:6f77::c tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::c fd4d:6169:6c64:6f77::c tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::e fd4d:6169:6c64:6f77::e tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::e fd4d:6169:6c64:6f77::e tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::e fd4d:6169:6c64:6f77::e tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::f fd4d:6169:6c64:6f77::f tcp dpt:25 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::f fd4d:6169:6c64:6f77::f tcp dpt:465 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::f fd4d:6169:6c64:6f77::f tcp dpt:587 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::b fd4d:6169:6c64:6f77::b tcp dpt:110 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::b fd4d:6169:6c64:6f77::b tcp dpt:143 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::b fd4d:6169:6c64:6f77::b tcp dpt:993 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::b fd4d:6169:6c64:6f77::b tcp dpt:995 0 0 MASQUERADE 6 -- * * fd4d:6169:6c64:6f77::b fd4d:6169:6c64:6f77::b tcp dpt:4190 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN 0 -- br-mailcow * ::/0 ::/0
104.18.32.7 172.64.155.249
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Contribution guidelines
I've found a bug and checked that ...
Description
Messages received as secondary MX are flagged as spam, becasue of this rule:
This is not an IP of any container.
I only have
Logs:
Steps to reproduce:
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
docker debian bookworm
Server/VM specifications:
32GB RAM
Is Apparmor, SELinux or similar active?
Apparmor
Virtualization technology:
openstack
Docker version:
Docker version 27.3.1, build ce12230
docker-compose version or docker compose version:
Docker Compose version v2.29.7
mailcow version:
2024-11b
Reverse proxy:
Nginx Proxy Manager
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check:
The text was updated successfully, but these errors were encountered: