Rspamd rejecting all emails. HFILTER_HOSTNAME_UNKNOWN

[Coolicky]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hi.

Been using mailcow for almost a year now. No issues until now. 
Up until 24'th emails were received without a hitch

Example rspamd symbols from 24/04/2024
--------------------------------------
Symbols LONG_SUBJ (2.0475) [273]
MID_RHS_NOT_FQDN (0.5)
MV_CASE (0.5)
FORGED_SENDER (0.3) [[email protected], [email protected]]
MIME_HTML_ONLY (0.2)
MISSING_XM_UA (0)
FROM_NEQ_ENVFROM (0) [[email protected], [email protected]]
RCVD_TLS_LAST (0)
RCVD_COUNT_TWO (0) [2]
TO_MATCH_ENVRCPT_SOME (0)
RCPT_MAILCOW_DOMAIN (0) [domain.com]
TO_DN_NONE (0)
ARC_NA (0)
FROM_NO_DN (0)
BCC (0)
RCPT_COUNT_THREE (0) [4]
MIME_TRACE (0) [0:~]
TAGGED_FROM (0) [32458061-2794-name=domain.com]

Then the next day the same email basically

Example rspamd symbols from 25/04/2024
--------------------------------------
HFILTER_HOSTNAME_UNKNOWN (8.5)
FORGED_W_BAD_POLICY (3)
BAD_REP_POLICIES (2)
LONG_SUBJ (1.59) [212]
URIBL_GREY (1.5) [sendgrid.net:dkim]
RDNS_NONE (1)
MID_RHS_NOT_FQDN (0.5)
MV_CASE (0.5)
MIME_HTML_ONLY (0.2)
DMARC_POLICY_SOFTFAIL (0.1) [sender.com : No valid SPF, DKIM not aligned (relaxed), none]
R_SPF_SOFTFAIL (0.1) [~all]
MX_GOOD (-0.01) []
MISSING_XM_UA (0)
ARC_SIGNED (0) [domain.com:s=dkim:i=1]
RCVD_TLS_LAST (0)
TO_DN_NONE (0)
RCVD_COUNT_TWO (0) [2]
TO_MATCH_ENVRCPT_SOME (0)
RCPT_MAILCOW_DOMAIN (0) [domain.com]
FROM_NEQ_ENVFROM (0) [[email protected], [email protected]]
ARC_NA (0)
MIME_TRACE (0) [0:~]
FROM_NO_DN (0)
BCC (0)
RCPT_COUNT_THREE (0) [4]
R_DKIM_ALLOW (0) [sendgrid.net:s=smtpapi]
FORGED_SENDER (0) [[email protected], [email protected]]
TAGGED_FROM (0) [32458061-2794-name=domain.com]
DKIM_TRACE (0) [sendgrid.net:+]


From that day onward all external emails are rejected.
All have the HFILTER_HOSTNAME_UNKNOWN

Additionally since the 26/04/2024
I am seeing the symbol
IP_REPUTATION_SPAM (4) [ip: 192.168.178.20(1.00)]
Where the IP is the reverse proxy IP within the internal network.

The change coinsides with the apt update i've done which to my knowledge updated docker to v26 and updated mailcow to latest version (i think)

Logs:

2024-05-03 21:31:21 #1(main) <742c78>; main; rspamd_fork_worker: prepare to fork process hs_helper (0), no bind socket
2024-05-03 21:31:21 #47(controller) <742c78>; main; rspamd_worker_set_limits: use system max file descriptors limit: 1024KiB cur and 1024KiB max
2024-05-03 21:31:21 #47(controller) <742c78>; main; rspamd_worker_set_limits: use system max core size limit: -1B cur and -1B max
2024-05-03 21:31:21 #47(controller) <abjnmq>; controller; rspamd_controller_password_sane: your normal password is not encrypted, we strongly recommend to replace it with the encrypted one
2024-05-03 21:31:21 #45(fuzzy) <742c78>; main; rspamd_worker_set_limits: use system max file descriptors limit: 1024KiB cur and 1024KiB max
2024-05-03 21:31:21 #45(fuzzy) <742c78>; main; rspamd_worker_set_limits: use system max core size limit: -1B cur and -1B max
2024-05-03 21:31:21 #1(main) <742c78>; main; main: listening for control commands on /var/lib/rspamd/rspamd.sock
2024-05-03 21:31:21 #46(rspamd_proxy) <742c78>; main; rspamd_worker_set_limits: use system max file descriptors limit: 1024KiB cur and 1024KiB max
2024-05-03 21:31:21 #46(rspamd_proxy) <742c78>; main; rspamd_worker_set_limits: use system max core size limit: -1B cur and -1B max
2024-05-03 21:31:21 #49(hs_helper) <742c78>; main; rspamd_worker_set_limits: use system max file descriptors limit: 1024KiB cur and 1024KiB max
2024-05-03 21:31:21 #49(hs_helper) <742c78>; main; rspamd_worker_set_limits: use system max core size limit: -1B cur and -1B max
2024-05-03 21:31:21 #48(normal) <742c78>; main; rspamd_worker_set_limits: use system max file descriptors limit: 1024KiB cur and 1024KiB max
2024-05-03 21:31:21 #48(normal) <742c78>; main; rspamd_worker_set_limits: use system max core size limit: -1B cur and -1B max
2024-05-03 21:31:29 #1(main) <742c78>; main; rspamd_srv_handler: received hyperscan cache loaded from /var/lib/rspamd/
2024-05-03 21:32:13 #47(controller) <27496b>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:33:05 #47(controller) <88918f>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:33:50 #47(controller) <fe2ffd>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:34:48 #47(controller) <aa066a>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:35:36 #47(controller) <ac2a22>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:36:23 #47(controller) <ec55d0>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:37:23 #47(controller) <4155a3>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:38:15 #47(controller) <1cdb6b>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:38:41 #47(controller) <5c5a83>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:39:26 #48(normal) <909930>; task; rspamd_task_write_log: id: <CAEDRqpOKg+rw46RTqrO6j_G=bewjq+QtPsQ-jX3-JNDMAJp7SQ@mail.gmail.com>, qid: <4B8D6167B11>, ip: 192.168.178.20, from: <[email protected]>, (default: T (reject): [17.86/15.00] [HFILTER_HOSTNAME_UNKNOWN(8.50){},IP_REPUTATION_SPAM(4.00){ip: 192.168.178.20(1.00);},BAYES_SPAM(2.87){94.56%;},BAD_REP_POLICIES(2.00){},RDNS_NONE(1.00){},DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){},MIME_GOOD(-0.10){multipart/related;multipart/alternative;text/plain;},ONCE_RECEIVED(0.10){},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){receiver.com:s=dkim:i=1;},BCC(0.00){},DKIM_TRACE(0.00){gmail.com:+;},DMARC_POLICY_ALLOW(0.00){gmail.com;none;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:+;3:~;4:~;5:~;},MISSING_XM_UA(0.00){},PREVIOUSLY_DELIVERED(0.00){[email protected];},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){receiver.com;},RCVD_COUNT_ONE(0.00){1;},RCVD_TLS_LAST(0.00){},R_DKIM_ALLOW(0.00){gmail.com:s=20230601;},R_SPF_SOFTFAIL(0.00){~all;},SUBJ_BOUNCE_WORDS(0.00){},TAGGED_FROM(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 19521, time: 11263.399ms, dns req: 45, digest: <984ab0a7ce9ca3e8b710a27024804c0a>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>
2024-05-03 21:39:26 #48(normal) <909930>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 3463 regexps total, 3193 regexps cached, 0B scanned using pcre, 6.78KiB scanned total
2024-05-03 21:39:27 #47(controller) <01732b>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:40:09 #47(controller) <cdd45f>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:40:49 #47(controller) <897e14>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:41:13 #47(controller) <224bab>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:41:47 #47(controller) <4f7fc6>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:42:43 #47(controller) <5fd7d4>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:43:05 #47(controller) <870f47>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:44:13 #47(controller) <d9dff1>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:44:54 #47(controller) <ace9d5>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:46:01 #47(controller) <ccb9f3>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:46:59 #47(controller) <b5ccf4>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:47:55 #47(controller) <f7b1e8>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:48:16 #47(controller) <2f6139>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:49:20 #47(controller) <b86ff1>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:50:07 #47(controller) <8b70a8>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:50:46 #47(controller) <b795f8>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:51:45 #47(controller) <ff396d>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:52:11 #47(controller) <f6d14f>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:53:01 #47(controller) <8bb2ad>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:53:57 #47(controller) <05fb05>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:54:22 #47(controller) <21e489>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:54:50 #47(controller) <f23876>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:55:43 #47(controller) <3b4013>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:56:56 #47(controller) <0d3796>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:57:35 #47(controller) <e3ec18>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:58:17 #47(controller) <6d5150>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:58:44 #47(controller) <6815fb>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 21:59:07 #47(controller) <a29b59>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:00:04 #47(controller) <697968>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:00:24 #47(controller) <abjnmq>; cfg; rspamd_config_action_from_ucl: action rewrite subject has no threshold being set and it is not a no threshold action
2024-05-03 22:00:24 #48(normal) json_config_fin_cb: loaded json is not an array
2024-05-03 22:00:24 #48(normal) <abjnmq>; cfg; rspamd_config_action_from_ucl: action rewrite subject has no threshold being set and it is not a no threshold action
2024-05-03 22:00:24 #47(controller) <abjnmq>; cfg; rspamd_config_action_from_ucl: action rewrite subject has no threshold being set and it is not a no threshold action
2024-05-03 22:01:05 #47(controller) <109a7c>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:02:12 #47(controller) <a141a8>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:03:22 #47(controller) <1aed36>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:03:50 #47(controller) <5c9a0d>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:04:35 #47(controller) <b24ff3>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:05:00 #47(controller) <cc1d46>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:05:14 #48(normal) <5430c7>; task; rspamd_task_write_log: id: <CAEDRqpMOmQarCiAyt-g9=qxhO5dt5M=UyqSMjeXhzt1TSUioSA@mail.gmail.com>, qid: <75DD5167B4E>, ip: 192.168.178.20, from: <[email protected]>, (default: F (soft reject): [13.29/15.00] [HFILTER_HOSTNAME_UNKNOWN(8.50){},IP_REPUTATION_SPAM(4.00){ip: 192.168.178.20(1.00);},RDNS_NONE(1.00){},DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){gmail.com:s=20230601;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ONCE_RECEIVED(0.10){},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){receiver.com:s=dkim:i=1;},DKIM_TRACE(0.00){gmail.com:+;},DMARC_POLICY_ALLOW(0.00){gmail.com;none;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},GREYLIST(0.00){greylisted;Fri, 03 May 2024 21:10:14 GMT;new record;},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},PREVIOUSLY_DELIVERED(0.00){[email protected];},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){receiver.com;},RCVD_COUNT_ONE(0.00){1;},RCVD_TLS_LAST(0.00){},R_SPF_SOFTFAIL(0.00){~all;},TAGGED_FROM(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2610, time: 1783.905ms, dns req: 26, digest: <239afbbeda4fde29b7b08907b6918fe0>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>, forced: soft reject "Greylisted, please try again later"; score=nan (set by greylist)
2024-05-03 22:05:14 #48(normal) <5430c7>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 3463 regexps total, 3193 regexps cached, 0B scanned using pcre, 1.02KiB scanned total
2024-05-03 22:05:54 #47(controller) <de509b>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:06:15 #47(controller) <a4fbea>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:06:47 #47(controller) <b4b689>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:08:06 #47(controller) <db7fc7>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:08:45 #47(controller) <6e86bd>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:09:57 #47(controller) <9f29d3>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:10:46 #47(controller) <e6d1db>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:10:46 #48(normal) <96f871>; task; rspamd_task_write_log: id: <CAEDRqpMOmQarCiAyt-g9=qxhO5dt5M=UyqSMjeXhzt1TSUioSA@mail.gmail.com>, qid: <3AA14167B4F>, ip: 192.168.178.20, from: <[email protected]>, (default: T (add header): [13.29/15.00] [HFILTER_HOSTNAME_UNKNOWN(8.50){},IP_REPUTATION_SPAM(4.00){ip: 192.168.178.20(1.00);},RDNS_NONE(1.00){},DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50){},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){gmail.com:s=20230601;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ONCE_RECEIVED(0.10){},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){receiver.com:s=dkim:i=1;},BCC(0.00){},DKIM_TRACE(0.00){gmail.com:+;},DMARC_POLICY_ALLOW(0.00){gmail.com;none;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},GREYLIST(0.00){pass;body;},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},MISSING_XM_UA(0.00){},PREVIOUSLY_DELIVERED(0.00){[email protected];},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){receiver.com;},RCVD_COUNT_ONE(0.00){1;},RCVD_TLS_LAST(0.00){},R_SPF_SOFTFAIL(0.00){~all;},TAGGED_FROM(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2612, time: 594.255ms, dns req: 31, digest: <239afbbeda4fde29b7b08907b6918fe0>, rcpts: <[email protected]>, mime_rcpts: <[email protected]>
2024-05-03 22:10:46 #48(normal) <96f871>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 3463 regexps total, 3193 regexps cached, 0B scanned using pcre, 1.02KiB scanned total
2024-05-03 22:11:29 #47(controller) <854905>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:12:27 #47(controller) <c27691>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:13:02 #47(controller) <38ff82>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:14:21 #47(controller) <8f34bd>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:14:48 #47(controller) <5eb4e4>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:15:44 #47(controller) <a83926>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:16:13 #47(controller) <8270e2>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:17:23 #47(controller) <87df27>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:17:57 #47(controller) <320b78>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:18:25 #47(controller) <9cbaa5>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:19:31 #47(controller) <769710>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:20:30 #47(controller) <50f0b8>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:20:53 #47(controller) <78f237>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:21:51 #47(controller) <cd7eda>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:23:00 #47(controller) <709553>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:24:05 #47(controller) <06b207>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:25:13 #47(controller) <8628ec>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:26:10 #47(controller) <d0d2fa>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:27:12 #47(controller) <e97a00>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:27:37 #47(controller) <0964a9>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:28:19 #47(controller) <75386c>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:29:22 #47(controller) <40ec9b>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:30:27 #47(controller) <70ef61>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:31:40 #47(controller) <a50dfa>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total
2024-05-03 22:32:53 #47(controller) <253da7>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3463 regexps total, 2545 regexps cached, 0B scanned using pcre, 102B scanned total

Steps to reproduce:

Sending any email from external source (not from mailcow to another alias).

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12 bookworm

Server/VM specifications:

10Gb memory. 1 x 1.7GHz core

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

Proxmox KVM

Docker version:

26.1.1

docker-compose version or docker compose version:

v2.27.0

mailcow version:

2024-04

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..797196e1 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFuzCCA6OgAwIBAgIUXU0nr62Oxkgei3RCife1KHuCKbswDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEaMBgGA1UEAwwR
+bWFpbC5jb29saWNreS5jb20wHhcNMjMwOTI0MTIzNjAyWhcNMjQwOTIzMTIzNjAy
+WjBtMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdXaWxsaWNo
+MRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MRowGAYDVQQDDBFt
+YWlsLmNvb2xpY2t5LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ALR1byIOT3t6Tl5Asy9FeLXUiszFDqliUu9F/3vL1kYVwV+kSopka3OZReT46xid
+SmAUfFmlJpYJiqnDs3dI01z1nWBI2dhEUTOaqtDPDNRwuJ9hkJGhWCBdGr1wL6J5
+VXzD3JVkDmUXHTLZgjGo0S7X+pgjT9CoqtdvtgVtQpvj3jjyyk/AvWp7y6lwNJNc
+XsDy8oAA8Ljt//K6Pp6F8HiTqKmuzdMwkLSK/5ssqjCTZNnzmbcfrghGUWn9ACpS
+JN928KiEj99Xk8W4qkScg962jTlDJ0Dy/jUtiJbb+0u9rzJGm0JkLZx2uhXa0fS+
+RUQkR/rtw10AgaEh8wF3YB/UwMF47p6RmQz0PvFQbmr5axjYimiTlP26Uc7BQCsk
+lWBixZwG6U3Vgb/Cc0kEorpprBt9vgPgScYr5sZUfxUxpnwrwo4SbcqulwBXmRSb
+Q02sSVzA5xCeA3kWI0Ljcbv4tCRLNiKHpJU3sbHb0R6ZSyni9NhOzFleOiU8q2SF
+GWOAaDiEBOlH3XsAgnvSOeIYUFqQI+KYZ357VgUbUXmH2tLTxinJaS6TmLoNFDlM
+8GY/Lok9a4LW+zfcyR8gBuRSPD5g7ZMAJJMbgkKus8St3ZgphXV7gDgqne4+aXRA
+teFn/27NGtdqcuuoOY7vPyjaBjp2QDYs1ZAywuOs2//fAgMBAAGjUzBRMB0GA1Ud
+DgQWBBT9q8XxYG+AaBA9PVyqfA6QswGxETAfBgNVHSMEGDAWgBT9q8XxYG+AaBA9
+PVyqfA6QswGxETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBa
+3RKPOm2BfOGEtE4NA6Rxk44I0f5Mv93K05AZC7Iz3jBHcKQv90ud1QWwZI20T3zG
+iBPlhYoBkNgEMIsjZzrUcBQvfZ5ajE2LAE55Saonb4AU2ZKhtzfkBWPv53rU8K4x
+0E4C7xSKVJZgrEdJOg3KFIfGuLjRVMwgcTRth/Bb0pBbO+l6x5lP0Qin1SYQWPUT
+dV3OfEWyiz6zmXOODu9UUMk9d6qeEM3o/l7X/Y5SoTLkOf2iL7EAgR9WBRnll3pu
+B6PzQDqGkga28NfQn7xCeoV5LV8N1JKBpbf7q0IKhS/8HlVdIRjJVr4iwKdcZSEL
+JSOkCEiin9Ad29cEeKgNi8LmUm9I0ZQIncFssb/h/LCc917RJNr0A4/jUAhhCTXW
+ZZajBDg1T4/oErHHWhR9fjRBzK0hKPpa5DGLrKM4QoHkcKY15d+MrNC7mzA6Bw+g
+mUOs73EDRmdcxEJJRUfB15T/LFIVwqtqfdJNwKkFh8QO5666qs0HA6GyqTRZYSIR
+wPyGJ+kfafTedzHAwXO0VfmYI3zDuC3J5fb7/cZLrUZGCLB9xsIee4azCMIuF+UZ
+bMgOlvVxeyt6Vjteb/xPCu03sZA9BISNBJZQFnGK9CvbjdtEmmYckJX8rjNud6+D
+JVpEgn2kXfZdbwZXJHxkn8S0BM5yrZaK6SrGr8P7yw==
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..8da699eb 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC0dW8iDk97ek5e
+QLMvRXi11IrMxQ6pYlLvRf97y9ZGFcFfpEqKZGtzmUXk+OsYnUpgFHxZpSaWCYqp
+w7N3SNNc9Z1gSNnYRFEzmqrQzwzUcLifYZCRoVggXRq9cC+ieVV8w9yVZA5lFx0y
+2YIxqNEu1/qYI0/QqKrXb7YFbUKb49448spPwL1qe8upcDSTXF7A8vKAAPC47f/y
+uj6ehfB4k6iprs3TMJC0iv+bLKowk2TZ85m3H64IRlFp/QAqUiTfdvCohI/fV5PF
+uKpEnIPeto05QydA8v41LYiW2/tLva8yRptCZC2cdroV2tH0vkVEJEf67cNdAIGh
+IfMBd2Af1MDBeO6ekZkM9D7xUG5q+WsY2Ipok5T9ulHOwUArJJVgYsWcBulN1YG/
+wnNJBKK6aawbfb4D4EnGK+bGVH8VMaZ8K8KOEm3KrpcAV5kUm0NNrElcwOcQngN5
+FiNC43G7+LQkSzYih6SVN7Gx29EemUsp4vTYTsxZXjolPKtkhRljgGg4hATpR917
+AIJ70jniGFBakCPimGd+e1YFG1F5h9rS08YpyWkuk5i6DRQ5TPBmPy6JPWuC1vs3
+3MkfIAbkUjw+YO2TACSTG4JCrrPErd2YKYV1e4A4Kp3uPml0QLXhZ/9uzRrXanLr
+qDmO7z8o2gY6dkA2LNWQMsLjrNv/3wIDAQABAoICAC4TjAgwijfXbzoeoAHSZbNb
+rQMCz68NJWrlvwl/btsfQ+wlOUkjwdHW0WNY8UIsKyjkIioLgpItpoOZLfInnJww
+NHo4r7LKIsef1ryRGVAG5gT/9tdQUH2W+DRleCwuedbs9Z4JWamTIMfyhI0kcyDY
+UapV3dPDtTdj1SCGmMrQAFYfG+wIJPUS3doKBcqYe7MddTCczNoTHtZ9mm6EeXV4
+EkkdEn25eUE3+nLHET9s6wPBcL6yro97UN9Uk526sqKCLomAq3GV3WvPLl5tbjhH
++UAlNtkdEi5GzYjja0MYECswnwTxKjo4kGPzJsesa2guMVjPK6JL9k1Lq031Cow3
+VB0G/66iB+CNu/d30V0HAuAhMWYxSlF23Oe1H4GKiGaIus1hS3vHwtPf5MWTfR+A
+8j5kJvUyRTI/4Hng81Ryrhwa2yvhSF85y3WtMEAnumzwEuSblGhxqyVut5kB+RAm
+JbAAzIiW7fWN+FFcHWBnuugStM67fF/zmaBIMTyszxvp0kLK57ToVRaQeDXnwdms
+XcudzptLuv7L/CBfwbztL1eWXF6BCAszGjoxyimQNmTtxuOaXIzn0Gv8X5/piJOe
+xyU6LO7F0hRBaD3l0/J5NJQIyO8y53mRCyzU44fX5OiSBWpH+Ac5aKFPqpl3oaWr
+uNpn0cBRMNpWIe4OFh6xAoIBAQD2HMfqPc0K0TxOwZf+czKmniqg16lizn/y+OT5
+gfkwjXn1JZyXl6Q9eyiFaTZ/+3jsh6GnXY4wUGdw0JU8CVBVsMtGPTonK5NWGtH4
+bBndsG6pyQTr4kWrfLJp8IHFdZ5CPtR6Rq8Gdamf6Aeoi+Jqzq7XDS8RNEGu2kJn
+LDhu9s+ge/j5oGVKmbn8unWD2s3HJpSEtQ4gVFvPjwmfIGSyDpHk1lyHZVD8CuC6
+ncuAMQU2ppPLsbFmVgAZJGPotb8YI3zC3lNRSVLXfLRjr+qJbG4xyXq4cDrFglhB
+18GwdlBuw/dMVbwzJgm3tJ6Nkh4tihTYQTt0JbOJT0Xs9MBxAoIBAQC7tWrhZFqR
+jPW2n7LtgJqK7sjH3VkCB7iLsyqhfENY41u2nguoL6j6aOPjkhH2o/tlod+yisFS
+CMxl6HHk5IpZcDqVv9lkjNfHsh/nllYFL3scDXxVyYh3RYC4viEZjBEeZGOgzC6N
+3Xhy3czr7eElM+4HifsRkB1/uchiqDpptwRd46gBQWpqwdbiILSHFlXYcxujmPnm
+Ue2nYU1RxFAUkl/q6+cXVroqbg+5T1u/0iQDFHSt5pfbo59HLfqSsiy9pVAHFRYD
+ZilhDv+Cd6aReYlJvkJgnuEzAjUTiNYG4rBQXbFjIbitqRttZVpWI5YZnCB3bvDD
+TTdAzA//7O1PAoIBAEflRn1mSmTTlOOI6Gb7rhtAb0GHXsMvge8vyGwfDPWjDrKP
+pzwdn2wac07t2m7uvneSc6XZzbTNeDpbpIziR6aQvAEr17Yjo6nusdH5emDprppI
+z/g8pI+hINmT2cUeQ/okMpv51B119/RvqvUQ0DbVY/wMrOhAtMNonSdYoq+/yA2g
+ya3arlxppgxvR+8Z1y1LVu2hmpvVKPDsXyouI1xkpzgLawJelZbbcqTxfcZYC6bY
+aKqDoUg87VBq8gjENyvNCiA/JGXFnr62flf0xvYYR+ShcAk7N+AE4NVzOvDaz0pc
+Uvzous7SWNpimELRIaG6CbbW75BRhy4gi1Pad/ECggEAOLjNn2aP58PMzG7dxt9B
+1BHsIllE+FQU9EIj88B1KXsqz7halWwxh9oCY1ZUj09mPIP58R305TE7cuAW6rAV
+DonXakEbFENrQTEWawkG3XJHpWZ91/6aelBKYYkyv2GQGrsDUCfjOYNfTnav4et0
+SaWznBuZ/uipwVsGrqlfXWqsqyKMNjTqT3Bb2uE/LEMXldzS0VD80xiW1CmXD8pe
+2JiS246Fuou+neu8XKcadpCtyTB5QcOYyApdq0i9m260DmrSEBHTIRvSDT5W/7ng
+X712Ow5/SGs6aguUtl53LoV5+g8V93rNL80WOKyT68u9I+gF95FSt/GxbKc9fny+
+CQKCAQBJQHxn6f1D5LjYMFDfVGg41cPuhVDY0ID/mOhg/jCiY7i6g+S4Z2wLlah+
+mIrwJC6Gxz/99YZDG7hpcRxAn20HuACPaTiuwh49K6JNu0uQRip5gYvAVjOu/chw
+YxGYjqZWsPvsA/35CejtkD/ER5QeurhCGcBGdIg4FIOms+Mnl+nthi9LMck6WI8o
+i6Nmh0BWiXbCV9AeIXb+4emKZ5VCpXFe4Gsr9PWbsu0aKSp3hhZyEvo5hhs4QR32
+WT763zXacivDcOxMGHg0iSpcXtQNyxHle/T/7WYSq7h8BE/vtwS46mz1j8H/cpta
+MFDVTz8Z6xd9QKOCh6T1x3tFPjvO
+-----END PRIVATE KEY-----
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 572300db..658315e4 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -173,3 +173,36 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = mail.coolicky.com
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 3efd6a42..f8580761 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -609,36 +609,6 @@ services:
           aliases:
             - ofelia
 
-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-        - solr-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
98934   44M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 128K   56M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 128K   56M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  16M 5115M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
1546K   96M DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
2329K  450M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
1475K   92M ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
   12   720 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    6   360 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    1    60 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
  587 35220 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:8080
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
  135  8100 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
   12   720 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
17428 9901K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 128K   56M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
17428 9901K RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 103M   31G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
23681   34M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
36901   49M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
36901   49M DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0                
3496K 3466M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 571K   41M DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
 143K   14M ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 571K   41M ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:8443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:8080
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
 1565  149K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
36901   49M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
 1565  149K RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  21M   22G RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1087 65220 DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
 778K   59M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8443
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
   12   720 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    6   360 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    1    60 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
  587 35220 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443 to:172.22.1.8:8443
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.22.1.8:8080
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
  139  8340 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
   12   720 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1    80 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0                
 142K   14M MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:8443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::11  fd4d:6169:6c63:6f77::11  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  docker0 *       ::/0                 ::/0                
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:8443 to:[fd4d:6169:6c63:6f77::c]:8443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:8080 to:[fd4d:6169:6c63:6f77::c]:8080
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::11]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::11]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::11]:25

DNS check:

104.18.32.7
172.64.155.249

[jacksonwilliams]

Having the same issue. Ever since the last update all of my incoming external mail is getting rejected.
I would roll back to the last version if there were any instructions on how to on the website

[jacksonwilliams]

Following all of the steps here: https://docs.mailcow.email/post_installation/firststeps-disable_ipv6/
Specifically Step 5. has at least removed the "HFILTER_HOSTNAME_UNKNOWN" adding points and stopped every external email from getting rejected. Now everything just goes into Junk.

[MAGICCC]

We don't provide support here on GitHub
Either ask in our telegram channel or in our forum

[Coolicky]

Hi.

I'm not looking for support. It was very easy to update rspamd settings for emails to get through.
I found a potential problem in the way the mailcow and rspamd interacts with the docker engine.

Had a little time to test.

I was running 5:26.1.2-1~debian.12~bookworm docker version (docker-ce)

Downgraded to 5:25.0.5-1~debian.12~bookworm with no effect. The same issue persists.

Downgrading to 5:24.0.9-1~debian.12~bookworm seems to fixed the issue.
Seems like the following might be connected #5800 and #5859

If You want to label it upstream. Or close it if it's not specific to mailcow in general.

@jacksonwilliams in case you want to downgrade gist

[dragoangel]

Network is the issue, not container Version

[superstes]

Ran into this problem after upgrading from 2024-04 to 2024-08 with mailcow behind a mail-security-gateway.
If you want to disable this check (be sure) - you could do this:

• Set your rspamd admin password: https://<YOUR-DOMAIN>/admin
• Login to the rspamd webui: https://<YOUR-DOMAIN>/rspamd/#symbols
• Search for the symbol: HFILTER_HOSTNAME_UNKNOWN and lower its score

[dragoangel]

Ran into this problem after upgrading from 2024-04 to 2024-08 with mailcow behind a mail-security-gateway.
If you want to disable this check (be sure) - you could do this:

• Set your rspamd admin password: https://<YOUR-DOMAIN>/admin
• Login to the rspamd webui: https://<YOUR-DOMAIN>/rspamd/#symbols
• Search for the symbol: HFILTER_HOSTNAME_UNKNOWN and lower its score

Hi @superstes

You incorrectly using mail system, this is an issue.

Symbol you specifically see says that your mail gateway don't have Helo=A=PTR setup, but this only half of issues external mail gateway is creating as Mailcow doing everything correctly, by extra host you break spf as well as ip reputation and rbls checks as rspamd not aware about origin ip.

You or must set mailcow to be direct MX or need to configure rspamd external relay module property so it can parse orgin ip and hostname details from received header instead of that which provided by postfix's milter protocol.

Having extra mail gateway in front of mailcow in most cases is providing significantly worse filtration quality then not having it at all. My personal recommendation is to better take an eye on proper learning & configuration of existing rspamd then taking care about 2 independent spam filters one of which even not aware about mails could be rejected on the way - this is direct way to be a backscatters spreader which is very bad to be...

While rspamd not receiving properly all spam that it going to reject anyway because some spam would be rejected by first mta - it leaves without big portion of source to learn itself to better filter new spam that could be unknown to rbls and so on, so this greatly lowers it's detection quality.

More over rspamd that shipped into mailcow has a bunch of features like spamtraps, alias expansion, sogo address book auto whitelist, quarantine and so on that external spam system usually can't provide at all or at least in same useful way as it exists in Mailcow. I not speaking about rspamd itself even, in my personal opinion it's the best antispam open source solution that you can find today from terms of filtration quality, extensibility, flexibility and performance.

If you still want to use external antispam solution - another option is just add multimap prefilter in rspamd that will instantly accept any incoming mail from your's gateway ip, which will basically turn off any incoming antispam checks in rspamd. I would then also explicitly disable all rbls checks in both postscreen and rspamd and all other modules of rspamd except arc & dkim signing to reduce unnecessary compute resources usage from yourself and external systems while not break dkim signing which done by rspamd.

[dragoangel]

I see this tread is abused a bit...

Dear users, please:

1. do not continue write comments on closed issues, it's just wrong.
2. if you are unsure if you found bug or you need support - write in support channels described in the project readme in first place, usually it will be quite quickly figured out if that's a real bug or just need of support.

I will lock conversation on this issue to not create a mess.