Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New install, acme cannot resolv DNS #5998

Closed
5 tasks done
denis-ev opened this issue Aug 10, 2024 · 16 comments
Closed
5 tasks done

New install, acme cannot resolv DNS #5998

denis-ev opened this issue Aug 10, 2024 · 16 comments
Labels
support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow

Comments

@denis-ev
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I've just installed mailcow on two different servers and got the same issue. 
The acme container does not seem to resolve dns addresses. 
If I do a `docker compose exec acme-mailcow nslookup <domain>` it fails, the same in unbound gives me an IP, what am I missing?

Logs:

acme-mailcow-1  | Sat Aug 10 15:17:31 AWST 2024 - Initializing, please wait...
acme-mailcow-1  | Sat Aug 10 15:17:32 AWST 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1  | Sat Aug 10 15:17:32 AWST 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1  | Sat Aug 10 15:17:32 AWST 2024 - Detecting IP addresses...
acme-mailcow-1  | Sat Aug 10 15:17:52 AWST 2024 - OK: <IP>, 0000:0000:0000:0000:0000:0000:0000:0000
acme-mailcow-1  | Sat Aug 10 15:18:04 AWST 2024 - No A or AAAA record found for hostname imap.<domain>
acme-mailcow-1  | Sat Aug 10 15:18:17 AWST 2024 - No A or AAAA record found for hostname smtp.<domain>
acme-mailcow-1  | Sat Aug 10 15:18:29 AWST 2024 - No A or AAAA record found for hostname mail.<domain>
acme-mailcow-1  | Sat Aug 10 15:18:41 AWST 2024 - No A or AAAA record found for hostname autodiscover.<domain>
acme-mailcow-1  | Sat Aug 10 15:18:53 AWST 2024 - No A or AAAA record found for hostname autoconfig.<domain>
acme-mailcow-1  | Sat Aug 10 15:19:05 AWST 2024 - No A or AAAA record found for hostname mx01.<domain>
acme-mailcow-1  | Sat Aug 10 15:19:05 AWST 2024 - Cannot validate any hostnames, skipping Let's Encrypt for 1 hour.
acme-mailcow-1  | Sat Aug 10 15:19:05 AWST 2024 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
acme-mailcow-1  | OK

Steps to reproduce:

New install on Ubuntu 24.04, fully updates, followed instructions on docs.mailcow.email

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 24.04 LTS

Server/VM specifications:

16GB, 8 Cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

VMWare

Docker version:

27.1.1

docker-compose version or docker compose version:

v2.29.1

mailcow version:

2024-07

Reverse proxy:

none

Logs of git diff:

only ssl cert

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 7299 1169K MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
59484  242M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0
59484  242M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0
38333  240M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 1097 70724 DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
20054 1223K ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
 1074 69348 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
   14   852 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    2   104 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
20054 1223K DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
  23M 4152M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0
2614K  411M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
  63M   11G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2588  221K MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 3382  310K DOCKER-USER  0    --  *      *       ::/0                 ::/0
 7129  619K DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0
 2144  266K ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 4985  352K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0
 4985  352K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::d  tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:465

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0
 3382  310K RETURN     0    --  *      *       ::/0                 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0
    0     0 RETURN     0    --  *      *       ::/0                 ::/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
8506K 2089M RETURN     0    --  *      *       ::/0                 ::/0

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 7764K packets, 539M bytes)
 pkts bytes target     prot opt in     out     source               destination
75325 4567K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 8400 packets, 607K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 5378K packets, 339M bytes)
 pkts bytes target     prot opt in     out     source               destination
 1248 93963 MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
   17  1032 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    2   104 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 1065K packets, 93M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 27 packets, 2160 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 553K packets, 44M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  0    --  *      docker0  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::d  fd4d:6169:6c63:6f77::d  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     0    --  docker0 *       ::/0                 ::/0
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::d]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::d]:80
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::c]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::c]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::c]:465

DNS check:

104.18.32.7
172.64.155.249
@denis-ev denis-ev added the bug label Aug 10, 2024
@mrclschstr
Copy link
Contributor

Duplicate #5973?

@denis-ev
Copy link
Author

Duplicate #5973?

I thought about that, I don't get the conflicting server name problem tho. And my issue is not Waiting for Nginx...

root@mailcow:/opt/mailcow-dockerized# docker compose exec unbound-mailcow nslookup <domain>
Server:         127.0.0.11
Address:        127.0.0.11#53

Non-authoritative answer:
Name:   <domain>
Address: <correct IP>

root@mailcow:/opt/mailcow-dockerized# docker compose exec acme-mailcow nslookup <domain>
;; Got SERVFAIL reply from 127.0.0.11
Server:         127.0.0.11
Address:        127.0.0.11#53

** server can't find <domain>: SERVFAIL

@denis-ev
Copy link
Author

I just noticed that I can do a lookup on a different domain, with AAAA records, but the one without gives me the SERVFAIL.
Should this fail if no IPv6 record is present?

@DTrombett
Copy link

DTrombett commented Aug 10, 2024
edited
Loading

I'm having this issue too and I've just installed mailcow. The logs are full of dns errors and it let me create a new mailbox but if I try to access it using SOGo I get "No mailbox selected" and trying to do some actions just fails with a general error. Using a mail client like thunderbird fails too

@DerLinkman DerLinkman added support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow and removed bug labels Aug 12, 2024
@milkmaker
Copy link
Collaborator

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug.
Therefore we highly advise you to get support!

You can get support either by:

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.

@milkmaker milkmaker closed this as not planned Won't fix, can't repro, duplicate, stale Aug 12, 2024
@denis-ev
Copy link
Author

denis-ev commented Aug 12, 2024 via email
edited
Loading

@denis-ev
Copy link
Author

Server, that has been running mailcow, the lookup works without an issue.

root@mx01:~/docker/mailcow-dockerized# docker compose version
Docker Compose version v2.18.1
root@mx01:~/docker/mailcow-dockerized# docker version
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:52:13 2023
 OS/Arch:           linux/amd64
 Context:           default

Brand new VM (Ubuntu 24.04) fully updated with the most current docker etc. nslookup within acme does not work at all.

root@mx01:/opt/mailcow-dockerized# docker compose version
Docker Compose version v2.29.1
root@mx01:/opt/mailcow-dockerized# docker version
Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.46
 Go version:        go1.21.12
 Git commit:        6312585
 Built:             Tue Jul 23 19:57:14 2024
 OS/Arch:           linux/amd64
 Context:           default

@denis-ev
Copy link
Author

@DerLinkman
I've run a few other tests as well and turns out, even in the acme-mailcow container it works when not using the unbound-mailcow container as dns, like nslookup <domain> 1.1.1.1 no issue then.

@DTrombett
My workaround is changing the DNS for the acme-mailcow container to 1.1.1.1 instead of the unbound container in the docker-compose file

@DTrombett
Copy link

@denis-ev Thanks a lot for your reply! Although this works, it seems that mailcow discourages doing this ("Important: Only DNSSEC validating DNS services will work.") and it indeed brakes something as I can send and receive emails from SOGo but cannot log in from another client like Thunderbird

@DerLinkman
Copy link
Member

@denis-ev Thanks a lot for your reply! Although this works, it seems that mailcow discourages doing this ("Important: Only DNSSEC validating DNS services will work.") and it indeed brakes something as I can send and receive emails from SOGo but cannot log in from another client like Thunderbird

And your DNS Blocklists will stop working, those two reasons are why we installed unbound in the first place, see https://docs.mailcow.email/manual-guides/u_e-why_unbound

@denis-ev
Copy link
Author

@denis-ev Thanks a lot for your reply! Although this works, it seems that mailcow discourages doing this ("Important: Only DNSSEC validating DNS services will work.") and it indeed brakes something as I can send and receive emails from SOGo but cannot log in from another client like Thunderbird

@DTrombett yeah I changed only the DNS for acme and not in Unbound

basically:

docker-compose.override.yml

services:
  acme-mailcow:
      dns:
        - 1.1.1.1
        - 1.0.0.1

@DTrombett
Copy link

Interesting, I'll try that, thanks!

@DerLinkman
Copy link
Member

Might work, but that is only a workaround. You have to fix your dns resolution inside a docker network...

We won't support such crappy "fixes", be aware of that!

And before this comes up: "DNS Resolution on my host works" might be but then something inside your network is broken as a normal mailcow setup has no problem with that!

To address this it might be hard to debug, as you have to on the network side of your server.

@denis-ev
Copy link
Author

denis-ev commented Aug 12, 2024
edited
Loading

Might work, but that is only a workaround. You have to fix your dns resolution inside a docker network...

We won't support such crappy "fixes", be aware of that!

And before this comes up: "DNS Resolution on my host works" might be but then something inside your network is broken as a normal mailcow setup has no problem with that!

To address this it might be hard to debug, as you have to on the network side of your server.

@DerLinkman
Yeah it's just weird, cause on the same server it worked about a month ago, same IP etc. I only killed the setup via docker compose down --rmi all -v and bash update.sh to start from scratch because it was/is my test setup. Not sure what changed, but I'll debug when I got some more free time. haha

nslookup in the unbound container does work, just not in the acme container, which is really confusing.

edit: even spun up another server with a freshly installed ubuntu 24.04, same issue

@DTrombett
Copy link

@denis-ev Thanks a lot for your reply! Although this works, it seems that mailcow discourages doing this ("Important: Only DNSSEC validating DNS services will work.") and it indeed brakes something as I can send and receive emails from SOGo but cannot log in from another client like Thunderbird

@DTrombett yeah I changed only the DNS for acme and not in Unbound

basically:

docker-compose.override.yml

services:
  acme-mailcow:
      dns:
        - 1.1.1.1
        - 1.0.0.1

Sadly, this didn't work for me. Running docker compose exec acme-mailcow nslookup <domain> works, but the logs still show all the dns related errors and I still experience the issues I had before

@denis-ev
Copy link
Author

@DerLinkman FYI Just did the update and it's working again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mrclschstr @denis-ev @DerLinkman @DTrombett @milkmaker