Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACME requests a new SSL certificate for the added domains everyday on a fresh Mailcow installation. #6068

Closed
5 tasks done
simarmannsingh opened this issue Sep 9, 2024 · 4 comments
Closed
5 tasks done

ACME requests a new SSL certificate for the added domains everyday on a fresh Mailcow installation. #6068

simarmannsingh opened this issue Sep 9, 2024 · 4 comments
Labels
support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow

Comments

@simarmannsingh
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

On a fresh installation of Mailcow (installed on Ubuntu), the `acme-mailcow` renews the SSL certificates for the domains everyday.

For the installation, followed the official installation, also outlined in this video https://www.youtube.com/watch?v=4rzc0hWRSPg&ab_channel=ChristianLempa

Check if the

Logs:

Fri Sep  6 21:03:53 UTC 2024 - Waiting for Docker API...
Fri Sep  6 21:03:53 UTC 2024 - Docker API OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Postfix...
Fri Sep  6 21:03:53 UTC 2024 - Postfix OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Dovecot...
Fri Sep  6 21:03:53 UTC 2024 - Dovecot OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for database...
Fri Sep  6 21:03:53 UTC 2024 - Database OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for Nginx...
Fri Sep  6 21:03:53 UTC 2024 - Nginx OK
Fri Sep  6 21:03:53 UTC 2024 - Waiting for resolver...
Fri Sep  6 21:03:54 UTC 2024 - Resolver OK
Fri Sep  6 21:03:54 UTC 2024 - Waiting for domain table...
OK
Fri Sep  6 21:03:55 UTC 2024 - Initializing, please wait...
Could not find certificate from <stdin>
Could not find certificate from <stdin>
Fri Sep  6 21:03:55 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Fri Sep  6 21:03:55 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Fri Sep  6 21:03:55 UTC 2024 - Detecting IP addresses...
Fri Sep  6 21:04:15 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autodiscover.domain2.in: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Confirmed A record 49.13.146.229
Fri Sep  6 21:04:18 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem validation done, neither changed nor due for renewal.
Fri Sep  6 21:04:18 UTC 2024 - Certificates were successfully validated, no changes or renewals required, sleeping for another day.
Sat Sep  7 21:04:19 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Sat Sep  7 21:04:19 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Sat Sep  7 21:04:19 UTC 2024 - Detecting IP addresses...
Sat Sep  7 21:04:39 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Sat Sep  7 21:04:45 UTC 2024 - No A or AAAA record found for hostname autodiscover.domain2.in
Sat Sep  7 21:04:46 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Sat Sep  7 21:04:46 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Confirmed A record 49.13.146.229
Sat Sep  7 21:04:47 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem missing or changed domains 'mail.domain1.com autoconfig.domain2.in autoconfig.domain1.com autodiscover.domain1.com' - start obtaining
Sat Sep  7 21:04:47 UTC 2024 - Creating backups in /var/lib/acme/backups/mail.domain1.com/2024-09-07_21_04_47 ...
Sat Sep  7 21:04:47 UTC 2024 - Checking resolver...
Sat Sep  7 21:04:47 UTC 2024 - Resolver OK
Sat Sep  7 21:04:47 UTC 2024 - Using command acme-tiny   --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.domain1.com/acme.csr --acme-dir /var/www/acme/
Parsing account key...
Parsing CSR...
Found domains: autoconfig.domain1.com, autodiscover.domain1.com, autoconfig.domain2.in, mail.domain1.com
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/1929239876
Creating new order...
Order created!
Already verified: autoconfig.domain2.in, skipping...
Already verified: autoconfig.domain1.com, skipping...
Already verified: autodiscover.domain1.com, skipping...
Already verified: mail.domain1.com, skipping...
Signing certificate...
Certificate signed!
Sat Sep  7 21:04:58 UTC 2024 - Deploying certificate /var/lib/acme/mail.domain1.com/cert.pem...
Sat Sep  7 21:04:58 UTC 2024 - Verified hashes.
Sat Sep  7 21:04:58 UTC 2024 - Certificate successfully obtained
Sat Sep  7 21:04:59 UTC 2024 - Reloading or restarting services... (1)
Reloading Nginx...
Restarting d0ae822f627810efc598bd9282b5a33da7577ee4483ecc05c47f03a7bc878949...
command completed successfully
Restarting 9060a16bd78a1ec961bf24bfea6670160f5ddbd8ede04bc5c4bfdc4f1457a41e...
command completed successfully
Sat Sep  7 21:05:05 UTC 2024 - Waiting for containers to settle...
Sat Sep  7 21:05:16 UTC 2024 - Certificates were successfully renewed where required, sleeping for another day.
Sun Sep  8 21:05:16 UTC 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
Sun Sep  8 21:05:16 UTC 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
Sun Sep  8 21:05:16 UTC 2024 - Detecting IP addresses...
Sun Sep  8 21:05:37 UTC 2024 - OK: 49.13.146.229, 0000:0000:0000:0000:0000:0000:0000:0000
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autodiscover.domain2.in: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autoconfig.domain2.in: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Found A record for autodiscover.domain1.com: 49.13.146.229
Sun Sep  8 21:05:39 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Found A record for autoconfig.domain1.com: 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Found A record for mail.domain1.com: 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Confirmed A record 49.13.146.229
Sun Sep  8 21:05:40 UTC 2024 - Certificate /var/lib/acme/mail.domain1.com/cert.pem missing or changed domains 'mail.domain1.com autoconfig.domain2.in autoconfig.domain1.com autodiscover.domain2.in autodiscover.domain1.com' - start obtaining
Sun Sep  8 21:05:40 UTC 2024 - Creating backups in /var/lib/acme/backups/mail.domain1.com/2024-09-08_21_05_40 ...
Sun Sep  8 21:05:41 UTC 2024 - Checking resolver...
Sun Sep  8 21:05:41 UTC 2024 - Resolver OK
Sun Sep  8 21:05:41 UTC 2024 - Using command acme-tiny   --account-key /var/lib/acme/acme/account.pem --disable-check --csr /var/lib/acme/mail.domain1.com/acme.csr --acme-dir /var/www/acme/
Parsing account key...
Parsing CSR...
Found domains: autodiscover.domain1.com, autoconfig.domain2.in, autoconfig.domain1.com, mail.domain1.com, autodiscover.domain2.in
Getting directory...
Directory found!
Registering account...
Already registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/1929239876
Creating new order...
Order created!
Already verified: autoconfig.domain2.in, skipping...
Already verified: autoconfig.domain1.com, skipping...
Already verified: autodiscover.domain2.in, skipping...
Already verified: autodiscover.domain1.com, skipping...
Already verified: mail.domain1.com, skipping...
Signing certificate...
Certificate signed!
Sun Sep  8 21:05:52 UTC 2024 - Deploying certificate /var/lib/acme/mail.domain1.com/cert.pem...
Sun Sep  8 21:05:52 UTC 2024 - Verified hashes.
Sun Sep  8 21:05:52 UTC 2024 - Certificate successfully obtained
Sun Sep  8 21:05:52 UTC 2024 - Reloading or restarting services... (1)
Reloading Nginx...
Restarting d0ae822f627810efc598bd9282b5a33da7577ee4483ecc05c47f03a7bc878949...
command completed successfully
Restarting 9060a16bd78a1ec961bf24bfea6670160f5ddbd8ede04bc5c4bfdc4f1457a41e...
command completed successfully
Sun Sep  8 21:06:00 UTC 2024 - Waiting for containers to settle...
Sun Sep  8 21:06:10 UTC 2024 - Certificates were successfully renewed where required, sleeping for another day.

Steps to reproduce:

1  sudo apt-get update
2  sudo apt-get upgrade
3  sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
4  sudo apt-get install ca-certificates curl
5  install -m 0755 -d /etc/apt/keyrings
6  curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
7  chmod a+r /etc/apt/keyrings/docker.asc
8  echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
9    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
10  docker compose version
11  cd /opt
12  git clone https://github.com/mailcow/mailcow-dockerized
13  cd mailcow-dockerized/
14  ./generate_config.sh
15  nano mailcow.conf
16  nano docker-compose.yml 
17  docker compose up -d

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 24.04 LTS

Server/VM specifications:

4GB RAM, 2vCPU

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

kvm

Docker version:

27.2.0

docker-compose version or docker compose version:

v2.29.2

mailcow version:

2024-08a

Reverse proxy:

nginx

Logs of git diff:

None

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4896K 1557M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
4900K 1560M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
4900K 1560M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3997K 1425M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 400K   25M DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 502K  110M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 394K   25M ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
 2204  127K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:80
 2088  123K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.8           tcp dpt:443
   22  1268 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
   16   876 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
  121  7448 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   33  1852 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    6   316 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
  189  9792 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
   43  2532 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
    6   304 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 502K  110M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
8240K 2630M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 827K  167M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
8240K 2630M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 683K  787M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 683K  787M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
 686K  788M DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
 555K  779M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 131K 9103K DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 131K 9103K ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
 683K  787M RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
1143K 1151M RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 1118K packets, 74M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 103K 5347K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1820 packets, 136K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 681K packets, 42M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 212K   16M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.22.1.8           172.22.1.8           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   14   840 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
 2205  127K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.8:80
 2088  123K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.8:443
   22  1268 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
   16   876 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
  121  7448 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   33  1852 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    6   316 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
  190  9844 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
   43  2532 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
    6   304 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 99102 packets, 8600K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 58214 packets, 4657K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::b  fd4d:6169:6c63:6f77::b  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::c]:80
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::c]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::b]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::b]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::b]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::b]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::b]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587

DNS check:

172.64.155.249
104.18.32.7
@DerLinkman
Copy link
Member

You have umask == 0022?

@simarmannsingh
Copy link
Author

Yes indeed, umask == 0022.
All the installation was done using root user.

@DerLinkman
Copy link
Member

I think it's something you've configured wrongly... Github here is no support. The issue is not recreateable under normal circumstances

@DerLinkman DerLinkman added support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow and removed bug labels Sep 10, 2024
@milkmaker
Copy link
Collaborator

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug.
Therefore we highly advise you to get support!

You can get support either by:

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.

@milkmaker milkmaker closed this as not planned Won't fix, can't repro, duplicate, stale Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@simarmannsingh @DerLinkman @milkmaker