Forward gets rejected #6099

ecdlguy · 2024-10-09T13:33:48Z

Contribution guidelines

I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
... I have understood that answers are voluntary and community-driven, and not commercial support.
... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Rspamd rejects external mails that should be forwarded due to a forward rule created in SoGo. The local copy passes cleanly.

The main reason for the reject is "FREEMAIL_POLICY_FAILURE” with a score of 16. Since the IP 172.22.1.250 reported by rspamd belongs to sieve (dovecot container) it should pass.

I've given a more detailed description [here].(https://community.mailcow.email/d/4096-forward-gets-rejected)

Maybe `!SIEVE_HOST` should be part of at least all rspamd rules containing `!WHITELISTED_FWD_HOST`.

Logs:

postfix-mailcow-1  | 2024-10-09T12:53:47.137976953Z Oct  9 14:53:47 a3865add0dfb postfix/postscreen[971]: CONNECT from [FORWARDING_HOST_IP]:49105 to [172.19.199.6]:25
postfix-mailcow-1  | 2024-10-09T12:53:47.169354667Z Oct  9 14:53:47 a3865add0dfb whitelist_forwardinghosts: Look up FORWARDING_HOST_IP on whitelist, result 200 PERMIT
postfix-mailcow-1  | 2024-10-09T12:53:47.169395615Z Oct  9 14:53:47 a3865add0dfb postfix/postscreen[971]: ALLOWLISTED [FORWARDING_HOST_IP]:49105
postfix-mailcow-1  | 2024-10-09T12:53:47.192235005Z Oct  9 14:53:47 a3865add0dfb postfix/smtpd[980]: connect from mail-relay.DOMAIN.DE[FORWARDING_HOST_IP]
postfix-mailcow-1  | 2024-10-09T12:53:47.205430474Z Oct  9 14:53:47 a3865add0dfb postfix/smtpd[980]: Anonymous TLS connection established from mail-relay.DOMAIN.DE[FORWARDING_HOST_IP]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)
postfix-mailcow-1  | 2024-10-09T12:53:47.291599140Z Oct  9 14:53:47 a3865add0dfb postfix/smtpd[980]: 46C138240A34: client=mail-relay.DOMAIN.DE[FORWARDING_HOST_IP]
postfix-mailcow-1  | 2024-10-09T12:53:47.295563767Z Oct  9 14:53:47 a3865add0dfb postfix/cleanup[982]: 46C138240A34: message-id=<[email protected]>
rspamd-mailcow-1   | 2024-10-09T12:53:47.924673182Z 2024-10-09 14:53:47 #43(normal) <62985e>; task; finalize_item: slow asynchronous rule: URIBL_MULTI(593): 334.66 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:47.928651689Z 2024-10-09 14:53:47 #43(normal) <62985e>; task; finalize_item: slow asynchronous rule: RBL_SEM(539): 339.66 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:47.949290747Z 2024-10-09 14:53:47 #43(normal) <62985e>; task; rspamd_task_write_log: id: <[email protected]>, qid: <46C138240A34>, ip: FORWARDING_HOST_IP, from: <[email protected]>, (default: F (no action): [0.72/15.00] [IP_REPUTATION_HAM(-0.60){asn: 8365(-0.31), country: DE(-0.01), ip: FORWARDING_HOST_IP(-0.28);},MX_INVALID(0.50){},R_PARTS_DIFFER(0.50){100.0%;},BAYES_SPAM(0.28){70.71%;},R_MIXED_CHARSET(0.14){subject;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},ARC_NA(0.00){},ARC_SIGNED(0.00){MAILCOW_DOMAIN:s=dkim:i=1;},ASN(0.00){asn:8365, ipnet:130.83.0.0/16, country:DE;},BCC(0.00){},DMARC_NA(0.00){t-online.de;},FREEMAIL_ENVFROM(0.00){t-online.de;},FREEMAIL_FROM(0.00){t-online.de;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){testmailuser@MAILCOW_DOMAIN;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){MAILCOW_DOMAIN;},RCVD_COUNT_THREE(0.00){4;},RCVD_IN_DNSWL_NONE(0.00){FORWARDING_HOST_IP:from;194.25.134.82:received;},RCVD_TLS_LAST(0.00){},R_DKIM_NA(0.00){},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){},WHITELISTED_FWD_HOST(0.00){FORWARDING_HOST_IP;},WL_FWD_HOST(0.00){}]), len: 2149, time: 639.347ms, dns req: 35, digest: <4c460a895dccc586d5e541e0870f14ef>, rcpts: <testmailuser@MAILCOW_DOMAIN>, mime_rcpts: <testmailuser@MAILCOW_DOMAIN>
rspamd-mailcow-1   | 2024-10-09T12:53:47.949357093Z 2024-10-09 14:53:47 #43(normal) <62985e>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 3511 regexps total, 3246 regexps cached, 0B scanned using pcre, 2.82KiB scanned total
postfix-mailcow-1  | 2024-10-09T12:53:47.961449527Z Oct  9 14:53:47 a3865add0dfb postfix/qmgr[343]: 46C138240A34: from=<[email protected]>, size=2625, nrcpt=1 (queue active)
postfix-mailcow-1  | 2024-10-09T12:53:47.961494536Z Oct  9 14:53:47 a3865add0dfb postfix/smtpd[980]: disconnect from mail-relay.DOMAIN.DE[FORWARDING_HOST_IP] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
postfix-mailcow-1  | 2024-10-09T12:53:48.080057746Z Oct  9 14:53:48 a3865add0dfb postfix/sogo/smtpd[984]: connect from mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]
postfix-mailcow-1  | 2024-10-09T12:53:48.194971993Z Oct  9 14:53:48 a3865add0dfb postfix/sogo/smtpd[984]: 2D43C8243D54: client=mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]
postfix-mailcow-1  | 2024-10-09T12:53:48.207396785Z Oct  9 14:53:48 a3865add0dfb postfix/cleanup[985]: 2D43C8243D54: replace: header Received: from 5161f64ea532 (mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network [172.22.1.250])??by MAILCOW_HOST (Postcow) with ESMTP id 2D43C8243D54??for <thorst from mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]; from=<testmailuser@MAILCOW_DOMAIN> to=<FORWARD_ADDRESS> proto=ESMTP helo=<5161f64ea532>: Received: from sieve (sieve [172.22.1.250]) by MAILCOW_HOST (Postcow) with ESMTP id 2D43C8243D54??for <FORWARD_ADDRESS>; Wed,  9 Oct 2024 14:53:48 +0200 (CEST)
postfix-mailcow-1  | 2024-10-09T12:53:48.208349286Z Oct  9 14:53:48 a3865add0dfb postfix/cleanup[985]: 2D43C8243D54: message-id=<[email protected]>
rspamd-mailcow-1   | 2024-10-09T12:53:48.245916567Z 2024-10-09 14:53:48 #43(normal) <390ce2>; lua; dkim_signing.lua:105: signing failure: cannot make request to load DKIM selector for domain t-online.de: nil
rspamd-mailcow-1   | 2024-10-09T12:53:48.506805402Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: URIBL_MULTI(593): 300.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.516203020Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: HISTORY_SAVE(441): 309.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.516365005Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: EXPORT_METADATA_PUSHOVERMAIL(443): 309.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527702992Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: EXPORT_METADATA_QUARANTINE(445): 318.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527912095Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: NEURAL_LEARN(511): 318.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527922475Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: RATELIMIT_UPDATE(526): 318.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527926206Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: REPLIES_SET(641): 318.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527929424Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; finalize_item: slow asynchronous rule: IP_REPUTATION_IDEMPOTENT(647): 318.36 ms; no idle timer is needed
rspamd-mailcow-1   | 2024-10-09T12:53:48.527932654Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; rspamd_task_write_log: id: <[email protected]>, qid: <2D43C8243D54>, ip: 172.22.1.250, from: <testmailuser@MAILCOW_DOMAIN>, (default: T (reject): [20.02/15.00] [FREEMAIL_POLICY_FAILURE(16.00){},FORGED_W_BAD_POLICY(3.00){},R_PARTS_DIFFER(0.50){100.0%;},BAYES_SPAM(0.28){70.71%;},R_MIXED_CHARSET(0.14){subject;},ARC_REJECT(0.10){signature check failed: fail, {[1] = sig:MAILCOW_DOMAIN:dns request to dkim._domainkey.MAILCOW_DOMAIN failed: no records with this name};},MIME_GOOD(-0.10){multipart/alternative;text/plain;},RCVD_NO_TLS_LAST(0.10){},BCC(0.00){},FORGED_SENDER(0.00){[email protected];testmailuser@MAILCOW_DOMAIN;},FORGED_SENDER_FORWARDING(0.00){},FORWARDED(0.00){testmailuser@MAILCOW_DOMAIN;},FROM_HAS_DN(0.00){},FROM_NEQ_ENVFROM(0.00){[email protected];testmailuser@MAILCOW_DOMAIN;},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){testmailuser@MAILCOW_DOMAIN;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){FORWARD_DOMAIN;},RCVD_COUNT_FIVE(0.00){6;},SIEVE_HOST(0.00){172.22.1.250;},TO_DN_ALL(0.00){}]), len: 5587, time: 308.750ms, dns req: 12, digest: <4c460a895dccc586d5e541e0870f14ef>, rcpts: <FORWARD_ADDRESS>, mime_rcpts: <testmailuser@MAILCOW_DOMAIN>
rspamd-mailcow-1   | 2024-10-09T12:53:48.527938474Z 2024-10-09 14:53:48 #43(normal) <390ce2>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 regexps matched, 3511 regexps total, 3246 regexps cached, 0B scanned using pcre, 4.07KiB scanned total
postfix-mailcow-1  | 2024-10-09T12:53:48.529237004Z Oct  9 14:53:48 a3865add0dfb postfix/cleanup[985]: 2D43C8243D54: milter-reject: END-OF-MESSAGE from mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250]: 5.7.1 This message does not meet our delivery requirements; from=<testmailuser@MAILCOW_DOMAIN> to=<FORWARD_ADDRESS> proto=ESMTP helo=<5161f64ea532>
postfix-mailcow-1  | 2024-10-09T12:53:48.530744437Z Oct  9 14:53:48 a3865add0dfb postfix/sogo/smtpd[984]: disconnect from mailcowdockerized-dovecot-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.250] ehlo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5
postfix-mailcow-1  | 2024-10-09T12:53:48.585161954Z Oct  9 14:53:48 a3865add0dfb postfix/lmtp[983]: 46C138240A34: to=<testmailuser@MAILCOW_DOMAIN>, relay=dovecot[172.22.1.250]:24, delay=1.3, delays=0.71/0.02/0.01/0.6, dsn=2.0.0, status=sent (250 2.0.0 <testmailuser@MAILCOW_DOMAIN> aHiPOtt8Bmc3KgAAFtnIKg Saved)
postfix-mailcow-1  | 2024-10-09T12:53:48.589928527Z Oct  9 14:53:48 a3865add0dfb postfix/qmgr[343]: 46C138240A34: removed

Steps to reproduce:

1. Create a forward rule in SoGo to an external address, keep local copy
2. Send an e-mail from an external freemailer to the mailbox with the forward created above
3. The e-mail is delivered to the local mailbox but the forward is rejected

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 24.04.1 LTS

Server/VM specifications:

Memory: 12G, 4 CPU Cores

Is Apparmor, SELinux or similar active?

yes

Virtualization technology:

KVM

Docker version:

27.3.1

docker-compose version or docker compose version:

v2.29.7

mailcow version:

2024-08a

Reverse proxy:

none

Logs of git diff:

Disabled IPv6 in docker-compose.yml:
`enable_ipv6: false`
(and commented out IPv6 subnet)

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 594K  603M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
 594K  603M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 594K  603M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 265K  472M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  213 11928 DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 258K   24M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
34107 3886K ACCEPT     0    --  *      br-18399acd6115  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 1874  102K DOCKER     0    --  *      br-18399acd6115  0.0.0.0/0            0.0.0.0/0           
34659  102M ACCEPT     0    --  br-18399acd6115 !br-18399acd6115  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-18399acd6115 br-18399acd6115  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.5           tcp dpt:8983
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.6           tcp dpt:3306
  230 11611 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.2         tcp dpt:80
  542 28920 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.2         tcp dpt:443
    0     0 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.4         tcp dpt:8001
    0     0 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.4         tcp dpt:8024
    0     0 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.5         tcp dpt:8000
    0     0 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.5         tcp dpt:8080
    1    44 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
   12   704 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   20  1096 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    2   104 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.6         tcp dpt:25
    1    44 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.6         tcp dpt:465
    1    40 ACCEPT     6    --  !br-18399acd6115 br-18399acd6115  0.0.0.0/0            172.19.199.6         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 258K   24M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
34659  102M DOCKER-ISOLATION-STAGE-2  0    --  br-18399acd6115 !br-18399acd6115  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
2674K 2280M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-18399acd6115  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
1307K  805M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
2731K 2543M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
    0     0 DOCKER-USER  0    --  *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-18399acd6115 !br-18399acd6115  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      br-18399acd6115  ::/0                 ::/0                
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 897K packets, 61M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 464K   28M DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3204 packets, 240K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 46038 packets, 2773K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 110K 8116K MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
   28  1680 MASQUERADE  0    --  *      !br-18399acd6115  172.19.199.0/24      0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.5           172.22.1.5           tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.6           172.22.1.6           tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.19.199.2         172.19.199.2         tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.19.199.2         172.19.199.2         tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.19.199.4         172.19.199.4         tcp dpt:8001
    0     0 MASQUERADE  6    --  *      *       172.19.199.4         172.19.199.4         tcp dpt:8024
    0     0 MASQUERADE  6    --  *      *       172.19.199.5         172.19.199.5         tcp dpt:8000
    0     0 MASQUERADE  6    --  *      *       172.19.199.5         172.19.199.5         tcp dpt:8080
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.19.199.6         172.19.199.6         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.19.199.6         172.19.199.6         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.19.199.6         172.19.199.6         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   11   660 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
   54  3240 RETURN     0    --  br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.5:8983
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.6:3306
  233 11731 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.19.199.2:80
  542 28920 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.19.199.2:443
    0     0 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            127.0.0.1            tcp dpt:8001 to:172.19.199.4:8001
    0     0 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            127.0.0.1            tcp dpt:8024 to:172.19.199.4:8024
    0     0 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            127.0.0.1            tcp dpt:8000 to:172.19.199.5:8000
    0     0 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            127.0.0.1            tcp dpt:8080 to:172.19.199.5:8080
    1    44 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
   12   704 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   20  1096 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
    2   104 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.19.199.6:25
    1    44 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.19.199.6:465
    1    40 DNAT       6    --  !br-18399acd6115 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.19.199.6:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination

DNS check:

172.64.155.249
104.18.32.7

The text was updated successfully, but these errors were encountered:

milkmaker · 2024-10-15T08:24:30Z

THIS IS A AUTOMATED MESSAGE!

It seems your issue is not a bug.
Therefore we highly advise you to get support!

You can get support either by:

ordering a paid support contract at Servercow (Directly from the developers) or
using the community forum (Based on volunteers! NO guaranteed answer) or
using the Telegram support channel (Based on volunteers! NO guaranteed answer)

This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened.

ecdlguy added the bug label Oct 9, 2024

DerLinkman added support please consider asking at https://community.mailcow.email/ or https://t.me/mailcow and removed bug labels Oct 15, 2024

milkmaker closed this as not planned Won't fix, can't repro, duplicate, stale Oct 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Forward gets rejected #6099

Forward gets rejected #6099

ecdlguy commented Oct 9, 2024

milkmaker commented Oct 15, 2024

Forward gets rejected #6099

Forward gets rejected #6099

Comments

ecdlguy commented Oct 9, 2024

Contribution guidelines

I've found a bug and checked that ...

Description

Logs:

Steps to reproduce:

Which branch are you using?

Which architecture are you using?

Operating System:

Server/VM specifications:

Is Apparmor, SELinux or similar active?

Virtualization technology:

Docker version:

docker-compose version or docker compose version:

mailcow version:

Reverse proxy:

Logs of git diff:

Logs of iptables -L -vn:

Logs of ip6tables -L -vn:

Logs of iptables -L -vn -t nat:

Logs of ip6tables -L -vn -t nat:

DNS check:

milkmaker commented Oct 15, 2024