Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Blacklist/Whitelist" ACL depends on "Spam Score" ACL but its not clear and seems not to be intended #6185

Closed
5 tasks done
virtualized-human opened this issue Nov 25, 2024 · 2 comments
Closed
5 tasks done

"Blacklist/Whitelist" ACL depends on "Spam Score" ACL but its not clear and seems not to be intended #6185

virtualized-human opened this issue Nov 25, 2024 · 2 comments
Assignees
@FreddleSpl0it
Labels
bug

Comments

@virtualized-human
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hello,

I've come across 2 fresh installations where the ACL “Blacklist/Whitelist” does not work properly for the mailboxes alone. The problem is basically that if I enable only this option, the user cannot use it in the GUI.

Example:

1: “Spam score” + “Blacklist/Whitelist” ACL active = “Spam filter” page exists.
2: only “Spam score” ACL active = “Spam filter” page exists.
3: only “Blacklist/Whitelist” ACL active = “Spam filter” page does **not** exist

in case you are wondering about the diff below, it has no influence on it. i only deactivated the spam folder with a few tricks because i don't want it in my environment. but the problem already existed before!

Basically, the problem is that the “Spam filter” page is not visible as a user if ONLY the “Blacklist/Whitelist” ACL is active while the “Spam score” ACL is not. However, it is not obvious that it needs the “Spam score” ACL and I think that this is not intended.

Logs:

there is no error in the log:

netfilter-mailcow-1  | 9 more attempts in the next 600 seconds until 45.145.166.43/32 is banned
dockerapi-mailcow-1  | INFO:     172.22.1.2:45494 - "GET /host/stats HTTP/1.1" 200 OK
dovecot-mailcow-1    | Nov 25 19:34:28 9a0cde0a1768 dovecot: lmtp(84980): Disconnect from 172.22.1.253: Logged out (state=READY)
mysql-mailcow-1      | 2024-11-21 20:17:07 0 [Note] InnoDB: Buffer pool(s) load completed at 241121 20:17:07
postfix-mailcow-1    | Nov 25 19:34:28 3f2d351d96bb postfix/smtpd[6065]: disconnect from mxphxpool1073.ebay.com[66.211.185.176] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
olefy-mailcow-1      | olefy INFO <module> serving on ('0.0.0.0', 10055)
sogo-mailcow-1       | Nov 25 19:34:41 fd45325661db sogod [62]: mailcowdockerized-watchdog-mailcow-1.mailcowdockerized_mailcow-network "GET /SOGo.index/ HTTP/1.1" 200 2581/0 0.008 - - 0 - 12
ofelia-mailcow-1     | 2024-11-25T19:34:14.373+01:00  common.go:125 ▶ NOTICE [Job "dovecot_imapsync_runner" (f5f771cce80e)] Finished in "366.003543ms", failed: false, skipped: false, error: none
redis-mailcow-1      | 1:M 25 Nov 2024 19:31:03.204 * Background saving terminated with success
rspamd-mailcow-1     | 2024-11-25 19:34:28 #39(normal) <2B85C8>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 3523 regexps total, 3259 regexps cached, 0B scanned using pcre, 69.38KiB scanned total
acme-mailcow-1       | Mon Nov 25 12:02:48 CET 2024 - Certificates were successfully validated, no changes or renewals required, sleeping for another day.
nginx-mailcow-1      | 109.40.240.208 - - [25/Nov/2024:19:34:37 +0100] "GET /api/v1/get/time_limited_aliases?_=1732559676553 HTTP/2.0" 200 22 "https://mail.virtualized.app/" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"
clamd-mailcow-1      | Mon Nov 25 18:34:27 2024 -> instream(172.22.1.4@36242): OK
watchdog-mailcow-1   | Mon Nov 25 19:34:41 CET 2024 SOGo health level: 100% (3/3), health trend: 0
solr-mailcow-1       | 2024-11-25 18:34:28.693 INFO  (qtp1819940427-22) [   x:dovecot-fts] o.a.s.u.p.LogUpdateProcessorFactory [dovecot-fts]  webapp=/solr path=/update params={}{commit=} 0 11
php-fpm-mailcow-1    | 172.22.1.3 -  25/Nov/2024:19:34:37 +0100 "GET /json_api.php" 200
unbound-mailcow-1    | 2024-11-25 19:17:58: Healthcheck: DNS Resolution Failed on attempt 1 for github.com! Trying again...
rspamd-mailcow-1     | 2024-11-25 19:34:43 #38(controller) <d6ae7c>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3523 regexps total, 2582 regexps cached, 0B scanned using pcre, 102B scanned total
watchdog-mailcow-1   | Mon Nov 25 19:34:43 CET 2024 Rspamd health level: 100% (5/5), health trend: 0
solr-mailcow-1       | 2024-11-25 18:34:43.680 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.DirectUpdateHandler2 start commit{,optimize=false,openSearcher=false,waitSearcher=true,expungeDeletes=false,softCommit=false,prepareCommit=false}
solr-mailcow-1       | 2024-11-25 18:34:43.680 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.SolrIndexWriter Calling setCommitData with IW:org.apache.solr.update.SolrIndexWriter@795ec93d commitCommandVersion:0
solr-mailcow-1       | 2024-11-25 18:34:43.857 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.s.SolrIndexSearcher Opening [Searcher@5dddff74[dovecot-fts] realtime]
solr-mailcow-1       | 2024-11-25 18:34:43.858 INFO  (commitScheduler-13-thread-1) [   ] o.a.s.u.DirectUpdateHandler2 end_commit_flush
php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::5 -  25/Nov/2024:19:34:44 +0100 "GET /user.php" 200
nginx-mailcow-1      | 109.40.240.208 - - [25/Nov/2024:19:34:45 +0100] "GET /user?lang=en-gb HTTP/2.0" 200 19028 "https://mail.virtualized.app/" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"
php-fpm-mailcow-1    | 172.22.1.3 -  25/Nov/2024:19:34:45 +0100 "GET /json_api.php" 200
nginx-mailcow-1      | 109.40.240.208 - - [25/Nov/2024:19:34:45 +0100] "GET /api/v1/get/passwordpolicy/html HTTP/2.0" 200 86 "https://mail.virtualized.app/" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"
dovecot-mailcow-1    | Nov 25 19:34:45 9a0cde0a1768 dovecot: lmtp(84980): Connect from 172.22.1.12
dovecot-mailcow-1    | Nov 25 19:34:45 9a0cde0a1768 dovecot: lmtp(84980): Disconnect from 172.22.1.12: Logged out (state=MAIL FROM)
dovecot-mailcow-1    | Nov 25 19:34:45 9a0cde0a1768 dovecot: imap-login: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=172.22.1.12, lip=172.22.1.250, TLS, TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
dovecot-mailcow-1    | Nov 25 19:34:45 9a0cde0a1768 dovecot: imap-login: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=172.22.1.12, lip=172.22.1.250
dovecot-mailcow-1    | Nov 25 19:34:45 9a0cde0a1768 dovecot: managesieve-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=172.22.1.12, lip=172.22.1.250
watchdog-mailcow-1   | Mon Nov 25 19:34:45 CET 2024 Dovecot health level: 100% (12/12), health trend: 0
watchdog-mailcow-1   | Mon Nov 25 19:34:46 CET 2024 Mail queue health level: 100% (20/20), health trend: 0

Steps to reproduce:

1. edit a mailbox
2. edit acls
  2.1. make sure that "Spam score" is unticked
  2.2. make sure that "Blacklist / Whitelist" is ticked
3. login as the user (not as admin)
4. You will see that "Spam filter" site does not appear even that blacklist/whitelist is enabled.

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12

Server/VM specifications:

4Core,12GB RAM, 50 GB NVME

Is Apparmor, SELinux or similar active?

apparmor preinstalled from debian

Virtualization technology:

KVM

Docker version:

27.3.1

docker-compose version or docker compose version:

v2.29.7

mailcow version:

2024-11b

Reverse proxy:

no reverse proxy? its default acme stuff you ship with.

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..c0a928e7 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFwTCCA6mgAwIBAgIURQ0tpY6vXcyAHcUYW0NTvYGel4QwDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEdMBsGA1UEAwwU
+bWFpbC52aXJ0dWFsaXplZC5hcHAwHhcNMjQxMTE2MTc1NzIxWhcNMjUxMTE2MTc1
+NzIxWjBwMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMRAwDgYDVQQHDAdXaWxs
+aWNoMRAwDgYDVQQKDAdtYWlsY293MRAwDgYDVQQLDAdtYWlsY293MR0wGwYDVQQD
+DBRtYWlsLnZpcnR1YWxpemVkLmFwcDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAJupj2m1+OmIS8v4uNtjYKd+bpPJi06w9uZJ3N9KpKrGrdPGYEt5XUiq
+0PQaB9Bdrqdyhe+K7RgKZuoRf94QBaAHgwfVqwE5Gj7ckfDQ9+5uYsLe9ePynpUS
+ewTTX5/2hu+OsM1xa59YJn85A9pN15bNhwRgWklXd4Motb0UwwuwUfBrzLlDLM3O
+l8dKwbYFbaAGBCBvAsOMGQUkdZs4v/wwbCqIK29I5mEJkj2PYZTbWGTsDG2edqfA
+k/hCSeUyzzM2zebchOBe1D8J2Q8JmrWa5ambz5i8t3HrUIQqNuPl2TZYlDU/st8+
+IBsU1lWy/hBz/RK/2CfJ3V+hxQ/7ZDDDQFSVHXumwCh95hGjbRpHKH7l+TeK4DAJ
+VKHWZc+FpzWsPI3jLgGWdsMlQfEwNPVGDDeQEU7gjeD2RQjq3k+Yxxwwtwpso9YV
+D5RBlI96CotiA5aWRwrLiOGqDYDQAi0B6Hs7wD1v4xV3orUeP+3h37Ohg+bmcLeb
+PDKq+J84etWaVY0Kj5nQzwwXmY/lumfWuC/gQpTzN7fx4/BiRCcgatm9GJE2d7s7
+ZN7j6zzDazs2AaJNOrX+5+Z9hZA9tmJ84kjr45303NruaOS88BwX/lOZpfxO/uWd
++oWXek8TmcMl439+w/g/46J/pRW7p1anduje8nxsPXQA370Zg2uNAgMBAAGjUzBR
+MB0GA1UdDgQWBBQVuNjVH00SklCwls1MhtpsrtMr7TAfBgNVHSMEGDAWgBQVuNjV
+H00SklCwls1MhtpsrtMr7TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4ICAQCa7XFCnQRfQHPLD2EXVvQXkLA/3eyOMDoIWCWkvHz2VrP6FCNvW0xOH2hY
+ECWAQpkOEPbQSOhf8b/Gvgd9vLBiDD0BWSlkoDztEoj9tb2s2P3Rz39lP0u3Uu06
+E6XABrpfO2V8JUw2opIRBJ8Ll8+AUPmJ/YPF4q28ARZYB+iyc4UQPEsVAx0U4JYt
+idOHeIDCS9u9OYryrYFfETHTCb0bt6+0cBbdGzWy/ZdNCgkv34AwqlRxZXl9eIXc
+DDCGlLXED11PeKbJEujIH4vmaSPO8f7cLNW4GNDl8XlrH6Om02CDkEVL1j2T/GHx
+i/h2vVBsT3LxgWNPMJYQJ8iC4iFNymCI/7RMIG1+IhpBchA856k6omB5oK8rknDz
+oclCgp/RHkatdhMPcH5N94+da98KiOTGkcPwP6O58anKLz3v812g2VNP2suGM892
+Ke3qjWl/oTBL4zskYoQ3M5ol2p1utNOfrfUpwL/1SspzIM1nfU3gURVImJyh0OuX
+j5YFgD27ctXt4hcu04PaBLT+SBPsFNRurBJYrYmr+/qNwSzFQFvB+h09miBWQ1dV
+ClSzzWYkfecp7t3m5rpn2NBgwW4ZLuw8Cd/e7MNS4e9X5e6dfrqJwzVMylO7aaVE
+e2AnI/SfVex1TiA7NryLGQbMWPGsr0nwtjRnSGEtkYs/2liLIA==
 -----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..cb1f6405 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCbqY9ptfjpiEvL
++LjbY2Cnfm6TyYtOsPbmSdzfSqSqxq3TxmBLeV1IqtD0GgfQXa6ncoXviu0YCmbq
+EX/eEAWgB4MH1asBORo+3JHw0PfubmLC3vXj8p6VEnsE01+f9obvjrDNcWufWCZ/
+OQPaTdeWzYcEYFpJV3eDKLW9FMMLsFHwa8y5QyzNzpfHSsG2BW2gBgQgbwLDjBkF
+JHWbOL/8MGwqiCtvSOZhCZI9j2GU21hk7AxtnnanwJP4QknlMs8zNs3m3ITgXtQ/
+CdkPCZq1muWpm8+YvLdx61CEKjbj5dk2WJQ1P7LfPiAbFNZVsv4Qc/0Sv9gnyd1f
+ocUP+2Qww0BUlR17psAofeYRo20aRyh+5fk3iuAwCVSh1mXPhac1rDyN4y4BlnbD
+JUHxMDT1Rgw3kBFO4I3g9kUI6t5PmMccMLcKbKPWFQ+UQZSPegqLYgOWlkcKy4jh
+qg2A0AItAeh7O8A9b+MVd6K1Hj/t4d+zoYPm5nC3mzwyqvifOHrVmlWNCo+Z0M8M
+F5mP5bpn1rgv4EKU8ze38ePwYkQnIGrZvRiRNne7O2Te4+s8w2s7NgGiTTq1/ufm
+fYWQPbZifOJI6+Od9Nza7mjkvPAcF/5TmaX8Tv7lnfqFl3pPE5nDJeN/fsP4P+Oi
+f6UVu6dWp3bo3vJ8bD10AN+9GYNrjQIDAQABAoICAAmfTHqxNtRKH76u6Xps+mC6
+24oDgjrYjJfwBpkU9k3fidzr8oWSgyuGnPO3Qja6pnJlDWt2eoaAahvbqLxTiuLO
+uWZRanM2Z5gYLrtPUkF+YwN/IH25QIf1hFOS32KLgjbVFWUgYZHliJJXthRsuGrI
+L1RGwn4DIU5NxMI4l3/6+RhetDaFilj52tRacNQCzOPV9gkCjmNZHy4msqW9jHyX
+NQXXX1v539KCyB6fD4inRcpjSbdi/XG24U64257b6lv/mMXFvumsYvwMl0rV11GU
+5CUnuQhM2MgleYIvUS+lmdeWrSlc09P3SqkckM1BCxx9lwNthtFFf2Dge/EreJDE
+ZE1oNMMXaP7DexGDD+esMS9jwQ53bUnLPJxzFc8GdA+LiJOpDpZcKPJtbf3TIA7Q
+oa09vSl0zKgzEe/KUn6fzT8Wocp+P9gOFVSPn/zwZ20Btd0mLc/CM4Rr2Q8GaWxu
+1hIyKcuMna6B6018p6BPoxb3qaLQ0sUBV0nHSpWsZ29/flZVnJZMb+L1dO5xZpah
+/2TIVYVc4XWR0jtJG2TxdQaOXK5gntqHU569Wz0QisL/2wLbgLq9vlgFRxbuMizS
+mXaNDDYdjDI9/UQprG5cWSrTekwFdAdid3IWFSzXCcUMqfktXln7oMmT+PPxT+Zp
+vlCnB6ntyEP+FbpIywY/AoIBAQDRDEBPFKoyM+lMJziHX0Tq6f/0z6oq9PzUc2+Z
+S7lzEmGp/Mx6NUMob3hVQbQlJSN/4tKApYjo5e8cBA2Af19mQObOHfSQGx9HsPLH
+14jiiFfi4HlntUDhRjFFh1c3Pj4iO8HZkszpAu+u7j/8Fr7gRcGtUOXCHPcuQO2P
+UwTVxO8aUW0C6Jd9sWpZ8/68ADqQtezgBuNjsH+dG8hFE0VVUsaw5N2QP1iVCzQg
+TNiaiBtbO8TK6TWPPAWJ/JK5Ugcru4ew7Y78XE13i+0NG7a283JWvJPkbB+u+T4E
+8stfmvNPmrqkgDbvg+yLjMi2uWvz0tKCdmtPb35Ek0YMM6fHAoIBAQC+n8VAeTJB
+B9a6vsD2TWD/TFRllfmnl/Zvhw1VNto+vzV0ddXYFs6qOxKBiFOjK+wlBgFDzW8q
+YZoYuIHnEngdTM5LrXTw+e8vL+Qyv/3g0clDSCHS5DHSi9NeBD+ZjvpON75p2xkQ
+jj5OeP1V0s2BhKHlKeKaEaSX5CUQliJE+4XSP9okpCkcv6ltsfV9idqqfhFvB/gk
+NVkL900s9NjELTCrrBZ7qsjRwOhTKPRbHU+RQl76NWMV3DFwdUWZzqzuyTi8Uapi
+ge9eOniXU5Esn4xiw1skCahRbRzidfke7gdoZHpewTXkswFjT3DihVoZfdTUrSCT
+qpOGKT5ztxoLAoIBAAcDqTi+EcPjeAWFH2FzceWL+nmlailM1Rrv0KPNJajVyg8h
+G19SYDGAJAKAVOIWL+2/l56Xb1OZO3+uJyHTpEjTDquF18nqDw+hwVOxSLeJKaHE
+NG6lZ0rnxwl1NBj3brBJXwTE5zk+TvqIpf74aGkwDgKZv0vXGvgjV5VCjNv7YqZ4
+avb5BPRDurTP+hEm1NA8Onl94a1bo7yKzRp8PgxR3bbbxw9rALbnjFU1HuN4g6p5
+A+5nCtQGiI0Lu4SaWwE9ppzqK60OD89eE5MoBeZ3nrOIWlIEyr9dP5Z86xQHJ/jY
+0UBpyO4aeBpqm+V9rUCeJ1AXVxxwOkVkx6nrJcsCggEBAJ0621Aap0DMXmkZ/b8q
+g98P7mz8DzgVN8c19eFbpRgsTsMIjqH17fCrWNBOye3ExLqlAVYTlKW4a4oIZd1a
+doh0WZRCNjqtbIPXVLonchiF8SP10zBH2HB5tJXPm0XlkMADaqOVfE8ThIDles/X
+WHqEE6UZrza1ZrWCELBlpU6QyAhrclrWrLJxxCYeqwYpNpt58JdMU3hKKHCeQqHa
+MxFc1NBE2SaX75xTKU2uch7VRlPiEsT+VAQr4vuHPylmN22du5ZZJdiqo+1s/RqU
+ayILV5f+2qYW8SZ4gWKpPBou6x1IA0c0xmck3vgzBkFRDMgJ6gqh4kTqZVQ7oK+B
+T5ECggEAE1RgqWYIljXrH+Zz41kL/AB/LyhdWfqYKFe3nnhuXSsBOsi0BDYDMoIJ
+JyYTUVblRaICszAKQkvV7eR6iBKFgqnFVnNH51LQHJ4MZCdXQfOCsTlqY9rRN2eX
+PRKFmTAlVzlPOgpMLfr1DFHNfTsCbO2mtx7aivSeWWEONpiA70NRSKbJRxDKgyzm
+Cc8GDrMJbaZUAiT3oYKQJulgiFNrk/BRI2XHWwJSbvu5eCful9F3LD+3ln+QnS44
+noOxSkErVpYnnY4BfS9aPdQm67AQiIMdTxI+ctVHAl8D3c1clYZS0XdBexAp2NZu
+ITLZDRQZkVF4N2zO2V6QfsHEbLxz6A==
+-----END PRIVATE KEY-----
diff --git a/data/conf/dovecot/dovecot.folders.conf b/data/conf/dovecot/dovecot.folders.conf
index fa687267..c89409f6 100644
--- a/data/conf/dovecot/dovecot.folders.conf
+++ b/data/conf/dovecot/dovecot.folders.conf
@@ -192,52 +192,9 @@ namespace inbox {
   mailbox "Чернетки" {
     special_use = \Drafts
   }
-  mailbox "Junk" {
-    auto = subscribe
-    special_use = \Junk
-  }
-  mailbox "Junk-E-Mail" {
-    special_use = \Junk
-  }
-  mailbox "Junk E-Mail" {
-    special_use = \Junk
-  }
-  mailbox "Spam" {
-    special_use = \Junk
-  }
-  mailbox "Lixo Eletrônico" {
-    special_use = \Junk
-  }
-  mailbox "Nevyžiadaná pošta" {
-    special_use = \Junk
-  }
-  mailbox "Infikované položky" {
-    special_use = \Junk
-  }
-  mailbox "Ongewenste e-mail" {
-    special_use = \Junk
-  }
-  mailbox "垃圾" {
-    special_use = \Junk
-  }
-  mailbox "垃圾箱" {
-    special_use = \Junk
-  }
-  mailbox "Нежелательная почта" {
-    special_use = \Junk
-  }
-  mailbox "Спам" {
-    special_use = \Junk
-  }
-  mailbox "Небажана пошта" {
-    special_use = \Junk
-  }
   mailbox "Koncepty" {
     special_use = \Drafts
   }
-  mailbox "Nevyžádaná pošta" {
-    special_use = \Junk
-  }
   mailbox "Odstraněná pošta" {
     special_use = \Trash
   }
@@ -298,9 +255,6 @@ namespace inbox {
   mailbox "Κάδος απορριμάτων" {
     special_use = \Trash
   }
-  mailbox "Ανεπιθύμητα" {
-    special_use = \Junk
-  }
   mailbox "Αρχειοθετημένα" {
     special_use = \Archive
   }
diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
index cf12543a..62aa54ef 100644
--- a/data/conf/dovecot/global_sieve_after
+++ b/data/conf/dovecot/global_sieve_after
@@ -8,9 +8,6 @@ require "subaddress";
 require "envelope";
 require "duplicate";
 
-if header :contains "X-Spam-Flag" "YES" {
-  fileinto "Junk";
-}
 
 if allof (
   envelope :detail :matches "to" "*",
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204c..30d10ffd 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -175,3 +175,30 @@ lmtp_destination_recipient_limit=1
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = mail.virtualized.app
+
diff --git a/data/conf/rspamd/local.d/actions.conf b/data/conf/rspamd/local.d/actions.conf
index 3de63a54..6920d103 100644
--- a/data/conf/rspamd/local.d/actions.conf
+++ b/data/conf/rspamd/local.d/actions.conf
@@ -1,3 +1,2 @@
 reject = 15;
-add_header = 8;
 greylist = 7;
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index d398eb05..5ffce3c8 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -9,7 +9,7 @@
     SOGoACLsSendEMailNotifications = YES;
     SOGoAppointmentSendEMailNotifications = YES;
     SOGoDraftsFolderName = "Drafts";
-    SOGoJunkFolderName= "Junk";
+    SOGoJunkFolderName = "";
     SOGoMailDomain = "sogo.local";
     SOGoEnableEMailAlarms = YES;
     SOGoMailHideInlineAttachments = YES;
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index d3165b8a..7c5cd7ea 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -122,10 +122,6 @@ $SHOW_DKIM_PRIV_KEYS = false;
 
 // mailcow Apps - buttons on login screen
 $MAILCOW_APPS = array(
-  array(
-    'name' => 'Webmail',
-    'link' => '/SOGo/',
-  )
 );
 
 // Logo max file size in bytes

Logs of iptables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1948K  479M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
3400K  990M DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
3400K  990M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
 935K  535M ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 247K   10M DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
2217K  446M ACCEPT     0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.11          tcp dpt:3306
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.13          tcp dpt:8983
 162K 6525K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.3           tcp dpt:80
 3017  164K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.3           tcp dpt:443
  102  5840 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
  134  7804 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
  461 27988 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
   81  4656 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
   11   576 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
   96  5196 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
   76  4408 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
   35  1920 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
2217K  446M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
3400K  990M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
2217K  446M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
3400K  990M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
    0     0 DOCKER-USER  0    --  *      *       ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::5  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::5  tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::5  tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::5  tcp dpt:443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:110
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::4  tcp dpt:993

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 292K   13M DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
 309K   23M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  6    --  *      *       172.22.1.249         172.22.1.249         tcp dpt:6379
    0     0 MASQUERADE  6    --  *      *       172.22.1.11          172.22.1.11          tcp dpt:3306
    0     0 MASQUERADE  6    --  *      *       172.22.1.13          172.22.1.13          tcp dpt:8983
    0     0 MASQUERADE  6    --  *      *       172.22.1.3           172.22.1.3           tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       172.22.1.3           172.22.1.3           tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       172.22.1.250         172.22.1.250         tcp dpt:12345
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       172.22.1.253         172.22.1.253         tcp dpt:587

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
   21  1260 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.11:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:172.22.1.13:8983
 162K 6525K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.22.1.3:80
 3017  164K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.22.1.3:443
  102  5840 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
  134  7804 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
  461 27988 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
   81  4656 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
   11   576 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
   96  5196 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
   76  4408 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
   35  1920 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::5  fd4d:6169:6c63:6f77::5  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::5  fd4d:6169:6c63:6f77::5  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:465
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::f  fd4d:6169:6c63:6f77::f  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::5  fd4d:6169:6c63:6f77::5  tcp dpt:80
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::5  fd4d:6169:6c63:6f77::5  tcp dpt:443
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::4  fd4d:6169:6c63:6f77::4  tcp dpt:4190

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::5]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::5]:80
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::4]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::4]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::4]:993
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::4]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::4]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:80 to:[fd4d:6169:6c63:6f77::5]:80
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:443 to:[fd4d:6169:6c63:6f77::5]:443
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::4]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::4]:4190
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::f]:25
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::f]:465
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::f]:587
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::4]:110
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::4]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::4]:993

DNS check:

root@mail:/opt/mailcow-dockerized# docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
172.64.155.249
104.18.32.7
@virtualized-human
Copy link
Author

image
image

@virtualized-human virtualized-human changed the title "Whitelist/Blacklist" ACL depends on "Spam Score" ACL but its not clear and seems not to be intended "Blacklist/Whitelist" ACL depends on "Spam Score" ACL but its not clear and seems not to be intended Nov 25, 2024
FreddleSpl0it added a commit that referenced this issue Dec 9, 2024
@FreddleSpl0it
[Web] fix issue #6185
fa3b789
@FreddleSpl0it
Copy link
Collaborator

Will be fixed in next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FreddleSpl0it FreddleSpl0it

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FreddleSpl0it @virtualized-human