Watchdog webhook doesn't include bodyย #6153
Description
Contribution guidelines
- I've read the contribution guidelines and wholeheartedly agree
I've found a bug and checked that ...
- ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
- ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
- ... I have understood that answers are voluntary and community-driven, and not commercial support.
- ... I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description
It seems like the watchdog webhook doesn't include information about the issue but only the path to a temporary file in the body.
Logs:
Can't produce them currently, but I will submit them later
Steps to reproduce:
1. Configure a webhook for the watchdog (in my case discord)
my config:
WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/redacted
WATCHDOG_NOTIFY_WEBHOOK_BODY='{"content":null,"embeds":[{"title":"${SUBJECT}","description":"${BODY}","color":5814783}],"username":"mailcow Watchdog","avatar_url":"https://docs.mailcow.email/assets/images/favicon.png","attachments":[]}'
2. trigger any kind of notifications (for example a ip ban), except the monitoring started message
3. See the message from the bot
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Debian 12
Server/VM specifications:
ETH-Services GIANFAR: 4 vCores, 8GB RAM, 80GB SSD
Is Apparmor, SELinux or similar active?
no
Virtualization technology:
kvm
Docker version:
27.3.1
docker-compose version or docker compose version:
v2.29.7
mailcow version:
2024-11
Reverse proxy:
No
Logs of git diff:
diff --git a/data/assets/nextcloud/nextcloud.conf b/data/assets/nextcloud/nextcloud.conf
deleted file mode 100644
index 81567d39..00000000
--- a/data/assets/nextcloud/nextcloud.conf
+++ /dev/null
@@ -1,130 +0,0 @@
-map $http_x_forwarded_proto $client_req_scheme_nc {
- default $scheme;
- https https;
-}
-
-server {
- include /etc/nginx/conf.d/listen_ssl.active;
- include /etc/nginx/conf.d/listen_plain.active;
- include /etc/nginx/mime.types;
- charset utf-8;
- override_charset on;
-
- ssl_certificate /etc/ssl/mail/cert.pem;
- ssl_certificate_key /etc/ssl/mail/key.pem;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers on;
- ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
- ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 1d;
- ssl_session_tickets off;
- add_header Referrer-Policy "no-referrer" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-Download-Options "noopen" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Permitted-Cross-Domain-Policies "none" always;
- add_header X-Robots-Tag "noindex, nofollow" always;
- add_header X-XSS-Protection "1; mode=block" always;
-
- fastcgi_hide_header X-Powered-By;
-
- server_name NC_SUBD;
-
- root /web/nextcloud/;
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- location = /.well-known/carddav {
- return 301 $client_req_scheme_nc://$host/remote.php/dav;
- }
-
- location = /.well-known/caldav {
- return 301 $client_req_scheme_nc://$host/remote.php/dav;
- }
-
- location = /.well-known/webfinger {
- return 301 $client_req_scheme_nc://$host/index.php/.well-known/webfinger;
- }
-
- location = /.well-known/nodeinfo {
- return 301 $client_req_scheme_nc://$host/index.php/.well-known/nodeinfo;
- }
-
- location ^~ /.well-known/acme-challenge/ {
- default_type "text/plain";
- root /web;
- }
-
- fastcgi_buffers 64 4K;
-
- gzip on;
- gzip_vary on;
- gzip_comp_level 4;
- gzip_min_length 256;
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
- gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
- set_real_ip_from fc00::/7;
- set_real_ip_from 10.0.0.0/8;
- set_real_ip_from 172.16.0.0/12;
- set_real_ip_from 192.168.0.0/16;
- real_ip_header X-Forwarded-For;
- real_ip_recursive on;
-
- location / {
- rewrite ^ /index.php$uri;
- }
-
- location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
- deny all;
- }
- location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
- deny all;
- }
-
- location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) {
- fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
- set $path_info $fastcgi_path_info;
- try_files $fastcgi_script_name =404;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $path_info;
- fastcgi_param HTTPS on;
- # Avoid sending the security headers twice
- fastcgi_param modHeadersAvailable true;
- # Enable pretty urls
- fastcgi_param front_controller_active true;
- fastcgi_pass phpfpm:9002;
- fastcgi_intercept_errors on;
- fastcgi_request_buffering off;
- client_max_body_size 0;
- fastcgi_read_timeout 1200;
- }
-
- location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
- try_files $uri/ =404;
- index index.php;
- }
-
- location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
- try_files $uri /index.php$request_uri;
- add_header Cache-Control "public, max-age=15778463";
- add_header Referrer-Policy "no-referrer" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-Download-Options "noopen" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Permitted-Cross-Domain-Policies "none" always;
- add_header X-Robots-Tag "none" always;
- add_header X-XSS-Protection "1; mode=block" always;
- access_log off;
- }
-
- location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
- try_files $uri /index.php$request_uri;
- access_log off;
- }
-}
diff --git a/data/assets/nextcloud/occ b/data/assets/nextcloud/occ
deleted file mode 100755
index 5113ac01..00000000
--- a/data/assets/nextcloud/occ
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) php /web/nextcloud/occ ${@}
diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..ce51ced3 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
-----BEGIN CERTIFICATE-----
-MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
-MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
-MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
-MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
-y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
-39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
-XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
-1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
-AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
-KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
-eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
-VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
-NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
-UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
-jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
-Bx4Q4KMjuYQ=
+MIIFszCCA5ugAwIBAgIUZpebqmavOh7B20CFgvtCaO8ek2kwDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
+aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEWMBQGA1UEAwwN
+bWFpbC5jY3Nydi5ldTAeFw0yMTA1MDYyMjE5MjhaFw0yMjA1MDYyMjE5MjhaMGkx
+CzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB1dpbGxpY2gxEDAO
+BgNVBAoMB21haWxjb3cxEDAOBgNVBAsMB21haWxjb3cxFjAUBgNVBAMMDW1haWwu
+Y2NzcnYuZXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDvgZHqiaa9
+57v/+kCyS9pnnTDEN27aQGVOKlW4uvVMS5SzkjXlWr5sT7KGZMfx+Oo+G+AvAKs3
+Li16Aakf0/AxinWTWJ12uzvPNBRTpm5xDqac7yBlcOcGMlPFLBHmYHFyBOmeuB3f
+L5NvaqTBoZPP/hM8AV47wLazkqBFLv8fy0zTANJ5CygjpoxTCR0CZ1nyQBfIg6wk
+gJkyLeAiVbv5+VMgcGjsD/+3SUFx367nbGXesuxaK9QCJUSSQ8dI+K9O9m7EymVL
+Orn584mecsS/vPI68BYdk8KW89DtAi9fJ8ykx7QTGQ93q/5cLWc2dGP+pbizk7DN
+RPi0H9+sb+fxOWCo8arxaU6+QztNLVAtFs7RQhoqYTWM4e+c5RtjSKWxa+qcZ0kS
+t1Ns+paFgkYSy3Jo6pVeDdQIcuOzaXlJsYR5H0yTS3grJ5a9bt9Mf+StStMbXwGo
+dB01dnjDyQaoIxYg6eBd8j82f91OOhF8uigRQoF09kADvMySmpMjFxmKUS253SDz
+iuhuI4odOAd/4K6PQsbqkSON4p8HHuQ5NwdSijVJeW8MANC71cBZjL4rQTIwqSJU
+Ia75AvNf8VumeI5WYaHMbOKZv5GAwkvQTLApwZuK4nXLhnKOthAnxLkvNhnI6S/a
+Sy7sfusheTsu0q021vbI4wXJgLW4AUB3sQIDAQABo1MwUTAdBgNVHQ4EFgQUUa4Y
+AT74jujDiLxXMGi0ZdmCzF4wHwYDVR0jBBgwFoAUUa4YAT74jujDiLxXMGi0ZdmC
+zF4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEA3x1hAr1oRLDC
+nA5rvLz8uPKQzzaItP/oTEsgDXCFzuaaAeumAlcMOI9W3xVzudE5kzEWwQjs8Va+
+EXuRLCT4rqdIAsfXkRbA67eQae2xD8cWmmKyNx1dP6dJ+9DpJqN/afuaG2w/HBhv
+xtyb/DT9cslSKGGUUZ3aUSh1fLNKg8qSEgcx2D5JlfUoPd1FP+Ct20NwrVgOBSKf
+GZfWYje7Xj5ghItwKmh67cinCx60SYB4rJExDskk6V7Am+ah2liZdr74ZjoBpGcM
+BSawsqxqxMFVgwc952Nl23CP8PCUrodz5DDZqIDO7NdM59ls2ksTo6r80ng6aNaf
+DfzNgHKUoP+GGH+HMs0ouLibrKbBKJ7R+Y627rEMH3URHidh5X+jTkZ6d4aktY+4
+h3MGGuK+Uv5y7SsNB9G7ZBSvhnkHTTojXOYTcY2iqRD87S7pUuO1ue5+Lz344hqi
+t3mlMwv4bIHHaekt1GVObpEOwyhb07Prma/lP5xfhI8FKtyuqUby8sz6hfjx9CnA
+e3bTTQYOYCR9+lxR+R6VhrY2jFYtyZNDMiM81dL6tPU0XgNovzzYLb/9MwG16/s5
+jiaAgweRW5V6EIo+zL2/375NSvFL023Rfv7CFPfBSb7uL0VgGGzzqmYhonJ2lsUX
+nYaiRyxgTFTotXOzy2jmYr1U4VRmf2s=
-----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..8e58384f 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
-4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
-mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
-s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
-5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
-slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
-pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
-aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
-+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
-jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
-CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
-ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
-z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
-QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
-ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
-pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
-xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
-lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
-gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
-B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
-/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
-NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
-aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
-cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
-8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDvgZHqiaa957v/
++kCyS9pnnTDEN27aQGVOKlW4uvVMS5SzkjXlWr5sT7KGZMfx+Oo+G+AvAKs3Li16
+Aakf0/AxinWTWJ12uzvPNBRTpm5xDqac7yBlcOcGMlPFLBHmYHFyBOmeuB3fL5Nv
+aqTBoZPP/hM8AV47wLazkqBFLv8fy0zTANJ5CygjpoxTCR0CZ1nyQBfIg6wkgJky
+LeAiVbv5+VMgcGjsD/+3SUFx367nbGXesuxaK9QCJUSSQ8dI+K9O9m7EymVLOrn5
+84mecsS/vPI68BYdk8KW89DtAi9fJ8ykx7QTGQ93q/5cLWc2dGP+pbizk7DNRPi0
+H9+sb+fxOWCo8arxaU6+QztNLVAtFs7RQhoqYTWM4e+c5RtjSKWxa+qcZ0kSt1Ns
++paFgkYSy3Jo6pVeDdQIcuOzaXlJsYR5H0yTS3grJ5a9bt9Mf+StStMbXwGodB01
+dnjDyQaoIxYg6eBd8j82f91OOhF8uigRQoF09kADvMySmpMjFxmKUS253SDziuhu
+I4odOAd/4K6PQsbqkSON4p8HHuQ5NwdSijVJeW8MANC71cBZjL4rQTIwqSJUIa75
+AvNf8VumeI5WYaHMbOKZv5GAwkvQTLApwZuK4nXLhnKOthAnxLkvNhnI6S/aSy7s
+fusheTsu0q021vbI4wXJgLW4AUB3sQIDAQABAoICAEufeMg6YGi0A9tmVAk4BCUV
+L/G0ow7MqHAO0/Q5K/zEHJa6gsQBbADdBTyEE9HmS2gC+z08E9OfhAJzBcij7cJm
+uoskvstfgRoCkqx674JJIviIVI1TIc8GEwc9zAUWzJs4y98uuVfgOMhEPvNYpkhV
+LBOVRwDM76Mxl+NgXHPYiFBTgSFxEWJ4UvRg+0ToBzGDZT8NvEvmQvjiHVQaB/l8
+7O9gLvDieFaSDdT70MkHo/62NgSetBldVRJtzj3PL+NZ0k3Wrjcbut8eM4TRLihw
+a3eKmSELp7RsFbrQJs7/zRD2cXhaQFUD/JN0TpOWGoCsKO6ion+d2H1fVwumZfBb
+SIZgqJvXL9eEoqKjscpDX0qBUuRt47rtC3c01K5S3G8F+c1BS7nBHOUAz7/lFSQt
+Si6ZamJC0OmYIQBG8qZ2gSwBeCna9SSO5XvEwjVqN1b20GIk1PfooNI3+EmF2doa
+dwLba72lrkVieJNU2cMceZ+TkLLnrGyPQ5ghFrdDBzmMzbVg22Go45RQxNmY3iy5
+W7ma0KNh4QRUtbvmoiqKB4beAx7CTRrk+6XnLRu1vfkDVcCSo9Igc+h0PrfZc2d/
+yLrM/UdkPpaSEq7aL/kYXBfHMINNJHYYFqd8W72/a4B3wI7FDHlD8CbxoQca4lI8
+cn9xAbq8TA0dkbGupjQBAoIBAQD9nvKup9hDwF7TuMw4UygF0z9/FiiiskKekb8t
+6RY2NHB/Mnzdg6J58ezXBrbGIUsu4vkF8igzvx2NSPs7x98SOpRq5EQDmS1YJnLS
+vssjHsnp/QcW+bl3EIuGxY1p5YP8juxk7PDVwTj3AaSO3uDt+Y+IeWfy8mN0vmQq
+soXAZ/c9Iml82OWooQaASEW6r/hC+t84WwvI4BScUsN7px3JZdriRfU0vbnR19F+
+TC7xvp0oWV4wEV76LYYlnnLvTIJ2b6wX1jZkkfXCVWnucgnvcYk/itwqu4ydFyc6
+EpI7/8s129if3q9phR2SgDMh2PjRjaNxdCtl0Ixf2CZryKHxAoIBAQDxwLn4jJlz
+y9/U7ZYrdDsA2yIdgc00sbjUGz5LgWObHIxr/2dqFqfWqoCZrIZqCOERAdk6RamO
++SOLcnVGYxnSuIYeMVCqMs0EbK7jjzCCroqQBCaNGUgHqtuicnq/Ci46rfw8nuRd
+oNPFrQ/5cfmbQZ6sW5OFlOgmgJ+s/mNYUhXeIHEkCTno/lyo+H/9nFgaf5R+1SXZ
+ZJbVRclUgbdnUg6d4Ixa0HUOo6p7o8j8MP5zH5ywm9D9UajNPAiU51rlxjPyk400
+ivLvU4JPsJyoBurLX8Qvq6gyeYigggfBsOrraIbTXaJI1ccIhpWQ1LGb91uh94Cz
+X07/Te80s3HBAoIBABUZP/8fn3IjcsASQ4r7//xcEpAz+7VtNvWSEmFzXpGr0yAB
+xzl2VfHnGljZCiN5aZPA9g50krubTo4OYDgc7IXLscUisDXMbGVE7ZByptuJGCsL
+DafvpmotSi4wCQ+iNFSyXyAWRgLCTEbgMBxilju14ybrUqZ3W6a+n/6dU1sqSvse
+/b+RG6nnm27YlFRvhyurSx6ZFGXlnlFS4UhMIsI6Yvcn8rosfmTim17yX4Vk4hYV
+OSyuhUQyvVIr2EvoBYJsz9g7zdKYAeXkzSc0/XaZ710F5EL5zzzSTEUcfmXXZcRZ
+QbArClSw6kDhwV8zeZ+VNN+fVmzl6Iegp7GXw0ECggEAf+mtfKlH+FEDGbKsJknV
+flpz7pDjduIiHXhcua64eTXdxrbYjPV30MleSfFTHX+dNlZ4DbEWSiPgfsQM8TU2
+UJx5ujf1qlg+yfyHfLgivsKDZjgL/dRGnGf21jkkYTiNxVaRg7G+uxuBcbJkJWP8
+4f0Sa7f4klF7lAOyeOIQxoaIM4OO2bZYAcO0W2NAtXun0j124LT+1cu3Uxkdsa0A
+0ZZFTZumJ9bsWNaYOdsrWOTDfT5Ytcl8BszSN+Vv1PmkyrbYfZ08tXRfnendpTSZ
+bv5Z9UmykFaPJEXR2Lt0RzPI2M3xqJx+ZXNXYFd1g7BGWXPD9Cr02fOv5L3jt0rL
+AQKCAQEA3UVp1tdYhuI/PxTw4mscL/XkY49bn7wvriBirq+XqFyZRZKukM9Auoz1
+Z4Tir6ZNTDjIUtYObPKAkDZDD1CfnhSbcYaZvjfUzley/6Tn0d3mSV7gF4JiAktS
+DLp7xi2AXCzjSa0SkMZ16sQQZ+HOsvehO4VFHYFnETRY23SuyfagoJgX+I3DBQ70
+7I9krZmu25XgaUTzC3wLSCAXzmxbZXrx4D/ZqIQSod1yE+n8geCFyD9YzM9j9DMj
+VKhzglDHl0WwqlGQT+/M9Udey3bN5g15rq3Gg32N7h4xPNLrqMNOBI4GsBfvmgw4
+xtsJKegNG5tf4cfk4LIN5vVEZ77Y6w==
+-----END PRIVATE KEY-----
diff --git a/data/conf/clamav/clamd.conf b/data/conf/clamav/clamd.conf
index df1aa1e1..b6847983 100644
--- a/data/conf/clamav/clamd.conf
+++ b/data/conf/clamav/clamd.conf
@@ -17,7 +17,7 @@ IdleTimeout 20
SelfCheck 3600
User clamav
Foreground yes
-DetectPUA yes
+#DetectPUA yes
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md
#ExcludePUA NetTool
#ExcludePUA PWTool
@@ -37,11 +37,25 @@ PhishingScanURLs no
HeuristicScanPrecedence yes
ScanHTML yes
ScanArchive yes
-MaxScanSize 50M
-MaxFileSize 25M
-MaxRecursion 5
+#MaxScanSize 50M
+#MaxFileSize 25M
+#MaxRecursion 5
MaxFiles 200
Bytecode yes
BytecodeSecurity TrustSigned
BytecodeTimeout 1000
ConcurrentDatabaseReload no
+
+DetectPUA yes
+ExcludePUA PUA.Win.Packer
+ExcludePUA PUA.Win.Trojan.Packed
+ExcludePUA PUA.Win.Trojan.Molebox
+ExcludePUA PUA.Win.Packer.Upx
+ExcludePUA PUA.Doc.Packed
+MaxScanSize 150M
+MaxFileSize 100M
+MaxRecursion 40
+MaxEmbeddedPE 100M
+MaxHTMLNormalize 50M
+MaxScriptNormalize 50M
+MaxZipTypeRcg 50M
diff --git a/data/conf/clamav/freshclam.conf b/data/conf/clamav/freshclam.conf
index cfb497e9..5d79135d 100644
--- a/data/conf/clamav/freshclam.conf
+++ b/data/conf/clamav/freshclam.conf
@@ -3,6 +3,7 @@ LogTime yes
PidFile /run/clamav/freshclam.pid
DatabaseOwner clamav
DNSDatabaseInfo current.cvd.clamav.net
+DatabaseMirror db.de.clamav.net
DatabaseMirror db.uk.clamav.net
DatabaseMirror db.nl.clamav.net
DatabaseMirror db.fr.clamav.net
@@ -13,7 +14,23 @@ Checks 6
NotifyClamd /etc/clamav/clamd.conf
Foreground yes
ConnectTimeout 20
-ReceiveTimeout 20
+ReceiveTimeout 90
TestDatabases yes
Bytecode yes
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfo.hdb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfo.ign2
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/javascript.ndb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/spam_marketing.ndb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfohtml.hdb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfoascii.hdb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfoandroid.hdb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfoold.hdb
+DatabaseCustomURL https://www.securiteinfo.com/get/signatures/redacted/securiteinfopdf.hdb
+
+DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
+DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
+DatabaseCustomURL http://sigs.interserver.net/shell.ldb
+DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
+
+DatabaseCustomURL https://urlhaus.abuse.ch/downloads/urlhaus.ndb
diff --git a/data/conf/ejabberd/autogen/ejabberd_acl.yml b/data/conf/ejabberd/autogen/ejabberd_acl.yml
new file mode 100644
index 00000000..21db66a4
--- /dev/null
+++ b/data/conf/ejabberd/autogen/ejabberd_acl.yml
@@ -0,0 +1 @@
+# Autogenerated by mailcow
diff --git a/data/conf/ejabberd/autogen/ejabberd_api.yml b/data/conf/ejabberd/autogen/ejabberd_api.yml
new file mode 100644
index 00000000..58c0ffd7
--- /dev/null
+++ b/data/conf/ejabberd/autogen/ejabberd_api.yml
@@ -0,0 +1,16 @@
+# Autogenerated by mailcow
+api_permissions:
+ "Reload by mailcow":
+ who:
+ - ip: "172.22.1.0/24"
+ what:
+ - "reload_config"
+ - "restart"
+ - "list_certificates"
+ - "list_cluster"
+ - "join_cluster"
+ - "leave_cluster"
+ - "backup"
+ - "status"
+ - "stats"
+ - "muc_online_rooms"
diff --git a/data/conf/ejabberd/autogen/ejabberd_hosts.yml b/data/conf/ejabberd/autogen/ejabberd_hosts.yml
new file mode 100644
index 00000000..21db66a4
--- /dev/null
+++ b/data/conf/ejabberd/autogen/ejabberd_hosts.yml
@@ -0,0 +1 @@
+# Autogenerated by mailcow
diff --git a/data/conf/ejabberd/autogen/ejabberd_macros.yml b/data/conf/ejabberd/autogen/ejabberd_macros.yml
new file mode 100644
index 00000000..d6b0a58c
--- /dev/null
+++ b/data/conf/ejabberd/autogen/ejabberd_macros.yml
@@ -0,0 +1,4 @@
+# Autogenerated by mailcow
+define_macro:
+ 'MAILCOW_HOSTNAME': "mail.redacted"
+ 'EJABBERD_HTTPS': 5443
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204c..2aaa932e 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -52,6 +52,8 @@ postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
+# proxy:mysql:/opt/postfix/conf/sql/mysql_local_senders.cf,
+# proxy:mysql:/opt/postfix/conf/sql/mysql_non-local_srs.cf,
$sender_dependent_default_transport_maps,
$smtp_tls_policy_maps,
$local_recipient_maps,
@@ -175,3 +177,54 @@ lmtp_destination_recipient_limit=1
# DO NOT EDIT ANYTHING BELOW #
# Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+ hostkarma.junkemailfilter.com=127.0.0.1*-2
+ list.dnswl.org=127.0.[0..255].0*-2
+ list.dnswl.org=127.0.[0..255].1*-4
+ list.dnswl.org=127.0.[0..255].2*-6
+ list.dnswl.org=127.0.[0..255].3*-8
+ ix.dnsbl.manitu.net*2
+ bl.spamcop.net*2
+ bl.suomispam.net*2
+ hostkarma.junkemailfilter.com=127.0.0.2*3
+ hostkarma.junkemailfilter.com=127.0.0.4*2
+ hostkarma.junkemailfilter.com=127.0.1.2*1
+ backscatter.spameatingmonkey.net*2
+ bl.ipv6.spameatingmonkey.net*2
+ bl.spameatingmonkey.net*2
+ b.barracudacentral.org=127.0.0.2*7
+ bl.mailspike.net=127.0.0.2*5
+ bl.mailspike.net=127.0.0.[10;11;12]*4
+ dnsbl.sorbs.net=127.0.0.10*8
+ dnsbl.sorbs.net=127.0.0.5*6
+ dnsbl.sorbs.net=127.0.0.7*3
+ dnsbl.sorbs.net=127.0.0.8*2
+ dnsbl.sorbs.net=127.0.0.6*2
+ dnsbl.sorbs.net=127.0.0.9*2
+ redacted.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+ redacted.zen.dq.spamhaus.net=127.0.0.[10;11]*8
+ redacted.zen.dq.spamhaus.net=127.0.0.3*4
+ redacted.zen.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+
+# User Overrides
+myhostname = mail.redacted
+submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+# For postsrsd
+## In order to disable postsrsd, just comment out the following two blocks and restart postfix-mailcow!
+## There is also config in master.cf, but it shouldn't interfere without these config lines here
+
+## postsrsd's reverse service is listening on port 10002
+#sender_canonical_classes = envelope_sender
+#recipient_canonical_maps = socketmap:inet:172.30.1.42:10003:reverse, proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+#recipient_canonical_classes = envelope_recipient, header_recipient
+
+# Also for postsrsd, we override the default transport maps to use the smtpd on port 10029 for all non-local recipients
+#transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
+# pcre:/opt/postfix/conf/local_transport,
+# proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
+# proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
+# proxy:mysql:/opt/postfix/conf/sql/mysql_non-local_srs.cf
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index d5114df2..4b127a8b 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -144,3 +144,19 @@ watchdog_discard unix - - n - - discard
-o syslog_facility=local7
-o syslog_name=watchdog
# end watchdog-specific
+
+# SRS config
+cleanup-srs unix n - - - 0 cleanup
+ -o sender_canonical_maps=proxy:mysql:/opt/postfix/conf/sql/mysql_local_senders.cf,socketmap:inet:172.30.1.42:10003:forward
+ -o sender_canonical_classes=envelope_sender
+ #-o recipient_canonical_maps=regexp:/opt/postfix/conf/regex_sender_canonical_srs
+ -o syslog_name=cleanup-srs
+
+# Only non-local recipients should end up here per our transport map in extra.cf
+127.0.0.1:10029 inet n - - - - smtpd
+ -o cleanup_service_name=cleanup-srs
+ -o smtpd_tls_security_level=none
+ -o content_filter=smtp:
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_milters=
+ -o syslog_name=srs
diff --git a/data/conf/rspamd/custom/global_smtp_from_whitelist.map b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
index 3c872889..26187051 100644
--- a/data/conf/rspamd/custom/global_smtp_from_whitelist.map
+++ b/data/conf/rspamd/custom/global_smtp_from_whitelist.map
@@ -1 +1,2 @@
-# /.+example\.com/i
+# /.+example\.com/i
+support@chocolatey.io
diff --git a/data/conf/rspamd/local.d/antivirus.conf b/data/conf/rspamd/local.d/antivirus.conf
index c8d31d1e..1e5f0634 100644
--- a/data/conf/rspamd/local.d/antivirus.conf
+++ b/data/conf/rspamd/local.d/antivirus.conf
@@ -9,3 +9,12 @@ clamav {
servers = "clamd:3310";
max_size = 20971520;
}
+
+patterns {
+ # Extra Signatures (Securite) Not shipped with mailcow.
+ CLAM_SECI_SPAM = "^SecuriteInfo\.com\.Spam.*";
+ CLAM_SECI_JPG = "^SecuriteInfo\.com\.JPG.*";
+ CLAM_SECI_PDF = "^SecuriteInfo\.com\.PDF.*";
+ CLAM_SECI_HTML = "^SecuriteInfo\.com\.HTML.*";
+ CLAM_SECI_JS = "^SecuriteInfo\.com\.JS.*";
+}
diff --git a/data/conf/rspamd/local.d/history_redis.conf b/data/conf/rspamd/local.d/history_redis.conf
index 68a59b0c..77e1ae3d 100644
--- a/data/conf/rspamd/local.d/history_redis.conf
+++ b/data/conf/rspamd/local.d/history_redis.conf
@@ -1 +1 @@
-nrows = 1000;
+nrows = 10000;
diff --git a/data/conf/sogo/custom-theme.js b/data/conf/sogo/custom-theme.js
index 0df50677..5d5a7f7c 100644
--- a/data/conf/sogo/custom-theme.js
+++ b/data/conf/sogo/custom-theme.js
@@ -33,4 +33,4 @@
$mdThemingProvider.generateThemesOnDemand(false);
}
})();
- */
\ No newline at end of file
+*/
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index d398eb05..ac85a255 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -24,7 +24,7 @@
js/custom-sogo.js
);
- SOGoEnablePublicAccess = YES;
+ SOGoEnablePublicAccess = NO;
// Multi-domain setup
// Domains are isolated, you can define visibility options here.
@@ -35,11 +35,18 @@
// (domain3.tld, domain2.tld)
// );
+ SOGoDomainsVisibility = (
+ (redacted, redacted, redacted)
+ );
+
+ SOGoSuperUsernames = (admin@redacted);
+
// self-signed is not trusted anymore
WOPort = "0.0.0.0:20000";
SOGoMemcachedHost = "memcached";
- SOGoLanguage = English;
+// SOGoLanguage = English;
+ SOGoLanguage = German;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
// SOGoCreateIdentitiesDisabled = NO;
SOGoMailCustomFromEnabled = YES;
@@ -68,6 +75,7 @@
SOGoSieveFolderEncoding = "UTF-8";
SOGoPasswordChangeEnabled = NO;
+// SOGoTOTPEnabled = NO;
SOGoSentFolderName = "Sent";
SOGoMailShowSubscribedFoldersOnly = NO;
NGImap4ConnectionStringSeparator = "/";
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 34e47a54..7d8128ac 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -59,6 +59,7 @@ if (isset($_POST["verify_tfa_login"])) {
unset($_SESSION['pending_pw_reset_token']);
unset($_SESSION['pending_pw_new_password']);
unset($_SESSION['pending_mailcow_cc_username']);
+ unset($_SESSION["mailcow_cc_role"]);
unset($_SESSION['pending_mailcow_cc_role']);
unset($_SESSION['pending_tfa_methods']);
}
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index af2862a3..6f6c5919 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -945,6 +945,9 @@ jQuery(function($){
if (ALLOW_ADMIN_EMAIL_LOGIN) {
item.action += '<a href="/sogo-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-sm btn-xs-lg btn-xs-half btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> SOGo</a>';
}
+ if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
+ item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-sm btn-xs-half btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
+ }
item.action += '</div>';
}
else {
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index 65c76f53..71e07298 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -42,6 +42,7 @@ $template_data = [
'lang_mailbox' => json_encode($lang['mailbox']),
'lang_rl' => json_encode($lang['ratelimit']),
'lang_datatables' => json_encode($lang['datatables']),
+ 'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
];
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index b61896d7..a62e24c0 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -74,5 +74,6 @@
var role = '{{ role }}';
var is_dual = {{ is_dual }};
var ALLOW_ADMIN_EMAIL_LOGIN = {{ allow_admin_email_login }};
+ var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
</script>
{% endblock %}
diff --git a/docker-compose.yml b/docker-compose.yml
index c462ba88..1a330f2c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -614,36 +614,6 @@ services:
aliases:
- ofelia
- ipv6nat-mailcow:
- depends_on:
- - unbound-mailcow
- - mysql-mailcow
- - redis-mailcow
- - clamd-mailcow
- - rspamd-mailcow
- - php-fpm-mailcow
- - sogo-mailcow
- - dovecot-mailcow
- - postfix-mailcow
- - memcached-mailcow
- - nginx-mailcow
- - acme-mailcow
- - netfilter-mailcow
- - watchdog-mailcow
- - dockerapi-mailcow
- - solr-mailcow
- environment:
- - TZ=${TZ}
- image: robbertkl/ipv6nat
- security_opt:
- - label=disable
- restart: always
- privileged: true
- network_mode: "host"
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - /lib/modules:/lib/modules:ro
-
networks:
mailcow-network:
driver: bridge
Logs of iptables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1700K 2267M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
1701K 2267M ts-input 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
896K 636M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
896K 636M DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0
896K 636M DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0
27834 3188K ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
55658 4091K ACCEPT 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
292K 562M ACCEPT 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
41665 1709K DOCKER 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
478K 65M ACCEPT 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 ts-forward 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.5 tcp dpt:3306
128 7580 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25
225 12896 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379
57 3356 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587
39530 1584K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:80
1576 92720 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:443
11 620 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110
33 1880 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
75 3856 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
28 1580 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
2 120 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.3 tcp dpt:8983
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
55658 4091K DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
478K 65M DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
896K 636M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
534K 69M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
896K 636M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 6 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 /* mailcow isolation */
Chain ts-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK 0 -- tailscale0 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x40000/0xff0000
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x40000/0xff0000
0 0 DROP 0 -- * tailscale0 100.64.0.0/10 0.0.0.0/0
0 0 DROP 0 -- * tailscale0 0.0.0.0/0 0.0.0.0/0 ! ctstate RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * tailscale0 0.0.0.0/0 0.0.0.0/0
Chain ts-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 100.80.17.104 0.0.0.0/0
0 0 RETURN 0 -- !tailscale0 * 100.115.92.0/23 0.0.0.0/0
0 0 DROP 0 -- !tailscale0 * 100.64.0.0/10 0.0.0.0/0
144K 121M ACCEPT 0 -- tailscale0 * 0.0.0.0/0 0.0.0.0/0
44131 11M ACCEPT 17 -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:41641
Logs of ip6tables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1202K 212M MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */
1202K 212M ts-input 0 -- * * ::/0 ::/0
Chain FORWARD (policy DROP 10 packets, 676 bytes)
pkts bytes target prot opt in out source destination
97873 36M MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */
97875 36M DOCKER-USER 0 -- * * ::/0 ::/0
97877 36M DOCKER-ISOLATION-STAGE-1 0 -- * * ::/0 ::/0
0 0 ACCEPT 0 -- * docker0 ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 -- * docker0 ::/0 ::/0
0 0 ACCEPT 0 -- docker0 !docker0 ::/0 ::/0
0 0 ACCEPT 0 -- docker0 docker0 ::/0 ::/0
46472 11M ACCEPT 0 -- * br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED
2642 210K DOCKER 0 -- * br-mailcow ::/0 ::/0
48759 24M ACCEPT 0 -- br-mailcow !br-mailcow ::/0 ::/0
0 0 ACCEPT 0 -- br-mailcow br-mailcow ::/0 ::/0
10 676 ts-forward 0 -- * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
97 7596 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::6 tcp dpt:25
8 608 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::6 tcp dpt:465
4 304 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::6 tcp dpt:587
26 1752 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:80
2431 194K ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:443
13 908 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:110
11 748 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:143
20 1496 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:993
31 2372 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:995
1 80 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:4190
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 ::/0 ::/0
48759 24M DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow ::/0 ::/0
97882 36M RETURN 0 -- * * ::/0 ::/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * docker0 ::/0 ::/0
0 0 DROP 0 -- * br-mailcow ::/0 ::/0
48759 24M RETURN 0 -- * * ::/0 ::/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
97875 36M RETURN 0 -- * * ::/0 ::/0
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
Chain ts-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK 0 -- tailscale0 * ::/0 ::/0 MARK xset 0x40000/0xff0000
0 0 ACCEPT 0 -- * * ::/0 ::/0 mark match 0x40000/0xff0000
0 0 DROP 0 -- * tailscale0 ::/0 ::/0 ! ctstate RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * tailscale0 ::/0 ::/0
Chain ts-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * fd7a:115c:a1e0:ab12:4843:cd96:6250:1168 ::/0
0 0 ACCEPT 0 -- tailscale0 * ::/0 ::/0
252K 148M ACCEPT 17 -- * * ::/0 ::/0 udp dpt:41641
Logs of iptables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
71006 3293K DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1794 273K DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1797 273K MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0
95197 7336K MASQUERADE 0 -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0
118K 7407K ts-postrouting 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE 6 -- * * 172.22.1.5 172.22.1.5 tcp dpt:3306
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:25
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:465
0 0 MASQUERADE 6 -- * * 172.22.1.249 172.22.1.249 tcp dpt:6379
0 0 MASQUERADE 6 -- * * 172.22.1.253 172.22.1.253 tcp dpt:587
0 0 MASQUERADE 6 -- * * 172.22.1.10 172.22.1.10 tcp dpt:80
0 0 MASQUERADE 6 -- * * 172.22.1.10 172.22.1.10 tcp dpt:443
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:110
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:143
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:993
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:995
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:4190
0 0 MASQUERADE 6 -- * * 172.22.1.250 172.22.1.250 tcp dpt:12345
0 0 MASQUERADE 6 -- * * 172.22.1.3 172.22.1.3 tcp dpt:8983
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.5:3306
3909 234K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.253:25
1218 70476 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.253:465
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379
320 18568 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.253:587
40123 1617K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.22.1.10:80
2372 138K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.22.1.10:443
54 3004 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110
130 7376 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143
149 7932 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993
143 8208 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995
39 2324 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.22.1.3:8983
Chain ts-postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x40000/0xff0000
Logs of ip6tables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
593K 33M DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * !docker0 fd00:dead:beef:c0::/80 ::/0
19745 2005K MASQUERADE 0 -- * !br-mailcow fd4d:6169:6c63:6f77::/64 ::/0
20836 1683K ts-postrouting 0 -- * * ::/0 ::/0
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::6 fd4d:6169:6c63:6f77::6 tcp dpt:25
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::6 fd4d:6169:6c63:6f77::6 tcp dpt:465
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::6 fd4d:6169:6c63:6f77::6 tcp dpt:587
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:80
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:443
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:110
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:143
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:993
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:995
0 0 MASQUERADE 6 -- * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:4190
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- docker0 * ::/0 ::/0
86 6880 RETURN 0 -- br-mailcow * ::/0 ::/0
97 7596 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:25 to:[fd4d:6169:6c63:6f77::6]:25
8 608 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:465 to:[fd4d:6169:6c63:6f77::6]:465
4 304 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:587 to:[fd4d:6169:6c63:6f77::6]:587
191 14952 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:80 to:[fd4d:6169:6c63:6f77::e]:80
2647 211K DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:443 to:[fd4d:6169:6c63:6f77::e]:443
13 908 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:110 to:[fd4d:6169:6c63:6f77::d]:110
12 808 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:143 to:[fd4d:6169:6c63:6f77::d]:143
20 1496 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:993 to:[fd4d:6169:6c63:6f77::d]:993
35 2644 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:995 to:[fd4d:6169:6c63:6f77::d]:995
1 80 DNAT 6 -- !br-mailcow * ::/0 ::/0 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::d]:4190
Chain ts-postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * * ::/0 ::/0 mark match 0x40000/0xff0000
DNS check:
172.64.155.249
104.18.32.7