Dashboard does not show container that fails to startย #6756
Description
Contribution guidelines
- I've read the contribution guidelines and wholeheartedly agree
I've found a bug and checked that ...
- ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
- ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
- ... I have understood that answers are voluntary and community-driven, and not commercial support.
- ... I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description
I have noticed that the Dashboard in the Admin panel only shows the status and buttons for containers which actually managed to start.
I was hoping to also see red status alerts for containers which had died or even failed to start.
Case in point, the postfix-mailcow container failed to start after hardening my host OS with the Ubuntu PRO CIS lv1 benchmark. It turns out that Ubuntu had started its own Postfix, which blocked the container.
In the dashboard of Mailcow, this failed container was not shown as failed. It was simply absent from the overview.
Logs:
The Docker Compose logging shows that postfix-mailcow cannot start because port 25 was already occupied. This is as expected.
# docker compose up -d
WARN[0000] mount of type `volume` should not define `bind` option
WARN[0000] mount of type `volume` should not define `bind` option
[+] Running 6/10
โ Container mailcowdockerized-memcached-mailcow-1 Created 0.1s
โ Container mailcowdockerized-sogo-mailcow-1 Created 0.1s
[+] Running 15/16cowdockerized-netfilter-mailcow-1 Created 0.1s
โ Container mailcowdockerized-memcached-mailcow-1 Created 0.1s
[+] Running 17/18cowdockerized-sogo-mailcow-1 Created 0.1s
โ Container mailcowdockerized-memcached-mailcow-1 Started 0.4s
โ Container mailcowdockerized-sogo-mailcow-1 Started 0.5s
โ Container mailcowdockerized-netfilter-mailcow-1 Started 0.4s
โ Container mailcowdockerized-olefy-mailcow-1 Started 0.5s
โ Container mailcowdockerized-dockerapi-mailcow-1 Started 0.6s
โ Container mailcowdockerized-unbound-mailcow-1 Healthy 31.6s
โ Container mailcowdockerized-redis-mailcow-1 Started 0.6s
โ Container mailcowdockerized-clamd-mailcow-1 Started 31.0s
โ Container mailcowdockerized-mysql-mailcow-1 Started 0.6s
โ Container mailcowdockerized-postfix-tlspol-mailcow-1 Started 31.0s
โ Container mailcowdockerized-php-fpm-mailcow-1 Started 0.7s
โ Container mailcowdockerized-dovecot-mailcow-1 Started 0.8s
โ ผ Container mailcowdockerized-postfix-mailcow-1 Starting 31.9s
โ Container mailcowdockerized-rspamd-mailcow-1 Started 31.1s
โ Container mailcowdockerized-ofelia-mailcow-1 Started 0.9s
โ Container mailcowdockerized-nginx-mailcow-1 Started 31.2s
โ Container mailcowdockerized-acme-mailcow-1 Started 31.8s
โ Container mailcowdockerized-watchdog-mailcow-1 Created 0.0s
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint mailcowdockerized-postfix-mailcow-1 (6f7981e71f5ff5228dc5bf3e2a21d4a43892195be6d0879c3f6a96984457ed0e): failed to bind host port for 0.0.0.0:25:172.22.1.253:25/tcp: address already in use
However, the Dashboard screen does not show that the container failed, or didn't start. It only shows the postfix-tlspol-mailcow container when I search for "postfix".
Steps to reproduce:
1. Shutdown Mailcow
2. On the host OS make sure that something's listening on 0.0.0.0:25
3. Startup Mailcow
4. Visit the Admin Dashboard.
5. Look at the list of containers; dashboard only shows the running container, not the failed "postfix" container.
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Ubuntu 24.04 LTS
Server/VM specifications:
10 GB RAM, 4 cores
Is Apparmor, SELinux or similar active?
AppArmor is active on the host.
Virtualization technology:
Proxmox VE
Docker version:
28.4.0, build d8eb465
docker-compose version or docker compose version:
v2.39.4
mailcow version:
2025-09b
Reverse proxy:
n.a.
Logs of git diff:
diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..2888aad1 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0..a46233ad 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index f091cb3f..7438930c 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -174,3 +174,29 @@ lmtp_destination_recipient_limit=1
# DO NOT EDIT ANYTHING BELOW #
# Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+ hostkarma.junkemailfilter.com=127.0.0.1*-2
+ list.dnswl.org=127.0.[0..255].0*-2
+ list.dnswl.org=127.0.[0..255].1*-4
+ list.dnswl.org=127.0.[0..255].2*-6
+ list.dnswl.org=127.0.[0..255].3*-8
+ bl.spamcop.net*2
+ bl.suomispam.net*2
+ hostkarma.junkemailfilter.com=127.0.0.2*3
+ hostkarma.junkemailfilter.com=127.0.0.4*2
+ hostkarma.junkemailfilter.com=127.0.1.2*1
+ backscatter.spameatingmonkey.net*2
+ bl.ipv6.spameatingmonkey.net*2
+ bl.spameatingmonkey.net*2
+ b.barracudacentral.org=127.0.0.2*7
+ bl.mailspike.net=127.0.0.2*5
+ bl.mailspike.net=127.0.0.[10;11;12]*4
+ zen.spamhaus.org=127.0.0.[10;11]*8
+ zen.spamhaus.org=127.0.0.[4..7]*6
+ zen.spamhaus.org=127.0.0.3*4
+ zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = <REDACTED>
+
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..3f7fa48b 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -5,13 +5,16 @@ server:
logfile: /dev/console
do-ip4: yes
do-ip6: yes
+ #do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: no
#access-control: 0.0.0.0/0 allow
- access-control: 10.0.0.0/8 allow
+ #access-control: 10.0.0.0/8 allow
+ access-control: 127.0.0.0/24 allow
access-control: 172.16.0.0/12 allow
- access-control: 192.168.0.0/16 allow
+ #access-control: 172.22.1.0/24 allow
+ #access-control: 192.168.0.0/16 allow
access-control: fc00::/7 allow
access-control: fe80::/10 allow
#access-control: ::0/0 allow
@@ -19,7 +22,9 @@ server:
username: unbound
auto-trust-anchor-file: trusted-key.key
#private-address: 10.0.0.0/8
- #private-address: 172.16.0.0/12
+ private-address: 172.16.0.0/12
+ #private-address: 172.22.1.0/24
+ private-address: 127.0.0.0/24
#private-address: 192.168.0.0/16
#private-address: 169.254.0.0/16
#private-address: fc00::/7
@@ -43,3 +48,8 @@ remote-control:
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
+
Logs of iptables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8305 2721K MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
15441 5211K DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0
15441 5211K DOCKER-FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
1 64 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25
2 128 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:443
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:80
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
3 192 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.5 tcp dpt:3306
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379
0 0 DROP 0 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
12 768 DOCKER 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
7980 4023K ACCEPT 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
15441 5211K DOCKER-CT 0 -- * * 0.0.0.0/0 0.0.0.0/0
7461 1188K DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0
7461 1188K DOCKER-BRIDGE 0 -- * * 0.0.0.0/0 0.0.0.0/0
7449 1187K ACCEPT 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
7449 1187K DOCKER-ISOLATION-STAGE-2 0 -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 6 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 /* mailcow isolation */
Logs of ip6tables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */
0 0 DOCKER-USER 0 -- * * ::/0 ::/0
0 0 DOCKER-FORWARD 0 -- * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (0 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-CT 0 -- * * ::/0 ::/0
0 0 DOCKER-ISOLATION-STAGE-1 0 -- * * ::/0 ::/0
0 0 DOCKER-BRIDGE 0 -- * * ::/0 ::/0
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-2 (0 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (1 references)
pkts bytes target prot opt in out source destination
root@mailcow:/opt/mailcow-dockerized#
Logs of iptables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 2217 packets, 150K bytes)
pkts bytes target prot opt in out source destination
37 2368 DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 51 packets, 3811 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 63 packets, 4579 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0
2053 144K MASQUERADE 0 -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.5:3306
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143
3 192 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.22.1.11:80
2 128 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.22.1.11:443
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.253:25
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.253:465
1 64 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.253:587
Logs of ip6tables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
DNS check:
104.18.32.7
172.64.155.249