Sudden rspamd container restart due to failing settings checkย #7023
Description
Contribution guidelines
- I've read the contribution guidelines and wholeheartedly agree
Checklist prior issue creation
- I understand that failure to follow below instructions may cause this issue to be closed.
- I understand that vague, incomplete or inaccurate information may cause this issue to be closed.
- I understand that this form is intended solely for reporting software bugs and not for support-related inquiries.
- I understand that all responses are voluntary and community-driven, and do not constitute commercial support.
- I confirm that I have reviewed previous issues to ensure this matter has not already been addressed.
- I confirm that my environment meets all prerequisite requirements as specified in the official documentation.
Description
Since 2 days my rspamd container fails with a settings check and restart every 5 minute. The log shows only a "Rspamd settings check failed, score returned: 14" and than over 5 minutes the rspamd health level reduces from 100% to 0% and than the container restarts.
I have nothing changed on the server since the last 5 weeks.
Steps to reproduce:
I cannot reproduce it.
Logs:
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Tue Jan 27 17:27:30 CET 2026 Rspamd health level: 80% (4/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:28:16 CET 2026 Rspamd health level: 60% (3/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:29:20 CET 2026 Rspamd health level: 40% (2/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:29:40 CET 2026 Rspamd health level: 20% (1/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:31:13 CET 2026 Rspamd health level: 0% (0/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:31:14 CET 2026 Rspamd hit error limit
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned:
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned:
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned: 14
watchdog-mailcow-1 | Rspamd settings check failed, score returned:
watchdog-mailcow-1 | Tue Jan 27 17:31:24 CET 2026 Rspamd health level: 80% (4/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:32:06 CET 2026 Rspamd health level: 60% (3/5), health trend: -1
watchdog-mailcow-1 | Tue Jan 27 17:33:12 CET 2026 Rspamd health level: 40% (2/5), health trend: -1
Which branch are you using?
master (stable)
Which architecture are you using?
x86_64
Operating System:
No LSB modules are available. Debian GNU/Linux 12 (bookworm)
Server/VM specifications:
8GB RAM, 4vcpu
Is Apparmor, SELinux or similar active?
no
Virtualization technology:
hetzner cloud
Docker version:
29.2.0
docker-compose version or docker compose version:
v5.0.2
mailcow version:
2025-12a
Reverse proxy:
nginx
Logs of git diff:
diff --git a/create_cold_standby.sh b/create_cold_standby.sh
index 924339af1..89307f50a 100755
--- a/create_cold_standby.sh
+++ b/create_cold_standby.sh
@@ -1,7 +1,7 @@
#!/bin/bash
-export REMOTE_SSH_KEY=/root/.ssh/id_rsa
+export REMOTE_SSH_KEY=/root/.ssh/id_rsa_mc1.XXX
export REMOTE_SSH_PORT=22
-export REMOTE_SSH_HOST=my.remote.host
+export REMOTE_SSH_HOST=mc2.XXX
/opt/mailcow-dockerized/helper-scripts/_cold-standby.sh
diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16becd..ca83bec5e 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem
@@ -1,19 +1,33 @@
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
diff --git a/data/assets/ssl-example/key.pem b/data/assets/ssl-example/key.pem
index cedf35a0b..f34e15362 100644
--- a/data/assets/ssl-example/key.pem
+++ b/data/assets/ssl-example/key.pem
@@ -1,27 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
XXX
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+XXX
+-----END PRIVATE KEY-----
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index f091cb3f9..7194e1f60 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -174,3 +174,50 @@ lmtp_destination_recipient_limit=1
# DO NOT EDIT ANYTHING BELOW #
# Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+ hostkarma.junkemailfilter.com=127.0.0.1*-2
+ list.dnswl.org=127.0.[0..255].0*-2
+ list.dnswl.org=127.0.[0..255].1*-4
+ list.dnswl.org=127.0.[0..255].2*-6
+ list.dnswl.org=127.0.[0..255].3*-8
+ bl.spamcop.net*2
+ bl.suomispam.net*2
+ hostkarma.junkemailfilter.com=127.0.0.2*3
+ hostkarma.junkemailfilter.com=127.0.0.4*2
+ hostkarma.junkemailfilter.com=127.0.1.2*1
+ backscatter.spameatingmonkey.net*2
+ bl.ipv6.spameatingmonkey.net*2
+ bl.spameatingmonkey.net*2
+ b.barracudacentral.org=127.0.0.2*7
+ bl.mailspike.net=127.0.0.2*5
+ bl.mailspike.net=127.0.0.[10;11;12]*4
+ dnsbl.sorbs.net=127.0.0.10*8
+ dnsbl.sorbs.net=127.0.0.5*6
+ dnsbl.sorbs.net=127.0.0.7*3
+ dnsbl.sorbs.net=127.0.0.8*2
+ dnsbl.sorbs.net=127.0.0.6*2
+ dnsbl.sorbs.net=127.0.0.9*2
+ zen.spamhaus.org=127.0.0.[10;11]*8
+ zen.spamhaus.org=127.0.0.[4..7]*6
+ zen.spamhaus.org=127.0.0.3*4
+ zen.spamhaus.org=127.0.0.2*3
+
+# User Overrides
+myhostname = mail.XXX
+
+smtp_tls_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+smtpd_tls_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+lmtp_tls_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3,!TLSv1,!TLSv1.1
+# SSL/TLS supported ciphers
+smtp_tls_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtpd_tls_ciphers = high
+smtpd_tls_mandatory_ciphers = high
+#tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:TLS_AES_128_GCM_SHA256:
ECDHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:TLS_AES_128_GCM_SHA256
+tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:TLS_AES_128_GCM_SHA256:E
CDHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:ECDHE-RSA-CHACHA20-POLY1305:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+
+smtpd_tls_eecdh_grade = ultra
diff --git a/data/conf/rspamd/custom/global_mime_from_blacklist.map b/data/conf/rspamd/custom/global_mime_from_blacklist.map
index 3c872889c..6c1d00663 100644
--- a/data/conf/rspamd/custom/global_mime_from_blacklist.map
+++ b/data/conf/rspamd/custom/global_mime_from_blacklist.map
@@ -1 +1,3 @@
# /.+example\.com/i
+/.*@stcecyten\.org/i
+/.*@.*\.stcecyten\.org/i
diff --git a/data/conf/rspamd/custom/global_smtp_from_blacklist.map b/data/conf/rspamd/custom/global_smtp_from_blacklist.map
index 3c872889c..d7a223686 100644
--- a/data/conf/rspamd/custom/global_smtp_from_blacklist.map
+++ b/data/conf/rspamd/custom/global_smtp_from_blacklist.map
@@ -1 +1,4 @@
# /.+example\.com/i
+/.*@stcecyten\.org/i
+/.*@.*\.stcecyten\.org/i
+
diff --git a/data/conf/rspamd/local.d/actions.conf b/data/conf/rspamd/local.d/actions.conf
index 3de63a54f..067bf0797 100644
--- a/data/conf/rspamd/local.d/actions.conf
+++ b/data/conf/rspamd/local.d/actions.conf
@@ -1,3 +1,4 @@
-reject = 15;
-add_header = 8;
-greylist = 7;
+reject = 14;
+quarantine = 10;
+add_header = 6;
+greylist = 4;
diff --git a/data/conf/rspamd/local.d/fuzzy_check.conf b/data/conf/rspamd/local.d/fuzzy_check.conf
index 855e8d0e4..e6c4d86d8 100644
--- a/data/conf/rspamd/local.d/fuzzy_check.conf
+++ b/data/conf/rspamd/local.d/fuzzy_check.conf
@@ -52,3 +52,35 @@ rule "mailcow" {
}
}
}
+
+rule "rspamd.com" {
+ servers = "round-robin:fuzzy1.rspamd.com:11335,fuzzy2.rspamd.com:11335";
+ symbol = "FUZZY_UNKNOWN";
+ mime_types = ["*"];
+ max_score = 20.0;
+ read_only = yes;
+ skip_unknown = yes;
+ short_text_direct_hash = true;
+ min_length = 64;
+ encryption_key = โXXXโ;
+ algorithm = "mumhash";
+
+ fuzzy_map = {
+ FUZZY_DENIED {
+ max_score = 20.0;
+ flag = 1;
+ }
+ FUZZY_PROB {
+ max_score = 10.0;
+ flag = 2;
+ }
+ FUZZY_WHITE {
+ max_score = 2.0;
+ flag = 3;
+ }
+# MAILCOW_FUZZY_RATELIMITED {
+# max_score = 0.5; #
+# flag = 4;
+# }
+ }
+}
diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf
index 888bf3630..006e5de1a 100644
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -179,3 +179,10 @@ BAD_SUBJECT_00 {
score = 6.0;
symbols_set = ["BAD_SUBJECT_00"];
}
+
+# --- Placeholder to satisfy dependencies (does not whitelist anything yet) ---
+MAILCOW_WHITE {
+ type = "from";
+ map = "file:///etc/rspamd/local.d/mailcow_white.map";
+ score = 0.0;
+}
diff --git a/data/conf/rspamd/rspamd.conf.local b/data/conf/rspamd/rspamd.conf.local
index 9f2f8f1de..757eb28d0 100644
--- a/data/conf/rspamd/rspamd.conf.local
+++ b/data/conf/rspamd/rspamd.conf.local
@@ -1 +1,3 @@
# rspamd.conf.local
+include "/etc/rspamd/rspamd.conf.override"
+
diff --git a/data/conf/rspamd/rspamd.conf.override b/data/conf/rspamd/rspamd.conf.override
index d033e8e24..30c5b6f7c 100644
--- a/data/conf/rspamd/rspamd.conf.override
+++ b/data/conf/rspamd/rspamd.conf.override
@@ -1,2 +1,3 @@
# rspamd.conf.override
+include "/etc/rspamd/override.d/metrics.conf"
diff --git a/data/web/.well-known/mta-sts.txt b/data/web/.well-known/mta-sts.txt
new file mode 100644
index 000000000..bf418f479
--- /dev/null
+++ b/data/web/.well-known/mta-sts.txt
@@ -0,0 +1,5 @@
+version: STSv1
+mode: enforce
+max_age: 15552000
+mx: mail.XXX
+mx: *.XXX
Logs of iptables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4217K 366M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
73657 7998K f2b-sshd 6 -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4930K 5218M MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
4930K 5218M DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0
4930K 5218M DOCKER-FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.13 tcp dpt:3306
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
11899 793K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
74 4132 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110
4393 258K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587
406 23124 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465
649 35976 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25
0 0 ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379
71124 3643K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.6 tcp dpt:443
16989 713K ACCEPT 6 -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.6 tcp dpt:80
0 0 DROP 0 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
106K 5471K DOCKER 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
1445K 499M ACCEPT 0 -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
4930K 5218M DOCKER-CT 0 -- * * 0.0.0.0/0 0.0.0.0/0
3484K 4719M DOCKER-INTERNAL 0 -- * * 0.0.0.0/0 0.0.0.0/0
3484K 4719M DOCKER-BRIDGE 0 -- * * 0.0.0.0/0 0.0.0.0/0
3379K 4713M ACCEPT 0 -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-INTERNAL (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
29 1643 DROP 0 -- * * 77.90.185.63 0.0.0.0/0
46 2527 DROP 0 -- * * 185.93.89.9 0.0.0.0/0
86 4607 DROP 0 -- * * 77.90.185.50 0.0.0.0/0
114 6063 DROP 0 -- * * 213.209.159.77 0.0.0.0/0
0 0 DROP 6 -- !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 /* mailcow isolation */
Chain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
17 1020 REJECT 0 -- * * 115.190.10.158 0.0.0.0/0 reject-with icmp-port-unreachable
25 1500 REJECT 0 -- * * 34.131.211.42 0.0.0.0/0 reject-with icmp-port-unreachable
34 1968 REJECT 0 -- * * 159.89.143.86 0.0.0.0/0 reject-with icmp-port-unreachable
25 1500 REJECT 0 -- * * 23.227.173.100 0.0.0.0/0 reject-with icmp-port-unreachable
24 1440 REJECT 0 -- * * 61.190.114.203 0.0.0.0/0 reject-with icmp-port-unreachable
17 1360 REJECT 0 -- * * 221.226.24.62 0.0.0.0/0 reject-with icmp-port-unreachable
28 1680 REJECT 0 -- * * 128.199.157.145 0.0.0.0/0 reject-with icmp-port-unreachable
40 2372 REJECT 0 -- * * 27.79.6.20 0.0.0.0/0 reject-with icmp-port-unreachable
20 1200 REJECT 0 -- * * 45.78.206.222 0.0.0.0/0 reject-with icmp-port-unreachable
24 1440 REJECT 0 -- * * 69.5.189.131 0.0.0.0/0 reject-with icmp-port-unreachable
28 1680 REJECT 0 -- * * 38.22.160.113 0.0.0.0/0 reject-with icmp-port-unreachable
30 1800 REJECT 0 -- * * 5.253.59.68 0.0.0.0/0 reject-with icmp-port-unreachable
29 1720 REJECT 0 -- * * 92.118.39.95 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 95.167.225.76 0.0.0.0/0 reject-with icmp-port-unreachable
7 280 REJECT 0 -- * * 92.118.39.87 0.0.0.0/0 reject-with icmp-port-unreachable
7 280 REJECT 0 -- * * 92.118.39.62 0.0.0.0/0 reject-with icmp-port-unreachable
2 80 REJECT 0 -- * * 92.118.39.56 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 80.94.92.40 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 80.94.92.187 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 80.94.92.186 0.0.0.0/0 reject-with icmp-port-unreachable
2 80 REJECT 0 -- * * 80.94.92.183 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 80.94.92.182 0.0.0.0/0 reject-with icmp-port-unreachable
1 40 REJECT 0 -- * * 80.94.92.168 0.0.0.0/0 reject-with icmp-port-unreachable
3 120 REJECT 0 -- * * 45.148.10.240 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 36.110.228.254 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 2.57.122.238 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 2.57.121.112 0.0.0.0/0 reject-with icmp-port-unreachable
19 760 REJECT 0 -- * * 195.178.110.30 0.0.0.0/0 reject-with icmp-port-unreachable
2 104 REJECT 0 -- * * 193.32.162.157 0.0.0.0/0 reject-with icmp-port-unreachable
3 120 REJECT 0 -- * * 193.32.162.146 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 193.32.162.145 0.0.0.0/0 reject-with icmp-port-unreachable
1 60 REJECT 0 -- * * 186.96.145.241 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 181.116.220.140 0.0.0.0/0 reject-with icmp-port-unreachable
1 60 REJECT 0 -- * * 167.172.85.65 0.0.0.0/0 reject-with icmp-port-unreachable
68245 7671K RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Logs of ip6tables -L -vn:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 1 packets, 68 bytes)
pkts bytes target prot opt in out source destination
303K 128M MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */
303K 128M DOCKER-USER 0 -- * * ::/0 ::/0
303K 128M DOCKER-FORWARD 0 -- * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:4190
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:995
2142 184K ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:993
0 0 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:143
14 1008 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::10 tcp dpt:110
563 44868 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:587
12 943 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:465
148 11700 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:25
874 72119 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::7 tcp dpt:443
71 5540 ACCEPT 6 -- !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::7 tcp dpt:80
0 0 DROP 0 -- !br-mailcow br-mailcow ::/0 ::/0
0 0 DROP 0 -- !docker0 docker0 ::/0 ::/0
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
3824 320K DOCKER 0 -- * br-mailcow ::/0 ::/0
0 0 DOCKER 0 -- * docker0 ::/0 ::/0
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
143K 85M ACCEPT 0 -- * br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * docker0 ::/0 ::/0 ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
303K 128M DOCKER-CT 0 -- * * ::/0 ::/0
161K 43M DOCKER-INTERNAL 0 -- * * ::/0 ::/0
161K 43M DOCKER-BRIDGE 0 -- * * ::/0 ::/0
157K 43M ACCEPT 0 -- br-mailcow * ::/0 ::/0
0 0 ACCEPT 0 -- docker0 * ::/0 ::/0
Chain DOCKER-INTERNAL (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (1 references)
pkts bytes target prot opt in out source destination
Logs of iptables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
144K 7587K DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0
136K 11M MASQUERADE 0 -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
16989 713K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.22.1.6:80
71141 3644K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.22.1.6:443
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379
650 36036 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.253:25
753 41168 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.253:465
4397 258K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.253:587
74 4132 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143
11926 795K DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345
0 0 DNAT 6 -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.13:3306
Logs of ip6tables -L -vn -t nat:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
155K 12M DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * !docker0 fd00:dead:beef:c0::/80 ::/0
48399 4589K MASQUERADE 0 -- * !br-mailcow fd4d:6169:6c63:6f77::/64 ::/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
71 5540 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:80 to:[fd4d:6169:6c63:6f77::7]:80
874 72119 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:443 to:[fd4d:6169:6c63:6f77::7]:443
148 11700 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:25 to:[fd4d:6169:6c63:6f77::e]:25
12 943 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:465 to:[fd4d:6169:6c63:6f77::e]:465
563 44868 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:587 to:[fd4d:6169:6c63:6f77::e]:587
14 1008 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:110 to:[fd4d:6169:6c63:6f77::10]:110
0 0 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:143 to:[fd4d:6169:6c63:6f77::10]:143
2142 184K DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:993 to:[fd4d:6169:6c63:6f77::10]:993
0 0 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:995 to:[fd4d:6169:6c63:6f77::10]:995
0 0 DNAT 6 -- !br-mailcow * !fe80::/10 ::/0 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::10]:4190
DNS check:
198.252.206.1