| Sun Sep 2 13:58:25 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname mail.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
It has no outgoing IPv6 link. Any output when running curl-6v ip6.mailcow.de ?

Am 02.09.2018 um 14:23 schrieb Luca notifications@github.com:

Hey! I've found 2 similar issues but the solutions that have worked for them did not worked for me.
mailcow/mailcow-dockerized#325
mailcow/mailcow-dockerized#489

I get this issue for mail.lucakrebs.de and the autoconfig / autodiscover.
Reverse DNS in set up, mail.lucakrebs.de points to 2a01:4f8:1c0c:40a6::1 and 94.130.180.171 (https://[2a01:4f8:1c0c:40a6::1]/ and https://94.130.180.171/).

My certificate expired today, so I wanted to renew it, that's why I ran into this issue.

Log:

acme-mailcow_1 | Sun Sep 2 13:57:30 CEST 2018 - Waiting for Docker API...OK
acme-mailcow_1 | Sun Sep 2 13:57:31 CEST 2018 - Found Let's Encrypt or mailcow snake-oil CA issued certificate with SANs: autoconfig.cloud.lucakrebs.de autoconfig.lucakrebs.de autodiscover.cloud.lucakrebs.de autodiscover.lucakrebs.de mail.lucakrebs.de
acme-mailcow_1 | Sun Sep 2 13:57:31 CEST 2018 - Waiting for database...
acme-mailcow_1 | mysqld is alive
acme-mailcow_1 | Sun Sep 2 13:57:33 CEST 2018 - Initializing, please wait...
acme-mailcow_1 | Sun Sep 2 13:57:33 CEST 2018 - Detecting IP addresses... OK
acme-mailcow_1 | Validated CAA for parent domain lucakrebs.de
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Waiting for domain table... OK
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Found AAAA record for autoconfig.cloud.lucakrebs.de: 2a01:4f8:1c0c:40a6::1 - skipping A record check
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname autoconfig.cloud.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Found AAAA record for autodiscover.cloud.lucakrebs.de: 2a01:4f8:1c0c:40a6::1 - skipping A record check
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname autodiscover.cloud.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Found AAAA record for autoconfig.lucakrebs.de: 2a01:4f8:1c0c:40a6::1 - skipping A record check
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname autoconfig.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Found AAAA record for autodiscover.lucakrebs.de: 2a01:4f8:1c0c:40a6::1 - skipping A record check
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname autodiscover.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
acme-mailcow_1 | Sun Sep 2 13:58:24 CEST 2018 - Found AAAA record for mail.lucakrebs.de: 2a01:4f8:1c0c:40a6::1 - skipping A record check
acme-mailcow_1 | Sun Sep 2 13:58:25 CEST 2018 - Cannot match your IP NO_IPV6_LINK against hostname mail.lucakrebs.de (2a01:04f8:1c0c:40a6:0000:0000:0000:0001)
acme-mailcow_1 | Sun Sep 2 13:58:25 CEST 2018 - Cannot validate hostnames, skipping Let's Encrypt for 1 hour.
acme-mailcow_1 | Sun Sep 2 13:58:25 CEST 2018 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
... which makes absolutely no sense because obviously 2a01:04f8:1c0c:40a6:0000:0000:0000:0001 is the equivalent to 2a01:4f8:1c0c:40a6::1 - on which my server listens just perfectly.

I thought of an firewall issue, but couldn't help myself on this topic.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

You mean ip6.mailcow.email?
curl -6v ip6.mailcow.email gives me

* Rebuilt URL to: ip6.mailcow.email/
*   Trying 2a00:f820:417::4...
* TCP_NODELAY set

My /etc/resolv.conf

nameserver 2606:4700:4700:1111
nameserver 2606:4700:4700:1001
nameserver 1.1.1.1
nameserver 1.0.0.1

Can you try this?

https://github.com/mailcow/mailcow-dockerized/issues/1029#issuecomment-385514013

Am 02.09.2018 um 17:01 schrieb Luca notifications@github.com:

You mean ip6.mailcow.email?
curl -6v ip6.mailcow.email gives me

• Rebuilt URL to: ip6.mailcow.email/
• Trying 2a00:f820:417::4...
• TCP_NODELAY set
  My /etc/resolv.conf

nameserver 2606:4700:4700:1111
nameserver 2606:4700:4700:1001
nameserver 1.1.1.1
nameserver 1.0.0.1
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

Also check out this: https://github.com/mailcow/mailcow-dockerized/issues/1628

Hey @andryyy and @MaxXor and thank you for the quick reply.
Sorry I wasn't able to take a look earlier, just had time first now.

Both solutions didn't worked for me however. Well... a bit.

After I ran the command sysctl net.ipv6.conf.eth0.accept_ra=2
curl -6v ip6.mailcow.email gives me

* Rebuilt URL to: ip6.mailcow.email/
*   Trying 2a00:f820:417::4...
* TCP_NODELAY set
* Connected to ip6.mailcow.email (2a00:f820:417::4) port 80 (#0)
> GET / HTTP/1.1
> Host: ip6.mailcow.email
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 03 Sep 2018 15:53:00 GMT
< Server: Apache
< Content-Length: 21
< Content-Type: text/html; charset=UTF-8
<
* Curl_http_done: called premature == 0
* Connection #0 to host ip6.mailcow.email left intact

but as soon as I start mailcow (with docker-compose up -d) it again gives me

* Rebuilt URL to: ip6.mailcow.email/
*   Trying 2a00:f820:417::4...
* TCP_NODELAY set

Even if I run the command sysctl net.ipv6.conf.eth0.accept_ra=2 after I executed mailcow (docker-compose up -d) it just won't work.

Output of ifconfig with docker-compose down

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:fe:4c:6c:68  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 94.130.180.171  netmask 255.255.255.255  broadcast 94.130.180.171
        inet6 2a01:4f8:1c0c:40a6::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::9400:ff:fe08:eacc  prefixlen 64  scopeid 0x20<link>
        ether 96:00:00:08:ea:cc  txqueuelen 1000  (Ethernet)
        RX packets 231016  bytes 232421369 (221.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 103890  bytes 19195889 (18.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 20  bytes 780 (780.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 780 (780.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I'm not sure if im doing something wrong or if I have misunderstood something, but note that my Debian listens to IPv6 (for example ssh) and if I turn on mailcow (docker-compose up -d) then I can also access mailcow UI from https://[2a01:4f8:1c0c:40a6::1]/

So even with set system sysctl custom net.ipv6.conf.eth0.accept_ra value 2 and a reboot it just wont work.

I have the same problem, no matter if i use IPv6 SNAT or not.
IPv6 did work some time ago.

SNAT is not related. mailcow doesn’t change your network setup, so if it used to work, you may want to trace the changes to find the issue. :-/

I cannot replicate any of this on my cows. Do you use ip6tables in any way? I only know of the RA issue in Docker posted above.

I use Mailcow-Dockerized on Ubuntu 18.04
Only changes are updates of OS and mailcow.

Also I have a 2nd Server which is exactly identical with same docker version and Ubuntu 18.04, only difference is the /64 subnet.
There I use gitlab workers with docker-in-docker and IPv6 works there.
So it has to be related to mailcow.

I will try to find more informations.

Also you say mailcow does not change the network setup but it uses robbertkl/ipv6nat which changes the hosts ip6tables.
Which somehow messes up with the existing static IPv6 config.

I'll update you as soon as I found the root cause.

Do you have ufw installed?
I already tried disabling ufw but that changed nothing for me.

Something intereseting I discovered while setting up my ufw firewall:
All rules I set in ufw, are "behind" the docker rules.
So if any docker container (not only mailcow) says "allow tcp 80" and in ufw i set "deny tcp 80", the connection will go trough docker, but not past that. (Well I know I cant run 2 ports, but just hypothetically)

@ruffy91 do you have ufw installed?

--
@andryyy I would ask you to look at this again and if you need further information I can gladly provide it to you.
So since I really think this is an issue which many people have / had and I really want to find a solution, here's everything that I think is important for debugging.

mailcow-dockerized down

ufw status

Status: inactive

ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:78:22:b3:6c  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 94.130.180.171  netmask 255.255.255.255  broadcast 94.130.180.171
        inet6 2a01:4f8:1c0c:40a6::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::9400:ff:fe08:eacc  prefixlen 64  scopeid 0x20<link>
        ether 96:00:00:08:ea:cc  txqueuelen 1000  (Ethernet)
        RX packets 133  bytes 21266 (20.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 114  bytes 15981 (15.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ip6tables --list on system startup

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

ip6tables --list after mailcow-dockerized was running once (but now it is down)

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DOCKER-ISOLATION  all      anywhere             anywhere
DOCKER     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:imaps
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:pop3s
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:pop3
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:imap2
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:sieve
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::d  tcp dpt:https
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::d  tcp dpt:http

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination
RETURN     all      anywhere             anywhere

curl -6v ip6.mailcow.email

* Rebuilt URL to: ip6.mailcow.email/
*   Trying 2a00:f820:417::4...
* TCP_NODELAY set
* Connected to ip6.mailcow.email (2a00:f820:417::4) port 80 (#0)
> GET / HTTP/1.1
> Host: ip6.mailcow.email
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 07 Sep 2018 08:48:56 GMT
< Server: Apache
< Content-Length: 21
< Content-Type: text/html; charset=UTF-8
<
* Curl_http_done: called premature == 0
* Connection #0 to host ip6.mailcow.email left intact
2a01:4f8:1c0c:40a6::1

mailcow-dockerized up

ufw status

Status: inactive

ifconfig

br-36370ab65c20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.22.1.1  netmask 255.255.255.0  broadcast 172.22.1.255
        inet6 fd4d:6169:6c63:6f77::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::1  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::42:89ff:fe0e:eb6c  prefixlen 64  scopeid 0x20<link>
        ether 02:42:89:0e:eb:6c  txqueuelen 0  (Ethernet)
        RX packets 279  bytes 25610 (25.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 135  bytes 26039 (25.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:78:22:b3:6c  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 94.130.180.171  netmask 255.255.255.255  broadcast 94.130.180.171
        inet6 2a01:4f8:1c0c:40a6::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::9400:ff:fe08:eacc  prefixlen 64  scopeid 0x20<link>
        ether 96:00:00:08:ea:cc  txqueuelen 1000  (Ethernet)
        RX packets 720  bytes 129230 (126.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 850  bytes 127906 (124.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth11924d9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::70cf:dcff:fe81:1747  prefixlen 64  scopeid 0x20<link>
        ether 72:cf:dc:81:17:47  txqueuelen 0  (Ethernet)
        RX packets 72  bytes 5921 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 135  bytes 10557 (10.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth12a8fc5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::44cd:d0ff:fef6:2266  prefixlen 64  scopeid 0x20<link>
        ether 46:cd:d0:f6:22:66  txqueuelen 0  (Ethernet)
        RX packets 513  bytes 38214 (37.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 606  bytes 1287926 (1.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth24ad0f5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a03c:62ff:fec5:1380  prefixlen 64  scopeid 0x20<link>
        ether a2:3c:62:c5:13:80  txqueuelen 0  (Ethernet)
        RX packets 29  bytes 2312 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 5916 (5.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth38b08bf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::684b:5aff:fe14:a3e7  prefixlen 64  scopeid 0x20<link>
        ether 6a:4b:5a:14:a3:e7  txqueuelen 0  (Ethernet)
        RX packets 449  bytes 54895 (53.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 547  bytes 62819 (61.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth4a3be8d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::9cbd:c9ff:fe8e:75c  prefixlen 64  scopeid 0x20<link>
        ether 9e:bd:c9:8e:07:5c  txqueuelen 0  (Ethernet)
        RX packets 65  bytes 5515 (5.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 5742 (5.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth5df0e1d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::44df:7eff:fe2d:7987  prefixlen 64  scopeid 0x20<link>
        ether 46:df:7e:2d:79:87  txqueuelen 0  (Ethernet)
        RX packets 65  bytes 6153 (6.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 195  bytes 16528 (16.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth5e4df33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::7488:f5ff:fefd:8aac  prefixlen 64  scopeid 0x20<link>
        ether 76:88:f5:fd:8a:ac  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 728 (728.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 154  bytes 12616 (12.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vetha41e2e2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ac6d:32ff:fefe:2cb  prefixlen 64  scopeid 0x20<link>
        ether ae:6d:32:fe:02:cb  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 728 (728.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 130  bytes 10444 (10.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethc472946: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::b867:16ff:fe48:13ba  prefixlen 64  scopeid 0x20<link>
        ether ba:67:16:48:13:ba  txqueuelen 0  (Ethernet)
        RX packets 428  bytes 36628 (35.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 699  bytes 69504 (67.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethcf9c709: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::6008:55ff:fe80:a69c  prefixlen 64  scopeid 0x20<link>
        ether 62:08:55:80:a6:9c  txqueuelen 0  (Ethernet)
        RX packets 17  bytes 1344 (1.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 53  bytes 3878 (3.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethd28a069: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::e83c:81ff:fe7d:1223  prefixlen 64  scopeid 0x20<link>
        ether ea:3c:81:7d:12:23  txqueuelen 0  (Ethernet)
        RX packets 338  bytes 924947 (903.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 499  bytes 38049 (37.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethea0a63d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a029:f8ff:fec6:859f  prefixlen 64  scopeid 0x20<link>
        ether a2:29:f8:c6:85:9f  txqueuelen 0  (Ethernet)
        RX packets 714  bytes 428900 (418.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 740  bytes 75496 (73.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vetheec9e96: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::5cb8:63ff:fea5:a4ef  prefixlen 64  scopeid 0x20<link>
        ether 5e:b8:63:a5:a4:ef  txqueuelen 0  (Ethernet)
        RX packets 55  bytes 5794 (5.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 166  bytes 28271 (27.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf2c50ef: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::7882:30ff:fe0a:7034  prefixlen 64  scopeid 0x20<link>
        ether 7a:82:30:0a:70:34  txqueuelen 0  (Ethernet)
        RX packets 61  bytes 5906 (5.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 145  bytes 11180 (10.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ip6tables --list

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
MAILCOW    all      anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
MAILCOW    all      anywhere             anywhere
DOCKER-ISOLATION  all      anywhere             anywhere
DOCKER     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all      anywhere             anywhere
ACCEPT     all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:imaps
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:pop3s
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:pop3
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:imap2
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::5  tcp dpt:sieve
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::d  tcp dpt:https
ACCEPT     tcp      anywhere             fd4d:6169:6c63:6f77::d  tcp dpt:http

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination
RETURN     all      anywhere             anywhere

Chain MAILCOW (2 references)
target     prot opt source               destination

curl -6v ip6.mailcow.email

* Rebuilt URL to: ip6.mailcow.email/
*   Trying 2a00:f820:417::4...
* TCP_NODELAY set

Additional information

mailcow-dockerized last updated: September 05, 2018
Debian 9.5

mailcow.conf

# ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "admin"
# Default password is "moohoo"
MAILCOW_HOSTNAME=mail.lucakrebs.de

# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=iobviouslyremovedthis
DBUSER=iobviouslyremovedthis

# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=iobviouslyremovedthis
DBROOT=iobviouslyremovedthis

# ------------------------------
# HTTP/S Bindings
# ------------------------------

# You should use HTTPS, but in case of SSL offloaded reverse proxies:
HTTP_PORT=80
HTTP_BIND=0.0.0.0

HTTPS_PORT=443
HTTPS_BIND=0.0.0.0

# ------------------------------
# Other bindings
# ------------------------------
# You should leave that alone
# Format: 11.22.33.44:25 or 0.0.0.0:465 etc.
# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT

SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587
IMAP_PORT=143
IMAPS_PORT=993
POP_PORT=110
POPS_PORT=995
SIEVE_PORT=4190
DOVEADM_PORT=127.0.0.1:19991
SQL_PORT=127.0.0.1:13306

# Your timezone
TZ=Europe/Berlin

# Fixed project name
COMPOSE_PROJECT_NAME=mailcowdockerized

# Additional SAN for the certificate
ADDITIONAL_SAN=


# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
SKIP_LETS_ENCRYPT=n

# Skip IPv4 check in ACME container - y/n
SKIP_IP_CHECK=n

# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
SKIP_CLAMD=n

# Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)
USE_WATCHDOG=y
# Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME)
WATCHDOG_NOTIFY_EMAIL=iobviouslyremovedthis

# Max log lines per service to keep in Redis logs
LOG_LINES=9999

# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)
IPV4_NETWORK=172.22.1

# Internal IPv6 subnet in fc00::/7
IPV6_NETWORK=fd4d:6169:6c63:6f77::/64

# Use this IP for outgoing connections (SNAT)' >> mailcow.conf
#SNAT_TO_SOURCE=" >> mailcow.conf

# Disable IPv6
# mailcow-network will still be created as IPv6 enabled, all containers will be created
# without IPv6 support.
# Use 1 for disabled, 0 for enabled
SYSCTL_IPV6_DISABLED=0

# Create or override API key for web UI
#API_KEY=
# Must be set for API_KEY to be active
#API_ALLOW_FROM=
# Use this IPv6 for outgoing connections (SNAT)
#SNAT6_TO_SOURCE=

I still see all ufw rules there. It is inactive but still messes with the policies. We cannot support this. Uninstall ufw and set the IPv6 RA settings with sysctl, please.

It is not an issue with mailcow itself.

Thanks for the quick reply @andryyy.
I now removed ufw completely, rebooted 2 times (now all ufw rules are gone) and the issue is still the same.

updated my upper post, with all "new" rules now.

Also executed set system sysctl custom net.ipv6.conf.eth0.accept_ra value 2 and sysctl net.ipv6.conf.eth0.accept_ra=2 before mailcow startup and after mailcow startup.

I suggest you start over with a clean OS and Docker.

Don't know what's happening here. Plus I doubt net.ipv6.conf.eth0.accept_ra=2 is set at the moment, right?

The only IPv6 related problem in Docker (not mailcow) I know of is with accept_ra. I cannot help you troubleshoot the network. :-( Perhaps @mkuron has time + an idea what's happening here.

~I just fixed it, omg.~
~added SNAT6_TO_SOURCE=2a01:4f8:1c0c:40a6::1 to mailcow.conf~

~Argh... That was one of those issues that were so obvious but so hard to find.~

~@andryyy please close this now 🤣🗡~

~However curl -6v ip6.mailcow.email does still not work with mailcow turned on.~
~But acme issued the new certificates...~

https://github.com/mailcow/mailcow-dockerized/issues/1737#issuecomment-419397526 fixed it for me!

You should check your IPv6 setup on this host. You don't need an explicit SNAT rule. Not iptables, but the whole network config.

It is hosted @ hetzner so I dont really have any control past that or what do you mean?

I am on Hetzner Cloud too. (But using Ubuntu instead of debian)
The IPv6 config does not use RA but a static address and default route to fe80::1 added via netplan.
So the RA sysctl will do nothing..

That's interesting. Hetzner Cloud I guess?
But I have too little experience with networks to find a workaround for this.
Maybe @andryyy or @mkuron has?

It will do for the new interfaces Docker creates...

Don't know what exactly a Hetzner cloud is, but is the MTU 1500 fine? I remember OpenStack having some issues...

Hetzner Cloud is just a vServer.
https://www.hetzner.de/cloud
@ruffy91 can you give andryyy an answer on this one?

My friend is running Mailcow on a Hetzner cloud server as well and he fixed his 'no Ipv6 after mailcow boot' with https://github.com/mailcow/mailcow-dockerized/issues/1737#issuecomment-417956676 actually.
Meanwhile for me I start the ipv6nat container before every other container and wait until its running and start the rest after it

I will spin up a cloud soonish and check the linked comment myself

So I spun it up and after editing /etc/network/interfaces.d/50-cloud-init.cfg (no virtual interface for ipv6) I can ping6 google.com without problems after starting all container together.

(Just replace eth0:0 with eth0 in the ipv6 section)

(Just replace eth0:0 with eth0 in the ipv6 section)

You are my hero @MAGICCC

So once again, for all Hetzner Cloud users: Just edit /etc/network/interfaces.d/50-cloud-init.cfg and replace eth0:0 with eth0.

- auto eth0:0
- iface eth0:0 inet6 static
+ auto eth0
+ iface eth0 inet6 static

Thank you so, so much @MAGICCC that just fixed it for me!

@andryyy this can be finally closed!

Sure no problem!

Hello I am facing the exact same issue.
But since I am on Ubuntu 18.04 i cannot apply the changes made to the ifupdown config because it got replaced by netplan.
Thanks in advance

For the ones who're using netplan, use the following:

/etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      accept-ra: true
      #etc

Got it finally working on latest Ubuntu on Hetzner:
```yaml

/etc/netplan/50-cloud-init.yml

Ensure that other netplan config yml files in /etc/netplan/ don't interfere with this configuration

network:
version: 2
renderer: networkd
ethernets:
ens3: # (Primary interface)
addresses:
- .../32 # (IPv4 address)
- ...::1/64 # (IPv6 address with ::1)
routes:
- to: 0.0.0.0/0
via: 172.31.1.1
on-link: true
gateway6: fe80::1
accept-ra: true
nameservers: # (Hetzner DNS servers)
- 213.133.98.98
- 213.133.99.99
- 213.133.100.100
- 2a01:4f8:0:1::add:1010
- 2a01:4f8:0:1::add:9999
- 2a01:4f8:0:1::add:9898

````