Mailcow-dockerized: Fresh Install - Debian Buster

Created on 3 Mar 2020  路  14Comments  路  Source: mailcow/mailcow-dockerized

After install mailcow, does not start dovecot:

root@server:/opt/mailcow-dockerized# docker-compose logs --tail=200 | grep dovecot
Attaching to mailcowdockerized_ipv6nat-mailcow_1, mailcowdockerized_rspamd-mailcow_1, mailcowdockerized_netfilter-mailcow_1, mailcowdockerized_acme-mailcow_1, mailcowdockerized_dovecot-mailcow_1, mailcowdockerized_postfix-mailcow_1, mailcowdockerized_nginx-mailcow_1, mailcowdockerized_mysql-mailcow_1, mailcowdockerized_php-fpm-mailcow_1, mailcowdockerized_olefy-mailcow_1, mailcowdockerized_memcached-mailcow_1, mailcowdockerized_unbound-mailcow_1, mailcowdockerized_watchdog-mailcow_1, mailcowdockerized_dockerapi-mailcow_1, mailcowdockerized_clamd-mailcow_1, mailcowdockerized_solr-mailcow_1, mailcowdockerized_sogo-mailcow_1, mailcowdockerized_redis-mailcow_1
dovecot-mailcow_1    | Uptime: 1  Threads: 8  Questions: 4  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 12  Queries per second avg: 4.000
dovecot-mailcow_1    | Adding user `vmail' to group `tty' ...
dovecot-mailcow_1    | Adding user vmail to group tty
dovecot-mailcow_1    | Done.
**dovecot-mailcow_1    | doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory**
dovecot-mailcow_1    |   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
dovecot-mailcow_1    |                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:20 --:--:--     0
dovecot-mailcow_1    | Warning: Transient problem: timeout Will retry in 1 seconds. 10 retries left.
  0     0    0     0    0     0      0      0 --:--:--  0:00:20 --:--:--     0
dovecot-mailcow_1    | Warning: Transient problem: timeout Will retry in 2 seconds. 9 retries left.
  0     0    0     0    0     0      0      0 --:--:--  0:00:16 --:--:--     0
dovecot-mailcow_1    | Warning: Transient problem: timeout Will retry in 4 seconds. 8 retries left.
solr-mailcow_1       | 2020-03-03 17:12:59.339 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Cores are: [dovecot-fts]
solr-mailcow_1       | 2020-03-03 17:12:59.457 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.c.SolrResourceLoader [dovecot-fts] Added 58 libs to classloader, from paths: [/opt/solr/contrib/clustering/lib, /opt/solr/contrib/extraction/lib, /opt/solr/contrib/langid/lib, /opt/solr/contrib/velocity/lib, /opt/solr/dist]
solr-mailcow_1       | 2020-03-03 17:12:59.587 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.c.SolrConfig Using Lucene MatchVersion: 7.7.0
solr-mailcow_1       | 2020-03-03 17:12:59.806 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.s.IndexSchema [dovecot-fts] Schema name=dovecot-fts
solr-mailcow_1       | 2020-03-03 17:12:59.951 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.s.IndexSchema Loaded schema dovecot-fts/2.0 with uniqueid field id
solr-mailcow_1       | 2020-03-03 17:12:59.961 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.c.CoreContainer Creating SolrCore 'dovecot-fts' using configuration from instancedir /opt/solr/server/solr/dovecot-fts, trusted=true
solr-mailcow_1       | 2020-03-03 17:12:59.996 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.m.r.SolrJmxReporter JMX monitoring for 'solr.core.dovecot-fts' (registry 'solr.core.dovecot-fts') enabled at server: com.sun.jmx.mbeanserver.JmxMBeanServer@42b3b079
solr-mailcow_1       | 2020-03-03 17:13:00.010 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.c.SolrCore [[dovecot-fts] ] Opening new SolrCore at [/opt/solr/server/solr/dovecot-fts], dataDir=[/opt/solr/server/solr/dovecot-fts/data/]
solr-mailcow_1       | 2020-03-03 17:13:00.447 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.u.UpdateHandler Using UpdateLog implementation: org.apache.solr.update.UpdateLog
solr-mailcow_1       | 2020-03-03 17:13:00.448 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.u.UpdateLog Initializing UpdateLog: dataDir= defaultSyncLevel=FLUSH numRecordsToKeep=100 maxNumLogsToKeep=10 numVersionBuckets=65536
solr-mailcow_1       | 2020-03-03 17:13:00.476 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.u.CommitTracker Hard AutoCommit: if uncommitted for 15000ms;
solr-mailcow_1       | 2020-03-03 17:13:00.476 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.u.CommitTracker Soft AutoCommit: disabled
solr-mailcow_1       | 2020-03-03 17:13:00.607 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.s.SolrIndexSearcher Opening [Searcher@74124e55[dovecot-fts] main]
solr-mailcow_1       | 2020-03-03 17:13:00.624 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.r.ManagedResourceStorage File-based storage initialized to use dir: /opt/solr/server/solr/dovecot-fts/conf
solr-mailcow_1       | 2020-03-03 17:13:00.655 INFO  (coreLoadExecutor-9-thread-1) [   x:dovecot-fts] o.a.s.h.ReplicationHandler Commits will be reserved for 10000ms.
solr-mailcow_1       | 2020-03-03 17:13:00.672 INFO  (searcherExecutor-10-thread-1-processing-x:dovecot-fts) [   x:dovecot-fts] o.a.s.c.SolrCore [dovecot-fts] Registered new searcher Searcher@74124e55[dovecot-fts] main{ExitableDirectoryReader(UninvertingDirectoryReader(Uninverting(_0(7.7.2):C1:[diagnostics={java.runtime.version=11.0.6+10, java.vendor=Oracle Corporation, java.version=11.0.6, java.vm.version=11.0.6+10, lucene.version=7.7.2, os=Linux, os.arch=amd64, os.version=4.19.0-8-amd64, source=flush, timestamp=1583255109220}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_1(7.7.2):C1:[diagnostics={java.runtime.version=11.0.6+10, java.vendor=Oracle Corporation, java.version=11.0.6, java.vm.version=11.0.6+10, lucene.version=7.7.2, os=Linux, os.arch=amd64, os.version=4.19.0-8-amd64, source=flush, timestamp=1583255113667}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}]) Uninverting(_2(7.7.2):C1:[diagnostics={java.runtime.version=11.0.6+10, java.vendor=Oracle Corporation, java.version=11.0.6, java.vm.version=11.0.6+10, lucene.version=7.7.2, os=Linux, os.arch=amd64, os.version=4.19.0-8-amd64, source=flush, timestamp=1583255113792}]:[attributes={Lucene50StoredFieldsFormat.mode=BEST_SPEED}])))}

I try:
docker exec -it mailcowdockerized_dovecot-mailcow_1 /bin/bash
and in docker: /etc/init.d/dovecot restart
its helps and dovecot works.
Any help?
Thanks

invalid support
Source
picture ajtak-angelus

Most helpful comment

you took the wrong door.
This is NOT a support site.
i hardly doubt that you found a bug or an issue, honestly.

picture Adorfer on 3 Mar 2020
👍2

All 14 comments

Please follow the template and provide all infos given in the template

MAGICCC picture MAGICCC on 3 Mar 2020

you took the wrong door.
This is NOT a support site.
i hardly doubt that you found a bug or an issue, honestly.

Adorfer picture Adorfer on 3 Mar 2020
👍2

I tried to reproduce and failed. This does not seem like a bug. If you think it is, please use the bug report template. :) Thanks.

andryyy picture andryyy on 5 Mar 2020

I have the same issue so i am raising it again. With the latest commit on a fresh install i get the same issue on ubuntu disco. dovecot does not seem to have the config in the right place where it is trying to find it
/var/run/dovecot/dovecot.conf

Tominator89 picture Tominator89 on 8 Mar 2020

I cannot replicate it and you are missing any useful logs or system info.

The doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) error is when we run doveconf before starting mailcow to generate GUID. It is not important.

Edit: Kernel, Docker version, docker-compose version etc.

andryyy picture andryyy on 8 Mar 2020

docker-compose version 1.25.4, build 8d51620a
Docker version 19.03.3, build a872fc2f86
Ubuntu 19.04

applied commit e290d6d869d4877ce2aeddba77d212504eea9fb6 (HEAD -> master, origin/master, origin/HEAD)
Author: andryyy andre.peters@debinux.de
Date: Sun Mar 8 12:25:03 2020 +0100
[Rspamd] Fix neural.lua

i had a working environment and upgraded. which failed. then i deleted the whole stack removed all images, container, volumes, and directory structure of mailcow. i also recreated the mailcow.config

this is my output with previous deleted volumes after startup

https://privatebin.rt-klaut.de/?d2090686075cb4a0#Uz7G530esiLsPyTyRIbSgJnfTRFYrHNmambfZO5fs2U=

Tominator89 picture Tominator89 on 8 Mar 2020

The dovecot container will fail until "versions" exists and restart. The compose file comes with restart: always flag.

It is a comment in the entrypoint script:

# GUID generation
# Will fail and restart until versions exists (ok)

Why did you cut the logs when this happened? It restarts, tries to insert to mailcow.versions and - if the tables exists - does not restart anymore.

andryyy picture andryyy on 8 Mar 2020

Here again with more information

https://privatebin.rt-klaut.de/?eb8fa0e348d53952#+2dfF0LWhlS5Fv+9X0kSeDOirr6C5zQs94ZkChaO4n8=

Tominator89 picture Tominator89 on 8 Mar 2020

None of your containers can connect to remote servers. That's why the issue template asks for iptables output. :) You are probably running a firewall in front of your mailcow or even on your mailcow host. You can join the Telegram channel and ask for help with that.

andryyy picture andryyy on 8 Mar 2020
👍1

I hope this helps to find the root cause of the problem

ip6tables -L -vn

Chain INPUT (policy ACCEPT 236 packets, 14866 bytes)
pkts bytes target prot opt in out source destination
289 17882 MAILCOW all * * ::/0 ::/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7737 684K DOCKER-USER all * * ::/0 ::/0
7982 704K MAILCOW all * * ::/0 ::/0
45377 3972K DOCKER-ISOLATION-STAGE-1 all * * ::/0 ::/0
45377 3972K DOCKER all * br-mailcow ::/0 ::/0
11389 1552K ACCEPT all * br-mailcow ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all br-mailcow !br-mailcow ::/0 ::/0
33958 2417K ACCEPT all br-mailcow br-mailcow ::/0 ::/0

Chain OUTPUT (policy ACCEPT 458 packets, 48338 bytes)
pkts bytes target prot opt in out source destination

Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:19443
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::f tcp dpt:1980
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:25
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:465
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::d tcp dpt:587
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:993
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:995
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:110
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:143
0 0 ACCEPT tcp !br-mailcow br-mailcow ::/0 fd4d:6169:6c63:6f77::e tcp dpt:4190

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all br-mailcow !br-mailcow ::/0 ::/0
7737 684K RETURN all * * ::/0 ::/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * br-mailcow ::/0 ::/0
0 0 RETURN all * * ::/0 ::/0

Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
45332 3969K RETURN all * * ::/0 ::/0

Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination

ip6tables -L -vn -t nat

Chain PREROUTING (policy ACCEPT 711 packets, 55729 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 2 packets, 98 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all * * ::/0 !::1 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 411 packets, 32875 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all * br-mailcow ::/0 ::/0 ADDRTYPE match dst-type LOCAL
0 0 MASQUERADE all * !br-mailcow fd4d:6169:6c63:6f77::/64 ::/0
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:19443
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:1980
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:143
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::c fd4d:6169:6c63:6f77::c tcp dpt:19443
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::c fd4d:6169:6c63:6f77::c tcp dpt:1980
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:993
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:995
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:110
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:143
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:4190
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:110
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:143
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:4190
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:993
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:995
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:110
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:143
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:4190
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:993
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::10 fd4d:6169:6c63:6f77::10 tcp dpt:995
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:4190
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:993
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:995
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:110
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:25
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:465
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:587
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:25
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:465
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::e fd4d:6169:6c63:6f77::e tcp dpt:587
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:19443
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::f fd4d:6169:6c63:6f77::f tcp dpt:1980
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:25
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:465
0 0 MASQUERADE tcp * * fd4d:6169:6c63:6f77::d fd4d:6169:6c63:6f77::d tcp dpt:587

Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all br-mailcow * ::/0 ::/0
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:19443 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:1980 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:25 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:465 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:587 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:993 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:995 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:110 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:143 DNAT [unsupported revision]
0 0 DNAT tcp !br-mailcow * ::/0 ::/0 tcp dpt:4190 DNAT [unsupported revision]

iptables -L -vn -t nat

Chain PREROUTING (policy ACCEPT 1630 packets, 108K bytes)
pkts bytes target prot opt in out source destination
979 46300 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 129 packets, 8239 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 334 packets, 23552 bytes)
pkts bytes target prot opt in out source destination
1 60 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 1943 packets, 124K bytes)
pkts bytes target prot opt in out source destination
345 19336 MASQUERADE all -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0
16 1056 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
373 23008 MASQUERADE all -- * !br-842a7ddf2aa0 172.25.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !docker_gwbridge 172.18.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:8181
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:8080
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:4443
0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:9000
0 0 MASQUERADE tcp -- * * 172.25.0.9 172.25.0.9 tcp dpt:8443
0 0 MASQUERADE tcp -- * * 172.25.0.9 172.25.0.9 tcp dpt:8080
0 0 MASQUERADE tcp -- * * 172.22.1.4 172.22.1.4 tcp dpt:8983
0 0 MASQUERADE tcp -- * * 172.22.1.11 172.22.1.11 tcp dpt:19443
0 0 MASQUERADE tcp -- * * 172.22.1.11 172.22.1.11 tcp dpt:1980
0 0 MASQUERADE tcp -- * * 172.22.1.9 172.22.1.9 tcp dpt:3306
0 0 MASQUERADE tcp -- * * 172.22.1.10 172.22.1.10 tcp dpt:587
0 0 MASQUERADE tcp -- * * 172.22.1.10 172.22.1.10 tcp dpt:465
0 0 MASQUERADE tcp -- * * 172.22.1.10 172.22.1.10 tcp dpt:25
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:12345
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:4190
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:995
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:993
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:143
0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:110

Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- br-mailcow * 0.0.0.0/0 0.0.0.0/0
273 16380 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-842a7ddf2aa0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker_gwbridge * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8181 to:172.17.0.2:8181
301 12416 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:8080
303 12204 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.2:4443
9 468 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9000 to:172.17.0.3:9000
0 0 DNAT tcp -- !br-842a7ddf2aa0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:35443 to:172.25.0.9:8443
0 0 DNAT tcp -- !br-842a7ddf2aa0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3580 to:172.25.0.9:8080
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.22.1.4:8983
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:19443 to:172.22.1.11:19443
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1980 to:172.22.1.11:1980
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.9:3306
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.10:587
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.10:465
1 60 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.10:25
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995
48 2496 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143
0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110

iptables -L -vn

Chain INPUT (policy ACCEPT 9503 packets, 26M bytes)
pkts bytes target prot opt in out source destination
9588 26M MAILCOW all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12050 1978K MAILCOW all -- * * 0.0.0.0/0 0.0.0.0/0
12102 1984K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
7052 1459K ACCEPT all -- * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1285 88199 DOCKER all -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
395 26259 ACCEPT all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
1239 85799 ACCEPT all -- br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
1271 961K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
593 24268 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
4468 941K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
2288 2091K ACCEPT all -- * br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8 480 DOCKER all -- * br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0
3092 507K ACCEPT all -- br-842a7ddf2aa0 !br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0
8 480 ACCEPT all -- br-842a7ddf2aa0 br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker_gwbridge !docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker_gwbridge docker_gwbridge 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 7705 packets, 1420K bytes)
pkts bytes target prot opt in out source destination

Chain DOCKER (4 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:8181
290 11956 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:8080
294 11844 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:4443
9 468 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.3 tcp dpt:9000
0 0 ACCEPT tcp -- !br-842a7ddf2aa0 br-842a7ddf2aa0 0.0.0.0/0 172.25.0.9 tcp dpt:8443
0 0 ACCEPT tcp -- !br-842a7ddf2aa0 br-842a7ddf2aa0 0.0.0.0/0 172.25.0.9 tcp dpt:8080
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.4 tcp dpt:8983
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:19443
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.11 tcp dpt:1980
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.9 tcp dpt:3306
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:587
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:465
1 60 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:25
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
45 2340 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
0 0 ACCEPT tcp -- !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
395 26259 DOCKER-ISOLATION-STAGE-2 all -- br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
4468 941K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
1513 249K DOCKER-ISOLATION-STAGE-2 all -- br-842a7ddf2aa0 !br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker_gwbridge !docker_gwbridge 0.0.0.0/0 0.0.0.0/0
28333 7649K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * br-842a7ddf2aa0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0
6698 1235K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination

because i saw dns lookup problem i did this tests from my mailcow host

docker exec -it busybox nslookup google.com
Server: 192.168.xx.11
Address: 192.168.xx.11:53

Non-authoritative answer:
Name: google.com
Address: 2a00:1450:4001:809::200e

docker exec -it busybox cat /etc/resolv.conf
search intranet.rt-klaut.de
nameserver 192.168.xx.11
nameserver 192.168.xx.2

docker-compose exec dovecot-mailcow /bin/bash -c "nslookup google.com"
;; connection timed out; no servers could be reached

docker-compose exec dovecot-mailcow /bin/bash -c " cat /etc/resolv.conf"
search intranet.rt-klaut.de
nameserver 127.0.0.11
options ndots:0

Tominator89 picture Tominator89 on 8 Mar 2020

Unbound cannot resolve anything.

This is a local issue with your firewall or whatever is in front of your mailcow host.

The resolv.conf in the container is not important at all. Docker has a fancy DNS construct including NAT. Especially when we define DNS servers for a container. DNS is ALWAYS 127.0.0.11. Please don't change that.

It will work when you don't define a DNS server when running the container (see your busybox command, you cannot compare that). It will not route through a custom DNS recursor and just fall back to your hosts DNS. It is different.

It seems to fail when it uses its NAT involving the unbound recursor. It (== the DNS query) may also work on your host, but that's all absolutely different networking.

All three methods (local, in Docker without an extra defined DNS and in Docker with a custom DNS) are different regarding networking. If one works, it does not at all indicate every other method will work, too.

So I'm sorry, that's not a bug in mailcow but a bug with whatever blocks these requests to reach the outside world.

Dovecot fails, because initializing scripts fail. That's why you noticed this error after all.

I recommend you run some tracing and debugging in your network. :)

Andr茅

You can try to get help in the Telegram channel for this.

andryyy picture andryyy on 8 Mar 2020
👍1

the interesting thing is that unbound itself can resolv names but the rest of the containers not. i have now reinstalled the host which failed with the same error. so currently i have only name resolution not working inside mailcow containers (except unbound). my host, other containers etc work fine. Before the update it was working with my network setup so it is hard to believe that this is something related to the host or the network itself. it seems more like a mailcow related problem but i have not that deep knowledge in docker.

docker-compose exec unbound-mailcow /bin/bash -c "nslookup google.com"
nslookup: can't resolve '(null)': Name does not resolve

Name: google.com
Address 1: 172.217.18.110 zrh04s05-in-f110.1e100.net
Address 2: 2a00:1450:4001:809::200e fra16s42-in-x0e.1e100.net

Tominator89 picture Tominator89 on 8 Mar 2020

i fixed it. it was a missing firewall port for dns at my WAN firewall. but what i am not understanding is why the containers dont use my dns servers i have configured in /etc/docker/deamon.json then the dns port would not be needed, then only my dns server would need direct internet access. i think this is releated to the 3 different dns setups you are talking about. maybe you can give me an idea how to force the mailcow containers to use my own dns server for public dns queries

Tominator89 picture Tominator89 on 8 Mar 2020

Thank you for clarification.

Just to conclude:

I have the same issue so i am raising it again.

you did not have any issue, but a self-inflicted problem.
I really recommend to read throuth the issue-template. and follow it.

from what i see here:

  • a non fresh install on a system (despite the claim)
  • with an additional firewall-setup in place
    (what happended: this stopped the mailcow's DNS resolver (the unbound container) from working.)

to be clear: additional firewall setups are out of scope for this project (and normally as well out of community support).
The general design is "dedicated host/vm with public IP, no additional firewalling, no other services and/or docker containers on the same system".
You may do so but then you are on your own with debugging.

The issue tracker is for issues with the project itself, not for modified installations.

Adorfer picture Adorfer on 9 Mar 2020
👎2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lgleim picture lgleim  路  3Comments
RogerSik picture RogerSik  路  3Comments
CrAazZyMaN21 picture CrAazZyMaN21  路  3Comments
Braintelligence picture Braintelligence  路  3Comments
starcraft0429 picture starcraft0429  路  3Comments