my setup is now.
host. geust kvm debain 11. In this geust i installed docker. and docker (mailcow)
i dont understand why it is not working out of the box…
Ckruijntjens i dont understand why it is not working out of the box… 😅
On debian 10 it began switching: https://wiki.debian.org/iptables#Current_status
I had problems with that mixture on debian 10 too. For me it works for removing all to do with iptable like I wrote. On the link above you can also see how it should look like in standard with: “Chain INPUT” And again you might want to find a good guide to setup your firewall.
KillVirus its because docker.io is uninstalled.
when i reinstall docker.io iptables is installed by default.
something else is going on or wrong however i can not find it. maybe i will install a empty vm i reinstall all to se if it works.
verry strange…………
@KillVirus
what debian version are you using?
KillVirus when i dont run anythin else on this machine i do not have to create a manual firewall rules correct?
KillVirus when you remove all iptables packages. how did you reinstall docker then?
because it will uninstall docker on my system?
please look for a “how to set up nftable firewall on debian”.. Or read my link above for learning in 10min 😉
I did the firewall things before installing docker. So I can’t help. But when you read the debian link above you see, that iptable is on deb11 some kind of layer and nftable is still working as backend. So removing might not the right way for you. Try to stop docker and flush rules and configure as a plain new firewall. Keep care not to lock out when playing 😉
KillVirus even when i install a new vm
and install nftables and then install docker docker is installing iptables………..
duplicated with: https://community.mailcow.email/d/1326-autobanning-of-ip-address-via-netfilter
Ckruijntjens
i yust installed a vm debian 11. installed nftables i installed docker and mailcow basic install. created a test user and checked if the user is getting blocker. same issue…… so on a bare metal installation it is not working.
maybe the team of mailcow has to look in to this?
@pkernstock
Could you test if the ip is actually banned? Because in my setup netfilter shows me in mailcow ui that the IP is blocked.
But with the same op I can open webmail etc etc.
Are the blocked ips actualy blocked in you setup? (So the ip can not connect to webmail etc)?
Sorry. I only find time helping out in my free-time, as I’m not working for mailcow.
But to answer your question: Yes, seems to work. (that’s not a manual ban)
pkernstock
Hi,
Still have a question. how is your setup? is your mailcow server connected directly ot the internet with its own ip adres?
or….?
ok.
and you configured your firewall manualy? or yust how it comes out of the box?
It’s just a plain, boring Ubuntu 20.04 installation with mailcow installed. Nothing extraordinary.
pkernstock maybe there is a differnce with debian 12 and ubuntu?
i really dont understand it. i just installed a vm(lxd) ubuntu system. even this one is not banning……………..
lxd? You mean LXC?
Are you performing the failing logins from a different subnet?
Well docker is inside a other range then mailcow.
See picture. Is this a problem?
