Hello

I was noticed by my ISP which told me that my mail server is sending spam mails. After further investigation I saw the problem at the logs.

My question is how it could have happened and how I can fix it.

What I can tell is that I have disabled the usage of iptables by Docker to test something with my IDS and I forgot to activate it again. Now I activated it again, but I still get mail logs, but at least I get the IP correctly logged.

Please see my log:

mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51373
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51372 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25226]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23848]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25231]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[26877]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[518]: D356A1CEA83: to=<REDACTED>, relay=dpworld-com.mail.protection.outlook.com[104.47.1.36]:25, delay=182786, delays=182555/230/0.81/0.51, dsn=4.7.500, status=deferred (host dpworld-com.mail.protection.outlook.com[104.47.1.36] said: 451 4.7.500 Server busy. Please try again later from [89.58.28.90]. (S77719) [VE1EUR01FT055.eop-EUR01.prod.protection.outlook.com 2023-07-24T12:36:53.730Z 08DB8BF9D8C80D96] (in reply to end of DATA command))
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: B85841CEFF1: from=<it@mail.libertyrising.de>, size=858063, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51374 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25226]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[463]: 7E2871C84CE: to=<REDACTED>, relay=internity-pl.mail.protection.outlook.com[104.47.17.74]:25, delay=192025, delays=191800/224/0.6/0.26, dsn=4.7.500, status=deferred (host internity-pl.mail.protection.outlook.com[104.47.17.74] said: 451 4.7.500 Server busy. Please try again later from [89.58.28.90]. (S77719) [DB8EUR05FT012.eop-eur05.prod.protection.outlook.com 2023-07-24T12:36:53.728Z 08DB8BC357C36BCC] (in reply to end of DATA command))
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 521471C91B2: from=<it@mail.libertyrising.de>, size=858003, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25151]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: AE2031D0745: from=<it@mail.libertyrising.de>, size=858022, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23420]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51375 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25219]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[26877]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24995]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24017]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23848]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 0CDD91CC1AA: from=<it@mail.libertyrising.de>, size=858050, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25222]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: B49261D2CFB: from=<it@mail.libertyrising.de>, size=858034, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51376 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24995]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: E52F31D05E0: from=<it@mail.libertyrising.de>, size=858009, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23420]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 862731C81D9: from=<it@mail.libertyrising.de>, size=857973, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51376
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25231]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 4D6971D31EB: from=<it@mail.libertyrising.de>, size=857973, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51377 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: D8A011C8876: from=<it@mail.libertyrising.de>, size=858057, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25219]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51377
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25222]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25234]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51378 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25151]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 8BC9D1D201F: from=<it@mail.libertyrising.de>, size=858006, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25226]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25231]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23848]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25222]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25219]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51378
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23854]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: F2DB51CB975: from=<it@mail.libertyrising.de>, size=858009, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51379 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23726]: warning: Unable to look up MX host for robimyopinie.eu: Host not found, try again
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23726]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 531701DA017: from=<it@mail.libertyrising.de>, size=858057, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25234]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51379
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25226]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 82CF11C971C: from=<it@mail.libertyrising.de>, size=858019, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24995]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[463]: Trusted TLS connection established to hkspedition-de0e.mail.protection.outlook.com[104.47.7.138]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[26877]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23726]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23726]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24995]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: D0A791C99BE: from=<it@mail.libertyrising.de>, size=858022, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[26877]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25234]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23854]: warning: TLS SNI from unknown[ASSUMED_INTRUDER_IP] is invalid: 89.58.28.90
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24017]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: F25F91D91D0: from=<it@mail.libertyrising.de>, size=858057, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 4CBC91CBA1D: from=<it@mail.libertyrising.de>, size=858092, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[25231]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[23420]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[531]: Trusted TLS connection established to interaduaneira-com-br.mail.protection.outlook.com[104.47.58.110]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 04DD71C6774: from=<it@mail.libertyrising.de>, size=858019, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtpd[24017]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 7CA131C8B16: from=<it@mail.libertyrising.de>, size=858022, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51380 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[500]: 1C3451D492E: host allfred-eu.mail.protection.outlook.com[104.47.11.202] said: 451 4.7.500 Server busy. Please try again later from [89.58.28.90]. (S77719) [AM0EUR02FT052.eop-EUR02.prod.protection.outlook.com 2023-07-24T12:36:53.978Z 08DB8BC57CF71EAE] (in reply to end of DATA command)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/smtp[570]: Trusted TLS connection established to sggw-edu-pl.mail.eo.outlook.com[104.47.51.202]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:53 1bfd159614a5 postfix/qmgr[377]: 0A54A1D1F53: from=<it@mail.libertyrising.de>, size=858047, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 whitelist_forwardinghosts: Look up ASSUMED_INTRUDER_IP on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/postscreen[382]: PASS OLD [ASSUMED_INTRUDER_IP]:51380
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[28309]: connect from unknown[ASSUMED_INTRUDER_IP]
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/qmgr[377]: D03D11DE239: from=<it@mail.libertyrising.de>, size=858047, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[25219]: warning: Unable to look up MX host mail.ncplus.pl for Recipient address REDACTED: No address associated with hostname
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[25219]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/qmgr[377]: 0540A1DBBDB: from=<it@mail.libertyrising.de>, size=857996, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[25219]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/postscreen[382]: CONNECT from [ASSUMED_INTRUDER_IP]:51381 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[23420]: disconnect from unknown[ASSUMED_INTRUDER_IP] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/qmgr[377]: 0CC511CBDD4: from=<it@mail.libertyrising.de>, size=858044, nrcpt=1 (queue active)
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[25222]: NOQUEUE: reject: RCPT from unknown[ASSUMED_INTRUDER_IP]: 554 5.7.1 <REDACTED>: Relay access denied; from=<it@mail.libertyrising.de> to=<REDACTED> proto=ESMTP helo=<mail.libertyrising.de>
mailcowdockerized-postfix-mailcow-1 | Jul 24 14:36:54 1bfd159614a5 postfix/smtpd[23854]: Anonymous TLS connection established from unknown[ASSUMED_INTRUDER_IP]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

  • The solution was to reinstall it. Maybe recreating the docker network would do the job.

How shall we know when we don’t see your config files? 😉
I would suggest you revert them back to the defaults (get them from github).

  • dco replied to this.

    Have something to say?

    Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

    esackbauer Sounds reasonable. Which config files do you need or how do I reset them?

      Because I don’t know what I have to look for, I start with pasting files I find in my folder.

      mailcow.conf

      # ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "admin"
# Default password is "moohoo"

MAILCOW_HOSTNAME=mail.libertyrising.de

# Password hash algorithm
# Only certain password hash algorithm are supported. For a fully list of supported schemes,
# see https://mailcow.github.io/mailcow-dockerized-docs/model-passwd/
MAILCOW_PASS_SCHEME=BLF-CRYPT

# ------------------------------
# SQL database configuration
# ------------------------------

DBNAME=####
DBUSER=####

# Please use long, random alphanumeric strings (A-Za-z0-9)

DBPASS=####
DBROOT=####

# ------------------------------
# HTTP/S Bindings
# ------------------------------

# You should use HTTPS, but in case of SSL offloaded reverse proxies:
# Might be important: This will also change the binding within the container.
# If you use a proxy within Docker, point it to the ports you set below.
# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
# IMPORTANT: Do not use port 8081, 9081 or 65510!
# Example: HTTP_BIND=1.2.3.4
# For IPv4 and IPv6 leave it empty: HTTP_BIND= & HTTPS_PORT=
# For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ip_bindings/

HTTP_PORT=4000
HTTP_BIND=

HTTPS_PORT=4001
HTTPS_BIND=

# ------------------------------
# Other bindings
# ------------------------------
# You should leave that alone
# Format: 11.22.33.44:25 or 12.34.56.78:465 etc.

SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587
IMAP_PORT=143
IMAPS_PORT=993
POP_PORT=110
POPS_PORT=995
SIEVE_PORT=4190
DOVEADM_PORT=127.0.0.1:19991
SQL_PORT=127.0.0.1:13306
SOLR_PORT=127.0.0.1:18983
REDIS_PORT=127.0.0.1:7654

# Your timezone
# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
# Use the row named 'TZ database name' + pay attention for 'Notes' row

TZ=Europe/Berlin

# Fixed project name
# Please use lowercase letters only

COMPOSE_PROJECT_NAME=mailcowdockerized

# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
# When enabled, ACL can be created, that apply to "All authenticated users"
# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
# Otherwise a user might share data with too many other users.
ACL_ANYONE=disallow

# Garbage collector cleanup
# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
# How long should objects remain in the garbage until they are being deleted? (value in minutes)
# Check interval is hourly

MAILDIR_GC_TIME=7200

# Additional SAN for the certificate
#
# You can use wildcard records to create specific names for every domain you add to mailcow.
# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
#ADDITIONAL_SAN=imap.*,smtp.*
# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net"
# plus every domain you add in the future.
#
# You can also just add static names...
#ADDITIONAL_SAN=srv1.example.net
# ...or combine wildcard and static names:
#ADDITIONAL_SAN=imap.*,srv1.example.com
#

ADDITIONAL_SAN=

# Additional server names for mailcow UI
#
# Specify alternative addresses for the mailcow UI to respond to
# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
# You can understand this as server_name directive in Nginx.
# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f

ADDITIONAL_SERVER_NAMES=

# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n

ONLY_MAILCOW_HOSTNAME=y

SKIP_LETS_ENCRYPT=n

# Create seperate certificates for all domains - y/n
# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
# see https://wiki.dovecot.org/SSL/SNIClientSupport
ENABLE_SSL_SNI=n

# Skip IPv4 check in ACME container - y/n

SKIP_IP_CHECK=n

# Skip HTTP verification in ACME container - y/n

SKIP_HTTP_VERIFICATION=n

# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n

SKIP_CLAMD=n

# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n

SKIP_SOGO=n

# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.

SKIP_SOLR=n

# Solr heap size in MB, there is no recommendation, please see Solr docs.
# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.

SOLR_HEAP=1024

# Allow admins to log into SOGo as email user (without any password)

ALLOW_ADMIN_EMAIL_LOGIN=n

# Enable watchdog (watchdog-mailcow) to restart unhealthy containers

USE_WATCHDOG=y

# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
# CAUTION:
# 1. You should use external recipients
# 2. Mails are sent unsigned (no DKIM)
# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
# Multiple rcpts allowed, NO quotation marks, NO spaces

#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
#WATCHDOG_NOTIFY_EMAIL=

# Notify about banned IP (includes whois lookup)
WATCHDOG_NOTIFY_BAN=n

# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
#WATCHDOG_SUBJECT=

# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
# https://www.servercow.de/mailcow?lang=en
# https://www.servercow.de/mailcow?lang=de
# No data is collected. Opt-in and anonymous.
# Will only work with unmodified mailcow setups.
WATCHDOG_EXTERNAL_CHECKS=n

# Enable watchdog verbose logging
WATCHDOG_VERBOSE=n

# Max log lines per service to keep in Redis logs

LOG_LINES=9999

# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

IPV4_NETWORK=172.22.1

# Internal IPv6 subnet in fc00::/7
# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses

IPV6_NETWORK=fd4d:6169:6c63:6f77::/64

# Use this IPv4 for outgoing connections (SNAT)

#SNAT_TO_SOURCE=

# Use this IPv6 for outgoing connections (SNAT)

#SNAT6_TO_SOURCE=

# Create or override an API key for the web UI
# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
# An API key defined as API_KEY has read-write access
# An API key defined as API_KEY_READ_ONLY has read-only access
# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
# You can define API_KEY and/or API_KEY_READ_ONLY

#API_KEY=
#API_KEY_READ_ONLY=
#API_ALLOW_FROM=172.22.1.1,127.0.0.1

# mail_home is ~/Maildir
MAILDIR_SUB=Maildir

# SOGo session timeout in minutes
SOGO_EXPIRE_SESSION=480

# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
# Empty by default to auto-generate master user and password on start.
# User expands to DOVECOT_MASTER_USER@mailcow.local
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_USER=
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_PASS=

# Let's Encrypt registration contact information
# Optional: Leave empty for none
# This value is only used on first order!
# Setting it at a later point will require the following steps:
# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
ACME_CONTACT=

# WebAuthn device manufacturer verification
# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
WEBAUTHN_ONLY_TRUSTED_VENDORS=n

# Used Docker Compose version
# Switch here between native (compose plugin) and standalone
# For more informations take a look at the mailcow docs regarding the configuration options.
# Normally this should be untouched but if you decided to use either of those you can switch it manually here.
# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail.

DOCKER_COMPOSE_VERSION=native

      docker-compose.yml

      version: '2.1'
services:
    unbound-mailcow:
      image: mailcow/unbound:1.17
      environment:
        - TZ=${TZ}
      volumes:
        - ./data/hooks/unbound:/hooks:Z
        - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
      restart: always
      tty: true
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
          aliases:
            - unbound

    mysql-mailcow:
      image: mariadb:10.5
      depends_on:
        - unbound-mailcow
      stop_grace_period: 45s
      volumes:
        - mysql-vol-1:/var/lib/mysql/
        - mysql-socket-vol-1:/var/run/mysqld/
        - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
      environment:
        - TZ=${TZ}
        - MYSQL_ROOT_PASSWORD=${DBROOT}
        - MYSQL_DATABASE=${DBNAME}
        - MYSQL_USER=${DBUSER}
        - MYSQL_PASSWORD=${DBPASS}
        - MYSQL_INITDB_SKIP_TZINFO=1
      restart: always
      ports:
        - "${SQL_PORT:-127.0.0.1:13306}:3306"
      networks:
        mailcow-network:
          aliases:
            - mysql

    redis-mailcow:
      image: redis:7-alpine
      volumes:
        - redis-vol-1:/data/
      restart: always
      ports:
        - "${REDIS_PORT:-127.0.0.1:7654}:6379"
      environment:
        - TZ=${TZ}
      sysctls:
        - net.core.somaxconn=4096
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
          aliases:
            - redis

    clamd-mailcow:
      image: mailcow/clamd:1.61
      restart: always
      depends_on:
        - unbound-mailcow
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - TZ=${TZ}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
      volumes:
        - ./data/conf/clamav/:/etc/clamav/:Z
        - clamd-db-vol-1:/var/lib/clamav
      networks:
        mailcow-network:
          aliases:
            - clamd

    rspamd-mailcow:
      image: mailcow/rspamd:1.92
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
      environment:
        - TZ=${TZ}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      volumes:
        - ./data/hooks/rspamd:/hooks:Z
        - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
        - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
        - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
        - ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
        - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
        - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
        - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
        - rspamd-vol-1:/var/lib/rspamd
      restart: always
      hostname: rspamd
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      networks:
        mailcow-network:
          aliases:
            - rspamd

    php-fpm-mailcow:
      image: mailcow/phpfpm:1.84
      command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
      depends_on:
        - redis-mailcow
      volumes:
        - ./data/hooks/phpfpm:/hooks:Z
        - ./data/web:/web:z
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
        - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
        - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
        - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
        - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
        - ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
        - ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
        - ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
        - ./data/assets/templates:/tpls:z
        - ./data/conf/nginx/:/etc/nginx/conf.d/:z
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - IMAP_PORT=${IMAP_PORT:-143}
        - IMAPS_PORT=${IMAPS_PORT:-993}
        - POP_PORT=${POP_PORT:-110}
        - POPS_PORT=${POPS_PORT:-995}
        - SIEVE_PORT=${SIEVE_PORT:-4190}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
        - SMTPS_PORT=${SMTPS_PORT:-465}
        - SMTP_PORT=${SMTP_PORT:-25}
        - API_KEY=${API_KEY:-invalid}
        - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
        - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - SKIP_SOLR=${SKIP_SOLR:-y}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MASTER=${MASTER:-y}
        - DEV_MODE=${DEV_MODE:-n}
        - DEMO_MODE=${DEMO_MODE:-n}
        - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
      restart: always
      networks:
        mailcow-network:
          aliases:
            - phpfpm

    sogo-mailcow:
      image: mailcow/sogo:1.117
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - TZ=${TZ}
        - LOG_LINES=${LOG_LINES:-9999}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - MASTER=${MASTER:-y}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      volumes:
        - ./data/hooks/sogo:/hooks:Z
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
        - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
        - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
        - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
        - mysql-socket-vol-1:/var/run/mysqld/
        - sogo-web-vol-1:/sogo_web
        - sogo-userdata-backup-vol-1:/sogo_backup
      labels:
        ofelia.enabled: "true"
        ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
        ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
        ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
        ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
        ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
        ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
        ofelia.job-exec.sogo_backup.schedule: "@every 24h"
        ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
      restart: always
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
          aliases:
            - sogo

    dovecot-mailcow:
      image: mailcow/dovecot:1.24
      depends_on:
        - mysql-mailcow
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      cap_add:
        - NET_BIND_SERVICE
      volumes:
        - ./data/hooks/dovecot:/hooks:Z
        - ./data/conf/dovecot:/etc/dovecot:z
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
        - ./data/conf/sogo/:/etc/sogo/:z
        - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
        - vmail-vol-1:/var/vmail
        - vmail-index-vol-1:/var/vmail_index
        - crypt-vol-1:/mail_crypt/
        - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
        - ./data/assets/templates:/templates:z
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
      environment:
        - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
        - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
        - LOG_LINES=${LOG_LINES:-9999}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - TZ=${TZ}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
        - SKIP_SOLR=${SKIP_SOLR:-y}
        - MAILDIR_SUB=${MAILDIR_SUB:-}
        - MASTER=${MASTER:-y}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
      ports:
        - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
        - "${IMAP_PORT:-143}:143"
        - "${IMAPS_PORT:-993}:993"
        - "${POP_PORT:-110}:110"
        - "${POPS_PORT:-995}:995"
        - "${SIEVE_PORT:-4190}:4190"
      restart: always
      tty: true
      labels:
        ofelia.enabled: "true"
        ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
        ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
        ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
        ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
        ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
        ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
        ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
        ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
        ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
        ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
        ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
        ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
        ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
        ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
        ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
        ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
        ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
      ulimits:
        nproc: 65535
        nofile:
          soft: 20000
          hard: 40000
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
          aliases:
            - dovecot

    postfix-mailcow:
      image: mailcow/postfix:1.68
      depends_on:
        - mysql-mailcow
      volumes:
        - ./data/hooks/postfix:/hooks:Z
        - ./data/conf/postfix:/opt/postfix/conf:z
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
        - postfix-vol-1:/var/spool/postfix
        - crypt-vol-1:/var/lib/zeyple
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
      environment:
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      cap_add:
        - NET_BIND_SERVICE
      ports:
        - "${SMTP_PORT:-25}:25"
        - "${SMTPS_PORT:-465}:465"
        - "${SUBMISSION_PORT:-587}:587"
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
          aliases:
            - postfix

    memcached-mailcow:
      image: memcached:alpine
      restart: always
      environment:
        - TZ=${TZ}
      networks:
        mailcow-network:
          aliases:
            - memcached

    nginx-mailcow:
      depends_on:
        - sogo-mailcow
        - php-fpm-mailcow
        - redis-mailcow
      image: nginx:mainline-alpine
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
        envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
        envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
        . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
        . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
        . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
        nginx -qt &&
        until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
        until ping sogo -c1 > /dev/null; do sleep 1; done &&
        until ping redis -c1 > /dev/null; do sleep 1; done &&
        until ping rspamd -c1 > /dev/null; do sleep 1; done &&
        exec nginx -g 'daemon off;'"
      environment:
        - HTTPS_PORT=${HTTPS_PORT:-443}
        - HTTP_PORT=${HTTP_PORT:-80}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - TZ=${TZ}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
      volumes:
        - ./data/web:/web:ro,z
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
        - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
        - ./data/conf/nginx/:/etc/nginx/conf.d/:z
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
      ports:
        - "${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        - "${HTTP_PORT:-80}:${HTTP_PORT:-80}"
      restart: always
      networks:
        mailcow-network:
          aliases:
            - nginx

    acme-mailcow:
      depends_on:
        - nginx-mailcow
      image: mailcow/acme:1.84
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - LOG_LINES=${LOG_LINES:-9999}
        - ACME_CONTACT=${ACME_CONTACT:-}
        - ADDITIONAL_SAN=${ADDITIONAL_SAN}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - DIRECTORY_URL=${DIRECTORY_URL:-}
        - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
        - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
        - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
        - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
        - LE_STAGING=${LE_STAGING:-n}
        - TZ=${TZ}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
        - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
      volumes:
        - ./data/web/.well-known/acme-challenge:/var/www/acme:z
        - ./data/assets/ssl:/var/lib/acme/:z
        - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
        - mysql-socket-vol-1:/var/run/mysqld/
      restart: always
      networks:
        mailcow-network:
          aliases:
            - acme

    netfilter-mailcow:
      image: mailcow/netfilter:1.52
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
        - postfix-mailcow
        - sogo-mailcow
        - php-fpm-mailcow
        - redis-mailcow
      restart: always
      privileged: true
      environment:
        - TZ=${TZ}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
        - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      network_mode: "host"
      volumes:
        - /lib/modules:/lib/modules:ro

    watchdog-mailcow:
      image: mailcow/watchdog:1.97
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      tmpfs:
        - /tmp
      volumes:
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
        - postfix-vol-1:/var/spool/postfix
        - ./data/assets/ssl:/etc/ssl/mail/:ro,z
      restart: always
      environment:
        - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        - LOG_LINES=${LOG_LINES:-9999}
        - TZ=${TZ}
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
        - DBPASS=${DBPASS}
        - DBROOT=${DBROOT}
        - USE_WATCHDOG=${USE_WATCHDOG:-n}
        - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
        - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
        - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
        - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
        - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
        - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
        - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
        - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - HTTPS_PORT=${HTTPS_PORT:-443}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
        - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
        - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
        - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
        - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
        - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
        - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
        - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
        - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
        - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
        - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
        - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
        - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
        - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
        - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
        - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
        - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
        - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
        - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
        - MAILQ_CRIT=${MAILQ_CRIT:-30}
      networks:
        mailcow-network:
          aliases:
            - watchdog

    dockerapi-mailcow:
      image: mailcow/dockerapi:2.04
      security_opt:
        - label=disable
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      environment:
        - DBROOT=${DBROOT}
        - TZ=${TZ}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
        - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
      networks:
        mailcow-network:
          aliases:
            - dockerapi

    solr-mailcow:
      image: mailcow/solr:1.8.1
      restart: always
      volumes:
        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
      ports:
        - "${SOLR_PORT:-127.0.0.1:18983}:8983"
      environment:
        - TZ=${TZ}
        - SOLR_HEAP=${SOLR_HEAP:-1024}
        - SKIP_SOLR=${SKIP_SOLR:-y}
      networks:
        mailcow-network:
          aliases:
            - solr

    olefy-mailcow:
      image: mailcow/olefy:1.11
      restart: always
      environment:
        - TZ=${TZ}
        - OLEFY_BINDADDRESS=0.0.0.0
        - OLEFY_BINDPORT=10055
        - OLEFY_TMPDIR=/tmp
        - OLEFY_PYTHON_PATH=/usr/bin/python3
        - OLEFY_OLEVBA_PATH=/usr/bin/olevba
        - OLEFY_LOGLVL=20
        - OLEFY_MINLENGTH=500
        - OLEFY_DEL_TMP=1
      networks:
        mailcow-network:
          aliases:
            - olefy

    ofelia-mailcow:
      image: mcuadros/ofelia:latest
      restart: always
      command: daemon --docker
      environment:
        - TZ=${TZ}
      depends_on:
        - sogo-mailcow
        - dovecot-mailcow
      labels:
        ofelia.enabled: "true"
      security_opt:
        - label=disable
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
      networks:
        mailcow-network:
          aliases:
            - ofelia

    ipv6nat-mailcow:
      depends_on:
        - unbound-mailcow
        - mysql-mailcow
        - redis-mailcow
        - clamd-mailcow
        - rspamd-mailcow
        - php-fpm-mailcow
        - sogo-mailcow
        - dovecot-mailcow
        - postfix-mailcow
        - memcached-mailcow
        - nginx-mailcow
        - acme-mailcow
        - netfilter-mailcow
        - watchdog-mailcow
        - dockerapi-mailcow
        - solr-mailcow
      environment:
        - TZ=${TZ}
      image: robbertkl/ipv6nat
      security_opt:
        - label=disable
      restart: always
      privileged: true
      network_mode: "host"
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - /lib/modules:/lib/modules:ro

networks:
  mailcow-network:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-mailcow
    enable_ipv6: false
    ipam:
      driver: default
      config:
        - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
        - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

volumes:
  vmail-vol-1:
  vmail-index-vol-1:
  mysql-vol-1:
  mysql-socket-vol-1:
  redis-vol-1:
  rspamd-vol-1:
  solr-vol-1:
  postfix-vol-1:
  crypt-vol-1:
  sogo-web-vol-1:
  sogo-userdata-backup-vol-1:
  clamd-db-vol-1:

      Is that helpful or do I have to pick something else?

      Seriously, if you don’t know what to look for, you should not run a mail server…
      You posted postfix logs, why don’t you post the postfix config files?

      In the link about troubleshooting it says:
      “Read the documentation of the troubled service”
      Here is the documentation of the troubled service:
      https://docs.mailcow.email/manual-guides/Postfix/u_e-postfix-trust_networks/

      docs.mailcow.email
      https://docs.mailcow.email/manual-guides/Postfix/u_e-postfix-trust_networks/
      No preview could be generated for this link

        With vague questions come vague responses. Normally I don’t touch the config files of the containers because then unexpected things start to happen and I thought that the config at the root folder does the job.

        main.cf

        # --------------------------------------------------------------------------
# Please create a file "extra.cf" for persistent overrides to main.cf
# --------------------------------------------------------------------------
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
smtpd_tls_key_file = /etc/ssl/mail/key.pem
tls_server_sni_maps = hash:/opt/postfix/conf/sni.map
smtpd_tls_received_header = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks,
  permit_sasl_authenticated,
  defer_unauth_destination
# alias maps are auto-generated in postfix.sh on startup
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks_style = subnet
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
maximal_backoff_time = 1800s
maximal_queue_lifetime = 5d
delay_warning_time = 4h
message_size_limit = 104857600
milter_default_action = tempfail
milter_protocol = 6
minimal_backoff_time = 300s
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks,
  cidr:/opt/postfix/conf/custom_postscreen_whitelist.cidr,
  cidr:/opt/postfix/conf/postscreen_access.cidr,
  tcp:127.0.0.1:10027
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
  hostkarma.junkemailfilter.com=127.0.0.1*-2
  list.dnswl.org=127.0.[0..255].0*-2
  list.dnswl.org=127.0.[0..255].1*-4
  list.dnswl.org=127.0.[0..255].2*-6
  list.dnswl.org=127.0.[0..255].3*-8
  ix.dnsbl.manitu.net*2
  bl.spamcop.net*2
  bl.suomispam.net*2
  hostkarma.junkemailfilter.com=127.0.0.2*3
  hostkarma.junkemailfilter.com=127.0.0.4*2
  hostkarma.junkemailfilter.com=127.0.1.2*1
  backscatter.spameatingmonkey.net*2
  bl.ipv6.spameatingmonkey.net*2
  bl.spameatingmonkey.net*2
  b.barracudacentral.org=127.0.0.2*7
  bl.mailspike.net=127.0.0.2*5
  bl.mailspike.net=127.0.0.[10;11;12]*4
  dnsbl.sorbs.net=127.0.0.10*8
  dnsbl.sorbs.net=127.0.0.5*6
  dnsbl.sorbs.net=127.0.0.7*3
  dnsbl.sorbs.net=127.0.0.8*2
  dnsbl.sorbs.net=127.0.0.6*2
  dnsbl.sorbs.net=127.0.0.9*2
  zen.spamhaus.org=127.0.0.[10;11]*8
  zen.spamhaus.org=127.0.0.[4..7]*6
  zen.spamhaus.org=127.0.0.3*4
  zen.spamhaus.org=127.0.0.2*3
postscreen_dnsbl_threshold = 6
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  $sender_dependent_default_transport_maps,
  $smtp_tls_policy_maps,
  $local_recipient_maps,
  $mydestination,
  $virtual_alias_maps,
  $virtual_alias_domains,
  $virtual_mailbox_maps,
  $virtual_mailbox_domains,
  $relay_recipient_maps,
  $relay_domains,
  $canonical_maps,
  $sender_canonical_maps,
  $sender_bcc_maps,
  $recipient_bcc_maps,
  $recipient_canonical_maps,
  $relocated_maps,
  $transport_maps,
  $mynetworks,
  $smtpd_sender_login_maps,
  $smtp_sasl_password_maps
queue_run_delay = 300s
relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
smtp_tls_key_file = /etc/ssl/mail/key.pem
smtp_tls_loglevel = 1
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
  permit_sasl_authenticated,
  permit_mynetworks,
  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  reject_invalid_helo_hostname,
  reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = inet:dovecot:10001
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unlisted_sender,
  reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
smtpd_tls_loglevel = 1

# Mandatory protocols and ciphers are used when a connections is enforced to use TLS
# Does _not_ apply to enforced incoming TLS settings per mailbox
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = high

smtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3

smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_resource_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
# -- moved to rspamd on 2021-06-01
#recipient_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
#sender_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
recipient_canonical_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
recipient_canonical_classes = envelope_recipient
virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:inet:dovecot:24
virtual_uid_maps = static:5000
smtpd_milters = inet:rspamd:9900
non_smtpd_milters = inet:rspamd:9900
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = localhost.localdomain, localhost
smtp_address_preference = any
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = plain, login
smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
mail_name = Postcow
# local_transport map catches local destinations and prevents routing local dests when the next map would route "*"
# Use custom_transport.pcre for custom transports
transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
  pcre:/opt/postfix/conf/local_transport,
  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
smtp_sasl_auth_soft_bounce = no
postscreen_discard_ehlo_keywords = silent-discard, dsn
compatibility_level = 2
smtputf8_enable = no
# Define protocols for SMTPS and submission service
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients

# DO NOT EDIT ANYTHING BELOW #
# User overrides #

myhostname = mail.libertyrising.de
smtp_address_preference = ipv4
inet_protocols = ipv4

        With mailcow you don’t touch the config files in the containers anyway.
        You use the config files in /opt/mailcow_dockerized/data/conf
        More important (as per my link) is the extra.cf file in the subfolder postfix. Or the custom_postscreen_whitelist.cidr file.

        • dco replied to this.

          esackbauer That is my thought and in addition I didn’t touch data/ because I found everything in the web UI.

          extra.cf has only three lines and are exactly the same as in main.cf. I assume that it is the same due to the initial config.

          myhostname = mail.libertyrising.de
smtp_address_preference = ipv4
inet_protocols = ipv4

          custom_postscreen_whitelist.cidr has no real entries

          # Autogenerated by mailcow
# Rules are evaluated in the order as specified.
# Blacklist 192.168.* except 192.168.0.1.
# 192.168.0.1          permit
# 192.168.0.0/16       reject

          I assume that it is a IPv6 or IPv4 NAT misconfiguration because I get connections over the gateway and those get access while I failed sending an mail over telnet simulating the attack.

          postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/postscreen[485]: CONNECT from [172.22.1.1]:34880 to [172.22.1.253]:25
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/postscreen[485]: WHITELISTED [172.22.1.1]:34880
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtpd[488]: connect from unknown[172.22.1.1]
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[475]: warning: host mail.libertyrising.de[89.58.28.90]:25 greeted me with my own hostname mail.libertyrising.de
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[475]: warning: host mail.libertyrising.de[89.58.28.90]:25 replied to HELO/EHLO with my own hostname mail.libertyrising.de

          I checked out mailcow/mailcow-dockerized3598, but I landed at a dead end because I turned off ipv6nat which is reported when I check for docker logs.

          At this point I could monitor incomming connections for port 25 or 143 to figure out the source and which protocol (v4/v6) they use and then move on.

          Do you see something special in the logs which I missed?

          PS: I tried netstat -anc | grep :143 and I can’t even see my own connection whereas SSH is shown. I really think the network is the culprit.

            esackbauer

            Hi. my data/conf/postfix/extra.cf contains only a myhostname value.
            Where else should I look at?

            main.cf has the following contents:

            # --------------------------------------------------------------------------
# Please create a file "extra.cf" for persistent overrides to main.cf
# --------------------------------------------------------------------------
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
smtpd_tls_key_file = /etc/ssl/mail/key.pem
tls_server_sni_maps = hash:/opt/postfix/conf/sni.map
smtpd_tls_received_header = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks,
  permit_sasl_authenticated,
  defer_unauth_destination
# alias maps are auto-generated in postfix.sh on startup
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks_style = subnet
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
maximal_backoff_time = 1800s
maximal_queue_lifetime = 5d
delay_warning_time = 4h
message_size_limit = 104857600
milter_default_action = tempfail
milter_protocol = 6
minimal_backoff_time = 300s
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks,
  cidr:/opt/postfix/conf/custom_postscreen_whitelist.cidr,
  cidr:/opt/postfix/conf/postscreen_access.cidr,
  tcp:127.0.0.1:10027
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
  hostkarma.junkemailfilter.com=127.0.0.1*-2
  list.dnswl.org=127.0.[0..255].0*-2
  list.dnswl.org=127.0.[0..255].1*-4
  list.dnswl.org=127.0.[0..255].2*-6
  list.dnswl.org=127.0.[0..255].3*-8
  ix.dnsbl.manitu.net*2
  bl.spamcop.net*2
  bl.suomispam.net*2
  hostkarma.junkemailfilter.com=127.0.0.2*3
  hostkarma.junkemailfilter.com=127.0.0.4*2
  hostkarma.junkemailfilter.com=127.0.1.2*1
  backscatter.spameatingmonkey.net*2
  bl.ipv6.spameatingmonkey.net*2
  bl.spameatingmonkey.net*2
  b.barracudacentral.org=127.0.0.2*7
  bl.mailspike.net=127.0.0.2*5
  bl.mailspike.net=127.0.0.[10;11;12]*4
  dnsbl.sorbs.net=127.0.0.10*8
  dnsbl.sorbs.net=127.0.0.5*6
  dnsbl.sorbs.net=127.0.0.7*3
  dnsbl.sorbs.net=127.0.0.8*2
  dnsbl.sorbs.net=127.0.0.6*2
  dnsbl.sorbs.net=127.0.0.9*2
  zen.spamhaus.org=127.0.0.[10;11]*8
  zen.spamhaus.org=127.0.0.[4..7]*6
  zen.spamhaus.org=127.0.0.3*4
  zen.spamhaus.org=127.0.0.2*3
postscreen_dnsbl_threshold = 6
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  $sender_dependent_default_transport_maps,
  $smtp_tls_policy_maps,
  $local_recipient_maps,
  $mydestination,
  $virtual_alias_maps,
  $virtual_alias_domains,
  $virtual_mailbox_maps,
  $virtual_mailbox_domains,
  $relay_recipient_maps,
  $relay_domains,
  $canonical_maps,
  $sender_canonical_maps,
  $sender_bcc_maps,
  $recipient_bcc_maps,
  $recipient_canonical_maps,
  $relocated_maps,
  $transport_maps,
  $mynetworks,
  $smtpd_sender_login_maps,
  $smtp_sasl_password_maps
queue_run_delay = 300s
relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_dependent_default_transport_maps.cf
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
smtp_tls_key_file = /etc/ssl/mail/key.pem
smtp_tls_loglevel = 1
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
  permit_sasl_authenticated,
  permit_mynetworks,
  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  reject_invalid_helo_hostname,
  reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = inet:dovecot:10001
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unlisted_sender,
  reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA
smtpd_tls_loglevel = 1

# Mandatory protocols and ciphers are used when a connections is enforced to use TLS
# Does _not_ apply to enforced incoming TLS settings per mailbox
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = high

smtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3

smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_resource_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
# -- moved to rspamd on 2021-06-01
#recipient_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
#sender_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
recipient_canonical_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
recipient_canonical_classes = envelope_recipient
virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:inet:dovecot:24
virtual_uid_maps = static:5000
smtpd_milters = inet:rspamd:9900
non_smtpd_milters = inet:rspamd:9900
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = localhost.localdomain, localhost
smtp_address_preference = any
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_sender_dependent.cf
smtp_sasl_security_options =
smtp_sasl_mechanism_filter = plain, login
smtp_tls_policy_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_policy_override_maps.cf
smtp_header_checks = pcre:/opt/postfix/conf/anonymize_headers.pcre
mail_name = [REDUCTED]
# local_transport map catches local destinations and prevents routing local dests when the next map would route "*"
# Use custom_transport.pcre for custom transports
transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
  pcre:/opt/postfix/conf/local_transport,
  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
smtp_sasl_auth_soft_bounce = no
postscreen_discard_ehlo_keywords = silent-discard, dsn
compatibility_level = 2
smtputf8_enable = no
# Define protocols for SMTPS and submission service
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients

# DO NOT EDIT ANYTHING BELOW #
# User overrides #

myhostname = mail.[REDUCTED]

              I would also think that its because of NAT. I guess somehow mailcow thinks the IP address which is used for sending spam is one of the internal ones or its own external address. The log excerpt shows that the external IP address is used. I guess you should investigate the logs of the firewall as well at the time a spam email is sent.

              • dco replied to this.

                esackbauer I turned on the use of Docker’s iptables feature again and the problem remains, but the log message changed.

                postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/postscreen[485]: CONNECT from [172.22.1.1]:34880 to [172.22.1.253]:25
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/postscreen[485]: WHITELISTED [172.22.1.1]:34880
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtpd[488]: connect from unknown[172.22.1.1]
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[475]: warning: host mail.libertyrising.de[89.58.28.90]:25 greeted me with my own hostname mail.libertyrising.de
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[475]: warning: host mail.libertyrising.de[89.58.28.90]:25 replied to HELO/EHLO with my own hostname mail.libertyrising.de
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[475]: B0A381CF381: to=<it@mail.libertyrising.de>, relay=mail.libertyrising.de[89.58.28.90]:25, delay=15503, delays=15329/174/0.01/0, dsn=5.4.6, status=bounced (mail for mail.libertyrising.de loops back to myself)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtpd[488]: disconnect from unknown[172.22.1.1] ehlo=1 quit=1 commands=2
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/qmgr[376]: D11821CCE1D: from=<it@mail.libertyrising.de>, size=858044, nrcpt=1 (queue active)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/qmgr[376]: DB6CC1C7DCC: from=<it@mail.libertyrising.de>, size=858003, nrcpt=1 (queue active)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[413]: Trusted TLS connection established to mta7.am0.yahoodns.net[98.136.96.74]:25: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[406]: Trusted TLS connection established to mimiro-no.mail.protection.outlook.com[52.101.68.5]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/qmgr[376]: DDCB21D23EB: from=<it@mail.libertyrising.de>, size=858003, nrcpt=1 (queue active)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/qmgr[376]: D3F721D98D6: from=<it@mail.libertyrising.de>, size=858044, nrcpt=1 (queue active)
postfix-mailcow_1    | Jul 24 18:51:41 a6d1c520de9e postfix/smtp[409]: 2A0C71D7222: to=<REDACTED>, relay=mooooo.mail.protection.outlook.com[104.47.58.138]:25, delay=182554, delays=182380/170/3.4/0.99, dsn=4.7.500, status=deferred (host moooo.mail.protection.outlook.com[104.47.58.138] said: 451 4.7.500 Server busy. Please try again later from [89.58.28.90]. (S77719) [BN8NAM11FT110.eop-nam11.prod.protection.outlook.com 2023-07-24T16:51:41.289Z 08DB8BEB9AA652FD] (in reply to end of DATA command))

                I would understand if connections between containers happen, but I assume 172.22.1.1 is the gateway and the connection came from outside.

                Later I will post the responsible iptables list if I can’t figure it out what is going on or if possible I flush the table and force Docker to remake them.

                  The solution was to reinstall it. Maybe recreating the docker network would do the job.

                  No one is typing