Ok, so you can try to solve why did bounced,

or double check you did all necessary steps to disable ipv6 in mailcow stack, i found the docs little bit confusing,.. docs.mailcow.email Icon Disable IPv6 - mailcow: dockerized documentation

docs.mailcow.email Icon docs.mailcow.email
Disable IPv6 - mailcow: dockerized documentation
None
docs.mailcow.email

If this does not work you can try to disable ipv6 on your hosts it self: This come from my memory double check it on internet and against for your disto,…
sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

than restart

    ETNyx I am using ipv6 for other things in my server, seems like enabling ipv6 by reverting the changes fixed the issues!

      I’m noticing the same behavior. Random sender addresses on my domain sending to random @qq.com addresses from 172.22.1.1. I just disabled IPv6 on my host and will monitor if it stops. This is a pretty huge security issue. Mailcow should assume IPv6 is enabled on the host and authenticate traffic from the network stack or block it all together instead of just allowing open relay.

      I had the same problem. Disabling IPv6 on ports 25, 587 and 465 at the incoming firewall did the trick. I assume, that the postfix-container needs additional configuration. He maps all ports 587 to tcp:587, the IPv6-Ports also. Afterwards he ist listening at that port on :::587, although extra.cf has defined inet_protocols = ipv4.

        chris65 I went and also blocked IPv6 on my hosting configuration’s firewall rules.

          Perhaps you can block it for the three ports only. Then you still can use IPv6 for other purposes on your server . . . I did not find a paramter to make postfix block ipv6-port

          Yep thats possible. The real issue is why postfix is allowing unauthenticated relaying on IPv6. It should be treated as IPv4 requiring authentication or policy to allow it.

          If you guy’s suspecting that postfix acting as an Open-Relay on ipv6, i highly recommend file a Bugreport with all the evidence.
          At least on my end i can’t reproduce.

           telnet 2...................::1 25
Trying 2...................::1
Connected to 2...................::1
Escape character is '^]'.
220 mydomain.xyz ESMTP Postcow
ehlo vlah.com
250-mydomain.xyz
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: nlah.com
250 2.1.0 Ok
rcpt to: something.xyz
554 5.7.1 <something.xyz>: **Relay access denied**

            piperino recommend file a Bugreport with all the evidence.

            That was already discussed here:
            mailcow/mailcow-dockerized5242

            Seems its not a mailcow problem, but a docker problem with userland proxy and/or unsupported OS running mailcow on.

                May be a docker problem. Fact is, that some chinese people can relay with our server on rocky linux, when firewall is open and they can’t, when firewall ports 25, 465 an 587 are closed. The postfix-container seems to route it to local 587, which is open as trusted. All steps to work without ipv6 are done as instructed in the manual. Where should we post it? Also, postfix is configured via extra.cf to use ipv4-protocol only.

                  chris65 Where should we post it?

                  Open an issue on github referencing the one above.

                    i am not familiar with readable postings, so could you please do it for me in better words? Thank you!

                    esackbauer Looks like this is correct. I still have IPv6 disabled on my OS and firewall level and since it is unnecessary for my purposes and will leave it that way. IPv6 continues to be the center of more problems than a solution to them in my experience thus far.

                      No one is typing