Unbound container startet nicht

j0chn

Hallo Zusammen,
ich habe schon einige Stunden und Beiträge gelesen, aber entweder helfen sie nicht, oder ich bin zu doof, jedenfalls startet mein Unbound Container nicht und deswegen wird der gesamte Stack nicht aufgebaut.
Mein Setup:
Debian Server (Bookworm) mit Kernel 6.1.0-37.
Docker ist 28.3.1. (die GIT Installation)
Docker Compose ist 1.29.2
Portainer 2.27.9
Meine compose yaml

services:
  unbound:
    image: ghcr.io/mailcow/unbound:1.24
    environment:
      - TZ=${TZ}
      - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
      - DO_IPV6=no
      - PREFER_IP6=no
    volumes:
      - /mnt/extern/mailcow/unbound:/hooks:Z
      - /mnt/extern/mailcow/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
    restart: always
    tty: true
    networks:
      mailcow:
        ipv4_address: ${IPV4_NETWORK:-172.33.1}.254
        aliases:
          - unbound
          
  mysql:
    image: mariadb:10.11
    depends_on:
      - unbound
      - netfilter
    stop_grace_period: 45s
    volumes:
      - /mnt/extern/mailcow/mysql:/var/lib/mysql/
      - mysql-socket:/var/run/mysqld/
      - /mnt/extern/mailcow/mysql/conf.d:/etc/mysql/conf.d/:ro,Z
    environment:
      - TZ=${TZ}
      - MYSQL_ROOT_PASSWORD=${DBROOT}
      - MYSQL_DATABASE=${DBNAME}
      - MYSQL_USER=${DBUSER}
      - MYSQL_PASSWORD=${DBPASS}
      - MYSQL_INITDB_SKIP_TZINFO=1
    restart: always
    ports:
      - ${SQL_PORT:-127.0.0.1:13306}:3306
    networks:
      mailcow:
        aliases:
          - mysql
          
  redis:
    image: redis:7.4.2-alpine
    entrypoint:
      - /bin/sh
      - /redis-conf.sh
    volumes:
      - /mnt/extern/mailcow/redis/:/data/
      - /mnt/extern/mailcow/redis/redis-conf.sh:/redis-conf.sh:z
    restart: always
    depends_on:
      - netfilter
    ports:
      - ${REDIS_PORT:-127.0.0.1:7654}:6379
    environment:
      - TZ=${TZ}
      - REDISPASS=${REDISPASS}
      - REDISMASTERPASS=${REDISMASTERPASS:-}
    sysctls:
      - net.core.somaxconn=4096
    networks:
      mailcow:
        ipv4_address: ${IPV4_NETWORK:-172.33.1}.249
        aliases:
          - redis
  clamd:
    image: ghcr.io/mailcow/clamd:1.70
    restart: always
    depends_on:
      unbound:
        condition: service_healthy
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    environment:
      - TZ=${TZ}
      - SKIP_CLAMD=${SKIP_CLAMD:-n}
    volumes:
      - /mnt/extern/mailcow/clamav/:/etc/clamav/:Z
      - clamav:/var/lib/clamav
    networks:
      mailcow:
        aliases:
          - clamd
          
  rspamd:
    image: ghcr.io/mailcow/rspamd:2.2
    stop_grace_period: 30s
    depends_on:
      - dovecot
      - clamd
    environment:
      - TZ=${TZ}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
     # - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
    volumes:
      - /mnt/extern/mailcow/rspamd/hooks/:/hooks:Z
      - /mnt/extern/mailcow/rspamd/custom/:/etc/rspamd/custom:z
      - /mnt/extern/mailcow/rspamd/override.d/:/etc/rspamd/override.d:Z
      - /mnt/extern/mailcow/rspamd/local.d/:/etc/rspamd/local.d:Z
      - /mnt/extern/mailcow/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
      - /mnt/extern/mailcow/rspamd/lua/:/etc/rspamd/lua/:ro,Z
      - /mnt/extern/mailcow/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
      - /mnt/extern/mailcow/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
      - rspamd:/var/lib/rspamd
    restart: always
    hostname: rspamd
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    networks:
      mailcow:
        aliases:
          - rspamd
          
  php-fpm:
    image: ghcr.io/mailcow/phpfpm:1.93
    command: php-fpm -d date.timezone=${TZ} -d expose_php=0
    depends_on:
      - redis
    volumes:
      - /mnt/extern/mailcow/rspamd/phpfpm/hooks:/hooks:Z
      - /mnt/extern/mailcow/web:/web:z
      - /mnt/extern/mailcow/rspamd/dynmaps:/dynmaps:ro,z
      - /mnt/extern/mailcow/rspamd/custom/:/rspamd_custom_maps:z
      - /mnt/extern/mailcow/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
      - /mnt/extern/mailcow/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
      - /mnt/extern/mailcow/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
      - /mnt/extern/mailcow/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
      - /mnt/extern/mailcow/web/inc/functions.mailbox.inc.php:/mailcowauth/functions.mailbox.inc.php:z
      - /mnt/extern/mailcow/web/inc/functions.ratelimit.inc.php:/mailcowauth/functions.ratelimit.inc.php:z
      - /mnt/extern/mailcow/web/inc/functions.acl.inc.php:/mailcowauth/functions.acl.inc.php:z
      - rspamd:/var/lib/rspamd
      - mysql-socket:/var/run/mysqld/
      - /mnt/extern/mailcow/sogo/conf:/etc/sogo/:z
      - /mnt/extern/mailcow/rspamd/meta_exporter:/meta_exporter:ro,z
      - /mnt/extern/mailcow/phpfpm/conf/phpfpm/crons:/crons:z
      - /mnt/extern/mailcow/phpfpm/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
      - /mnt/extern/mailcow/phpfpm/conf/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
      - /mnt/extern/mailcow/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
      - /mnt/extern/mailcow/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
      - /mnt/extern/mailcow/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
      - /mnt/extern/mailcow/dovecot/conf/global_sieve_before:/global_sieve/before:z
      - /mnt/extern/mailcow/dovecot/conf/global_sieve_after:/global_sieve/after:z
      - /mnt/extern/mailcow/templates:/tpls:z
      - /mnt/extern/mailcow/nginx/conf:/etc/nginx/conf.d/:z
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    environment:
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - LOG_LINES=${LOG_LINES:-9999}
      - TZ=${TZ}
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
      - IMAP_PORT=${IMAP_PORT:-143}
      - IMAPS_PORT=${IMAPS_PORT:-993}
      - POP_PORT=${POP_PORT:-110}
      - POPS_PORT=${POPS_PORT:-995}
      - SIEVE_PORT=${SIEVE_PORT:-4190}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
      - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
      - SMTPS_PORT=${SMTPS_PORT:-465}
      - SMTP_PORT=${SMTP_PORT:-25}
      - API_KEY=${API_KEY:-invalid}
      - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
      - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
      - SKIP_FTS=${SKIP_FTS:-y},
      - SKIP_CLAMD=${SKIP_CLAMD:-n}
      - SKIP_OLEFY=${SKIP_OLEFY:-n}
      - SKIP_SOGO=${SKIP_SOGO:-n}
      - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
      - MASTER=${MASTER:-y}
      - DEV_MODE=${DEV_MODE:-n}
      - DEMO_MODE=${DEMO_MODE:-n}
      - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
      - CLUSTERMODE=${CLUSTERMODE:-}
      - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
    restart: always
    labels:
      ofelia.enabled: "true"
      ofelia.job-exec.phpfpm_keycloak_sync.schedule: "@every 1m"
      ofelia.job-exec.phpfpm_keycloak_sync.no-overlap: "true"
      ofelia.job-exec.phpfpm_keycloak_sync.command: /bin/bash -c "php /crons/keycloak-sync.php || exit 0"
      ofelia.job-exec.phpfpm_ldap_sync.schedule: "@very 1m"
      ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true"
      ofelia.job-exec.phpfpm_ldap_sync.command: /bin/bash -c "php /crons/ldap-sync.php || exit 0"
    networks:
      mailcow:
        aliases:
          - phpfpm
          
  sogo:
    image: ghcr.io/mailcow/sogo:1.133
    environment:
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - TZ=${TZ}
      - LOG_LINES=${LOG_LINES:-9999}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
      - ACL_ANYONE=${ACL_ANYONE:-disallow}
      - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
      - SKIP_SOGO=${SKIP_SOGO:-n}
      - MASTER=${MASTER:-y}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
    dns:
      - ${IPV4_NETWORK:-172.33.1}.254
    volumes:
      - /mnt/extern/mailcow/sogo/hooks:/hooks:Z
      - /mnt/extern/mailcow/sogo/conf:/etc/sogo/:z
      - /mnt/extern/mailcow/web/inc/init_db.inc.php:/init_db.inc.php:z
      - /mnt/extern/mailcow/sogo/conf/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.igo:z
      - /mnt/extern/mailcow/sogo/conf/custom-shortlogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
      - /mnt/extern/mailcow/sogo/conf/custom-fulllogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sphp-full.svg:z
      - /mnt/extern/mailcow/sogo/conf/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/soho-logo.png:z
      - /mnt/extern/mailcow/sogo/conf/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
      - /mnt/extern/mailcow/sogo/conf/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
      - mysql-socket:/var/run/mysqld/
      - sogo-web:/sogo_web
      - sogo-userdata-backup:/sogo_backup
    labels:
      ofelia.enabled: "true"
      ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
      ofelia.job-exec.sogo_sessions.command: /bin/bash -c "[[ $${MASTER} == y ]] &&
        /usr/local/bin/gosu sogo /usr/sbin/sogo-tool -v expire-sessions
        $${SOGO_EXPIRE_SESSION} || exit 0"
      ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
      ofelia.job-exec.sogo_ealarms.command: /bin/bash -c "[[ $${MASTER} == y ]] &&
        usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p
        /etc/sogo/cron.creds || exit 0"
      ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
      ofelia.job-exec.sogo_eautoreply.command: /bin/bash -c "[[ $${MASTER} == y ]]
        /usr/ocal/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p
        /etc/sogo/cron.creds || exit 0"
      ofelia.job-exec.sogo_backup.schedule: "@every 24h"
      ofelia.job-exec.sogo_backup.command: /bin/bash -c "[[ $${MASTER} == y ]] &&
        /usr/ocal/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p
        /etc/sogo/cron.creds || exit 0"
    restart: always
    networks:
      mailcow:
        ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
        aliases:
          - sogo
          
  dovecot:
    image: ghcr.io/mailcow/dovecot:2.33
    depends_on:
      - mysql
      - netfilter
      - redis
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    cap_add:
      - NET_BIND_SERVICE
    volumes:
      - /mnt/extern/mailcow/dovecot/hooks:/hooks:Z
      - /mnt/extern/mailcowm/dovecot/conf:/etc/dovecot:z
      - /mnt/extern/mailcowassets/ssl:/etc/ssl/mail/:ro,z
      - /mnt/extern/mailcow/sogo/conf:/etc/sogo/:z
      - /mnt/extern/mailcow/phpfpm/conf/sogo-sso/:/etc/phpfpm/:z
      - vmail:/var/vmail
      - vmail-index:/var/vmail_index
      - crypt:/mail_crypt/
      - /mnt/extern/mailcow/rspamd/custom/:/etc/rspamd/custom:z
      - /mnt/extern/mailcow/assets/templates:/templates:z
      - rspamd:/var/lib/rspamd
      - mysql-socket:/var/run/mysqld/
    environment:
      - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
      - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
      - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
      - DOVEADM_REPLICA_PORT=${DOVEADM_REPLICA_PORT:-}
      - LOG_LINES=${LOG_LINES:-9999}
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - TZ=${TZ}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
      - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
      - ACL_ANYONE=${ACL_ANYONE:-disallow}
      - SKIP_FTS=${SKIP_FTS:-y}
      - FTS_HEAP=${FTS_HEAP:-512}
      - FTS_PROCS=${FTS_PROCS:-3}
      - MAILDIR_SUB=${MAILDIR_SUB:-}
      - MASTER=${MASTER:-y}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
    ports:
      - ${DOVEADM_PORT:-127.0.0.1:19991}:12345
      - ${IMAP_PORT:-143}:143
      - ${IMAPS_PORT:-993}:993
      - ${POP_PORT:-110}:110
      - ${POPS_PORT:-995}:995
      - ${SIEVE_PORT:-4190}:4190
    restart: always
    tty: true
    labels:
      ofelia.enabled: "true"
      ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
      ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
      ofelia.job-exec.dovecot_imapsync_runner.command: /bin/bash -c "[[ $${MASTER} ==
        y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl ||
        exit 0"
      ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
      ofelia.job-exec.dovecot_trim_logs.command: /bin/bash -c "[[ $${MASTER} == y ]]
        && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0"
      ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
      ofelia.job-exec.dovecot_quarantine.command: /bin/bash -c "[[ $${MASTER} == y ]]
        && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit
        0"
      ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
      ofelia.job-exec.dovecot_clean_q_aged.command: /bin/bash -c "[[ $${MASTER} == y
        ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit
        0"
      ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
      ofelia.job-exec.dovecot_maildir_gc.command: /bin/bash -c "source /source_env.sh
        ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh"
      ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
      ofelia.job-exec.dovecot_sarules.command: /bin/bash -c "/usr/local/bin/sa-rules.sh"
      ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
      ofelia.job-exec.dovecot_fts.command: /bin/bash -c "/usr/local/bin/gosu vmail /usr/local/bin/optimize-fts.sh"
      ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
      ofelia.job-exec.dovecot_repl_health.command: /bin/bash -c "/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh"
    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000
    networks:
      mailcow:
        ipv4_address: ${IPV4_NETWORK:-172.33.1}.250
        aliases:
          - dovecot
          
  postfix:
    image: ghcr.io/mailcow/postfix:1.80
    depends_on:
      mysql:
        condition: service_started
      unbound:
        condition: service_healthy
    volumes:
      - /mnt/extern/mailcow/postfix/hooks:/hooks:Z
      - /mnt/extern/mailcow/postfix/conf:/opt/postfix/conf:z
      - /mnt/extern/mailcow/assets/ssl:/etc/ssl/mail/:ro,z
      - postfix:/var/spool/postfix
      - crypt:/var/lib/zeyple
      - rspamd:/var/lib/rspamd
      - mysql-socket:/var/run/mysqld/
    environment:
      - LOG_LINES=${LOG_LINES:-9999}
      - TZ=${TZ}
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
    cap_add:
      - NET_BIND_SERVICE
    ports:
      - ${SMTP_PORT:-25}:25
      - ${SMTPS_PORT:-465}:465
      - ${SUBMISSION_PORT:-587}:587
    restart: always
    dns:
      - ${IPV4_NETWORK:-172.33.1}.254
    networks:
      mailcow:
        ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
        aliases:
          - postfix

  memcached:
    image: memcached:alpine
    restart: always
    environment:
      - TZ=${TZ}
    networks:
      mailcow:
        aliases:
          - memcached
          
  nginx:
    depends_on:
      - redis
      - php-fpm
      - sogo
      - rspamd
    image: ghcr.io/mailcow/nginx:1.03
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    environment:
      - HTTPS_PORT=${HTTPS_PORT:-443}
      - HTTP_PORT=${HTTP_PORT:-80}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
      - TZ=${TZ}
      - SKIP_SOGO=${SKIP_SOGO:-n}
      - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
      - DISABLE_IPv6=${DISABLE_IPv6:-n}
      - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
      - PHPFPMHOST=${PHPFPMHOST:-}
      - SOGOHOST=${SOGOHOST:-}
      - RSPAMDHOST=${RSPAMDHOST:-}
      - REDISHOST=${REDISHOST:-}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      - NGINX_USE_PROXY_PROTOCOL=${NGINX_USE_PROXY_PROTOCOL:-n}
      - TRUSTED_PROXIES=${TRUSTED_PROXIES:-}
    volumes:
      - /mnt/extern/mailcow/web:/web:ro,z
      - /mnt/extern/mailcow/rspamd/dynmaps:/dynmaps:ro,z
      - /mnt/extern/mailcow/assets/ssl/:/etc/ssl/mail/:ro,z
      - /mnt/extern/mailcow/nginx/conf:/etc/nginx/conf.d/:z
      - /mnt/extern/mailcow/rspamd/meta_exporter:/meta_exporter:ro,z
      - /mnt/extern/mailcow/dovecot/auth/mailcowauth.php:/mailcowauth/mailcowauth.php:z
      - /mnt/extern/mailcow/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
      - /mnt/extern/mailcow/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
      - /mnt/extern/mailcow/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
      - sogo-web:/usr/lib/GNUstep/SOGo/
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx-mailcow.entrypoints=web"
      - "traefik.http.routers.nginx-mailcow.rule=HostRegexp(`{host:(autodiscover|autoconfig|webmail|mail|email).+}`)"
      - "traefik.http.middlewares.nginx-mailcow-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.nginx-mailcow.middlewares=nginx-mailcow-https-redirect"
      - "traefik.http.routers.nginx-mailcow-secure.entrypoints=web-secure"
      - "traefik.http.routers.nginx-mailcow-secure.rule=Host(`mail.dyndns`)" # YOUR EMAIL SUBDMAIN
      - "traefik.http.routers.nginx-mailcow-secure.tls=true"
      - "traefik.http.routers.nginx-mailcow-secure.tls.certresolver=desec"
      - "traefik.http.routers.nginx-mailcow-secure.tls.domains[0].main=dynds"
      - "traefik.http.routers.nginx-mailcow-secure.tls.domains[0].sans=*.dyndns"
      - "traefik.http.routers.nginx-mailcow-secure.service=nginx-mailcow"
      - "traefik.http.services.nginx-mailcow.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
    networks:
      proxy:
      mailcow:
        aliases:
          - nginx
          
  acme:
    depends_on:
      nginx:
        condition: service_started
      unbound:
        condition: service_healthy
    image: ghcr.io/mailcow/acme:1.92
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    environment:
      - LOG_LINES=${LOG_LINES:-9999}
      - ACME_CONTACT=${ACME_CONTACT:-}
      - ADDITIONAL_SAN=${ADDITIONAL_SAN}
      - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
      - DIRECTORY_URL=${DIRECTORY_URL:-}
      - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
      - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
      - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
      - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
      - LE_STAGING=${LE_STAGING:-n}
      - TZ=${TZ}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
      - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
    volumes:
      - /mnt/extern/mailcow/web/.well-known/acme-challenge:/var/www/acme:z
      - /mnt/extern/mailcow/assets/ssl:/var/lib/acme/:z
      - /mnt/extern/mailcow/assets/ssl-example:/var/lib/ssl-example/:ro,Z
      - mysql-socket:/var/run/mysqld/
    restart: always
    networks:
      mailcow:
        aliases:
          - acme
          
  netfilter:
    image: ghcr.io/mailcow/netfilter:1.61
    stop_grace_period: 30s
    restart: always
    privileged: true
    environment:
      - TZ=${TZ}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
     # - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
      - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
      - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
      - DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
    network_mode: host
    volumes:
      - /lib/modules:/lib/modules:ro
      
  watchdog:
    image: ghcr.io/mailcow/watchdog:2.08
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    tmpfs:
      - /tmp
    volumes:
      - rspamd:/var/lib/rspamd
      - mysql-socket:/var/run/mysqld/
      - postfix:/var/spool/postfix
      - /mmnt/extern/mailcow/assets/ssl:/etc/ssl/mail/:ro,z
    restart: always
    depends_on:
      - postfix
      - dovecot
      - mysql
      - acme
      - redis
    environment:
      #- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
      - LOG_LINES=${LOG_LINES:-9999}
      - TZ=${TZ}
      - DBNAME=${DBNAME}
      - DBUSER=${DBUSER}
      - DBPASS=${DBPASS}
      - DBROOT=${DBROOT}
      - USE_WATCHDOG=${USE_WATCHDOG:-n}
      - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
      - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
      - WATCHDOG_NOTIFY_START=${WATCHDOG_NOTIFY_START:-y}
      - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
      - WATCHDOG_NOTIFY_WEBHOOK=${WATCHDOG_NOTIFY_WEBHOOK:-}
      - WATCHDOG_NOTIFY_WEBHOOK_BODY=${WATCHDOG_NOTIFY_WEBHOOK_BODY:-}
      - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
      - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
      - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
      - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
      - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
      - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
      - SKIP_CLAMD=${SKIP_CLAMD:-n}
      - SKIP_OLEFY=${SKIP_OLEFY:-n}
      - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
      - SKIP_SOGO=${SKIP_SOGO:-n}
      - HTTPS_PORT=${HTTPS_PORT:-443}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
      - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
      - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
      - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
      - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
      - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
      - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
      - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
      - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
      - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
      - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
      - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
      - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
      - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
      - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
      - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
      - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
      - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
      - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
      - MAILQ_CRIT=${MAILQ_CRIT:-30}
    networks:
      mailcow:
        aliases:
          - watchdog
          
  dockerapi:
    image: ghcr.io/mailcow/dockerapi:2.11
    security_opt:
      - label=disable
    restart: always
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    environment:
      - DBROOT=${DBROOT}
      - TZ=${TZ}
      - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
      - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
      - REDISPASS=${REDISPASS}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      mailcow:
        aliases:
          - dockerapi
          
  olefy:
    image: ghcr.io/mailcow/olefy:1.15
    restart: always
    environment:
      - TZ=${TZ}
      - OLEFY_BINDADDRESS=0.0.0.0
      - OLEFY_BINDPORT=10055
      - OLEFY_TMPDIR=/tmp
      - OLEFY_PYTHON_PATH=/usr/bin/python3
      - OLEFY_OLEVBA_PATH=/usr/bin/olevba
      - OLEFY_LOGLVL=20
      - OLEFY_MINLENGTH=500
      - OLEFY_DEL_TMP=1
      - SKIP_OLEFY=${SKIP_OLEFY:-n}
    networks:
      mailcow:
        aliases:
          - olefy
          
  ofelia:
    image: mcuadros/ofelia:latest
    restart: always
    command: daemon --docker -f label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}
    environment:
      - TZ=${TZ}
      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
    depends_on:
      - sogo
      - dovecot
    labels:
      ofelia.enabled: "true"
    security_opt:
      - label=disable
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      mailcow:
        aliases:
          - ofelia
          
  #ipv6nat:
  #  depends_on:
  #    - unbound
  #    - mysql
  #    - redis
  #    - clamd
  #    - rspamd
  #    - php-fpm
  #    - sogo
  #    - dovecot
  #    - postfix
  #    - memcached
  #    - nginx
  #    - acme
  #    - netfilter
  #    - watchdog
  #    - dockerapi
  #  environment:
  #    - TZ=${TZ}
  #  image: robbertkl/ipv6nat
  #  security_opt:
  #    - label=disable
  #  restart: always
  #  privileged: true
  #  network_mode: host
  #  volumes:
  #    - /var/run/docker.sock:/var/run/docker.sock:ro
  #    - /lib/modules:/lib/modules:ro
      
networks:
  proxy:
    external: true
  mailcow:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-mailcow
    #enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: ${IPV4_NETWORK:-172.33.1}.0/24
       # - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
        
volumes:
  vmail: null
  vmail-index: null
  mysql-socket: null
  redis: null
  rspamd: null
  postfix: null
  crypt: null
  sogo-web: null
  sogo-userdata-backup: null
  clamd-db: null
  clamav: null

Meine config

MAILCOW_HOSTNAME=dyndns
MAILCOW_PASS_SCHEME=BLF-CRYPT
DBNAME=mailcowDBUSER=mailcow
DBPASS=passwort
DBROOT=root
REDISPASS=nocheinpasswort
HTTP_PORT=80HTTP_BIND=
HTTPS_PORT=443
HTTPS_BIND=
HTTP_REDIRECT=n
SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587
IMAP_PORT=143
IMAPS_PORT=993
POP_PORT=110
POPS_PORT=995
SIEVE_PORT=4190
DOVEADM_PORT=127.0.0.1:19991
SQL_PORT=127.0.0.1:13306
REDIS_PORT=127.0.0.1:7654
TZ=Europe/Berlin
COMPOSE_PROJECT_NAME=mailcow
DOCKER_COMPOSE_VERSION=native
ACL_ANYONE=disallow
MAILDIR_GC_TIME=7200
ADDITIONAL_SAN=
AUTODISCOVER_SAN=y
ADDITIONAL_SERVER_NAMES=
SKIP_LETS_ENCRYPT=y
ENABLE_SSL_SNI=n
SKIP_IP_CHECK=n
SKIP_HTTP_VERIFICATION=n
SKIP_UNBOUND_HEALTHCHECK=y
SKIP_CLAMD=y
SKIP_OLEFY=n
SKIP_SOGO=n
SKIP_FTS=n
FTS_HEAP=128
FTS_PROCS=1
ALLOW_ADMIN_EMAIL_LOGIN=n
USE_WATCHDOG=y
WATCHDOG_NOTIFY_BAN=n
WATCHDOG_NOTIFY_START=y
WATCHDOG_EXTERNAL_CHECKS=n
WATCHDOG_VERBOSE=n
LOG_LINES=9999
IPV4_NETWORK=172.33.1
IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
MAILDIR_SUB=Maildir
SOGO_EXPIRE_SESSION=480
DOVECOT_MASTER_USER=
DOVECOT_MASTER_PASS=
ACME_CONTACT=
WEBAUTHN_ONLY_TRUSTED_VENDORS=n
SPAMHAUS_DQS_KEY=
DISABLE_NETFILTER_ISOLATION_RULE=n
DISABLE_IPv6=y

Und hier mein Portainer Log, leider steht der Container nicht lang genug, um das Log daraus zu ziehen:

2025-07-10 17:30:05,043 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:05,043 INFO reaped unknown pid 31 (exit status 0)
Jul 10 17:30:05 65b088038921 unbound: [32:0] notice: init module 2: iterator
Jul 10 17:30:05 65b088038921 unbound: [32:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:08,125 INFO spawned: 'unbound' with pid 42
Jul 10 17:30:08 65b088038921 unbound: [48:0] notice: init module 0: subnetcache
Jul 10 17:30:08 65b088038921 unbound: [48:0] notice: init module 1: validator
2025-07-10 17:30:08,140 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:08,140 INFO reaped unknown pid 47 (exit status 0)
Jul 10 17:30:08 65b088038921 unbound: [48:0] notice: init module 2: iterator
2025-07-10 17:30:08,140 INFO gave up: unbound entered FATAL state, too many start retries too quickly
Jul 10 17:30:08 65b088038921 unbound: [48:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:09,219 WARN received SIGQUIT indicating exit request
2025-07-10 17:30:09,220 INFO waiting for processes, syslog-ng, unbound-healthcheck to die
2025-07-10 17:30:10,222 WARN stopped: unbound-healthcheck (terminated by SIGTERM)
Jul 10 17:30:10 65b088038921 syslog-ng[18]: syslog-ng shutting down; version='4.8.1'
2025-07-10 17:30:10,342 INFO stopped: syslog-ng (exit status 0)
2025-07-10 17:30:10,344 WARN stopped: processes (terminated by SIGTERM)
Setting console permissions...
Receiving anchor key...
Receiving root hints...

#=#=#                                                                          
##O#-#                                                                         
######################################################################## 100.0%
setup in directory /etc/unbound
removing artifacts
Setup success. Certificates created. Enable in unbound.conf file to use
2025-07-10 17:30:11,806 INFO Set uid to user 0 succeeded
2025-07-10 17:30:11,808 INFO supervisord started with pid 1
2025-07-10 17:30:12,810 INFO spawned: 'processes' with pid 17
2025-07-10 17:30:12,812 INFO spawned: 'syslog-ng' with pid 18
2025-07-10 17:30:12,813 INFO spawned: 'unbound' with pid 19
2025-07-10 17:30:12,815 INFO spawned: 'unbound-healthcheck' with pid 20
Jul 10 17:30:12 65b088038921 syslog-ng[18]: syslog-ng starting up; version='4.8.1'
2025-07-10 17:30:12,832 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:12,832 INFO reaped unknown pid 22 (exit status 0)
Jul 10 17:30:12 65b088038921 unbound: [23:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:13,906 INFO success: processes entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-07-10 17:30:13,907 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-07-10 17:30:13,910 INFO spawned: 'unbound' with pid 26
2025-07-10 17:30:13,911 INFO success: unbound-healthcheck entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 10 17:30:13 65b088038921 unbound: [28:0] notice: init module 0: subnetcache
Jul 10 17:30:13 65b088038921 unbound: [28:0] notice: init module 1: validator
2025-07-10 17:30:13,923 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:13,923 INFO reaped unknown pid 27 (exit status 0)
Jul 10 17:30:13 65b088038921 unbound: [28:0] notice: init module 2: iterator
Jul 10 17:30:13 65b088038921 unbound: [28:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:16,005 INFO spawned: 'unbound' with pid 30
Jul 10 17:30:16 65b088038921 unbound: [32:0] notice: init module 0: subnetcache
Jul 10 17:30:16 65b088038921 unbound: [32:0] notice: init module 1: validator
2025-07-10 17:30:16,020 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:16,020 INFO reaped unknown pid 31 (exit status 0)
Jul 10 17:30:16 65b088038921 unbound: [32:0] notice: init module 2: iterator
Jul 10 17:30:16 65b088038921 unbound: [32:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:19,101 INFO spawned: 'unbound' with pid 46
Jul 10 17:30:19 65b088038921 unbound: [48:0] notice: init module 0: subnetcache
Jul 10 17:30:19 65b088038921 unbound: [48:0] notice: init module 1: validator
2025-07-10 17:30:19,127 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:19,127 INFO reaped unknown pid 47 (exit status 0)
Jul 10 17:30:19 65b088038921 unbound: [48:0] notice: init module 2: iterator
2025-07-10 17:30:19,128 INFO gave up: unbound entered FATAL state, too many start retries too quickly
Jul 10 17:30:19 65b088038921 unbound: [48:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:20,219 WARN received SIGQUIT indicating exit request
2025-07-10 17:30:20,219 INFO waiting for processes, syslog-ng, unbound-healthcheck to die
2025-07-10 17:30:21,220 WARN stopped: unbound-healthcheck (terminated by SIGTERM)
Jul 10 17:30:21 65b088038921 syslog-ng[18]: syslog-ng shutting down; version='4.8.1'
2025-07-10 17:30:21,345 INFO stopped: syslog-ng (exit status 0)
2025-07-10 17:30:21,346 WARN stopped: processes (terminated by SIGTERM)
Setting console permissions...
Receiving anchor key...
Receiving root hints...

#=#=#                                                                          
##O#-#                                                                         
##O=#  #                                                                       
######################################################################## 100.0%
setup in directory /etc/unbound
removing artifacts
Setup success. Certificates created. Enable in unbound.conf file to use
2025-07-10 17:30:22,934 INFO Set uid to user 0 succeeded
2025-07-10 17:30:22,936 INFO supervisord started with pid 1
2025-07-10 17:30:23,941 INFO spawned: 'processes' with pid 17
2025-07-10 17:30:23,944 INFO spawned: 'syslog-ng' with pid 18
2025-07-10 17:30:23,945 INFO spawned: 'unbound' with pid 19
2025-07-10 17:30:23,947 INFO spawned: 'unbound-healthcheck' with pid 20
Jul 10 17:30:23 65b088038921 syslog-ng[18]: syslog-ng starting up; version='4.8.1'
2025-07-10 17:30:23,964 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:23,964 INFO reaped unknown pid 22 (exit status 0)
Jul 10 17:30:24 65b088038921 unbound: [23:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:25,035 INFO success: processes entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-07-10 17:30:25,035 INFO success: syslog-ng entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-07-10 17:30:25,037 INFO spawned: 'unbound' with pid 26
2025-07-10 17:30:25,037 INFO success: unbound-healthcheck entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 10 17:30:25 65b088038921 unbound: [28:0] notice: init module 0: subnetcache
Jul 10 17:30:25 65b088038921 unbound: [28:0] notice: init module 1: validator
2025-07-10 17:30:25,049 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:25,050 INFO reaped unknown pid 27 (exit status 0)
Jul 10 17:30:25 65b088038921 unbound: [28:0] notice: init module 2: iterator
Jul 10 17:30:25 65b088038921 unbound: [28:0] info: start of service (unbound 1.22.0).
2025-07-10 17:30:27,128 INFO spawned: 'unbound' with pid 30
Jul 10 17:30:27 65b088038921 unbound: [32:0] notice: init module 0: subnetcache
Jul 10 17:30:27 65b088038921 unbound: [32:0] notice: init module 1: validator
2025-07-10 17:30:27,164 WARN exited: unbound (exit status 0; not expected)
2025-07-10 17:30:27,164 INFO reaped unknown pid 31 (exit status 0)
Jul 10 17:30:27 65b088038921 unbound: [32:0] notice: init module 2: iterator
Jul 10 17:30:27 65b088038921 unbound: [32:0] info: start of service (unbound 1.22.0).

Ich habe keine Ahnung, wo das Problem ist und finde auch nichts diesbezüglich.
Was ich finde sind “Unhealthy” Einträge, die dann auf nicht freigegebene Ports oder Weiterleitungen basieren.
Wenn ich die Hinweise dort (z.B. Lookup auf mailcow) oder starte den healthchcek im Container (nach der Ausführung passiert leider gar nichts, also kein Output ggf. weil der Container abgeschmiert ist… wer weiß), umsetze, passiret weiterhin nichts.
Ich glaube auch nicht, dass es am Health Check liegt, weil ich den auch per Config mal geskipped habe und die ähnliche Meldung im Log bekomme, wie oben.
Ich würde einsam mal syslog-ng vermuten, hab da aber nichts zu gefunden.
Ich Danke Euch für Eure Unterstützung

pkernstock

j0chn Docker Compose ist 1.29.2

Die Version duerfte ja extrem alt sein? Das Docker-Compose-Plugin unter Ubuntu 22.04 ist schon wesentlich neuer:

$ docker compose version
Docker Compose version v2.35.1

Du verwendest auch eine ziemlich custom config wo alle Ordner sich auf einem Mountpoint anstatt den Volumes befinden. Ich weiss gar nicht ob wir das offiziell supporten (koennen). Vor allem bei Updates (speziell wo sich die docker-compose.yml aendert) wird das bestimmt frueher oder spaeter etwas schlecht enden. Da waere es besser die Docker Volumes zu verwenden.

Vielleicht irgendein Permission Thema auf dem Mountpoint?

j0chn

Ich weiß ehrlich gesagt gar nicht, wie docker compose installiert wurde. Hab es nicht explizit gemacht, ich schau mal, ob ich das geupdated bekomme.
Die anderen Ordner für andere Stacks/Container habe ich auch so erstellt und das klappt. Daher würde ich die Berechtigung ausschließen.
Ich wollte die Ordner alle auf dem Mount haben, damit ich beim Umzug die Daten leicht mitnehmen kann.

Edit: dicker compose ist 2.38 und docker-compose ist 1.29 (die hier habe ich mal deinstalliert)

detbl1001

Ich habe das gleiche Problem, ich versuche durch die OPNsense Firewall die Mailcow
ab zu sichern, aber ich finde keinen Port der für Outbound zutrifft.
Outbound startet nur wenn ich den Maicow Server komplett ausgehend frei gebe.
Ich habe die aktuelle Docker Version

j0chn

detbl1001
Soweit ich weiß, muss UDP Port 53 frei sein für Outbound.
In meinem Fall konnte ich mit ncat? sehen, dass der Port frei ist (allerdings direkt vom Server aus). Ich habe aber auch keine Restriktion vom Server zum Internet. Und dann habe ich glaube ich auch gesehen, dass man da andere Meldungen bekommt, mehr in die Richtung “mit reachable”

detbl1001

j0chn
Meine anderen Server funktionieren einwandfrei, Port 53 UDP ist natürlich frei, nslookup funktioniert auch einwandfrei.
Ping nach 1.1.1.1 und 8.8.8.8 funktioniert auch. Aber es muss noch einen Port geben der das verhindert.
weil ja wenn ich alles nach draußen frei gebe keine Probleme mehr da sind.