DNS problems in acme-mailcow docker container

drhm

I’ve migrated my Mailcow docker server to another host. On the old host (Ubuntu 20.04) the Mailcow server was running without any problems. On the new host (Ubuntu 24.0) the renewing of the SSL certificates doesn’t work anymore. The reason is, that the dns lookup for the mail host returns a private address. I can verify this by running the following command:
docker compose exec acme-mailcow nslookup mail.mydomain
it returns:

Server: 127.0.0.11
Address: 127.0.0.11#53

Non-authoritative answer:
Name: mail.mydomain
Address: 172.19.199.204
Name: mail.mydomain
Address: 172.19.199.250

So far as I know, the acme-mailcow container should ask the unbound-mailcow container for the address of the host. If I set explicit the dns server for the nslookup command by running:
docker compose exec acme-mailcow nslookup mail.mydomain unbound-mailcow
I’ll get the correct public IP for mail.mydomain. It is the same answer I’ll get, if I run the nslookup command direct on the host.
Strangely enough, running the nslookup command in the acme-mailcow container for any other host of the domain mydomain without specifying the DNS server will correctly work. I.e.:
docker compose exec acme-mailcow nslookup mydomain
will return the correct public IP.

And even stranger: Also the following call will return the private address instead of the public one:
docker compose exec unbound-mailcow nslookup mail.mydomain

Any ideas how to fix this strange behaviour?

Thanks in advance.

ETNyx

Can you diff docker-compose.yml to see any non-standard config? Are you running something along side MC?

drhm

There are many differences, but not for acme-mailcow and unbound-mailcow. I’ve included Mailman. And I’ve IP6 disabled.

DocFraggle

drhm There are many differences

How so? Did you manually change the file? If so, why?

drhm

Not so much by hand. But it is an old installation. I updated it and I thought, that the update process had updated everything to the actual state. But now I think, that a lot of changes are missing.

ETNyx

I would suggest make your-self new test installation and re-sync only mail data.

drhm

I’ve now setup a new mailcow docker server, but with the use of the volumes. The original problem doesn’t exist anymore.
But after accessing my mail folder with thunderbird all the old mails are gone. Only new ones are displayed. The mailcow admin gui shows also, that the mailbox is empty. But if I’m looking at the vmail-vol-1 volume, I can still see them (and also decrypt them with dovecot).

I already ran the following commands without success:
docker compose exec dovecot-mailcow doveadm force-resync -u user@mydomain'*'
docker-compose exec dovecot-mailcow doveadm quota recalc -A

DocFraggle

That’s because your new installation uses a new private key for the encrypted mail files

You need to decrypt the old files with the old private key from your old installation and reencrypt them with the new key.

See here, this was the same problem:

https://community.mailcow.email/d/4793-mailbox-recovery/2

drhm

DocFraggle
I can decrypt old mail files in the dovecot-mailcow container. So the key must be correct, right?

DocFraggle

Ok, did you reuse all old volumes? Then you may still use the old key now and you just have to resync

https://docs.mailcow.email/backup_restore/b_n_r-accidental_deletion/?h=#mail

(see the commands at the bottom)

drhm

DocFraggle
Yes, I did reuse all old volumes.
I’ve just run the following both commands from your linked page:
docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
But no additional emails are showing up.
The mail box has a size of a few GB, but both commands were running in less than 3 seconds. Is that ok?

DocFraggle

drhm restoreme@example.net

Well, did you replace the mail address with yours?

drhm

DocFraggle
Yes.
I think, that I’ve found a reason of the problem. In the following directory
/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/mydomain/user
(for a mailbox user@mydomain) there is a sub folder Maildir with a sub folder cur with only emails, that I can see also in Thunderbird. All the other, hidden emails are in the folder cur parallel to Maildir.
After running the following commands as root:
mv Maildir Maildir.orig mkdir Maildir chown 5000:5000 Maildir chmod g-rx,o-rx Maildir chmod g+s Maildir mv cur dovecot-acl-list dovecot-uidlist dovecot-uidvalidity dovecot-uidvalidity.* \ new subscriptions tmp Maildir/ mv .[A-Z]* Maildir/ mv Maildir.orig/cur/* Maildir/cur/ mv Maildir.orig/maildirfolder Maildir
and then the force-resync and quota recalc commands after restarting the devcot-mailcow container, my old Emails are back.
Is this a known problem?