accolon
First of all I reverted all my changes and stick to default mailcow behaviour. My goal was to bring a web application firewall to protect the webpages but it seems to be not possible if not using RSA for some reason. I checked a ton of github issues having more or less the same issue and everyone talks like “works out of the box” but for me it is not. It seems like mailcow is not supporting ECDSA fr me.
Regarding the main.cf:
The content of the main.cf in the host data folder is correct. I also figured out that it is mounted to /opt/postfix/conf. Initial I thought it was mounted to /etc/postfix which contains the snakeoil pem files.
If I exchange the certificates from ./data/assets/ssl with my ECDSA ones I just get problems and stuff I can not figure out why it is this way. Just for the records, I sticked to the official documentation: https://docs.mailcow.email/post_installation/firststeps-ssl/#how-to-use-your-own-certificate
So to solve it step by step I wanted to get postfix running first. But sadly I was unable to fix postfix as it was extremely strange how it behaved. The tls certificates in /opt/postfix/conf/main.cf are set to use /etc/ssl/mail/cert.pem (and key.pem). This file contains the ECDSA cert valid till january. But for some reason if I check the certificate using openssl cli it tells it is still the old one (commands see https://docs.mailcow.email/post_installation/firststeps-ssl/#check-your-configuration). I tried to test with other tools like online tools and some tell the old and some tell it is broken (not sure if some cache or not).
As I spent hours to solve this I now stopped putting more power in this. I am very sad about this as using a WAF for the last 1-2 months showed me that my mailcow is constantly under attack. Not only for logins but also all kind of tries to reach config files as well as sending bad or broken requests to hack into the system. But as said I gave up and maybe try again as soon as mailcow switch to ECDSA certificates.