Just saw your post and I was thinking to myself…
I think this container has problems and needs some review. But mailcow devs just say that no, everything’s alright, its always the users fault. Because you have firewalld enabled, because its an “unsupported distro”, because “on their install is working”, because… hell there’s all kinds of excuses specially on GitHub for things not get followed up. So I gave up on that.
I’m also not fond of debian based distros. Whenever we run stuff on Debian distros we get issues we’ve never seen before (and of which stack overflow and other technical forums are full of) some with the network stack… but I don’t want to digress…
Since Red Hat now allows you to have a free licence and up to 16 production servers, we now are shifting towards a Red Hat + Oracle Linux mixed environment. Oracle Linux is free, their Linux team is doing a great job bringing more packages to the yum repos, and they also have a tool that allows you to directly convert your system from CentOS to Oracle Linux (from experience, the lesser third party repos, the better). But we’ve used it successfully on a few servers and others we migrated the apps like from CentOS7 to OL8 as usual.
Going back to mailcow, all the containers are built on debian. I’m not sure where the issue lies, although I have my suspicions. But anyway, we have our own internal resolvers (that actually also run unbound, but our unbound machines all work fine) so we simply add the following to
replace the ip’s with the external resolvers you want to use and restart the unbound container.