Skip to content

SOGo: “Could not generate message content” when sending signed email with Sectigo S/MIME certificate #6519

@davidt-de

Description

@davidt-de

Contribution guidelines

  • I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
    ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
    ... I have understood that answers are voluntary and community-driven, and not commercial support.
    ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

When trying to send a signed email from the SOGo web interface (Mailcow), I receive the following error:
'Could not generate message content'
This only occurs when the “Sign the message” option is enabled. If signing is disabled, the message is sent successfully.

Details:

• Browser: Safari Version 18.4 (20621.1.15.11.10)
• S/MIME Certificate issuer: Sectigo
• Certificate validity: Valid and fully trusted
• Works in: Apple Mail.app, Thunderbird, Outlook – no issues
• Imported via: SOGo Settings → IMAP → Security

What I tried:
• Re-imported certificate in SOGo
• Cleared browser cache
• Tried different browsers
• Verified certificate chain is intact
• Tried sending simple/plaintext emails → still fails when signing is enabled

Expected behavior:
SOGo should sign and send the message correctly using the imported S/MIME certificate, just as other clients do.

Questions / Notes:
• Are there any known issues with Sectigo certificates and SOGo?
• Could this be related to specific key lengths or encoding?

Logs:

sogo-mailcow-1  | May  9 13:11:39 0dce1b3a7ece sogod[77:77] FATAL: failed to sign message: no start line

Steps to reproduce:

1. Import Certificate
2. send signed E-Mail

Which branch are you using?

master

Which architecture are you using?

ARM64 (aarch64)

Operating System:

Ubuntu 24.04

Server/VM specifications:

16GB, 10 Cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM

Docker version:

28.1.1

docker-compose version or docker compose version:

v2.35.1

mailcow version:

2025-03b

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem
index 96d16bec..fde9ceb4 100644
--- a/data/assets/ssl-example/cert.pem
+++ b/data/assets/ssl-example/cert.pem

Logs of iptables -L -vn:

Chain INPUT (policy DROP 29551 packets, 1336K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  56M 6660M MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  56M 6660M ufw-before-logging-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
  56M 6660M ufw-before-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
30031 1360K ufw-after-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
29551 1336K ufw-after-logging-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
29551 1336K ufw-reject-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
29551 1336K ufw-track-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4276K   11G MAILCOW    0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
4276K   11G DOCKER-USER  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
4276K   11G DOCKER-FORWARD  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-logging-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 50 packets, 3272 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  18M  154G ufw-before-logging-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
  18M  154G ufw-before-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
21468 1353K ufw-after-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
21468 1353K ufw-after-logging-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
21468 1353K ufw-reject-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
21468 1353K ufw-track-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:7443
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.9           tcp dpt:7080
 1015 60616 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:587
 1134 67596 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:465
  666 38044 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.253         tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:12345
    9   456 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:4190
  934 55848 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:995
 2999  183K ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:993
  985 59929 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:143
  903 53668 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.250         tcp dpt:110
   80  4260 ACCEPT     6    --  !br-4a63b789b448 br-4a63b789b448  0.0.0.0/0            172.20.0.6           tcp dpt:8000
   17   999 ACCEPT     6    --  !br-0d145ad645df br-0d145ad645df  0.0.0.0/0            172.18.0.3           tcp dpt:80
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.249         tcp dpt:6379
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  0.0.0.0/0            172.22.1.4           tcp dpt:3306
   17   952 ACCEPT     6    --  !br-e77fb25fb185 br-e77fb25fb185  0.0.0.0/0            172.19.0.2           tcp dpt:80
    0     0 DROP       0    --  !br-4a63b789b448 br-4a63b789b448  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  !br-e77fb25fb185 br-e77fb25fb185  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  !br-0d145ad645df br-0d145ad645df  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  !docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-BRIDGE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   80  4260 DOCKER     0    --  *      br-4a63b789b448  0.0.0.0/0            0.0.0.0/0           
   17   952 DOCKER     0    --  *      br-e77fb25fb185  0.0.0.0/0            0.0.0.0/0           
 8645  519K DOCKER     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
   17   999 DOCKER     0    --  *      br-0d145ad645df  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-CT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  345 31334 ACCEPT     0    --  *      br-4a63b789b448  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   73  6420 ACCEPT     0    --  *      br-e77fb25fb185  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2956K   11G ACCEPT     0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   54  5498 ACCEPT     0    --  *      br-0d145ad645df  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

Chain DOCKER-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
4276K   11G DOCKER-CT  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
1319K  455M DOCKER-ISOLATION-STAGE-1  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
1319K  455M DOCKER-BRIDGE  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
  333  189K ACCEPT     0    --  br-4a63b789b448 *       0.0.0.0/0            0.0.0.0/0           
   64 28359 ACCEPT     0    --  br-e77fb25fb185 *       0.0.0.0/0            0.0.0.0/0           
1310K  454M ACCEPT     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
   57 16147 ACCEPT     0    --  br-0d145ad645df *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  333  189K DOCKER-ISOLATION-STAGE-2  0    --  br-4a63b789b448 !br-4a63b789b448  0.0.0.0/0            0.0.0.0/0           
   64 28359 DOCKER-ISOLATION-STAGE-2  0    --  br-e77fb25fb185 !br-e77fb25fb185  0.0.0.0/0            0.0.0.0/0           
1310K  454M DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
   57 16147 DOCKER-ISOLATION-STAGE-2  0    --  br-0d145ad645df !br-0d145ad645df  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-0d145ad645df  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-e77fb25fb185  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       0    --  *      br-4a63b789b448  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
4276K   11G RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   30  1707 DROP       0    --  *      *       185.241.208.91       0.0.0.0/0           
    0     0 DROP       6    --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5   390 ufw-skip-to-policy-input  17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
    0     0 ufw-skip-to-policy-input  17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
   10   416 ufw-skip-to-policy-input  6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
  465 23760 ufw-skip-to-policy-input  6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
    0     0 ufw-skip-to-policy-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5157  230K LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
2885K 3237M ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
  53M 3415M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  296 21173 ufw-logging-deny  0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
  296 21173 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
 1396  105K ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
   14  4746 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
 111K 7739K ufw-not-local  0    --  *      *       0.0.0.0/0            0.0.0.0/0           
   60  9570 ACCEPT     17   --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
 111K 7729K ufw-user-input  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
2885K 3237M ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
  15M  151G ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
21468 1353K ufw-user-output  0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  275 20105 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
   19   964 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 111K 7729K RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
   60  9570 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
  480 24566 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
17477 1049K ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
 3941  301K ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1370 79843 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
63063 3785K ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
 9816  588K ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443
  172  8015 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
 5299  308K ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
 1306 1600K ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
    2    84 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22000
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:22000
    0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of ip6tables -L -vn:

Chain INPUT (policy DROP 226 packets, 16890 bytes)
 pkts bytes target     prot opt in     out     source               destination         
73820   29M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
73962   29M ufw6-before-logging-input  0    --  *      *       ::/0                 ::/0                
73962   29M ufw6-before-input  0    --  *      *       ::/0                 ::/0                
  227 16954 ufw6-after-input  0    --  *      *       ::/0                 ::/0                
  226 16890 ufw6-after-logging-input  0    --  *      *       ::/0                 ::/0                
  226 16890 ufw6-reject-input  0    --  *      *       ::/0                 ::/0                
  226 16890 ufw6-track-input  0    --  *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 477K  319M MAILCOW    0    --  *      *       ::/0                 ::/0                 /* mailcow */
 477K  319M DOCKER-USER  0    --  *      *       ::/0                 ::/0                
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 docker0  ::/0                 ::/0                
 210K  101M DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
51022   37M ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
 267K  218M ACCEPT     0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     0    --  br-mailcow br-mailcow  ::/0                 ::/0                
   43 14791 DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
   43 14791 DOCKER-FORWARD  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-before-logging-forward  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-before-forward  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-after-forward  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-after-logging-forward  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-reject-forward  0    --  *      *       ::/0                 ::/0                
    0     0 ufw6-track-forward  0    --  *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 155 packets, 13710 bytes)
 pkts bytes target     prot opt in     out     source               destination         
68594   36M ufw6-before-logging-output  0    --  *      *       ::/0                 ::/0                
68594   36M ufw6-before-output  0    --  *      *       ::/0                 ::/0                
 3126  334K ufw6-after-output  0    --  *      *       ::/0                 ::/0                
 3126  334K ufw6-after-logging-output  0    --  *      *       ::/0                 ::/0                
 3126  334K ufw6-reject-output  0    --  *      *       ::/0                 ::/0                
 3126  334K ufw6-track-output  0    --  *      *       ::/0                 ::/0                

Chain DOCKER (4 references)
 pkts bytes target     prot opt in     out     source               destination         
 1154 97933 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:995
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:110
  470 66637 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:4190
 152K   22M ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:993
   45  6129 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:587
 3574   40M ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:25
 1273 1860K ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:587
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:465
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:4190
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:995
    7   588 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:993
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:143
    0     0 ACCEPT     6    --  !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::9  tcp dpt:110

Chain DOCKER-BRIDGE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5   420 DOCKER     0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DOCKER     0    --  *      docker0  ::/0                 ::/0                

Chain DOCKER-CT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   17 12101 ACCEPT     0    --  *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     0    --  *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED

Chain DOCKER-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   43 14791 DOCKER-CT  0    --  *      *       ::/0                 ::/0                
   26  2690 DOCKER-ISOLATION-STAGE-1  0    --  *      *       ::/0                 ::/0                
   26  2690 DOCKER-BRIDGE  0    --  *      *       ::/0                 ::/0                
   21  2270 ACCEPT     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 ACCEPT     0    --  docker0 *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-1 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  0    --  docker0 !docker0  ::/0                 ::/0                
   69 17481 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       0    --  *      docker0  ::/0                 ::/0                
    0     0 RETURN     0    --  *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 477K  319M RETURN     0    --  *      *       ::/0                 ::/0                

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw6-skip-to-policy-input  17   --  *      *       ::/0                 ::/0                 udp dpt:137
    0     0 ufw6-skip-to-policy-input  17   --  *      *       ::/0                 ::/0                 udp dpt:138
    1    64 ufw6-skip-to-policy-input  6    --  *      *       ::/0                 ::/0                 tcp dpt:139
    0     0 ufw6-skip-to-policy-input  6    --  *      *       ::/0                 ::/0                 tcp dpt:445
    0     0 ufw6-skip-to-policy-input  17   --  *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ufw6-skip-to-policy-input  17   --  *      *       ::/0                 ::/0                 udp dpt:547

Chain ufw6-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  226 16890 LOG        0    --  *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      *       ::/0                 ::/0                 rt type:0
    0     0 ACCEPT     0    --  *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 129
    0     0 ufw6-user-forward  0    --  *      *       ::/0                 ::/0                

Chain ufw6-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    4   292 ACCEPT     0    --  lo     *       ::/0                 ::/0                
    0     0 DROP       0    --  *      *       ::/0                 ::/0                 rt type:0
48723   27M ACCEPT     0    --  *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 129
  112  9438 ufw6-logging-deny  0    --  *      *       ::/0                 ::/0                 ctstate INVALID
  112  9438 DROP       0    --  *      *       ::/0                 ::/0                 ctstate INVALID
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 128
  639 35784 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
13972 1006K ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
 8116  520K ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 132
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 144
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 145
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 146
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 147
    0     0 ACCEPT     17   --  *      *       fe80::/10            fe80::/10            udp spt:547 dpt:546
  185 35675 ACCEPT     17   --  *      *       ::/0                 ff02::fb             udp dpt:5353
    0     0 ACCEPT     17   --  *      *       ::/0                 ff02::f              udp dpt:1900
 2211  562K ufw6-user-input  0    --  *      *       ::/0                 ::/0                

Chain ufw6-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  389  463K ACCEPT     0    --  *      lo      ::/0                 ::/0                
    0     0 DROP       0    --  *      *       ::/0                 ::/0                 rt type:0
49945   35M ACCEPT     0    --  *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 2
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 3
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 4
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 128
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 129
   38  2128 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
 6361  407K ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
 8597  619K ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 141 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 142 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 130
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 131
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 132
  138 16368 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 143
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 151 HL match HL == 1
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 152 HL match HL == 1
    0     0 ACCEPT     58   --  *      *       fe80::/10            ::/0                 ipv6-icmptype 153 HL match HL == 1
 3126  334K ufw6-user-output  0    --  *      *       ::/0                 ::/0                

Chain ufw6-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  112  9438 RETURN     0    --  *      *       ::/0                 ::/0                 ctstate INVALID limit: avg 3/min burst 10
    0     0 LOG        0    --  *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       0    --  *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-input (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    64 DROP       0    --  *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  *      *       ::/0                 ::/0                

Chain ufw6-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2335  187K ACCEPT     6    --  *      *       ::/0                 ::/0                 ctstate NEW
  636  133K ACCEPT     17   --  *      *       ::/0                 ::/0                 ctstate NEW

Chain ufw6-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  232 18544 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:80
 1416  115K ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:443
    5   368 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:8443
    2   128 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:22
    0     0 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:2222
  329  412K ACCEPT     17   --  *      *       ::/0                 ::/0                 udp dpt:443
    0     0 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:22000
    0     0 ACCEPT     17   --  *      *       ::/0                 ::/0                 udp dpt:22000
    0     0 ACCEPT     6    --  *      *       ::/0                 ::/0                 tcp dpt:25

Chain ufw6-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        0    --  *      *       ::/0                 ::/0                 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     0    --  *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  *      *       ::/0                 ::/0                

Chain ufw6-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 274K packets, 21M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 122K 8381K DOCKER     0    --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 154K packets, 9396K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     0    --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 162K packets, 9924K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !br-0d145ad645df  172.18.0.0/16        0.0.0.0/0           
 162K   13M MASQUERADE  0    --  *      !br-mailcow  172.22.1.0/24        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !br-e77fb25fb185  172.19.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  0    --  *      !br-4a63b789b448  172.20.0.0/16        0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     0    --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-0d145ad645df *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     0    --  br-e77fb25fb185 *       0.0.0.0/0            0.0.0.0/0           
 1892  114K RETURN     0    --  br-4a63b789b448 *       0.0.0.0/0            0.0.0.0/0           
   17   952 DNAT       6    --  !br-e77fb25fb185 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8585 to:172.19.0.2:80
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:172.22.1.4:3306
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:172.22.1.249:6379
   17   999 DNAT       6    --  !br-0d145ad645df *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8083 to:172.18.0.3:80
   80  4260 DNAT       6    --  !br-4a63b789b448 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8090 to:172.20.0.6:8000
  908 53968 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:172.22.1.250:110
  987 60049 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:172.22.1.250:143
 3008  184K DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:172.22.1.250:993
  936 55968 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:172.22.1.250:995
    9   456 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:172.22.1.250:4190
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:172.22.1.250:12345
  667 38104 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:172.22.1.253:25
 1139 67872 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:172.22.1.253:465
 1023 61048 DNAT       6    --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:172.22.1.253:587
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7080 to:172.22.1.9:7080
    0     0 DNAT       6    --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7443 to:172.22.1.9:7443

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 45621 packets, 4694K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4669  743K DOCKER     0    --  *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2803 packets, 262K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    9   720 DOCKER     0    --  *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 5291 packets, 466K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  0    --  *      br-mailcow  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  0    --  *      docker0  ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL
    0     0 MASQUERADE  0    --  *      !docker0  fd00:dead:beef:c0::/80  ::/0                
43429 4153K MASQUERADE  0    --  *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:995
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:110
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:143
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:4190
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::9  fd4d:6169:6c63:6f77::9  tcp dpt:993
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:587
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:25
    0     0 MASQUERADE  6    --  *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:465

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  248 19840 RETURN     0    --  br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     0    --  docker0 *       ::/0                 ::/0                
   35  2784 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::9]:995
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::9]:110
   46  4522 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::9]:143
    0     0 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::9]:4190
 2321  189K DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::9]:993
    8   644 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::c]:587
   56  4396 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::c]:25
   14  1100 DNAT       6    --  !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::c]:465
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::9]:110
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::9]:143
    7   588 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::9]:993
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::9]:995
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::9]:4190
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::c]:25
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::c]:465
    0     0 DNAT       6    --  !br-mailcow *      !fe80::/10            ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::c]:587

DNS check:

172.64.155.249
104.18.32.7

Activity

milkmaker

milkmaker commented on Jul 8, 2025

@milkmaker
Collaborator

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

added
stalePlease update the issue with current status, unclear if it's still open/needed.
on Jul 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugstalePlease update the issue with current status, unclear if it's still open/needed.upstream

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @davidt-de@DerLinkman@milkmaker

        Issue actions

          SOGo: “Could not generate message content” when sending signed email with Sectigo S/MIME certificate · Issue #6519 · mailcow/mailcow-dockerized