From 5c57df466943580d77c44ff8af22fe4115eb058a Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 10:10:20 +0100
Subject: [PATCH 01/42] [Acme] Implemented IP Check Bypass properly

---
 data/Dockerfiles/acme/acme.sh | 2 ++
 docker-compose.yml            | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 4f5cb803..1cd456a4 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -213,11 +213,13 @@ while true; do
   done
   ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
 
+  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
   # Start IP detection
   log_f "Detecting IP addresses..."
   IPV4=$(get_ipv4)
   IPV6=$(get_ipv6)
   log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
+  fi
 
   #########################################
   # IP and webroot challenge verification #
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..32302d87 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -389,7 +389,7 @@ services:
     acme-mailcow:
       depends_on:
         - nginx-mailcow
-      image: mailcow/acme:1.83
+      image: mailcow/acme:1.84
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From 9c55d46bc6335505cb0c03b3eb303dd3664a50cd Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Mon, 16 Jan 2023 14:35:15 +0100
Subject: [PATCH 02/42] [Nextcloud] Updated and improved script (implemented -u
 and more)

---
 helper-scripts/nextcloud.sh | 104 +++++++++++++++++++++++++++---------
 1 file changed, 78 insertions(+), 26 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 37c0d5f3..849a3016 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -9,9 +9,14 @@ done
 [[ -z ${1} ]] && NC_HELP=y
 
 while [ "$1" != '' ]; do
+  if [[ $# -ne 1 ]]; then
+      echo -e "\033[31mPlease use only one parameter at the same time!\033[0m" >&2
+      exit 2
+  fi
   case "${1}" in
     -p|--purge) NC_PURGE=y && shift;;
     -i|--install) NC_INSTALL=y && shift;;
+    -u|--update)  NC_UPDATE=y && shift;;
     -r|--resetpw) NC_RESETPW=y && shift;;
     -h|--help) NC_HELP=y && shift;;
     *) echo "Unknown parameter: ${1}" && shift;;
@@ -22,13 +27,11 @@ if [[ ${NC_HELP} == "y" ]]; then
   printf 'Usage:\n\n'
   printf '  -p|--purge\n    Purge Nextcloud\n'
   printf '  -i|--install\n    Install Nextcloud\n'
+  printf '  -u|--update\n    Update Nextcloud\n'
   printf '  -r|--resetpw\n    Reset password\n\n'
   exit 0
 fi
 
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_INSTALL} == "y" ]] && { echo "Cannot use -p and -i at the same time!"; exit 1; }
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_RESETPW} == "y" ]] && { echo "Cannot use -p and -r at the same time!"; exit 1; }
-
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd ${SCRIPT_DIR}/../
 source mailcow.conf
@@ -41,8 +44,27 @@ if [[ ${NC_PURGE} == "y" ]]; then
     exit 1
   fi
 
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-    "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
+  echo -e "\033[33mDetecting Database information...\033[0m"
+  if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
+    echo -e "\033[32mFound seperate nextcloud Database (newer scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound nextcloud (oc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound nextcloud (nc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  else
+    echo -e "\033[31mError: No Nextcloud Databases/Tables found!"
+    echo -e "\033[33mNot purging anything...\033[0m"
+    exit 1
+  fi
   docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
 SELECT 10
 FLUSHDB
@@ -58,9 +80,10 @@ EOF
 
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
+  echo -e "\033[32mNextcloud has been sucessfully uninstalled!\033[0m"
+
 elif [[ ${NC_UPDATE} == "y" ]]; then
-  exit;
-  read -r -p "Are you sure you want to update Nextcloud? [y/N] " response
+  read -r -p "Are you sure you want to update Nextcloud (with nextclouds own updater)? [y/N] " response
   response=${response,,}
   if [[ ! "$response" =~ ^(yes|y)$ ]]; then
     echo "OK, aborting."
@@ -68,23 +91,14 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
   fi
 
   if [ ! -f data/web/nextcloud/occ ]; then
-    echo "Nextcloud occ not found. Is Nextcloud installed?"
+    echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
     exit 1
   fi
   if ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
     echo "Nextcloud seems not to be installed."
     exit 1
-  elif ! grep -q 'version: 20\.' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo "Cannot upgrade to new major version, please update manually."
-    exit 1
   else
-    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
-      && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
-      && rm nextcloud.tar.bz2 \
-      && mkdir -p ./data/web/nextcloud/data \
-      && chmod +x ./data/web/nextcloud/occ \
-       docker exec -it $(docker ps -f name=php-fpm-mailcow -q) bash -c "chown www-data:www-data -R /web/nextcloud" \
-       docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings upgrade"
+    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
   fi
 
 elif [[ ${NC_INSTALL} == "y" ]]; then
@@ -97,25 +111,48 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     [[ ! ${NC_CONT_FAIL,,} =~ ^(yes|y)$ ]] && { echo "Ok, exiting..."; exit 1; }
   fi
 
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
-
+  echo -e "\033[33mDownloading \033[34mNextcloud ${NEXTCLOUD_VERSION}\033[33m...\033[0m"
   curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
     && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
     && rm nextcloud.tar.bz2 \
     && mkdir -p ./data/web/nextcloud/data \
     && chmod +x ./data/web/nextcloud/occ
 
+  echo -e "\033[33mCreating Nextcloud Database...\033[0m"
+  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+  NC_DBUSER=nextcloud
+  NC_DBNAME=nextcloud
+
+  echo -ne "[1/3] Creating nextcloud Database"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
+  sleep 2
+  echo -ne "\r[2/3] Creating nextcloud Database user"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
+  sleep 2
+  echo -ne "\r[3/3] Granting nextcloud user all permissions on database nextcloud"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
+  sleep 2
+
+  echo ""
+  echo -e "\033[33mInstalling Nextcloud...\033[0m"
+  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+
+  echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
+  sleep 2
+  echo -ne "\r[2/4] Running occ maintenance:install to install nextcloud"
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
     --database mysql \
     --database-host mysql \
-    --database-name ${DBNAME} \
-    --database-user ${DBUSER} \
-    --database-pass ${DBPASS} \
+    --database-name ${NC_DBNAME} \
+    --database-user ${NC_DBUSER} \
+    --database-pass ${NC_DBPASS} \
     --admin-user admin \
     --admin-pass ${ADMIN_NC_PASS} \
-      --data-dir /web/nextcloud/data
+      --data-dir /web/nextcloud/data 2>&1 /dev/null
 
+  echo -ne "\r[3/4] Setting custom parameters inside the nextcloud config file"
+  echo ""
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
     /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
     /web/nextcloud/occ --no-warnings config:system:set redis timeout --value=0.0 --type=integer; \
@@ -141,13 +178,28 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
 
+    echo -e "\r[4/4] Enabling NGINX Configuration"
     cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
     sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
+    sleep 2
 
-  echo "Restarting Nginx..."
+  echo ""
+  echo -e "\033[33mFinalizing installation...\033[0m"
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
-  echo "Login as admin with password: ${ADMIN_NC_PASS}"
+  echo ""
+  echo "******************************************"
+  echo "*        SAVE THESE CREDENTIALS          *"
+  echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
+  echo "******************************************"
+  echo ""
+  echo -e "\033[36mDatabase Name:      ${NC_DBNAME}\033[0m"
+  echo -e "\033[36mDatabase User:      ${NC_DBUSER}\033[0m"
+  echo -e "\033[36mDatabase Password:  ${NC_DBPASS}\033[0m"
+  echo ""
+  echo -e "\033[31mUI Admin Password:  ${ADMIN_NC_PASS}\033[0m"
+  echo ""
+
 
 elif [[ ${NC_RESETPW} == "y" ]]; then
     printf 'You are about to set a new password for a Nextcloud user.\n\nDo not use this option if your Nextcloud is configured to use mailcow for authentication.\nSet a new password for the corresponding mailbox in mailcow, instead.\n\n'

From 9279ee2e76a1ad67720e2cd69ef5a1298b434afe Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Tue, 17 Jan 2023 16:23:31 +0100
Subject: [PATCH 03/42] [Dovecot] Update to 2.3.20

---
 data/Dockerfiles/dovecot/Dockerfile | 2 +-
 docker-compose.yml                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 38af3c20..b3a83974 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.19.1
+ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..629f3f35 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -216,7 +216,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.21
+      image: mailcow/dovecot:1.22
       depends_on:
         - mysql-mailcow
       dns:

From 5d5e95972914e548209b54c9a7f996a247d5e6f6 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 17 Jan 2023 19:45:32 +0100
Subject: [PATCH 04/42] Add regex for matchstring line in Dockerfiles

Update composer to 2.5.1
---
 data/Dockerfiles/phpfpm/Dockerfile | 32 ++++++++++++++++++------------
 docker-compose.yml                 |  2 +-
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 93acb33f..05081c6d 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,18 @@
 FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.22
-ENV IMAGICK_PECL 3.7.0
-ENV MAILPARSE_PECL 3.1.4
-ENV MEMCACHED_PECL 3.2.0
-ENV REDIS_PECL 5.3.7
-ENV COMPOSER 2.4.4
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
+ARG APCU_PECL_VERSION=5.1.22
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
+ARG IMAGICK_PECL_VERSION=3.7.0
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
+ARG MAILPARSE_PECL_VERSION=3.1.4
+# renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
+ARG MEMCACHED_PECL_VERSION=3.2.0
+# renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
+ARG REDIS_PECL_VERSION=5.3.7
+# renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
+ARG COMPOSER_VERSION=2.5.1
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -55,11 +61,11 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && pecl install mailparse-${MAILPARSE_PECL} \
-  && pecl install redis-${REDIS_PECL} \
-  && pecl install memcached-${MEMCACHED_PECL} \
-  && pecl install APCu-${APCU_PECL} \
-  && pecl install imagick-${IMAGICK_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
@@ -72,7 +78,7 @@ RUN apk add -U --no-cache autoconf \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -102,4 +108,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["php-fpm"]
+CMD ["php-fpm"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index b940b336..bbf67c79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.81
+      image: mailcow/phpfpm:1.82
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow

From 7626becb38f8b5908b1e4c0d238f3a918bba2f1c Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 17 Jan 2023 19:48:42 +0100
Subject: [PATCH 05/42] Add regex for matchstring line in Dockerfiles

---
 data/Dockerfiles/dovecot/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index b3a83974..1d8e1e5b 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,6 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
 ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16

From 1af785a94f73cbe588435e15b7e749762e876019 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Wed, 18 Jan 2023 19:37:09 +0100
Subject: [PATCH 06/42] Enable dependencyDashboard

Add label for PRs
Add docker-compose manager
---
 .github/renovate.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 5fab8128..36b4aec5 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,15 +1,19 @@
 {
   "enabled": true,
   "timezone": "Europe/Berlin",
-  "dependencyDashboard": false,
+  "dependencyDashboard": true,
   "dependencyDashboardTitle": "Renovate Dashboard",
   "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
   "rebaseWhen": "auto",
+  "labels": ["renovate"],
   "assignees": [
     "@magiccc"
   ],
   "baseBranches": ["staging"],
-  "enabledManagers": ["github-actions", "regex"],
+  "enabledManagers": ["github-actions", "regex", "docker-compose"],
+  "ignorePaths": [
+    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
+  ],
   "regexManagers": [
     {
       "fileMatch": ["^helper-scripts\/nextcloud.sh$"],

From 8e3d2f70106fdc7f33b4f7d6984bd9bb6556bc66 Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 19 Jan 2023 11:28:03 +0100
Subject: [PATCH 07/42] [SOGo] Update to newer 5.8.0 (fix for macOS Caldav Bug)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bbf67c79..8e462881 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.113
+      image: mailcow/sogo:1.114
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From 520d070081a0e863f1b6a68e135ac3347be3215c Mon Sep 17 00:00:00 2001
From: DerLinkman <derlinkman@gmail.com>
Date: Thu, 19 Jan 2023 14:04:55 +0100
Subject: [PATCH 08/42] [Compose] Removed OOMKillDisabled from dockerapi

---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 93257cf5..3b3ccee3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -514,7 +514,6 @@ services:
       security_opt:
         - label=disable
       restart: always
-      oom_kill_disable: true
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:

From f5baeb31c1766e797a9bab5c0b8112dedf8e18c9 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 19 Jan 2023 15:57:49 +0100
Subject: [PATCH 09/42] Revert "[Update.sh] Implemented optimized Regex Compose
 Detection"

This reverts commit a76e6b32f7973c79936cc9aa3dfbfc900135df3d.
---
 update.sh | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/update.sh b/update.sh
index db6be252..34d17354 100755
--- a/update.sh
+++ b/update.sh
@@ -177,35 +177,38 @@ remove_obsolete_nginx_ports() {
 
 detect_docker_compose_command(){
 if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-  if command -v docker compose > /dev/null 2>&1; then
-      version=$(docker compose version --short)
-      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
-        COMPOSE_VERSION=native
+  if docker compose > /dev/null 2>&1; then
+      if docker compose version --short | grep "2." > /dev/null 2>&1; then
+        DOCKER_COMPOSE_VERSION=native
+        COMPOSE_COMMAND="docker compose"
         echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
         sleep 2
-        echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
+        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
-  elif command -v docker-compose > /dev/null 2>&1; then
-      version=$(docker-compose version --short)
-      if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
-        COMPOSE_VERSION=standalone
+  elif docker-compose > /dev/null 2>&1; then
+    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+      if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
+        DOCKER_COMPOSE_VERSION=standalone
+        COMPOSE_COMMAND="docker-compose"
         echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
         sleep 2
         echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
+    fi
+
   else
     echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-    echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
     exit 1
   fi
 

From 2ebd8345dfe4fe6ebb246be6de06f2f5fb0e4f8b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 19 Jan 2023 15:58:22 +0100
Subject: [PATCH 10/42] Revert "[Generate] Refactor compose version detection
 using regex"

This reverts commit 4c6f8c4f6034c7e3d526c2c940555243c0991955.
---
 generate_config.sh | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 6b3ad711..89af0f64 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -25,9 +25,8 @@ for bin in openssl curl docker git awk sha1sum; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
-if command -v docker compose > /dev/null 2>&1; then
-    version=$(docker compose version --short)
-    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+if docker compose > /dev/null 2>&1; then
+    if docker compose version --short | grep "^2." > /dev/null 2>&1; then
       COMPOSE_VERSION=native
       echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
@@ -35,12 +34,12 @@ if command -v docker compose > /dev/null 2>&1; then
       echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
     else
       echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
-elif command -v docker-compose > /dev/null 2>&1; then
-    version=$(docker-compose version --short)
-    if [[ $version =~ ^2\.([0-9]+)\.([0-9]+) ]]; then
+elif docker-compose > /dev/null 2>&1; then
+  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
       COMPOSE_VERSION=standalone
       echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
       echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
@@ -51,9 +50,11 @@ elif command -v docker-compose > /dev/null 2>&1; then
       echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
       exit 1
     fi
+  fi
+
 else
   echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-  echo -e "\e[31mPlease install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+  echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
   exit 1
 fi
 
@@ -457,6 +458,15 @@ case ${git_branch} in
     mailcow_last_git_version=""
     ;;
 esac
+# if [ ${git_branch} == "master" ]; then
+#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+# elif [ ${git_branch} == "nightly" ]; then
+#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+#   mailcow_last_git_version=""
+# else
+#   mailcow_git_version=$(git rev-parse --short HEAD)
+#   mailcow_last_git_version=""
+# fi
 
 if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})

From 1b3a13ca19086130dd9cca98974b4ad8c2fff4c6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 20 Jan 2023 15:36:52 +0100
Subject: [PATCH 11/42] Update alpine Docker tag to v3.17 (#4997)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 7d4424e3..8fcc6fff 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -26,6 +26,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.10
+      image: alpine:3.17
       command: /bin/true
       restart: "no"

From 9af40eba10da1741f1005223e7d953215adf9eae Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 20 Jan 2023 15:37:12 +0100
Subject: [PATCH 12/42] Update dependency nextcloud/server to v25.0.3 (#4996)

Signed-off-by: milkmaker <milkmaker@mailcow.de>

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helper-scripts/nextcloud.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 849a3016..9565c836 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=25.0.2
+NEXTCLOUD_VERSION=25.0.3
 
 for bin in curl dirmngr; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi

From ef6452cf55f5f8ba4f92d563a6ebe038615b68e3 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sun, 22 Jan 2023 15:06:36 +0100
Subject: [PATCH 13/42] Fix installation of nextcloud

---
 helper-scripts/nextcloud.sh | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 9565c836..31cdb6a4 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -46,22 +46,22 @@ if [[ ${NC_PURGE} == "y" ]]; then
 
   echo -e "\033[33mDetecting Database information...\033[0m"
   if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
-    echo -e "\033[32mFound seperate nextcloud Database (newer scheme)!\033[0m"
+    echo -e "\033[32mFound seperate Nextcloud database (newer scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
   elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound nextcloud (oc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[32mFound Nextcloud (oc) tables inside of mailcow database (old scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
      "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
   elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
-    echo -e "\033[32mFound nextcloud (nc) tables inside of mailcow Database (old scheme)!\033[0m"
+    echo -e "\033[32mFound Nextcloud (nc) tables inside of mailcow database (old scheme)!\033[0m"
     echo -e "\033[31mPurging...\033[0m"
     docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
      "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
   else
-    echo -e "\033[31mError: No Nextcloud Databases/Tables found!"
+    echo -e "\033[31mError: No Nextcloud databases/tables found!"
     echo -e "\033[33mNot purging anything...\033[0m"
     exit 1
   fi
@@ -80,10 +80,10 @@ EOF
 
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
-  echo -e "\033[32mNextcloud has been sucessfully uninstalled!\033[0m"
+  echo -e "\033[32mNextcloud has been uninstalled sucessfully!\033[0m"
 
 elif [[ ${NC_UPDATE} == "y" ]]; then
-  read -r -p "Are you sure you want to update Nextcloud (with nextclouds own updater)? [y/N] " response
+  read -r -p "Are you sure you want to update Nextcloud (with Nextclouds own updater)? [y/N] " response
   response=${response,,}
   if [[ ! "$response" =~ ^(yes|y)$ ]]; then
     echo "OK, aborting."
@@ -118,18 +118,18 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     && mkdir -p ./data/web/nextcloud/data \
     && chmod +x ./data/web/nextcloud/occ
 
-  echo -e "\033[33mCreating Nextcloud Database...\033[0m"
+  echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
   NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
   NC_DBUSER=nextcloud
   NC_DBNAME=nextcloud
 
-  echo -ne "[1/3] Creating nextcloud Database"
+  echo -ne "[1/3] Creating 'nextcloud' database"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
   sleep 2
-  echo -ne "\r[2/3] Creating nextcloud Database user"
+  echo -ne "\r[2/3] Creating 'nextcloud' database user"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
   sleep 2
-  echo -ne "\r[3/3] Granting nextcloud user all permissions on database nextcloud"
+  echo -ne "\r[3/3] Granting 'nextcloud' user all permissions on database 'nextcloud'"
   docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
   sleep 2
 
@@ -140,7 +140,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
   echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
   sleep 2
-  echo -ne "\r[2/4] Running occ maintenance:install to install nextcloud"
+  echo -ne "\r[2/4] Running occ maintenance:install to install Nextcloud"
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
     --database mysql \
     --database-host mysql \
@@ -149,9 +149,9 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     --database-pass ${NC_DBPASS} \
     --admin-user admin \
     --admin-pass ${ADMIN_NC_PASS} \
-      --data-dir /web/nextcloud/data 2>&1 /dev/null
+    --data-dir /web/nextcloud/data > /dev/null 2>&1
 
-  echo -ne "\r[3/4] Setting custom parameters inside the nextcloud config file"
+  echo -ne "\r[3/4] Setting custom parameters inside the Nextcloud config file"
   echo ""
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
     /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
@@ -178,7 +178,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
 
-    echo -e "\r[4/4] Enabling NGINX Configuration"
+    echo -e "\r[4/4] Enabling Nginx Configuration"
     cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
     sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
     sleep 2
@@ -193,11 +193,11 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
   echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
   echo "******************************************"
   echo ""
-  echo -e "\033[36mDatabase Name:      ${NC_DBNAME}\033[0m"
-  echo -e "\033[36mDatabase User:      ${NC_DBUSER}\033[0m"
-  echo -e "\033[36mDatabase Password:  ${NC_DBPASS}\033[0m"
+  echo -e "\033[36mDatabase name:      ${NC_DBNAME}\033[0m"
+  echo -e "\033[36mDatabase user:      ${NC_DBUSER}\033[0m"
+  echo -e "\033[36mDatabase password:  ${NC_DBPASS}\033[0m"
   echo ""
-  echo -e "\033[31mUI Admin Password:  ${ADMIN_NC_PASS}\033[0m"
+  echo -e "\033[31mUI admin password:  ${ADMIN_NC_PASS}\033[0m"
   echo ""
 
 

From afddcf7f3b79c506a5b385a7dbbf6fadf95639fa Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 24 Jan 2023 09:49:49 +0100
Subject: [PATCH 14/42] replace nullnull.org with fuzzy.mailcow.email

---
 data/conf/rspamd/local.d/multimap.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf
index 17ada99e..3f554c5b 100644
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
   type = "header";
   header = "subject";
   regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
   score = 6.0;
   symbols_set = ["BAD_SUBJECT_00"];
 }

From 9ba65a572e1e22d89d75130f0ee609ec1f9f6d70 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 24 Jan 2023 10:13:30 +0100
Subject: [PATCH 15/42] [Web] add missing template var for dadmins

---
 data/web/user.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/user.php b/data/web/user.php
index b92e87a7..5fddff6e 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -20,6 +20,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
     'tfa_data' => $tfa_data,
     'fido2_data' => $fido2_data,
     'lang_user' => json_encode($lang['user']),
+    'lang_datatables' => json_encode($lang['datatables']),
   ];
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {

From 8281d3fa557c01f4a250550443001d4c1412d0be Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 24 Jan 2023 20:18:17 +0100
Subject: [PATCH 16/42] [Web] Updated lang.da-dk.json (#5020)

Co-authored-by: osos <osos@openeyes.dk>

Co-authored-by: osos <osos@openeyes.dk>
---
 data/web/lang/lang.da-dk.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index c0d42afe..fa50ff59 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -1,6 +1,6 @@
 {
     "acl": {
-        "alias_domains": "Tilføj kældenavn domæner",
+        "alias_domains": "Tilføj domænealias",
         "app_passwds": "Administrer app-adgangskoder",
         "bcc_maps": "BCC kort",
         "delimiter_action": "Afgrænsning handling",
@@ -22,9 +22,9 @@
         "spam_alias": "Midlertidige aliasser",
         "spam_policy": "Sortliste / hvidliste",
         "spam_score": "Spam-score",
-        "syncjobs": "Synkroniser job",
+        "syncjobs": "Synkroniserings job",
         "tls_policy": "TLS politik",
-        "unlimited_quota": "Ubegrænset quote for mailbokse",
+        "unlimited_quota": "Ubegrænset plads for mailbokse",
         "domain_desc": "Skift domæne beskrivelse"
     },
     "add": {
@@ -33,7 +33,7 @@
         "add": "Tilføj",
         "add_domain_only": "Tilføj kun domæne",
         "add_domain_restart": "Tilføj domæne og genstart SOGo",
-        "alias_address": "Alias adresse (r)",
+        "alias_address": "Alias adresse(r)",
         "alias_address_info": "<small>Fuld e-mail-adresse eller @ eksempel.com for at fange alle beskeder til et domæne (kommasepareret). <b> kun mailcow-domæner</b>.</small>",
         "alias_domain": "Alias-domæne",
         "alias_domain_info": "<small>Kun gyldige domænenavne (kommasepareret).</small>",

From b71998250406656963fc9176826522e1af73cc66 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 25 Jan 2023 09:31:22 +0100
Subject: [PATCH 17/42] partial rollback of dockerapi

---
 data/Dockerfiles/dockerapi/Dockerfile   |   1 +
 data/Dockerfiles/dockerapi/dockerapi.py | 614 ++++++++++--------------
 docker-compose.yml                      |   2 +-
 3 files changed, 267 insertions(+), 350 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index 97c3808c..aa4a3858 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -13,6 +13,7 @@ RUN apk add --update --no-cache python3 \
   fastapi \
   uvicorn \
   aiodocker \
+  docker \
   redis 
 
 COPY docker-entrypoint.sh /app/
diff --git a/data/Dockerfiles/dockerapi/dockerapi.py b/data/Dockerfiles/dockerapi/dockerapi.py
index 304c1781..9e699c22 100644
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI, Response, Request
 import aiodocker
+import docker
 import psutil
 import sys
 import re
@@ -9,11 +10,38 @@ import json
 import asyncio
 import redis
 from datetime import datetime
+import logging
+from logging.config import dictConfig
 
 
+log_config = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+
+        },
+    },
+    "handlers": {
+        "default": {
+            "formatter": "default",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stderr",
+        },
+    },
+    "loggers": {
+        "api-logger": {"handlers": ["default"], "level": "INFO"},
+    },
+}
+dictConfig(log_config)
+
 containerIds_to_update = []
 host_stats_isUpdating = False
 app = FastAPI()
+logger = logging.getLogger('api-logger')
 
 
 @app.get("/host/stats")
@@ -21,18 +49,15 @@ async def get_host_update_stats():
   global host_stats_isUpdating
 
   if host_stats_isUpdating == False:
-    print("start host stats task")
     asyncio.create_task(get_host_stats())
     host_stats_isUpdating = True
 
   while True:
     if redis_client.exists('host_stats'):
       break
-    print("wait for host_stats results")
     await asyncio.sleep(1.5)
 
 
-  print("host stats pulled")
   stats = json.loads(redis_client.get('host_stats'))
   return Response(content=json.dumps(stats, indent=4), media_type="application/json")
 
@@ -106,14 +131,14 @@ async def post_containers(container_id : str, post_action : str, request: Reques
       else:
         api_call_method_name = '__'.join(['container_post', str(post_action) ])
 
-      docker_utils = DockerUtils(async_docker_client)
+      docker_utils = DockerUtils(sync_docker_client)
       api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
 
 
-      print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-      return await api_call_method(container_id, request_json)
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      return api_call_method(container_id, request_json)
     except Exception as e:
-      print("error - container_post: %s" % str(e))
+      logger.error("error - container_post: %s" % str(e))
       res = {
         "type": "danger",
         "msg": str(e)
@@ -152,398 +177,289 @@ class DockerUtils:
     self.docker_client = docker_client
 
   # api call: container_post - post_action: stop
-  async def container_post__stop(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.stop()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  def container_post__stop(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.stop()
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: start
-  async def container_post__start(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.start()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__start(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.start()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: restart
-  async def container_post__restart(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.restart()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__restart(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.restart()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: top
-  async def container_post__top(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        ps_exec = await container.exec("ps")      
-        async with ps_exec.start(detach=False) as stream:
-          ps_return = await stream.read_out()
-
-        exec_details = await ps_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'success', 
-            'msg': ps_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'danger', 
-            'msg': ''
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
+  def container_post__top(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      res = { 'type': 'success', 'msg': container.top()}
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: stats
+  def container_post__stats(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      for stat in container.stats(decode=True, stream=True):
+        res = { 'type': 'success', 'msg': stat}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
   # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  async def container_post__exec__mailq__delete(self, container_id, request_json):
+  def container_post__exec__mailq__delete(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-d %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  async def container_post__exec__mailq__hold(self, container_id, request_json):
+  def container_post__exec__mailq__hold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-h %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  async def container_post__exec__mailq__cat(self, container_id, request_json):
+  def container_post__exec__mailq__cat(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
-        sanitized_string = str(' '.join(filtered_qids))
+        sanitized_string = str(' '.join(filtered_qids));
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postcat_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
-            return await exec_run_handler('utf8_text_only', postcat_exec)
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
+        if not postcat_return:
+          postcat_return = 'err: invalid'
+        return exec_run_handler('utf8_text_only', postcat_return)
 
    # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  async def container_post__exec__mailq__unhold(self, container_id, request_json):
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-H %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
-
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  async def container_post__exec__mailq__deliver(self, container_id, request_json):
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-i %s' % i for i in filtered_qids]
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            for i in flagged_qids:
-              postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')      
-              async with postsuper_r_exec.start(detach=False) as stream:
-                postsuper_r_return = await stream.read_out()
-              # todo: check each exit code
-            res = {
-              'type': 'success', 
-              'msg': 'Scheduled immediate delivery'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: list
-  async def container_post__exec__mailq__list(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        mailq_exec = await container.exec(["/usr/sbin/postqueue", "-j"], user='postfix')
-        return await exec_run_handler('utf8_text_only', mailq_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  async def container_post__exec__mailq__flush(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postqueue", "-f"], user='postfix')
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  async def container_post__exec__mailq__super_delete(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postsuper", "-d", "ALL"])
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  async def container_post__exec__system__fts_rescan(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')         
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-    if 'all' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')          
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: df
-  async def container_post__exec__system__df(self, container_id, request_json):
-    if 'dir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          df_exec = await container.exec(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
-          async with df_exec.start(detach=False) as stream:
-            df_return = await stream.read_out()
-
-          print(df_return)
-          print(await df_exec.inspect())
-          exec_details = await df_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            return df_return.data.decode('utf-8').rstrip()
-          else:
-            return "0,0,0,0,0,0"
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  async def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          matched = False
-          for line in sql_return.data.decode('utf-8').split("\n"):
-            if 'is already upgraded to' in line:
-              matched = True
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'mysql_upgrade: already upgraded',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            await container.restart()
-            res = {
-              'type': 'warning', 
-              'msg': 'mysql_upgrade: upgrade was applied',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_upgrade: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          for i in flagged_qids:
+            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
+            # todo: check each exit code
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
           return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  async def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'info', 
-            'msg': 'mysql_tzinfo_to_sql: command completed successfully',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_tzinfo_to_sql: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  async def container_post__exec__reload__dovecot(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  async def container_post__exec__reload__postfix(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  async def container_post__exec__reload__nginx(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: list
-  async def container_post__exec__sieve__list(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sieve_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: print
-  async def container_post__exec__sieve__print(self, container_id, request_json):
-    if 'username' in request_json and 'script_name' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
-          sieve_exec = await container.exec(cmd)
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  async def container_post__exec__maildir__cleanup(self, container_id, request_json):
-    if 'maildir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sane_name = re.sub(r'\W+', '', request_json['maildir'])
-          cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
-          maildir_cleanup_exec = await container.exec(cmd, user='vmail')
-          return await exec_run_handler('generic', maildir_cleanup_exec)
-
-  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  async def container_post__exec__rspamd__worker_password(self, container_id, request_json):
-    if 'raw' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
           
-          cmd = "./set_worker_password.sh '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
-          rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
-          async with rspamd_password_exec.start(detach=False) as stream:
-            rspamd_password_return = await stream.read_out()
-
-          matched = False
-          if "OK" in rspamd_password_return.data.decode('utf-8'):
+  # api call: container_post - post_action: exec - cmd: mailq - task: list
+  def container_post__exec__mailq__list(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
+      return exec_run_handler('utf8_text_only', mailq_return)
+  # api call: container_post - post_action: exec - cmd: mailq - task: flush
+  def container_post__exec__mailq__flush(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
+      return exec_run_handler('generic', postqueue_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
+  def container_post__exec__mailq__super_delete(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
+      return exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
+  def container_post__exec__system__fts_rescan(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if 'all' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: df
+  def container_post__exec__system__df(self, container_id, request_json):
+    if 'dir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+        if df_return.exit_code == 0:
+          return df_return.output.decode('utf-8').rstrip()
+        else:
+          return "0,0,0,0,0,0"
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
+  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
+      if sql_return.exit_code == 0:
+        matched = False
+        for line in sql_return.output.decode('utf-8').split("\n"):
+          if 'is already upgraded to' in line:
             matched = True
-            await container.restart()
+        if matched:
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          container.restart()
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
+      if sql_return.exit_code == 0:
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
+  def container_post__exec__reload__dovecot(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: postfix
+  def container_post__exec__reload__postfix(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: nginx
+  def container_post__exec__reload__nginx(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: list
+  def container_post__exec__sieve__list(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: print
+  def container_post__exec__sieve__print(self, container_id, request_json):
+    if 'username' in request.json and 'script_name' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
+        sieve_return = container.exec_run(cmd)
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
+  def container_post__exec__maildir__cleanup(self, container_id, request_json):
+    if 'maildir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
+        maildir_cleanup = container.exec_run(cmd, user='vmail')
+        return exec_run_handler('generic', maildir_cleanup)
+  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
+  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
+    if 'raw' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
 
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'command completed successfully'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'danger', 
-              'msg': 'command did not complete'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        matched = False
+        for line in cmd_response.split("\n"):
+          if '$2$' in line:
+            hash = line.strip()
+            hash_out = re.search('\$2\$.+$', hash).group(0)
+            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
+            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
+            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
+            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
+            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
+              container.restart()
+              matched = True
+        if matched:
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
+          logger.info('success changing Rspamd password')
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          logger.error('failed changing Rspamd password')
+          res = { 'type': 'danger', 'msg': 'command did not complete' }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
 
+def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
 
-async def exec_run_handler(type, exec_obj):
-  async with exec_obj.start(detach=False) as stream:
-    exec_return = await stream.read_out()
+  def recv_socket_data(c_socket, timeout):
+    c_socket.setblocking(0)
+    total_data=[]
+    data=''
+    begin=time.time()
+    while True:
+      if total_data and time.time()-begin > timeout:
+        break
+      elif time.time()-begin > timeout*2:
+        break
+      try:
+        data = c_socket.recv(8192)
+        if data:
+          total_data.append(data.decode('utf-8'))
+          #change the beginning time for measurement
+          begin=time.time()
+        else:
+          #sleep for sometime to indicate a gap
+          time.sleep(0.1)
+          break
+      except:
+        pass
+    return ''.join(total_data)
+    
 
-  if exec_return == None:
-    exec_return = ""
-  else:
-    exec_return = exec_return.data.decode('utf-8')
-
-  if type == 'generic':       
-    exec_details = await exec_obj.inspect()
-    if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-      res = {
-        "type": "success",
-        "msg": "command completed successfully"
-      }
+  try :
+    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
+    if not cmd.endswith("\n"):
+      cmd = cmd + "\n"
+    socket.send(cmd.encode('utf-8'))
+    data = recv_socket_data(socket, timeout)
+    socket.close()
+    return data
+  except Exception as e:
+    logger.error("error - exec_cmd_container: %s" % str(e))
+    traceback.print_exc(file=sys.stdout)
+def exec_run_handler(type, output):
+  if type == 'generic':
+    if output.exit_code == 0:
+      res = { 'type': 'success', 'msg': 'command completed successfully' }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
     else:
-      res = {
-        "type": "success",
-        "msg": "'command failed: " + exec_return
-      }
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
   if type == 'utf8_text_only':
-    return Response(content=exec_return, media_type="text/plain")
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
 
 async def get_host_stats(wait=5):
   global host_stats_isUpdating
@@ -570,12 +486,10 @@ async def get_host_stats(wait=5):
       "type": "danger",
       "msg": str(e)
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   host_stats_isUpdating = False
   
-
 async def get_container_stats(container_id, wait=5, stop=False):
   global containerIds_to_update
 
@@ -598,13 +512,11 @@ async def get_container_stats(container_id, wait=5, stop=False):
         "type": "danger",
         "msg": str(e)
       }
-      print(json.dumps(res, indent=4))
   else:
     res = {
       "type": "danger",
       "msg": "no or invalid id defined"
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   if stop == True:
@@ -615,9 +527,13 @@ async def get_container_stats(container_id, wait=5, stop=False):
     await get_container_stats(container_id, wait=0, stop=True)
 
 
+
 if os.environ['REDIS_SLAVEOF_IP'] != "":
   redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
 else:
   redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
 
+sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
+
+logger.info('DockerApi started')
diff --git a/docker-compose.yml b/docker-compose.yml
index 3b3ccee3..19e20345 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -510,7 +510,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.0
+      image: mailcow/dockerapi:2.01
       security_opt:
         - label=disable
       restart: always

From ed7b384e2431e4c98a45c3262c2229b285f778b6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 25 Jan 2023 09:34:12 +0100
Subject: [PATCH 18/42] [Web] fix queue btn showing undefined

---
 data/web/js/site/queue.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index 6b2d2b3b..ebebaff8 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -21,7 +21,6 @@ jQuery(function($){
           url: '/api/v1/get/postcat/' + button.data('queue-id'),
           dataType: 'text',
           complete: function (data) {
-            console.log(data);
             $('#queue_msg_content').text(data.responseText);
           }
       });
@@ -54,7 +53,7 @@ jQuery(function($){
             });
             item.recipients = rcpts.join('<hr style="margin:1px!important">');
             item.action = '<div class="btn-group">' +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
             '</div>';
           });
           return data;

From 99e38d81b1a34893f5738919e719fa50a032fcb9 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Wed, 25 Jan 2023 16:09:15 +0100
Subject: [PATCH 19/42] Removed Integration Tests

---
 .github/workflows/integration_tests.yml | 63 -------------------------
 README.md                               |  1 -
 2 files changed, 64 deletions(-)
 delete mode 100644 .github/workflows/integration_tests.yml

diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
deleted file mode 100644
index ee083bf4..00000000
--- a/.github/workflows/integration_tests.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: mailcow Integration Tests
-
-on:
-  push:
-    branches: [ "master", "staging" ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  integration_tests:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup Ansible
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install python3 python3-pip git
-          sudo pip3 install ansible
-      - name: Prepair Test Environment
-        run: |
-          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
-          ./fork_check.sh
-          ./ci.sh
-          ./ci-pip-requirements.sh
-        env:
-          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
-          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
-      - name: Start Integration Test Server
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-start-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Setup Integration Test Server
-        run: |
-          ./fork_check.sh
-          sleep 30
-          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Run Integration Tests
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Delete Integration Test Server
-        if: always()
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-delete-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
diff --git a/README.md b/README.md
index b40a767c..c15b8ef0 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-[![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 

From 6ff3f3f044b8673d315d0e7dc3f7c33e70bef977 Mon Sep 17 00:00:00 2001
From: realizelol <bsw.bsw@gmx.de>
Date: Wed, 25 Jan 2023 23:50:39 +0100
Subject: [PATCH 20/42] [Web] Set pageLength to pagination_size + repect
 savedState... Fix width in quarantine table.

---
 data/web/css/site/quarantine.css              |  206 +-
 data/web/js/site/admin.js                     | 1468 +++++++-------
 data/web/js/site/debug.js                     |  144 +-
 data/web/js/site/edit.js                      |  442 ++---
 data/web/js/site/mailbox.js                   | 1740 +++++++++--------
 data/web/js/site/qhandler.js                  |  142 +-
 data/web/js/site/quarantine.js                |  583 +++---
 data/web/js/site/queue.js                     |  217 +-
 data/web/js/site/user.js                      | 1329 ++++++-------
 data/web/templates/admin.twig                 |    6 +-
 data/web/templates/debug.twig                 |   40 +-
 data/web/templates/domainadmin.twig           |    2 +-
 data/web/templates/edit.twig                  |    2 +-
 data/web/templates/mailbox.twig               |    2 +-
 data/web/templates/quarantine.twig            |    4 +-
 data/web/templates/queue.twig                 |    2 +-
 .../templates/user_domainadmin_common.twig    |    2 +-
 17 files changed, 3190 insertions(+), 3141 deletions(-)

diff --git a/data/web/css/site/quarantine.css b/data/web/css/site/quarantine.css
index 98a74d66..0455b7c1 100644
--- a/data/web/css/site/quarantine.css
+++ b/data/web/css/site/quarantine.css
@@ -1,102 +1,104 @@
-.pagination a {
-  text-decoration: none !important;
-}
-
-.panel.panel-default {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow-x: scroll !important;
-}
-
-.footer-add-item {
-  display: block;
-  text-align: center;
-  font-style: italic;
-  padding: 10px;
-  background: #F5F5F5;
-}
-
-@media (min-width: 992px) {
-  .container {
-    width: 100%;
-  }
-}
-@media (min-width: 1920px) {
-  .container {
-      width: 80%;
-  }
-}
-
-.mass-actions-quarantine {
-  user-select: none;
-}
-
-.inputMissingAttr {
-  border-color: #FF4136;
-}
-
-.modal#qidDetailModal p {
-  word-break: break-all;
-}
-
-span#qid_detail_score {
-  font-weight: 700;
-  margin-left: 5px;
-}
-
-span.rspamd-symbol {
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-  border-radius: 4px;
-  padding: 0 7px;
-}
-
-span.rspamd-symbol.positive {
-  background: #4CAF50;
-  border: 1px solid #4CAF50;
-  color: white;
-}
-
-span.rspamd-symbol.negative {
-  background: #ff4136;
-  border: 1px solid #ff4136;
-  color: white;
-}
-
-span.rspamd-symbol.neutral {
-  background: #f5f5f5;
-  color: #333;
-  border: 1px solid #ccc;
-}
-
-span.rspamd-symbol span.score {
-  font-weight: 700;
-}
-
-span.mail-address-item {
-  background-color: #f5f5f5;
-  border-radius: 4px;
-  border: 1px solid #ccc;
-  padding: 2px 7px;
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-}
-
-table tbody tr {
-  cursor: pointer;
-}
-
-table tbody tr td input[type="checkbox"] {
-  cursor: pointer;
-}
-.label-rspamd-action {
-  font-size:110%;
-  margin:20px;
-}
-
+.pagination a {
+  text-decoration: none !important;
+}
+
+.panel.panel-default {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow-x: scroll !important;
+}
+
+.footer-add-item {
+  display: block;
+  text-align: center;
+  font-style: italic;
+  padding: 10px;
+  background: #F5F5F5;
+}
+
+@media (min-width: 992px) {
+  .container {
+    width: 100%;
+  }
+}
+@media (min-width: 1920px) {
+  .container {
+      width: 80%;
+  }
+}
+
+.mass-actions-quarantine {
+  user-select: none;
+}
+
+.inputMissingAttr {
+  border-color: #FF4136;
+}
+
+.modal#qidDetailModal p {
+  word-break: break-all;
+}
+
+span#qid_detail_score {
+  font-weight: 700;
+  margin-left: 5px;
+}
+
+span.rspamd-symbol {
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+  border-radius: 4px;
+  padding: 0 7px;
+}
+
+span.rspamd-symbol.positive {
+  background: #4CAF50;
+  border: 1px solid #4CAF50;
+  color: white;
+}
+
+span.rspamd-symbol.negative {
+  background: #ff4136;
+  border: 1px solid #ff4136;
+  color: white;
+}
+
+span.rspamd-symbol.neutral {
+  background: #f5f5f5;
+  color: #333;
+  border: 1px solid #ccc;
+}
+
+span.rspamd-symbol span.score {
+  font-weight: 700;
+}
+
+span.mail-address-item {
+  background-color: #f5f5f5;
+  border-radius: 4px;
+  border: 1px solid #ccc;
+  padding: 2px 7px;
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+}
+
+table tbody tr {
+  cursor: pointer;
+}
+
+table tbody tr td input[type="checkbox"] {
+  cursor: pointer;
+}
+.label-rspamd-action {
+  font-size:110%;
+  margin:20px;
+}
+.senders-mw220 {
+  max-width: 220px;
+}
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 0dba1aa8..0e5a9ae6 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -1,731 +1,737 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
-  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
-  $("#dkim_missing_keys").on('click', function(e) {
-    e.preventDefault();
-     var domains = [];
-     $('.dkim_missing').each(function() {
-       domains.push($(this).val());
-     });
-     $('#dkim_add_domains').val(domains);
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
-  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
-  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
-  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
-  $(".validate_rspamd_regex").click(function( event ) {
-    event.preventDefault();
-    var regex_map_id = $(this).data('regex-map');
-    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
-    var regex_valid = true;
-    for(var i = 0;i < regex_data.length;i++){
-      if(regex_data[i].startsWith('#') || !regex_data[i]){
-        continue;
-      }
-      if(!validateRegex(regex_data[i])) {
-        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
-        var regex_valid = false;
-        break;
-      }
-      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
-        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
-        var regex_valid = false;
-        break;
-      }
-    }
-    if (regex_valid) {
-      mailcow_alert_box('Regex OK', 'success');
-      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
-    }
-  });
-	$('.textarea-code').on('keyup', function() {
-    $('.submit_rspamd_regex').attr({"disabled": true});
-	});
-  $("#show_rspamd_global_filters").click(function() {
-    $.get("inc/ajax/show_rspamd_global_filters.php");
-    $("#confirm_show_rspamd_global_filters").hide();
-    $("#rspamd_global_filters").removeClass("d-none");
-  });
-  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
-  
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_domain_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
-      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#domainadminstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/domain-admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'domainadminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.admin_domains,
-            data: 'selected_domains',
-            defaultContent: '',
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ],
-      initComplete: function(settings, json){
-      }
-    });
-  }
-  function draw_oauth2_clients() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
-      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#oauth2clientstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/oauth2-client/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'oauth2clientstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_id,
-            data: 'client_id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_secret,
-            data: 'client_secret',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_redirect_uri,
-            data: 'redirect_uri',
-            defaultContent: ''
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#adminstable') ) {
-      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#adminstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'adminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            defaultContent: '',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right'
-          },
-      ]
-    });
-  }
-  function draw_fwd_hosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
-      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#forwardinghoststable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/fwdhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'forwardinghoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'host',
-            defaultContent: ''
-          },
-          {
-            title: lang.source,
-            data: 'source',
-            defaultContent: ''
-          },
-          {
-            title: lang.spamfilter,
-            data: 'keep_spam',
-            defaultContent: '',
-            render: function(data, type){
-              return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_relayhosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
-      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#relayhoststable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/relayhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'relayhoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'hostname',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use_by,
-            data: 'in_use_by',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_transport_maps() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#transportstable') ) {
-      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#transportstable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/transport/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'transportstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.destination,
-            data: 'destination',
-            defaultContent: ''
-          },
-          {
-            title: lang.nexthop,
-            data: 'nexthop',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-
-  function process_table_data(data, table) {
-    if (table == 'relayhoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
-        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
-        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
-        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'transportstable') {
-      $.each(data, function (i, item) {
-        if (item.is_mx_based) {
-          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
-        }
-        if (item.username) {
-          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
-        }
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'queuetable') {
-      $.each(data, function (i, item) {
-        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-        rcpts = $.map(item.recipients, function(i) {
-          return escapeHtml(i);
-        });
-        item.recipients = rcpts.join('<hr style="margin:1px!important">');
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
-          '</div>';
-      });
-    } else if (table == 'forwardinghoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
-      });
-    } else if (table == 'oauth2clientstable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.scope = "profile";
-        item.grant_types = 'refresh_token password authorization_code';
-        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'domainadminstable') {
-      $.each(data, function (i, item) {
-        item.selected_domains = escapeHtml(item.selected_domains);
-        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
-        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
-          '</div>';
-      });
-    } else if (table == 'adminstable') {
-      $.each(data, function (i, item) {
-        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
-          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
-        } else {
-          item.usr = item.username;
-        }
-        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-      });
-    }
-    return data
-  };
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=adminstable]", () => draw_admins());
-  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
-  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
-  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
-  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
-  onVisible("[id^=transportstable]", () => draw_transport_maps());
-
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // API IP check toggle
-  $("#skip_ip_check_ro").click(function( event ) {
-   $("#skip_ip_check_ro").not(this).prop('checked', false);
-    if ($("#skip_ip_check_ro:checked").length > 0) {
-      $('#allow_from_ro').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_ro").removeAttr('disabled');
-    }
-  });
-  $("#skip_ip_check_rw").click(function( event ) {
-   $("#skip_ip_check_rw").not(this).prop('checked', false);
-    if ($("#skip_ip_check_rw:checked").length > 0) {
-      $('#allow_from_rw').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_rw").removeAttr('disabled');
-    }
-  });
-  // Relayhost
-  $('#testRelayhostModal').on('show.bs.modal', function (e) {
-    $('#test_relayhost_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#relayhost_id').val(button.data('relayhost-id'));
-    }
-  })
-  $('#test_relayhost').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_relayhost').text();
-    $(this).prop("disabled",true);
-    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/relay_check.php',
-        dataType: 'text',
-        data: $('#test_relayhost_form').serialize(),
-        complete: function (data) {
-          $('#test_relayhost_result').html(data.responseText);
-          $('#test_relayhost').prop("disabled",false);
-          $('#test_relayhost').text(prev);
-        }
-    });
-  })
-  // Transport
-  $('#testTransportModal').on('show.bs.modal', function (e) {
-    $('#test_transport_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#transport_id').val(button.data('transport-id'));
-      $('#transport_type').val(button.data('transport-type'));
-    }
-  })
-  $('#test_transport').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_transport').text();
-    $(this).prop("disabled",true);
-    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/transport_check.php',
-        dataType: 'text',
-        data: $('#test_transport_form').serialize(),
-        complete: function (data) {
-          $('#test_transport_result').html(data.responseText);
-          $('#test_transport').prop("disabled",false);
-          $('#test_transport').text(prev);
-        }
-    });
-  })
-  // DKIM private key modal
-  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
-    $('#priv_key_pre').text("-");
-    p_related = $(e.relatedTarget)
-    if (p_related != null) {
-      var decoded_key = Base64.decode((p_related.data('priv-key')));
-      $('#priv_key_pre').text(decoded_key);
-    }
-  })
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-  // App links
-  function add_table_row(table_id, type) {
-    var row = $('<tr />');
-    if (type == "app_link") {
-      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    } else if (type == "f2b_regex") {
-      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    }
-    row.append(cols);
-    table_id.append(row);
-  }
-  $('#app_link_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#f2b_regex_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#add_app_link_row').click(function() {
-      add_table_row($('#app_link_table'), "app_link");
-  });
-  $('#add_f2b_regex_row').click(function() {
-      add_table_row($('#f2b_regex_table'), "f2b_regex");
-  });
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
+  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
+  $("#dkim_missing_keys").on('click', function(e) {
+    e.preventDefault();
+     var domains = [];
+     $('.dkim_missing').each(function() {
+       domains.push($(this).val());
+     });
+     $('#dkim_add_domains').val(domains);
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
+  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
+  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
+  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
+  $(".validate_rspamd_regex").click(function( event ) {
+    event.preventDefault();
+    var regex_map_id = $(this).data('regex-map');
+    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
+    var regex_valid = true;
+    for(var i = 0;i < regex_data.length;i++){
+      if(regex_data[i].startsWith('#') || !regex_data[i]){
+        continue;
+      }
+      if(!validateRegex(regex_data[i])) {
+        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
+        var regex_valid = false;
+        break;
+      }
+      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
+        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
+        var regex_valid = false;
+        break;
+      }
+    }
+    if (regex_valid) {
+      mailcow_alert_box('Regex OK', 'success');
+      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
+    }
+  });
+  $('.textarea-code').on('keyup', function() {
+    $('.submit_rspamd_regex').attr({"disabled": true});
+  });
+  $("#show_rspamd_global_filters").click(function() {
+    $.get("inc/ajax/show_rspamd_global_filters.php");
+    $("#confirm_show_rspamd_global_filters").hide();
+    $("#rspamd_global_filters").removeClass("d-none");
+  });
+  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
+
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_domain_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
+      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#domainadminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/domain-admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'domainadminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.admin_domains,
+          data: 'selected_domains',
+          defaultContent: '',
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+            render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ],
+      initComplete: function(settings, json){
+      }
+    });
+  }
+  function draw_oauth2_clients() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
+      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#oauth2clientstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/oauth2-client/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'oauth2clientstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_id,
+          data: 'client_id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_secret,
+          data: 'client_secret',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_redirect_uri,
+          data: 'redirect_uri',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#adminstable') ) {
+      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#adminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'adminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          defaultContent: '',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right'
+        },
+      ]
+    });
+  }
+  function draw_fwd_hosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
+      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#forwardinghoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/fwdhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'forwardinghoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'host',
+          defaultContent: ''
+        },
+        {
+          title: lang.source,
+          data: 'source',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter,
+          data: 'keep_spam',
+          defaultContent: '',
+          render: function(data, type){
+            return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_relayhosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
+      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#relayhoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/relayhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'relayhoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'hostname',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use_by,
+          data: 'in_use_by',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_transport_maps() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#transportstable') ) {
+      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#transportstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/transport/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'transportstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.destination,
+          data: 'destination',
+          defaultContent: ''
+        },
+        {
+          title: lang.nexthop,
+          data: 'nexthop',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+
+  function process_table_data(data, table) {
+    if (table == 'relayhoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
+        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
+        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
+        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'transportstable') {
+      $.each(data, function (i, item) {
+        if (item.is_mx_based) {
+          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
+        }
+        if (item.username) {
+          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
+        }
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'queuetable') {
+      $.each(data, function (i, item) {
+        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+        rcpts = $.map(item.recipients, function(i) {
+          return escapeHtml(i);
+        });
+        item.recipients = rcpts.join('<hr style="margin:1px!important">');
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+          '</div>';
+      });
+    } else if (table == 'forwardinghoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
+      });
+    } else if (table == 'oauth2clientstable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.scope = "profile";
+        item.grant_types = 'refresh_token password authorization_code';
+        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'domainadminstable') {
+      $.each(data, function (i, item) {
+        item.selected_domains = escapeHtml(item.selected_domains);
+        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
+        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
+          '</div>';
+      });
+    } else if (table == 'adminstable') {
+      $.each(data, function (i, item) {
+        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
+          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
+        } else {
+          item.usr = item.username;
+        }
+        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+      });
+    }
+    return data
+  };
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=adminstable]", () => draw_admins());
+  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
+  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
+  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
+  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
+  onVisible("[id^=transportstable]", () => draw_transport_maps());
+
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // API IP check toggle
+  $("#skip_ip_check_ro").click(function( event ) {
+   $("#skip_ip_check_ro").not(this).prop('checked', false);
+    if ($("#skip_ip_check_ro:checked").length > 0) {
+      $('#allow_from_ro').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_ro").removeAttr('disabled');
+    }
+  });
+  $("#skip_ip_check_rw").click(function( event ) {
+   $("#skip_ip_check_rw").not(this).prop('checked', false);
+    if ($("#skip_ip_check_rw:checked").length > 0) {
+      $('#allow_from_rw').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_rw").removeAttr('disabled');
+    }
+  });
+  // Relayhost
+  $('#testRelayhostModal').on('show.bs.modal', function (e) {
+    $('#test_relayhost_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#relayhost_id').val(button.data('relayhost-id'));
+    }
+  })
+  $('#test_relayhost').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_relayhost').text();
+    $(this).prop("disabled",true);
+    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/relay_check.php',
+      dataType: 'text',
+      data: $('#test_relayhost_form').serialize(),
+      complete: function (data) {
+        $('#test_relayhost_result').html(data.responseText);
+        $('#test_relayhost').prop("disabled",false);
+        $('#test_relayhost').text(prev);
+      }
+    });
+  })
+  // Transport
+  $('#testTransportModal').on('show.bs.modal', function (e) {
+    $('#test_transport_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#transport_id').val(button.data('transport-id'));
+      $('#transport_type').val(button.data('transport-type'));
+    }
+  })
+  $('#test_transport').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_transport').text();
+    $(this).prop("disabled",true);
+    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/transport_check.php',
+      dataType: 'text',
+      data: $('#test_transport_form').serialize(),
+      complete: function (data) {
+        $('#test_transport_result').html(data.responseText);
+        $('#test_transport').prop("disabled",false);
+        $('#test_transport').text(prev);
+      }
+    });
+  })
+  // DKIM private key modal
+  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
+    $('#priv_key_pre').text("-");
+    p_related = $(e.relatedTarget)
+    if (p_related != null) {
+      var decoded_key = Base64.decode((p_related.data('priv-key')));
+      $('#priv_key_pre').text(decoded_key);
+    }
+  })
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+  // App links
+  function add_table_row(table_id, type) {
+    var row = $('<tr />');
+    if (type == "app_link") {
+      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    } else if (type == "f2b_regex") {
+      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    }
+    row.append(cols);
+    table_id.append(row);
+  }
+  $('#app_link_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#f2b_regex_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#add_app_link_row').click(function() {
+    add_table_row($('#app_link_table'), "app_link");
+  });
+  $('#add_f2b_regex_row').click(function() {
+    add_table_row($('#f2b_regex_table'), "f2b_regex");
+  });
+});
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index a7b06e5a..e0b9a5ab 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -34,7 +34,7 @@ $(document).ready(function() {
   });
 
   // set update loop container list
-  containersToUpdate = {}
+  containersToUpdate = {};
   // set default ChartJs Font Color
   Chart.defaults.color = '#999';
   // create host cpu and mem charts
@@ -44,14 +44,13 @@ $(document).ready(function() {
     check_update(mailcow_info.version_tag, mailcow_info.project_url);
   }
   $("#maiclow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
-       mailcow_info.branch !== "master")
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" || mailcow_info.branch !== "master")
       return;
 
     showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
   })
   // get public ips
-  $("#host_show_ip").click(function(){  
+  $("#host_show_ip").click(function(){
     $("#host_show_ip").find(".text").addClass("d-none");
     $("#host_show_ip").find(".spinner-border").removeClass("d-none");
 
@@ -76,7 +75,7 @@ $(document).ready(function() {
       $("#host_ipv6").addClass("d-block");
     }).catch(function(error){
       console.log(error);
-      
+
       $("#host_ipv6").removeClass("d-none");
       $("#host_ipv6").addClass("d-block");
       $("#host_ipv6").addClass("text-danger");
@@ -119,10 +118,11 @@ jQuery(function($){
     }
 
     var table = $('#autodiscover_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -188,10 +188,11 @@ jQuery(function($){
     }
 
     var table = $('#postfix_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -242,10 +243,11 @@ jQuery(function($){
     }
 
     var table = $('#watchdog_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -300,10 +302,11 @@ jQuery(function($){
     }
 
     var table =  $('#api_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -352,7 +355,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
     });
@@ -365,10 +368,11 @@ jQuery(function($){
     }
 
     var table = $('#rl_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -455,7 +459,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
     });
@@ -468,10 +472,11 @@ jQuery(function($){
     }
 
     var table = $('#ui_logs').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -538,7 +543,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_log');
     });
@@ -551,10 +556,11 @@ jQuery(function($){
     }
 
     var table = $('#sasl_logs').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -598,7 +604,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
     });
@@ -611,10 +617,11 @@ jQuery(function($){
     }
 
     var table = $('#acme_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -647,7 +654,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
     });
@@ -660,10 +667,11 @@ jQuery(function($){
     }
 
     var table = $('#netfilter_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -701,7 +709,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
     });
@@ -714,10 +722,11 @@ jQuery(function($){
     }
 
     var table = $('#sogo_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -755,7 +764,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
     });
@@ -768,10 +777,11 @@ jQuery(function($){
     }
 
     var table = $('#dovecot_log').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -883,10 +893,11 @@ jQuery(function($){
     }
 
     var table = $('#rspamd_history').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: log_pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -983,7 +994,7 @@ jQuery(function($){
         }
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-rspamd-history', '#rspamd_history');
     });
@@ -998,31 +1009,31 @@ jQuery(function($){
         item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
       }
       item.symbols = Object.keys(item.symbols).sort(function (a, b) {
-        if (item.symbols[a].score === 0) return 1
-        if (item.symbols[b].score === 0) return -1
+        if (item.symbols[a].score === 0) return 1;
+        if (item.symbols[b].score === 0) return -1;
         if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
-          return item.symbols[a].score - item.symbols[b].score
+          return item.symbols[a].score - item.symbols[b].score;
         }
         if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
-          return item.symbols[b].score - item.symbols[a].score
+          return item.symbols[b].score - item.symbols[a].score;
         }
-        return item.symbols[b].score - item.symbols[a].score
+        return item.symbols[b].score - item.symbols[a].score;
       }).map(function(key) {
         var sym = item.symbols[key];
         if (sym.score < 0) {
-          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)';
         }
         else if (sym.score === 0) {
-          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)';
         }
         else {
-          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)';
         }
         var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
         if (sym.options) {
           str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
         }
-        return str
+        return str;
       }).join('<br>\n');
       item.subject = escapeHtml(item.subject);
       var scan_time = item.time_real.toFixed(3);
@@ -1155,14 +1166,14 @@ jQuery(function($){
         }
       });
     }
-    return data
+    return data;
   };
   $('.add_log_lines').on('click', function (e) {
     e.preventDefault();
-    var log_table= $(this).data("table")
-    var new_nrows = $(this).data("nrows")
-    var post_process = $(this).data("post-process")
-    var log_url = $(this).data("log-url")
+    var log_table= $(this).data("table");
+    var new_nrows = $(this).data("nrows");
+    var post_process = $(this).data("post-process");
+    var log_url = $(this).data("log-url");
     if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
       console.log("no data-table or data-nrows or log_url or data-post-process attr found");
       return;
@@ -1184,9 +1195,9 @@ jQuery(function($){
   })
   function hideTableExpandCollapseBtn(tab, table){
     if ($(table).hasClass('collapsed'))
-      $(tab).find(".table_collapse_option").show(); 
+      $(tab).find(".table_collapse_option").show();
     else
-      $(tab).find(".table_collapse_option").hide(); 
+      $(tab).find(".table_collapse_option").hide();
   }
 
   // detect element visibility changes
@@ -1220,7 +1231,6 @@ jQuery(function($){
   onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
 
 
-
   // start polling host stats if tab is active
   onVisible("[id^=tab-containers]", () => update_stats());
   // start polling container stats if collapse is active
@@ -1303,9 +1313,9 @@ function update_stats(timeout=5){
       if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
 
       cpu_chart.data.datasets[0].data.push(data.cpu.usage);
-      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
+      if (cpu_chart.data.datasets[0].data.length > 30) cpu_chart.data.datasets[0].data.shift();
       mem_chart.data.datasets[0].data.push(data.memory.usage);
-      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
+      if (mem_chart.data.datasets[0].data.length > 30) mem_chart.data.datasets[0].data.shift();
 
       cpu_chart.update();
       mem_chart.update();
@@ -1464,23 +1474,23 @@ function createReadWriteChart(chart_id, read_lable, write_lable){
   };
   var optionsNet = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
-             return formatBytes(i);
+            return formatBytes(i);
           }
         }
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1528,13 +1538,13 @@ function createHostCpuAndMemChart(){
   };
   var optionsCpu = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
@@ -1544,7 +1554,7 @@ function createHostCpuAndMemChart(){
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1566,13 +1576,13 @@ function createHostCpuAndMemChart(){
   };
   var optionsMem = {
     interaction: {
-        mode: 'index'
+      mode: 'index'
     },
     scales: {
       yAxis: {
         min: 0,
         grid: {
-            display: false
+          display: false
         },
         ticks: {
           callback: function(i, index, ticks) {
@@ -1582,7 +1592,7 @@ function createHostCpuAndMemChart(){
       },
       xAxis: {
         grid: {
-            display: false
+          display: false
         }
       }
     }
@@ -1678,22 +1688,22 @@ function parseGithubMarkdownLinks(inputText) {
 
   replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
   replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
-      if (matched.includes('github.com')){
-        // return short link if it's github link
-        last_uri_path = matched.split('/');
-        last_uri_path = last_uri_path[last_uri_path.length - 1];
+    if (matched.includes('github.com')){
+      // return short link if it's github link
+      last_uri_path = matched.split('/');
+      last_uri_path = last_uri_path[last_uri_path.length - 1];
 
-        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
-        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
-          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
-          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
-        }
+      // adjust Full Changelog link to match last git version and new git version, if link is a compare link
+      if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
+        matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
+        last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
+      }
 
-        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
-      };
+      return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
+    };
 
-      // if it's not a github link, return complete link
-      return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
+    // if it's not a github link, return complete link
+    return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
   });
 
   return replacedText;
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index 4c57b35e..4680bdfa 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -1,220 +1,222 @@
-$(document).ready(function() {
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-  $(".goto_checkbox").click(function( event ) {
-   $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
-    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-      $('#textarea_alias_goto').prop('disabled', true);
-    }
-    else {
-      $("#textarea_alias_goto").removeAttr('disabled');
-    }
-  });
-  $("#disable_sender_check").click(function( event ) {
-    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
-      $('#editSelectSenderACL').prop('disabled', true);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-    else {
-      $('#editSelectSenderACL').prop('disabled', false);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-  });
-  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-    $('#textarea_alias_goto').prop('disabled', true);
-  }
-
-  $("#mailbox-password-warning-close").click(function( event ) {
-    $('#mailbox-passwd-hidden-info').addClass('hidden');
-    $('#mailbox-passwd-form-groups').removeClass('hidden');
-  });
-  // Sender ACL
-  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-    $("#sender_acl_disabled").show();
-  }
-  $('#editSelectSenderACL').change(function() {
-    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-      $("#sender_acl_disabled").show();
-    }
-    else {
-      $("#sender_acl_disabled").hide();
-    }
-  });
-  // Resources
-  if ($("#editSelectMultipleBookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  }
-  $("#editSelectMultipleBookings").change(function() {
-    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
-    if ($('input[name=multiple_bookings]').val() == "custom") {
-      $("#multiple_bookings_custom_div").show();
-    }
-    else {
-      $("#multiple_bookings_custom_div").hide();
-    }
-  });
-  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  });
-
-  // load tags
-  if ($('#tags').length){
-    var tagsEl = $('#tags').parent().find('.tag-values')[0];
-    console.log($(tagsEl).val())
-    var tags = JSON.parse($(tagsEl).val());
-    $(tagsEl).val("");
-    
-    for (var i = 0; i < tags.length; i++)
-      addTag($('#tags'), tags[i]);
-  }
-});
-
-jQuery(function($){
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function draw_wl_policy_domain_table() {
-    $('#wl_policy_domain_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-  function draw_bl_policy_domain_table() {
-    $('#bl_policy_domain_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-
-  
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-            observer.disconnect();
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
-  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
-});
+$(document).ready(function() {
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+  $(".goto_checkbox").click(function( event ) {
+    $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
+    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+      $('#textarea_alias_goto').prop('disabled', true);
+    }
+    else {
+      $("#textarea_alias_goto").removeAttr('disabled');
+    }
+  });
+  $("#disable_sender_check").click(function( event ) {
+    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
+      $('#editSelectSenderACL').prop('disabled', true);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+    else {
+      $('#editSelectSenderACL').prop('disabled', false);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+  });
+  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+    $('#textarea_alias_goto').prop('disabled', true);
+  }
+
+  $("#mailbox-password-warning-close").click(function( event ) {
+    $('#mailbox-passwd-hidden-info').addClass('hidden');
+    $('#mailbox-passwd-form-groups').removeClass('hidden');
+  });
+  // Sender ACL
+  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+    $("#sender_acl_disabled").show();
+  }
+  $('#editSelectSenderACL').change(function() {
+    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+      $("#sender_acl_disabled").show();
+    }
+    else {
+      $("#sender_acl_disabled").hide();
+    }
+  });
+  // Resources
+  if ($("#editSelectMultipleBookings").val() == "custom") {
+    $("#multiple_bookings_custom_div").show();
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  }
+  $("#editSelectMultipleBookings").change(function() {
+    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
+    if ($('input[name=multiple_bookings]').val() == "custom") {
+      $("#multiple_bookings_custom_div").show();
+    }
+    else {
+      $("#multiple_bookings_custom_div").hide();
+    }
+  });
+  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  });
+
+  // load tags
+  if ($('#tags').length){
+    var tagsEl = $('#tags').parent().find('.tag-values')[0];
+    console.log($(tagsEl).val())
+    var tags = JSON.parse($(tagsEl).val());
+    $(tagsEl).val("");
+
+    for (var i = 0; i < tags.length; i++)
+      addTag($('#tags'), tags[i]);
+  }
+});
+
+jQuery(function($){
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function draw_wl_policy_domain_table() {
+    $('#wl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_domain_table() {
+    $('#bl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+            observer.disconnect();
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
+  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
+});
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index b93b1819..49cce1b2 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -77,7 +77,7 @@ $(document).ready(function() {
         $('.dns-modal-body').html(xhr.responseText);
       }
     });
-  }); 
+  });
   // @Open Domain add modal
   $('#addDomainModal').on('show.bs.modal', function(e) {
     $.ajax({
@@ -85,24 +85,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#domain_templates').find('option').remove(); 
+        $('#domain_templates').find('option').remove();
         $('#domain_templates').selectpicker('destroy');
         $('#domain_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#domain_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#domain_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setDomainTemplateData(data[i].attributes);
           } else {
-            $('#domain_templates').append($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#domain_templates').append($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -127,24 +127,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#mailbox_templates').find('option').remove(); 
+        $('#mailbox_templates').find('option').remove();
         $('#mailbox_templates').selectpicker('destroy');
         $('#mailbox_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#mailbox_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#mailbox_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setMailboxTemplateData(data[i].attributes);
           } else {
-            $('#mailbox_templates').append($('<option>', { 
-                value: data[i].id,
-                text : data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#mailbox_templates').append($('<option>', {
+              value: data[i].id,
+              text : data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -229,20 +229,20 @@ $(document).ready(function() {
     } else {
       $('#addDomain_gal').prop('checked', false);
     }
-    
+
     if (template.active == 1){
       $('#addDomain_active').prop('checked', true);
     } else {
       $('#addDomain_active').prop('checked', false);
     }
-    
+
     $("#addDomain_rl_value").val(template.rl_value);
     $('#addDomain_rl_frame').selectpicker('val', template.rl_frame);
     $("#dkim_selector").val(template.dkim_selector);
     if (!template.key_size)
       template.key_size = 2048;
     $('#key_size').selectpicker('val', template.key_size.toString());
-    
+
     if (template.backupmx == 1){
       $('#addDomain_relay_domain').prop('checked', true);
     } else {
@@ -259,7 +259,7 @@ $(document).ready(function() {
       $('#addDomain_relay_unknown_only').prop('checked', false);
     }
 
-    
+
     // load tags
     $('#addDomain_tags').val("");
     $($('#addDomain_tags').parent().find(".tag-values")[0]).val("");
@@ -404,7 +404,7 @@ $(document).ready(function() {
     } else {
       $('#sogo_access').prop('checked', false);
     }
-    
+
     // load tags
     $('#addMailbox_tags').val("");
     $($('#addMailbox_tags').parent().find(".tag-values")[0]).val("");
@@ -417,11 +417,11 @@ jQuery(function($){
   // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
   function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
   function unix_time_format(i){return""==i?'<i class="bi bi-x"></i>':new Date(i?1e3*i:0).toLocaleDateString(void 0,{year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit"})}
-  
+
   $(".refresh_table").on('click', function(e) {
     e.preventDefault();
     var table_name = $(this).data('table');
-    
+
     if ($.fn.DataTable.isDataTable('#' + table_name))
       $('#' + table_name).DataTable().ajax.reload();
   });
@@ -433,10 +433,11 @@ jQuery(function($){
     }
 
     var table = $('#domain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -617,8 +618,8 @@ jQuery(function($){
           defaultContent: ''
         },
       ]
-    });      
-    
+    });
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
     });
@@ -631,15 +632,16 @@ jQuery(function($){
     }
 
     var table = $('#templates_domain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
       },
@@ -666,13 +668,13 @@ jQuery(function($){
             }
             item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
 
-            
+
             if (item.template.toLowerCase() == "default"){
               item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '</div>';
             }
-            else{
+            else {
               item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/domain/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -693,138 +695,138 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: "ID",
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: lang.template,
-            data: 'template',
-            responsivePriority: 3,
-            defaultContent: ''
-          },              
-          {
-            title: lang.max_aliases,
-            data: 'attributes.max_num_aliases_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.max_mailboxes,
-            data: 'attributes.max_num_mboxes_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.mailbox_defquota,
-            data: 'attributes.def_quota_for_mbox',
-            defaultContent: '',
-          },               
-          {
-            title: lang.max_quota,
-            data: 'attributes.max_quota_for_mbox',
-            defaultContent: '',
-          },            
-          {
-            title: lang.domain_quota_total,
-            data: 'attributes.max_quota_for_domain',
-            defaultContent: '',
-          },          
-          {
-            title: lang.gal,
-            data: 'attributes.gal',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.backup_mx,
-            data: 'attributes.backupmx',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_all,
-            data: 'attributes.relay_all_recipients',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_unknown,
-            data: 'attributes.relay_unknown_only',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.active,
-            data: 'attributes.active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },               
-          {
-            title: 'rl_frame',
-            data: 'attributes.rl_frame',
-            defaultContent: '',
-            class: 'none',
-          },             
-          {
-            title: 'rl_value',
-            data: 'attributes.rl_value',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_domains_selector,
-            data: 'attributes.dkim_selector',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_key_length,
-            data: 'attributes.key_size',
-            defaultContent: '',
-            class: 'none',
-          }, 
-          {
-            title: 'Tags',
-            data: 'attributes.tags',
-            defaultContent: '',
-            className: 'none'
-          },    
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: "ID",
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.template,
+          data: 'template',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.max_aliases,
+          data: 'attributes.max_num_aliases_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_mailboxes,
+          data: 'attributes.max_num_mboxes_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.mailbox_defquota,
+          data: 'attributes.def_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_quota,
+          data: 'attributes.max_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.domain_quota_total,
+          data: 'attributes.max_quota_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.gal,
+          data: 'attributes.gal',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.backup_mx,
+          data: 'attributes.backupmx',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_all,
+          data: 'attributes.relay_all_recipients',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_unknown,
+          data: 'attributes.relay_unknown_only',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'attributes.active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: 'rl_frame',
+          data: 'attributes.rl_frame',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'rl_value',
+          data: 'attributes.rl_value',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_domains_selector,
+          data: 'attributes.dkim_selector',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_key_length,
+          data: 'attributes.key_size',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'Tags',
+          data: 'attributes.tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -840,10 +842,11 @@ jQuery(function($){
     }
 
     var table = $('#mailbox_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -927,7 +930,7 @@ jQuery(function($){
               '<div class="progress-bar-mailbox progress-bar progress-bar-' + item.percent_class + '" role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
               'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
             item.username = escapeHtml(item.username);
-            
+
             if (Array.isArray(item.tags)){
               var tags = '';
               for (var i = 0; i < item.tags.length; i++)
@@ -942,167 +945,167 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.domain_quota,
-            data: 'quota.value',
-            responsivePriority: 8,
-            defaultContent: '',  
-            orderData: 23
-          },
-          {
-            title: lang.last_mail_login,
-            data: 'last_mail_login',
-            defaultContent: '',
-            responsivePriority: 7,
-            render: function (data, type) {
-              res = data.split("/");
-              return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
-                '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-                '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
-            }
-          },
-          {
-            title: lang.last_pw_change,
-            data: 'last_pw_change',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use,
-            data: 'in_use',
-            defaultContent: '',
-            responsivePriority: 9,
-            className: 'dt-data-w100'
-          },
-          {
-            title: lang.fname,
-            data: 'name',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_in,
-            data: 'tls_enforce_in',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_out,
-            data: 'tls_enforce_out',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SMTP',
-            data: 'smtp_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'IMAP',
-            data: 'imap_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'POP3',
-            data: 'pop3_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SIEVE',
-            data: 'sieve_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_notification,
-            data: 'quarantine_notification',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_category,
-            data: 'quarantine_category',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.msg_num,
-            data: 'messages',
-            defaultContent: '',
-            responsivePriority: 5
-          },
-          {
-            title: lang.created_on,
-            data: 'created',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.last_modified,
-            data: 'modified',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'Tags',
-            data: 'tags',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
-          {
-            title: "",
-            data: 'quota.sortBy',
-            responsivePriority: 8,
-            defaultContent: '',
-            className: "d-none"
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.domain_quota,
+          data: 'quota.value',
+          responsivePriority: 8,
+          defaultContent: '',
+          orderData: 23
+        },
+        {
+          title: lang.last_mail_login,
+          data: 'last_mail_login',
+          defaultContent: '',
+          responsivePriority: 7,
+          render: function (data, type) {
+            res = data.split("/");
+            return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
+              '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
+              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
+          }
+        },
+        {
+          title: lang.last_pw_change,
+          data: 'last_pw_change',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use,
+          data: 'in_use',
+          defaultContent: '',
+          responsivePriority: 9,
+          className: 'dt-data-w100'
+        },
+        {
+          title: lang.fname,
+          data: 'name',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_in,
+          data: 'tls_enforce_in',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_out,
+          data: 'tls_enforce_out',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SMTP',
+          data: 'smtp_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'IMAP',
+          data: 'imap_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'POP3',
+          data: 'pop3_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SIEVE',
+          data: 'sieve_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_notification,
+          data: 'quarantine_notification',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_category,
+          data: 'quarantine_category',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.msg_num,
+          data: 'messages',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.last_modified,
+          data: 'modified',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'Tags',
+          data: 'tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
+        {
+          title: "",
+          data: 'quota.sortBy',
+          responsivePriority: 8,
+          defaultContent: '',
+          className: "d-none"
+        },
       ]
     });
 
@@ -1118,15 +1121,16 @@ jQuery(function($){
     }
 
     var table = $('#templates_mbox_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
       },
@@ -1175,17 +1179,17 @@ jQuery(function($){
               item.attributes.quarantine_category = lang.q_all;
             }
 
-            
+
             if (item.template.toLowerCase() == "default"){
-                item.action = '<div class="btn-group">' +
-                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                  '</div>';
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '</div>';
             }
             else {
-                  item.action = '<div class="btn-group">' +
-                  '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                  '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                  '</div>';              
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
             }
 
             if (Array.isArray(item.attributes.tags)){
@@ -1230,12 +1234,12 @@ jQuery(function($){
           data: 'template',
           responsivePriority: 3,
           defaultContent: ''
-        },              
+        },
         {
           title: lang.domain_quota,
           data: 'attributes.quota',
           defaultContent: '',
-        },             
+        },
         {
           title: lang.tls_enforce_in,
           data: 'attributes.tls_enforce_in',
@@ -1282,7 +1286,7 @@ jQuery(function($){
           data: 'attributes.quarantine_category',
           defaultContent: '',
           className: 'none'
-        },            
+        },
         {
           title: lang.force_pw_update,
           data: 'attributes.force_pw_update',
@@ -1291,25 +1295,25 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
           }
-        },            
+        },
         {
           title: "rl_frame",
           data: 'attributes.rl_frame',
           defaultContent: '',
           class: 'none',
-        },           
+        },
         {
           title: 'rl_value',
           data: 'attributes.rl_value',
           defaultContent: '',
           class: 'none',
-        }, 
+        },
         {
           title: 'Tags',
           data: 'attributes.tags',
           defaultContent: '',
           className: 'none'
-        },           
+        },
         {
           title: lang.active,
           data: 'attributes.active',
@@ -1318,7 +1322,7 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
           }
-        },     
+        },
         {
           title: lang.action,
           data: 'action',
@@ -1328,7 +1332,7 @@ jQuery(function($){
         },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
     });
@@ -1341,10 +1345,11 @@ jQuery(function($){
     }
 
     var table = $('#resource_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -1377,65 +1382,65 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.description,
-            data: 'description',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'name',
-            defaultContent: ''
-          },
-          {
-            title: lang.kind,
-            data: 'kind',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.multiple_bookings,
-            data: 'multiple_bookings',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            responsivePriority: 5,
-            defaultContent: '',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.description,
+          data: 'description',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.kind,
+          data: 'kind',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.multiple_bookings,
+          data: 'multiple_bookings',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          responsivePriority: 5,
+          defaultContent: '',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
+        },
       ]
     });
 
@@ -1448,14 +1453,14 @@ jQuery(function($){
       // Domains
       var optgroup = "<optgroup label='" + lang.domains + "'>";
       $.each(data.domains, function(index, domain){
-        optgroup += "<option value='" + domain + "'>" + domain + "</option>"
+        optgroup += "<option value='" + domain + "'>" + domain + "</option>";
       });
-      optgroup += "</optgroup>"
+      optgroup += "</optgroup>";
       $('#bcc-local-dest').append(optgroup);
       // Alias domains
       var optgroup = "<optgroup label='" + lang.domain_aliases + "'>";
       $.each(data.alias_domains, function(index, alias_domain){
-        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>"
+        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>";
       });
       optgroup += "</optgroup>"
       $('#bcc-local-dest').append(optgroup);
@@ -1463,9 +1468,9 @@ jQuery(function($){
       $.each(data.mailboxes, function(mailbox, aliases){
         var optgroup = "<optgroup label='" + mailbox + "'>";
         $.each(aliases, function(index, alias){
-          optgroup += "<option value='" + alias + "'>" + alias + "</option>"
+          optgroup += "<option value='" + alias + "'>" + alias + "</option>";
         });
-        optgroup += "</optgroup>"
+        optgroup += "</optgroup>";
         $('#bcc-local-dest').append(optgroup);
       });
       // Finish
@@ -1477,17 +1482,18 @@ jQuery(function($){
       $('#bcc_table').DataTable().columns.adjust().responsive.recalc();
       return;
     }
-    
+
     var table = $('#bcc_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
       },
@@ -1514,65 +1520,65 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_type,
-            data: 'type',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_local_dest,
-            data: 'local_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_type,
+          data: 'type',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_local_dest,
+          data: 'local_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -1588,15 +1594,16 @@ jQuery(function($){
     }
 
     var table = $('#recipient_map_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
       },
@@ -1605,7 +1612,7 @@ jQuery(function($){
         url: "/api/v1/get/recipient_map/all",
         dataSrc: function(json){
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.recipient_map_old = escapeHtml(item.recipient_map_old);
             item.recipient_map_new = escapeHtml(item.recipient_map_new);
@@ -1620,58 +1627,58 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_old,
-            data: 'recipient_map_old',
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_new,
-            data: 'recipient_map_new',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_old,
+          data: 'recipient_map_old',
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_new,
+          data: 'recipient_map_new',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
     });
@@ -1684,15 +1691,16 @@ jQuery(function($){
     }
 
     var table = $('#tls_policy_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
       },
@@ -1701,7 +1709,7 @@ jQuery(function($){
         url: "/api/v1/get/tls-policy-map/all",
         dataSrc: function(json){
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.dest = escapeHtml(item.dest);
             item.policy = '<b>' + escapeHtml(item.policy) + '</b>';
@@ -1721,63 +1729,63 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_dest,
-            data: 'dest',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.tls_map_policy,
-            data: 'policy',
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_parameters,
-            data: 'parameters',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_dest,
+          data: 'dest',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.tls_map_policy,
+          data: 'policy',
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_parameters,
+          data: 'parameters',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
     });
@@ -1790,15 +1798,16 @@ jQuery(function($){
     }
 
     var table = $('#alias_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
       },
@@ -1849,88 +1858,88 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'address',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_address,
-            data: 'goto',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            responsivePriority: 5,
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.sogo_visible,
-            data: 'sogo_visible',
-            defaultContent: '',
-            render: function(data, type){
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.public_comment,
-            data: 'public_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.private_comment,
-            data: 'private_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 6,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_address,
+          data: 'goto',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          responsivePriority: 5,
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.sogo_visible,
+          data: 'sogo_visible',
+          defaultContent: '',
+          render: function(data, type){
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.public_comment,
+          data: 'public_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.private_comment,
+          data: 'private_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 6,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
-    
+
     table.on('responsive-resize', function (e, datatable, columns){
       hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
     });
@@ -1943,10 +1952,11 @@ jQuery(function($){
     }
 
     var table = $('#aliasdomain_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
@@ -1978,50 +1988,50 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.alias,
-            data: 'alias_domain',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_domain,
-            data: 'target_domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.alias,
+          data: 'alias_domain',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_domain,
+          data: 'target_domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2037,15 +2047,16 @@ jQuery(function($){
     }
 
     var table = $('#sync_job_table').DataTable({
-			responsive: true,
+      responsive: true,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
       },
@@ -2082,9 +2093,9 @@ jQuery(function($){
               item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
             }
             if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
+              item.exit_status = lang['syncjob_'+item.exit_status];
             } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
+              item.exit_status = lang.syncjob_check_log;
             }
             item.exit_status = item.success + ' ' + item.exit_status;
           });
@@ -2093,87 +2104,87 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'user2',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: 'Server',
-            data: 'server_w_port',
-            defaultContent: ''
-          },
-          {
-            title: lang.last_run,
-            data: 'last_run',
-            defaultContent: ''
-          },
-          {
-            title: lang.syncjob_last_run_result,
-            data: 'exit_status',
-            defaultContent: ''
-          },
-          {
-            title: 'Log',
-            data: 'log',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.status,
-            data: 'is_running',
-            defaultContent: ''
-          },
-          {
-            title: lang.excludes,
-            data: 'exclude',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.mins_interval,
-            data: 'mins_interval',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'user2',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.mins_interval,
+          data: 'mins_interval',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2189,16 +2200,17 @@ jQuery(function($){
     }
 
     var table = $('#filter_table').DataTable({
-			responsive: true,
+      responsive: true,
       autoWidth: false,
       processing: true,
       serverSide: false,
       stateSave: true,
+      pageLength: pagination_size,
       dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
            "tr" +
            "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
-      order:[[2, 'desc']],
+      order: [[2, 'desc']],
       initComplete: function(){
         hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
       },
@@ -2226,64 +2238,64 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: 'Type',
-            data: 'filter_type',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.description,
-            data: 'script_desc',
-            defaultContent: ''
-          },
-          {
-            title: 'Script',
-            data: 'script_data',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: 'Type',
+          data: 'filter_type',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.description,
+          data: 'script_desc',
+          defaultContent: ''
+        },
+        {
+          title: 'Script',
+          data: 'script_data',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
 
@@ -2294,11 +2306,11 @@ jQuery(function($){
 
   function hideTableExpandCollapseBtn(tab, table){
     if ($(table).hasClass('collapsed'))
-      $(tab).find(".table_collapse_option").show(); 
+      $(tab).find(".table_collapse_option").show();
     else
-      $(tab).find(".table_collapse_option").hide(); 
+      $(tab).find(".table_collapse_option").hide();
   }
-  
+
   // detect element visibility changes
   function onVisible(element, callback) {
     $(document).ready(function() {
diff --git a/data/web/js/site/qhandler.js b/data/web/js/site/qhandler.js
index 4fcc9634..8a8471f2 100644
--- a/data/web/js/site/qhandler.js
+++ b/data/web/js/site/qhandler.js
@@ -1,71 +1,71 @@
-jQuery(function($){
-  var qitem = $('legend').data('hash');
-  var qError = $("#qid_error");
-  $.ajax({
-    url: '/inc/ajax/qitem_details.php',
-    data: { hash: qitem },
-    dataType: 'json',
-    success: function(data){
-      $('[data-id="qitems_single"]').each(function(index) {
-        $(this).attr("data-item", qitem);
-      });
-      $('#qid_detail_subj').text(data.subject);
-      $('#qid_detail_hfrom').text(data.header_from);
-      $('#qid_detail_efrom').text(data.env_from);
-      $('#qid_detail_score').html('');
-      $('#qid_detail_symbols').html('');
-      $('#qid_detail_recipients').html('');
-      $('#qid_detail_fuzzy').html('');
-      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-        $.each(data.fuzzy_hashes, function (index, value) {
-          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-        });
-      } else {
-        $('#qid_detail_fuzzy').append('-');
-      }
-      if (typeof data.symbols !== 'undefined') {
-        data.symbols.sort(function (a, b) {
-          if (a.score === 0) return 1
-          if (b.score === 0) return -1
-          if (b.score < 0 && a.score < 0) {
-            return a.score - b.score
-          }
-          if (b.score > 0 && a.score > 0) {
-            return b.score - a.score
-          }
-          return b.score - a.score
-        })
-        $.each(data.symbols, function (index, value) {
-          var highlightClass = ''
-          if (value.score > 0) highlightClass = 'negative'
-          else if (value.score < 0) highlightClass = 'positive'
-          else highlightClass = 'neutral'
-          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-        });
-        $('[data-bs-toggle="tooltip"]').tooltip()
-      }
-      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-        if (data.action === "add header") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-        } else if (data.action === "reject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-        } else if (data.action === "rewrite subject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-        }
-      }
-      if (typeof data.recipients !== 'undefined') {
-        $.each(data.recipients, function(index, value) {
-          var elem = $('<span class="mail-address-item"></span>');
-          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-          $('#qid_detail_recipients').append(elem);
-        });
-      }
-    },
-    error: function(data){
-      if (typeof data.error !== 'undefined') {
-        qError.text("Error loading quarantine item");
-        qError.show();
-      }
-    }
-  });
-});
+jQuery(function($){
+  var qitem = $('legend').data('hash');
+  var qError = $("#qid_error");
+  $.ajax({
+    url: '/inc/ajax/qitem_details.php',
+    data: { hash: qitem },
+    dataType: 'json',
+    success: function(data){
+      $('[data-id="qitems_single"]').each(function(index) {
+        $(this).attr("data-item", qitem);
+      });
+      $('#qid_detail_subj').text(data.subject);
+      $('#qid_detail_hfrom').text(data.header_from);
+      $('#qid_detail_efrom').text(data.env_from);
+      $('#qid_detail_score').html('');
+      $('#qid_detail_symbols').html('');
+      $('#qid_detail_recipients').html('');
+      $('#qid_detail_fuzzy').html('');
+      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+        $.each(data.fuzzy_hashes, function (index, value) {
+          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+        });
+      } else {
+        $('#qid_detail_fuzzy').append('-');
+      }
+      if (typeof data.symbols !== 'undefined') {
+        data.symbols.sort(function (a, b) {
+          if (a.score === 0) return 1;
+          if (b.score === 0) return -1;
+          if (b.score < 0 && a.score < 0) {
+            return a.score - b.score;
+          }
+          if (b.score > 0 && a.score > 0) {
+            return b.score - a.score;
+          }
+          return b.score - a.score;
+        })
+        $.each(data.symbols, function (index, value) {
+          var highlightClass = '';
+          if (value.score > 0) highlightClass = 'negative';
+          else if (value.score < 0) highlightClass = 'positive';
+          else highlightClass = 'neutral';
+          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+        });
+        $('[data-bs-toggle="tooltip"]').tooltip();
+      }
+      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+        if (data.action === "add header") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+        } else if (data.action === "reject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+        } else if (data.action === "rewrite subject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+        }
+      }
+      if (typeof data.recipients !== 'undefined') {
+        $.each(data.recipients, function(index, value) {
+          var elem = $('<span class="mail-address-item"></span>');
+          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+          $('#qid_detail_recipients').append(elem);
+        });
+      }
+    },
+    error: function(data){
+      if (typeof data.error !== 'undefined') {
+        qError.text("Error loading quarantine item");
+        qError.show();
+      }
+    }
+  });
+});
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index 7da3a7dd..e69863f7 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -1,286 +1,297 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-
-jQuery(function($){
-  acl_data = JSON.parse(acl);
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_quarantine_table() {
-    var table = $('#quarantinetable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      initComplete: function(){
-        hideTableExpandCollapseBtn('#quarantinetable');
-      },
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/quarantine/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (item.subject === null) {
-              item.subject = '';
-            } else {
-              item.subject = escapeHtml(item.subject);
-            }
-            if (item.score === null) {
-              item.score = '-';
-            }
-            if (item.virus_flag > 0) {
-              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
-            } else {
-              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
-            }
-            if (item.action === "reject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
-            } else if (item.action === "add header") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
-            } else if (item.action === "rewrite subject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
-            }
-            if(item.notified > 0) {
-              item.notified = '&#10004;';
-            } else {
-              item.notified = '&#10006;';
-            }
-            if (acl_data.login_as === 1) {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
-              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-              '</div>';
-            }
-            else {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
-              '</div>';
-            }
-            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.qid,
-            data: 'qid',
-            defaultContent: ''
-          },
-          {
-            title: lang.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang.subj,
-            data: 'subject',
-            defaultContent: ''
-          },
-          {
-            title: lang.rspamd_result,
-            data: 'rspamdaction',
-            defaultContent: ''
-          },
-          {
-            title: lang.rcpt,
-            data: 'rcpt',
-            defaultContent: ''
-          },
-          {
-            title: lang.danger,
-            data: 'virus',
-            defaultContent: ''
-          },
-          {
-            title: lang.spam_score,
-            data: 'score',
-            defaultContent: ''
-          },
-          {
-            title: lang.notified,
-            data: 'notified',
-            defaultContent: ''
-          },
-          {
-            title: lang.received,
-            data: 'created',
-            defaultContent: '',
-            createdCell: function(td, cellData) {    
-              $(td).attr({
-                "data-order": cellData,
-                "data-sort": cellData
-              });
-              
-              var date = new Date(cellData ? cellData * 1000 : 0); 
-              var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              $(td).html(dateString);
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-
-    table.on('responsive-resize', function (e, datatable, columns){
-      hideTableExpandCollapseBtn('#quarantinetable');
-    });
-  }
-
-  $('body').on('click', '.show_qid_info', function (e) {
-    e.preventDefault();
-    var qitem = $(this).attr('data-item');
-    var qError = $("#qid_error");
-
-    $('#qidDetailModal').modal('show');
-    qError.hide();
-
-    $.ajax({
-      url: '/inc/ajax/qitem_details.php',
-      data: { id: qitem },
-      dataType: 'json',
-      success: function(data){
-
-        $('[data-id="qitems_single"]').each(function(index) {
-          $(this).attr("data-item", qitem);
-        });
-
-        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
-        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
-        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
-
-        $('#qid_detail_subj').text(data.subject);
-        $('#qid_detail_hfrom').text(data.header_from);
-        $('#qid_detail_efrom').text(data.env_from);
-        $('#qid_detail_score').html('');
-        $('#qid_detail_recipients').html('');
-        $('#qid_detail_symbols').html('');
-        $('#qid_detail_fuzzy').html('');
-        if (typeof data.symbols !== 'undefined') {
-          data.symbols.sort(function (a, b) {
-            if (a.score === 0) return 1
-            if (b.score === 0) return -1
-            if (b.score < 0 && a.score < 0) {
-              return a.score - b.score
-            }
-            if (b.score > 0 && a.score > 0) {
-              return b.score - a.score
-            }
-            return b.score - a.score
-          })
-          $.each(data.symbols, function (index, value) {
-            var highlightClass = ''
-            if (value.score > 0) highlightClass = 'negative'
-            else if (value.score < 0) highlightClass = 'positive'
-            else highlightClass = 'neutral'
-            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-          });
-          $('[data-bs-toggle="tooltip"]').tooltip()
-        }
-        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-          $.each(data.fuzzy_hashes, function (index, value) {
-            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-          });
-        } else {
-          $('#qid_detail_fuzzy').append('-');
-        }
-        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-          if (data.action == "add header") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-          } else if (data.action == "reject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-          } else if (data.action == "rewrite subject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-          }
-        }
-        if (typeof data.recipients !== 'undefined') {
-          $.each(data.recipients, function(index, value) {
-            var elem = $('<span class="mail-address-item"></span>');
-            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-            $('#qid_detail_recipients').append(elem);
-          });
-        }
-        $('#qid_detail_text').text(data.text_plain);
-        $('#qid_detail_text_from_html').text(data.text_html);
-        var qAtts = $("#qid_detail_atts");
-        if (typeof data.attachments !== 'undefined') {
-          qAtts.text('');
-          $.each(data.attachments, function(index, value) {
-            qAtts.append(
-              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
-              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
-            );
-          });
-        }
-        else {
-          qAtts.text('-');
-        }
-      },
-      error: function(data){
-        if (typeof data.error !== 'undefined') {
-          $('#qid_detail_subj').text('-');
-          $('#qid_detail_hfrom').text('-');
-          $('#qid_detail_efrom').text('-');
-          $('#qid_detail_score').html('-');
-          $('#qid_detail_recipients').html('-');
-          $('#qid_detail_symbols').html('-');
-          $('#qid_detail_fuzzy').html('-');
-          $('#qid_detail_text').text('-');
-          $('#qid_detail_text_from_html').text('-');
-          qError.text("Error loading quarantine item");
-          qError.show();
-        }
-      }
-    });
-  });
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // Initial table drawings
-  draw_quarantine_table();
-
-  
-  function hideTableExpandCollapseBtn(table){
-    if ($(table).hasClass('collapsed'))
-      $(".table_collapse_option").show(); 
-    else
-      $(".table_collapse_option").hide(); 
-  }
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+
+jQuery(function($){
+  acl_data = JSON.parse(acl);
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_quarantine_table() {
+    var table = $('#quarantinetable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      order: [[2, 'desc']],
+      lengthMenu: [
+        [10, 25, 50, 100, -1],
+        [10, 25, 50, 100, 'all']
+      ],
+      pagingType: 'first_last_numbers',
+      aColumns: [
+        { sWidth: '8.25%' },
+        { sClass: 'classDataTable' }
+      ],
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#quarantinetable');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/quarantine/all",
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (item.subject === null) {
+              item.subject = '';
+            } else {
+              item.subject = escapeHtml(item.subject);
+            }
+            if (item.score === null) {
+              item.score = '-';
+            }
+            if (item.virus_flag > 0) {
+              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
+            } else {
+              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
+            }
+            if (item.action === "reject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
+            } else if (item.action === "add header") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
+            } else if (item.action === "rewrite subject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
+            }
+            if(item.notified > 0) {
+              item.notified = '&#10004;';
+            } else {
+              item.notified = '&#10006;';
+            }
+            if (acl_data.login_as === 1) {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
+              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+              '</div>';
+            }
+            else {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
+              '</div>';
+            }
+            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.qid,
+          data: 'qid',
+          defaultContent: ''
+        },
+        {
+          title: lang.sender,
+          data: 'sender',
+          className: 'senders-mw220',
+          defaultContent: ''
+        },
+        {
+          title: lang.subj,
+          data: 'subject',
+          defaultContent: ''
+        },
+        {
+          title: lang.rspamd_result,
+          data: 'rspamdaction',
+          defaultContent: ''
+        },
+        {
+          title: lang.rcpt,
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: lang.danger,
+          data: 'virus',
+          defaultContent: ''
+        },
+        {
+          title: lang.spam_score,
+          data: 'score',
+          defaultContent: ''
+        },
+        {
+          title: lang.notified,
+          data: 'notified',
+          defaultContent: ''
+        },
+        {
+          title: lang.received,
+          data: 'created',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData,
+              "data-sort": cellData
+            });
+
+            var date = new Date(cellData ? cellData * 1000 : 0);
+            var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+            $(td).html(dateString);
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#quarantinetable');
+    });
+  }
+
+  $('body').on('click', '.show_qid_info', function (e) {
+    e.preventDefault();
+    var qitem = $(this).attr('data-item');
+    var qError = $("#qid_error");
+
+    $('#qidDetailModal').modal('show');
+    qError.hide();
+
+    $.ajax({
+      url: '/inc/ajax/qitem_details.php',
+      data: { id: qitem },
+      dataType: 'json',
+      success: function(data){
+
+        $('[data-id="qitems_single"]').each(function(index) {
+          $(this).attr("data-item", qitem);
+        });
+
+        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
+        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
+        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
+
+        $('#qid_detail_subj').text(data.subject);
+        $('#qid_detail_hfrom').text(data.header_from);
+        $('#qid_detail_efrom').text(data.env_from);
+        $('#qid_detail_score').html('');
+        $('#qid_detail_recipients').html('');
+        $('#qid_detail_symbols').html('');
+        $('#qid_detail_fuzzy').html('');
+        if (typeof data.symbols !== 'undefined') {
+          data.symbols.sort(function (a, b) {
+            if (a.score === 0) return 1;
+            if (b.score === 0) return -1;
+            if (b.score < 0 && a.score < 0) {
+              return a.score - b.score;
+            }
+            if (b.score > 0 && a.score > 0) {
+              return b.score - a.score;
+            }
+            return b.score - a.score;
+          })
+          $.each(data.symbols, function (index, value) {
+            var highlightClass = '';
+            if (value.score > 0) highlightClass = 'negative';
+            else if (value.score < 0) highlightClass = 'positive';
+            else highlightClass = 'neutral';
+            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+          });
+          $('[data-bs-toggle="tooltip"]').tooltip();
+        }
+        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+          $.each(data.fuzzy_hashes, function (index, value) {
+            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+          });
+        } else {
+          $('#qid_detail_fuzzy').append('-');
+        }
+        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+          if (data.action == "add header") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+          } else if (data.action == "reject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+          } else if (data.action == "rewrite subject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+          }
+        }
+        if (typeof data.recipients !== 'undefined') {
+          $.each(data.recipients, function(index, value) {
+            var elem = $('<span class="mail-address-item"></span>');
+            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+            $('#qid_detail_recipients').append(elem);
+          });
+        }
+        $('#qid_detail_text').text(data.text_plain);
+        $('#qid_detail_text_from_html').text(data.text_html);
+        var qAtts = $("#qid_detail_atts");
+        if (typeof data.attachments !== 'undefined') {
+          qAtts.text('');
+          $.each(data.attachments, function(index, value) {
+            qAtts.append(
+              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
+              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
+            );
+          });
+        }
+        else {
+          qAtts.text('-');
+        }
+      },
+      error: function(data){
+        if (typeof data.error !== 'undefined') {
+          $('#qid_detail_subj').text('-');
+          $('#qid_detail_hfrom').text('-');
+          $('#qid_detail_efrom').text('-');
+          $('#qid_detail_score').html('-');
+          $('#qid_detail_recipients').html('-');
+          $('#qid_detail_symbols').html('-');
+          $('#qid_detail_fuzzy').html('-');
+          $('#qid_detail_text').text('-');
+          $('#qid_detail_text_from_html').text('-');
+          qError.text("Error loading quarantine item");
+          qError.show();
+        }
+      }
+    });
+  });
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // Initial table drawings
+  draw_quarantine_table();
+
+  function hideTableExpandCollapseBtn(table){
+    if ($(table).hasClass('collapsed'))
+      $(".table_collapse_option").show();
+    else
+      $(".table_collapse_option").hide();
+  }
+});
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index ebebaff8..bc4c7369 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -1,127 +1,128 @@
 jQuery(function($){
 
-    $(".refresh_table").on('click', function(e) {
-      e.preventDefault();
-      var table_name = $(this).data('table');
-      $('#' + table_name).DataTable().ajax.reload();
-    });
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
 
 
-    function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
 
-    // Queue item
-    $('#showQueuedMsg').on('show.bs.modal', function (e) {
-      $('#queue_msg_content').text(lang.loading);
-      button = $(e.relatedTarget)
-      if (button != null) {
-        $('#queue_id').text(button.data('queue-id'));
-      }
-      $.ajax({
-          type: 'GET',
-          url: '/api/v1/get/postcat/' + button.data('queue-id'),
-          dataType: 'text',
-          complete: function (data) {
-            $('#queue_msg_content').text(data.responseText);
-          }
-      });
-    })
-
-    function draw_queue() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#queuetable') ) {
-      $('#queuetable').DataTable().columns.adjust().responsive.recalc();
-      return;
+  // Queue item
+  $('#showQueuedMsg').on('show.bs.modal', function (e) {
+    $('#queue_msg_content').text(lang.loading);
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#queue_id').text(button.data('queue-id'));
     }
+    $.ajax({
+      type: 'GET',
+      url: '/api/v1/get/postcat/' + button.data('queue-id'),
+      dataType: 'text',
+      complete: function (data) {
+        $('#queue_msg_content').text(data.responseText);
+      }
+    });
+  })
 
-    $('#queuetable').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/mailq/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-            rcpts = $.map(item.recipients, function(i) {
-              return escapeHtml(i);
-            });
-            item.recipients = rcpts.join('<hr style="margin:1px!important">');
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
+  function draw_queue() {
+  // just recalc width if instance already exists
+  if ($.fn.DataTable.isDataTable('#queuetable') ) {
+    $('#queuetable').DataTable().columns.adjust().responsive.recalc();
+    return;
+  }
+
+  $('#queuetable').DataTable({
+    responsive: true,
+    processing: true,
+    serverSide: false,
+    stateSave: true,
+    pageLength: pagination_size,
+    dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+         "tr" +
+         "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+    language: lang_datatables,
+    ajax: {
+      type: "GET",
+      url: "/api/v1/get/mailq/all",
+      dataSrc: function(data){
+        $.each(data, function (i, item) {
+          item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+          rcpts = $.map(item.recipients, function(i) {
+            return escapeHtml(i);
+          });
+          item.recipients = rcpts.join('<hr style="margin:1px!important">');
+          item.action = '<div class="btn-group">' +
+            '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
             '</div>';
           });
           return data;
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'QID',
-            data: 'queue_id',
-            defaultContent: ''
-          },
-          {
-            title: 'Queue',
-            data: 'queue_name',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.arrival_time,
-            data: 'arrival_time',
-            defaultContent: '',
-            render: function (data, type){
-              var date = new Date(data ? data * 1000 : 0); 
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-            }
-          },
-          {
-            title: lang_admin.message_size,
-            data: 'message_size',
-            defaultContent: '',
-            render: function (data, type){
-              return humanFileSize(data);
-            }
-          },
-          {
-            title: lang_admin.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.recipients,
-            data: 'recipients',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'QID',
+          data: 'queue_id',
+          defaultContent: ''
+        },
+        {
+          title: 'Queue',
+          data: 'queue_name',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.arrival_time,
+          data: 'arrival_time',
+          defaultContent: '',
+          render: function (data, type){
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang_admin.message_size,
+          data: 'message_size',
+          defaultContent: '',
+          render: function (data, type){
+            return humanFileSize(data);
+          }
+        },
+        {
+          title: lang_admin.sender,
+          data: 'sender',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.recipients,
+          data: 'recipients',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        },
       ]
     });
   }
 
   draw_queue();
 
-})
\ No newline at end of file
+})
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index d1b9780f..d93e692f 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -1,662 +1,667 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-$(document).ready(function() {
-  // Spam score slider
-  var spam_slider = $('#spam_score')[0];
-  if (typeof spam_slider !== 'undefined') {
-    noUiSlider.create(spam_slider, {
-      start: user_spam_score,
-      connect: [true, true, true],
-      range: {
-        'min': [0], //stepsize is 50.000
-        '50%': [10],
-        '70%': [20, 5],
-        '80%': [50, 10],
-        '90%': [100, 100],
-        '95%': [1000, 1000],
-        'max': [5000]
-      },
-    });
-    var connect = spam_slider.querySelectorAll('.noUi-connect');
-    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
-    for (var i = 0; i < connect.length; i++) {
-      connect[i].classList.add(classes[i]);
-    }
-    spam_slider.noUiSlider.on('update', function (values, handle) {
-      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
-      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
-      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
-      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
-    });
-  }
-  // syncjobLogModal
-  $('#syncjobLogModal').on('show.bs.modal', function(e) {
-    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
-    $.ajax({
-      url: '/inc/ajax/syncjob_logs.php',
-      data: { id: syncjob_id },
-      dataType: 'text',
-      success: function(data){
-        $(e.currentTarget).find('#logText').text(data);
-      },
-      error: function(xhr, status, error) {
-        $(e.currentTarget).find('#logText').text(xhr.responseText);
-      }
-    });
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-
-});
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap = {
-  '&': '&amp;',
-  '<': '&lt;',
-  '>': '&gt;',
-  '"': '&quot;',
-  "'": '&#39;',
-  '/': '&#x2F;',
-  '`': '&#x60;',
-  '=': '&#x3D;'
-  };
-  function escapeHtml(string) {
-    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
-      return entityMap[s];
-    });
-  }
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function unix_time_format(tm) {
-    var date = new Date(tm ? tm * 1000 : 0);
-    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-  }
-  acl_data = JSON.parse(acl);
-
-  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
-  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
-
-  function last_logins(action, days = 7) {
-    if (action == 'get') {
-      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
-        jsonp: false,
-        error: function () {
-          console.log('error reading last logins');
-        },
-        success: function (data) {
-          $('.last-login').html();
-          if (data.ui.time) {
-            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
-          } else {
-            $('.last-login').text(lang.no_last_login);
-          }
-          if (data.sasl) {
-            $('.last-login').append('<ul class="list-group">');
-            $.each(data.sasl, function (i, item) {
-              var datetime = new Date(item.datetime.replace(/-/g, "/"));
-              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
-              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
-              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
-              var ip_data = real_rip + ip_location + app_password;
-              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
-            })
-            $('.last-login').append('</ul>');
-          }
-        }
-      })
-    } else if (action == 'reset') {
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
-        jsonp: false,
-        error: function () {
-          console.log('cannot reset last logins');
-        },
-        success: function (data) {
-          last_logins('get');
-        }
-      })
-    }
-  }
-
-  function draw_tla_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#tla_table') ) {
-      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#tla_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/time_limited_aliases",
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (acl_data.spam_alias === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
-              item.address = escapeHtml(item.address);
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled />';
-              item.action = '<span>-</span>';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: lang.alias,
-          data: 'address',
-          defaultContent: ''
-        },
-        {
-          title: lang.alias_valid_until,
-          data: 'validity',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.created_on,
-          data: 'created',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data.replace(/-/g, "/"));
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_sync_job_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
-      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sync_job_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.user1 = escapeHtml(item.user1);
-            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
-            if (!item.exclude > 0) {
-              item.exclude = '-';
-            } else {
-              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
-            }
-            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
-            if (acl_data.syncjobs === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-            if (item.is_running == 1) {
-              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
-            } else {
-              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
-            }
-            if (!item.last_run > 0) {
-              item.last_run = lang.waiting;
-            }
-            if (item.success == null) {
-              item.success = '-';
-              item.exit_status = '';
-            } else {
-              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            }
-            if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
-            } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
-            }
-            item.exit_status = item.success + ' ' + item.exit_status;
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 1
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 2
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: 'Server',
-          data: 'server_w_port',
-          defaultContent: ''
-        },
-        {
-          title: lang.username,
-          data: 'user1',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: lang.last_run,
-          data: 'last_run',
-          defaultContent: ''
-        },
-        {
-          title: lang.syncjob_last_run_result,
-          data: 'exit_status',
-          defaultContent: ''
-        },
-        {
-          title: 'Log',
-          data: 'log',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.status,
-          data: 'is_running',
-          defaultContent: '',
-          responsivePriority: 5
-        },
-        {
-          title: lang.encryption,
-          data: 'enc1',
-          defaultContent: ''
-        },
-        {
-          title: lang.excludes,
-          data: 'exclude',
-          defaultContent: ''
-        },
-        {
-          title: lang.interval + " (min)",
-          data: 'mins_interval',
-          defaultContent: ''
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: '',
-          responsivePriority: 5
-        }
-      ]
-    });
-  }
-  function draw_app_passwd_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
-      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#app_passwd_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/app-passwd/all',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.name = escapeHtml(item.name)
-            item.protocols = []
-            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
-            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
-            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
-            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
-            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
-            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
-            item.protocols = item.protocols.join(" ")
-            if (acl_data.app_passwds === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: ''
-        },
-        {
-          title: lang.app_name,
-          data: 'name',
-          defaultContent: ''
-        },
-        {
-          title: lang.allowed_protocols,
-          data: 'protocols',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_wl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
-      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#wl_policy_mailbox_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_bl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
-      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#bl_policy_mailbox_table').DataTable({
-			responsive: true,
-      processing: true,
-      serverSide: false,
-      stateSave: true,
-      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-           "tr" +
-           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-
-  // Sieve data modal
-  $('#userFilterModal').on('show.bs.modal', function(e) {
-    $('#user_sieve_filter').text(lang.loading);
-    $.ajax({
-      dataType: 'json',
-      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
-      jsonp: false,
-      error: function () {
-        console.log('Cannot get active sieve script');
-      },
-      complete: function (data) {
-        if (data.responseText == '{}') {
-          $('#user_sieve_filter').text(lang.no_active_filter);
-        } else {
-          $('#user_sieve_filter').text(JSON.parse(data.responseText));
-        }
-      }
-    })
-  });
-  $('#userFilterModal').on('hidden.bs.modal', function () {
-    $('#user_sieve_filter').text(lang.loading);
-  });
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-
-  // Load only if the tab is visible
-  onVisible("[id^=tla_table]", () => draw_tla_table());
-  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
-  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
-  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
-  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
-  last_logins('get');
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+$(document).ready(function() {
+  // Spam score slider
+  var spam_slider = $('#spam_score')[0];
+  if (typeof spam_slider !== 'undefined') {
+    noUiSlider.create(spam_slider, {
+      start: user_spam_score,
+      connect: [true, true, true],
+      range: {
+        'min': [0], //stepsize is 50.000
+        '50%': [10],
+        '70%': [20, 5],
+        '80%': [50, 10],
+        '90%': [100, 100],
+        '95%': [1000, 1000],
+        'max': [5000]
+      },
+    });
+    var connect = spam_slider.querySelectorAll('.noUi-connect');
+    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
+    for (var i = 0; i < connect.length; i++) {
+      connect[i].classList.add(classes[i]);
+    }
+    spam_slider.noUiSlider.on('update', function (values, handle) {
+      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
+      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
+      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
+      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
+    });
+  }
+  // syncjobLogModal
+  $('#syncjobLogModal').on('show.bs.modal', function(e) {
+    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
+    $.ajax({
+      url: '/inc/ajax/syncjob_logs.php',
+      data: { id: syncjob_id },
+      dataType: 'text',
+      success: function(data){
+        $(e.currentTarget).find('#logText').text(data);
+      },
+      error: function(xhr, status, error) {
+        $(e.currentTarget).find('#logText').text(xhr.responseText);
+      }
+    });
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+
+});
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#39;',
+  '/': '&#x2F;',
+  '`': '&#x60;',
+  '=': '&#x3D;'
+  };
+  function escapeHtml(string) {
+    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
+      return entityMap[s];
+    });
+  }
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function unix_time_format(tm) {
+    var date = new Date(tm ? tm * 1000 : 0);
+    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+  }
+  acl_data = JSON.parse(acl);
+
+  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
+  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
+
+  function last_logins(action, days = 7) {
+    if (action == 'get') {
+      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
+        jsonp: false,
+        error: function () {
+          console.log('error reading last logins');
+        },
+        success: function (data) {
+          $('.last-login').html();
+          if (data.ui.time) {
+            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
+          } else {
+            $('.last-login').text(lang.no_last_login);
+          }
+          if (data.sasl) {
+            $('.last-login').append('<ul class="list-group">');
+            $.each(data.sasl, function (i, item) {
+              var datetime = new Date(item.datetime.replace(/-/g, "/"));
+              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
+              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
+              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
+              var ip_data = real_rip + ip_location + app_password;
+              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
+            })
+            $('.last-login').append('</ul>');
+          }
+        }
+      })
+    } else if (action == 'reset') {
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
+        jsonp: false,
+        error: function () {
+          console.log('cannot reset last logins');
+        },
+        success: function (data) {
+          last_logins('get');
+        }
+      })
+    }
+  }
+
+  function draw_tla_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#tla_table') ) {
+      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#tla_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/time_limited_aliases",
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (acl_data.spam_alias === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
+              item.address = escapeHtml(item.address);
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled />';
+              item.action = '<span>-</span>';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          defaultContent: ''
+        },
+        {
+          title: lang.alias_valid_until,
+          data: 'validity',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data.replace(/-/g, "/"));
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_sync_job_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
+      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#sync_job_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.user1 = escapeHtml(item.user1);
+            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
+            if (!item.exclude > 0) {
+              item.exclude = '-';
+            } else {
+              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
+            }
+            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
+            if (acl_data.syncjobs === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+            if (item.is_running == 1) {
+              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
+            } else {
+              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
+            }
+            if (!item.last_run > 0) {
+              item.last_run = lang.waiting;
+            }
+            if (item.success == null) {
+              item.success = '-';
+              item.exit_status = '';
+            } else {
+              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
+            }
+            if (lang['syncjob_'+item.exit_status]) {
+              item.exit_status = lang['syncjob_'+item.exit_status];
+            } else if (item.success != '-') {
+              item.exit_status = lang.syncjob_check_log;
+            }
+            item.exit_status = item.success + ' ' + item.exit_status;
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'user1',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.encryption,
+          data: 'enc1',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: ''
+        },
+        {
+          title: lang.interval + " (min)",
+          data: 'mins_interval',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: '',
+          responsivePriority: 5
+        }
+      ]
+    });
+  }
+  function draw_app_passwd_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
+      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#app_passwd_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/app-passwd/all',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name)
+            item.protocols = []
+            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
+            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
+            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
+            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
+            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
+            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
+            item.protocols = item.protocols.join(" ")
+            if (acl_data.app_passwds === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.app_name,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.allowed_protocols,
+          data: 'protocols',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_wl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
+      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#wl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
+      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#bl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+
+  // Sieve data modal
+  $('#userFilterModal').on('show.bs.modal', function(e) {
+    $('#user_sieve_filter').text(lang.loading);
+    $.ajax({
+      dataType: 'json',
+      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
+      jsonp: false,
+      error: function () {
+        console.log('Cannot get active sieve script');
+      },
+      complete: function (data) {
+        if (data.responseText == '{}') {
+          $('#user_sieve_filter').text(lang.no_active_filter);
+        } else {
+          $('#user_sieve_filter').text(JSON.parse(data.responseText));
+        }
+      }
+    })
+  });
+  $('#userFilterModal').on('hidden.bs.modal', function () {
+    $('#user_sieve_filter').text(lang.loading);
+  });
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+
+  // Load only if the tab is visible
+  onVisible("[id^=tla_table]", () => draw_tla_table());
+  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
+  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
+  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
+  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
+  last_logins('get');
+});
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index 863f87e9..33f2422b 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -57,7 +57,7 @@
       </div>
     </div> <!-- /col-md-12 -->
   </div> <!-- /row -->
-</div> 
+</div>
 
 {% include 'modals/admin.twig' %}
 
@@ -66,7 +66,7 @@ var lang = {{ lang_admin|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var admin_username = '{{ mailcow_cc_username }}';
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
-var log_pagination_size = '{{ log_pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
+var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 1e011c8b..006703fb 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -41,7 +41,7 @@
               </div>
               <div class="col-sm-12 col-md-8">
                 <div class="table-responsive" style="margin-top: 10px;">
-                  <table class="table table-striped table-condensed">
+                  <table class="table table-striped table-condensed w-100">
                     <tbody>
                       <tr>
                         <td>Hostname</td>
@@ -59,7 +59,7 @@
                               <span class="text">{{ lang.debug.show_ip }}</span>
                               <div class="spinner-border spinner-border-sm d-none" role="status">
                                 <span class="visually-hidden">Loading...</span>
-                              </div>  
+                              </div>
                             </button>
                           {% else %}
                             <span class="d-block">{{ lang.admin.ip_check_disabled|raw }}</span>
@@ -71,7 +71,7 @@
                         <td class="text-break">
                           <div class="fw-bolder">
                             <p ><a href="#" id="maiclow_version">{{ mailcow_info.version_tag }}</a></p>
-                            <p id="mailcow_update"></p> 
+                            <p id="mailcow_update"></p>
                           </div>
                         </td>
                       </tr>
@@ -198,10 +198,10 @@
                         <i class="bi bi-caret-down-fill caret"></i>
                       </button>
                     </div>
-                  {% endif %}  
+                  {% endif %}
                   </div>
                   {% if containers["solr-mailcow"].State.Running == 1 %}
-                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">    
+                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">
                     <div class="row p-2 pt-4">
                       <div class="col-sm-3">
                         <p><img class="img-responsive" alt="Solr Logo" width="128px" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABlCAYAAAAI2qyuAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAXEUAAFxFAbktYiwAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAABv7SURBVHhe7V0JuBxVlX4JMy6jM4qOC4rp6qWq+jW+ruoXkIjoS1d3EhYXRvNkFHFBYECUAXGAASEOyiLIrigOEpDoACIqwogLiwMSkIghYF4viSFhiUGWCAQIyXuZ/9w+3V3VdXtfee/+33e+16/uqXtv1T2n7j33nnvukIJCP7BjbOzvsgt0O5cyjsymzG9mU8YvcylzIucYT2Ydczt+7xDkGFuR/hf8XplxzHG6d20qauSSkfCSJUOzRWYKCtMBE3uZ/5hxjE9A4K+FEmwuKUFj9Nd1Y9brdwwNzco6xr10DXk8DAX77kTaXEQKx8UoKLz8AGE+D73BcxVC3zBl09HPUz6ZpOHI0kEboXhnrU3H5ogCFRQGHSvmzv17+stf/ZaVA71EppgXFO0Xcp4CYai2LZeKLs2m9BDxKygMHEg4Mynz+kzK2IP+X52KvlEmzI1SPml+kPLB8CyOXmJKxuMnYyvoG7l9Iv9E9yoo9B3Xjg/thC/8cegtnsffFyGcr6TrBWNcJsQNkGPeIjIHkO8yKU9teiSXiryfs1BQ6A8eWhTdBV/3W4qCid/3c9IQ9QAugW2YoGSTeSc6Snn8KTkcKAyf5Ly1iHudi9eNBV4lKqSg0Evk0tF5EN7HPILpmN/l5CEMdY71pDVKjnkFZ0HDqwulPE1QJmneM5E238ZZKih0H3ln+AB8oV/wC6TxOWYhBfmGP702offYknX0t9P9Dy6MvaE9I99Fjrk+50RiomIKCt0EBO7jENzyop6LVqNXYTbiu6YyvR5NpMz/4tuH8PvLMp6WyTFO5awVFLoDfIkXQ9CkygHatuL9c/+BWYfQwyyX8FQlKN1jGxfEX0P3blg879XoTTbJ+JolskUySeNEUae0PkxEvxUUOgoMfd4rZqkkQkgEAV/FrALgfVzGV41gb3yWbx3KYKgm42mWqKfLpqKHU54Fg9/cgHqtp8kFUZCCQidAK9UQrpoCD2H8HrMPUU9SbRhWhVZeOz6+E927A39h/K+R8DRHjrGVejzKM7dP5E3IM1NMQ92WF6ejFRTawoPjsVdA0O72CJ+E0AMcxbcMkVOhjEdGYgiUNlJ861DeMcdlfM2R8SyM8gWUHy0aQllWSPguFgUqKLSDfMrYRyJcPppImnvxLSTkSRmPlBzjRr5NAMr4eylfo+QYT2A4+C7Ki9ZAsk70NhmfUEw8myhUQaFV0PBKJmBuwvDlpXVjY6UFOVw7pJKnCm3LObHS9Cv1JBKeZuiRfHJ4N8qLPH2hbD+V8JTJMdY/OBZ7rShcQaEV7FgyNBtj9iekAsaE9AeYXSDjRJfI+CoJBvO3+BYBKNrNMr5GCHXIToyZGuVDjpIZx7xCxucjxzhbFK6g0CogSP/rEywXQThLBjoBw5fLZHxugnJsJuOZbxnKLtQtGvbIeOsRyr9vrfPOt1A+pBzoOc6V8ckIivRiUbEUFFoCBPcsmXAVKTvfPJpZBSCgv5bxecgxjmd2gXzKvErKV4egHLevTYdex9lQXZteYMykyi4yCgp1UXT3KAJC9JFKoXJTZoHxHmYVgPBnZXxFwlDqIbcTYatOidmkccNd83Z9NWczlEubR0BBpLy1iNZ31NqIQsOgIRL/FPgzBFgmWET4gm9fySvgBLFRSuqnVSYo4L8yuwAUqmmnxIxjXFncUEWgPFHupIy3EZpwzNM4KwWF6kBvEKRZqdtc+70L43q5oQ6h/BOzCZAtIOMrEgR7OeXH7IWNVU06JaJ+F7jzyM83F1GdZbyNEnqRh4uLlQoKVTGRLIzhK/d5QwApAolfuBzzSmYRoB2FUj4QlGkqM987HAP/KTJeGdH9EOST+VaBNRjeNatg1YjWbzhbBQU5MGQS0UMyaWNvviQAwTyzUqCIILReA72GvQJl+BGzCWyA/YB8G3JKLAyfyu70hDUpcwQK+pSMvxWinomzVlDwY82C0JsLgigE5iC+LABBXOwWpiKREyOzCOTmG8fL+cwXK4MqgLdBp0Rjaz41fCDfJiDcWRzjUTl/a4Q65jl7BQU/3EpQdBEvYt0iU3MLExG+uNsedbm4E6oZ3Og9zmEWAbJxoIx1nRIhtFvI3YVvE1i9KLpLxjHXyvjbIRrCqdkshapAb1BaYIOCeJz5eEX9abdAQaFWc3IJuH69h6dAIgAcswhAYQ6U8HkICviU28eLsGr/kZ0hyPfL+Nsmx9iu7BCFqoDg/colMDfx5RIgQN4FwLTXQCdgOOTznEW+HjuFAOWq45RoPDYBG4PZBWg6GUp6l5y/daLVdDzbpVBGk4tSUPAjk6RwOQWhwdf7Qb5cAoTobLdg5dLGMZwkUFgDqexlygHgiqgRKVEQ8siTjcHsAsLtPlnb5aVZwvANBr5x+rqx2Fu5mKHMmPHP/FNBoYyCa3h5oQ2/N7vXGgj5tPFRj4Alh9/HSQIUh9edhyDH/AAnl4BeoJZT4v3r9isLLKEwvDOvlvC2RJmU+TCGeF/c5PLkLYQwMi6nHoovKSiUwTv5HigKEQRyigSekwUecG2EQvp2t4ARMguNaDFd8KSMWyuVjALKkTHs5ivxO+Ydq/Ye2ZlZBUSv5JiXyPibJsdYlU1FP7XD1aPRPviC97HxLPFAQR7iJAUFL/BV9WyOyiZ1i5ME+EsuIrRDkLJ8uYTcgujC0r2pcgA4N6A0PyjyeMgxbnIHfSgCw7ivSvmbINTldjzLfm5lpWeBjXMInsMzVYz/NzOLgoIfEJDS8CefDIv4uG5gyPQbTv8hXyoBaUcU7804RikAXBHVnBJJacjGYLYSYKu0FnwOhOfYDrpudTpSCkVURGa+kULafbL7yGBnNgUFPwqr04WACxh6lPaZF4Gv8ddFGsbwfKkECPTXhKA5xnOVHsEEKMIFRUEsEuyBi+lrziwl4Iv/yWpDsVqEe15AOd9ekx7WOasSKOQP6nYjeKT3EikFeZkgEom8skixmP/r2k3Q/ggWljP4UgklQz0dHeNLJaAHuZLSMAzzecZWOiWSkIJKgeLcgPJ9CDxNub+jR3gyl4qevsoJio1TbhSimujfRHl184RyPcu3KQwq5u0679VG0NpWJF2z/8JJPYHwyHWMZyDwV/OlEvILYxHqYSoNeAKE9DbQY7J93rjn1LIQmpMQ2C9wkgf5VHg+0mu6y7sJ5a3HcO4YWZk0M4e0E4p2UyOEsh/m29vB+E6RyGjYDCY+YASsYwzN+oYRtJfi73X4eyPoZ3rQvhZ/L0cDnwOeY00t8UG6Z2hoiTpjrg4KCmLvKBIU5AlO6hkgVCeDlvO/JYjZLsdYwf96AIVam0uah/C/JRQiJRocV8t4CcryCU7yYCIZnYsy/1YptDJCfqvy6eGDZcew0TmGtFIPnnWye2tRNmn+gbNpDqY2YhqB+IkQ/JuhCJvdDdgMobGfMjT7el2zDo9G93gjZ6/gwiAoCPlY5R3DpyAECHgpCmIRPMP1e5k9AWE9UggfnSEyX9+fL3uQGTOiULCanr34uk9hCHQreoV9K6ePiyAvZFJs2f0N0vWcVX0EAmOvigTjn4Uwr3A3WKcIDb8VtAzkmU6c6RgEBSFMpMyDZLNLlQ6KBDLKi8Ha3Cg6JUJoN1d6/hbxwMLd3gHlWS8RVkFI2w7F+NFaPr1KBvIURjnXgqR5NEpQ5tM5y+oYw0OZocQR+NI/4m6oLtIkhOCqUCj+Zq7CjMagKAgNVXYc7nUTqYZqoTzFUCdl/qVyTaWI3N6RN6HnWC0TVtHjpMxLyO5hdh/W7z2yM5TvXFDVuMHNUDYZ/RhnLcdw2NpND1p/cDdQJWGYtR22xWr8vUYPJk6LBOJHmEF7cVSzFpphK4nr6TBsDj1gfRrDsRNwz6XohX6HfLdU5uUhzd5EeXBVZiwGRUHahVgFx5c/vzAsFXAy9KEcPqdFKMaTGMZ9dc2C6h9MWg0nQx+8NWN2NUu05ZiL8ANCPg7BlwoxhP5p/P0uGeaRyLtaOiSRpiuFAmn2+aQMlWUI0mjmxj6Ub5mRmC4KQj5VsvUQgvD9gj3hFk78/xB6jKNrRTskpYMNcgAUo2bklFYo45gbqtk2QwZsDTTGlLthBIlhlnXU3F384852QMoiytSsh31loh5kxDPrjMN0UZBqoJkwCGRp3wiU4n6yd9yBImQQs1wp8/bifR0nx7yUi/IirI18sDBscgupNUlTtPF4OaRLNxB/S/w1EIBzC+V5hGJ7JBj3eYLOBExnBSnMdhnfg6BTAIZbaLdg1a82Iw8jHsL7ffC3HNanESJ/LS6yDGNOPOiftrWep3ULZukJxJpK0H7OXQ8IxjM0vcwsMwbTWUHyKf0sCPo1E2Pm7nypKoSNkjK+Rsa6TKA7SajT47IZu1lQjl9VNMbWfhnKEc0eI+V01wdDvPt67WrRb0xXBaHTZnPJ3TwboWSgoVY+qR8GxdgoE+ZuEG035uLLMEKJlLshiCCk/87JfYEZtD/uqZNm5aPh0bmcPCMw3W2QWshgyAXFKO1L6RTxkG4T8qYtwT/OOcY55KKC3x9ZkzZ3l7nawzC3r/c2hEW7qfruCoJeYyno50bI3hf/zjjXlJmoIGsWRN8JO+MXbqFujjAMc8y1UIDb8HspeoTToACH0h4V2sjljgXcEDBseS2E8EV3Q0QGZw2iptE23TGTFOTBsdhbs0nzvyHYVc80LHz9yVvXXJlNGTeA//y8ox8HA//A1anou8m5kmbGOMumUHWCgBbz3I0AZSEvxhktmIOCmaAghYM+zZMg+M9guLMVtB49wB15x1iWSRtnkP8WzSpRz1I8HrpdkBLRPpGsE6VA17Sv5TcoV36ADnoLWuEuK0jQvpyTFPqMmaAgFPCBfLNoIXFFg+4szYCUgcL4YJj1CSjiebQoib+VnsJ/rRrFBC/+Ik8jBOPHcZJCnzGTjfRWQLNeHDDioGxKPx/KcHsxCEMtQg9V3e/KCFpXeBohYNd20poBGMdXJxqMG7QGZGr20REtfooesL5Cbv6RgPUZXUu8zzDmdj1uklKQ6qAYW3TwJ3qDT2N4dCGGSndimNZ0dHcM4f6Hs5QDNscyTyMEEh/mpBkFWsk3g9ZBeB8/9i+YSmkK9tsEhPZcnn7uuN3WDQWJBO3FyOvuIpG3NifVw6xhLRGIzME7ClrnmIWNcLdRHnrQuh3pXZtlJGWg6IprUvqncmnjIgj2negdOrFouJrOT+di5MADXgoqN7yWOJiTZgTItR7PfTaInDDL76FZ0ux7IsEEucR0TFG6oSAQ5s+788THoOa+B+opjVD8RJS9ynOfi5Dn80uWdGaHKLnLk0t8Nq0flqP94465HNT5FXTHeGJ1KmpwsdUBm+Msz8Nq9pc4aVpjLr5KRsg6XtesZ9zP3wG6VQ/sNszFtIV+Kkhh+t86A71F7a0JoHYURNgNwitXBIW7G387sp+jJlGk+Ipg2FUBAfm3igdeyknTFhhGDuM5a+11mYIwrscQ6ic0nMA7+rIRsk/EfafBLrkM/9+L9K2S+5isF0DHoqi2epN+KYgZsOaD7yEPXw3qQA8yi06yyiajH86n9K9AiG/CEGoj7Aq5gLdBUMAtFBOYy60PjEF39zysZq3H5Wm7DmIErAMg+M+6n7lEmrUBdsjJ4XCCNvbUfAf8hf0o7rsZ5N8eANJD9nXtbA/oh4IYwcQX/R7dLtJs2pawVOQTju+jByw7FprrOaatE6CFO/LZghH9IQyHTsVX/0YIeFs+WVC4pzNj3hOz6oK21eKBPeNvchbk5GmFQm/pdacnguD9FX8/R8MuZm0K4fDIKITql5X5EuH68tiu897ArE2hxwoyC/mf50ljwvWt+LBcYYZtGpb09eO5Hkoz4ZgfEEqTMn4GwX+EVtgrlcFHjpGjgHGcTXPAV2FpxQu5BZenVS8C5TgMz+b70uP6dZGI/SZmawez0GN8DArhM/YhlPe2svuylwqC3zRRUb5eTr+OtkKImwcTs2hLbjYV3R/Dp5PR0/wUfze4lQP//3T9/t5g2E1B10b3lLycabPdVQ/Y+0G4vMMGzdrWDY9lfc7uISjd/Z6yCnQz9dbM1hB6pSAUS8BzTVy3/6aHEp5zzF9OEEqT1PeDwizGv+1/7PFCbqh4SS/Qghgnv2yh67uH8CyerzoE+CU9EO/aeg/1FhjK3e4uU5QbtM9ilobQIwX5Fb0P9zXwPBoMjnpOdeoGyM7IJaMLs46xDMOkSzBkOoW23NKRzrR7sPLAnb6CDC28LM8CGRrkWSOQ8Byc+HICrYgbWvx3Fc9EW3g/wixdAxnxELzfu8sGTVKwCmapi54oSCVRRJlgvP76QAfB8XovhIJs9Q6NyLPXeAi/f5tPmVdRzN1M0jgy4xj75pxIjBb5KCQRZ9N90FcVL6linG5NRoLWOdTgzPaygVQYQtYJnNx1vDO451t41qdUPuqUp0B8zFITvVYQ6knYEO8LaOEOCnF9o9O7ZJzDvtgMRbor6+j/wtl0FzTNh5clmba0NqKHOb4XPkidQGzX2BtQ76fczwAB+AWSejr5wNuHPTNn5EHNyTXRawUxNevLzNZX5NKRMfQo98qUokjkdwXl+Dl+H7I2HXod39ob4GUdWjkuLRIaaSsU5SY0+rG0hjKoPYseTJxZUe9nIpGRXTm5p0AvcrG7LqCnGpnV6qmCaPYDzU4idBMU9YRc1KEo69BTPJ6lU3Md88pMKvrFtWljb1lghZ4iHEi8Gw2Slb5ML01BYTCMsH4LI/RqNMAluHY2rp2O31+BDXAKudCbgfghwjsWSsWhRbs2dhRGsmb9zVPPBr/a3UAgYL2ehNtdH12L13Xp6aWC4Lo0mHS/US8UUF9Bh7agUb6E3oQW0nwvtS0iAdbse4xg/DvkQt7JrzuU9ShvWfYm8tbl5L6AFNRTp6C1BpdrfiR6qCB/RNK0WvfqKchdAkpyGBr1LrxM30p0h4iiKN5LaxNkP3DRLQH5eGaPIBTSE4x6Ce5FPPG+jFC8pttDDxVkRod47SjMdyTeRsGoIYTfxstegb+d9oYFkQepdVEssIfnnOxGQHsWKvKa7IavUCvQtcRl7rrh3fljMLnQCwXB/1tM039KlELnMDsOm2JYi+8Z1uwPmSHr0xDKo0wtfjSdKBWhma+QvQSNcRFslGvQyHdiuLGBBNfdUDIC/7NmSKx2N2yvwNbxrApDAAbmQHg8jydABuo2wUlS9KQH0ezGD4pR6B12LTT+HjSkgsLcBPKEHvIQ0kOhuQ1N5UEIv+++Vw+OnMRJfUcsFnsFhNztSTxZa9q8Nwoi3w+iMGAYmTOys67FvwAh+LOnAYsUsFY2clQbeB903zdo7jIQyF+768dB8aRQCqLgg9jpR7NQ0n3h1l21VqHFvZ4geNakae41UONrPBcddFp+poB1DCf5oBREoSpEtPmgfZ+nMQv0HWbxgfeXl3ghUD09NrkRROhIO3cdQ/Z5nOSDUhCFmqCvv65Zd3gaNGhPVdvQJU7g9fBaKzlpYKCHhL9buY6avYyTfFAKolAXBdvEyrsbFYJyJyd7EAnEEx6+oJyvnzC1+CJ3HSl8Dif5oBREoSGE59h7oTErHCgTcU4uga55eDS7tcPguwgjYO/rrqNSEIWOAML+c3fDoqF9q+O6PkKbo8o8mvUoJw0MaFuuu46gqlFklIIoNAxDix/oadig9VtOKqGwk6/c00AYttN6CycPBMTCqes5UMczOckHpSAKDYPcTtwNC/viKU5yYzZdd/OR9zCnDQRQp8vd9cOQ60hO8kEpiEIzmI0hk3ttZErmQ0Q9i4sHZB3FSQMBDBU9C5kUpI2TfFAKotAUIOye2SxynOSkEiBEnthO6FF+wkl9R3TO6C6oU3kIqFkv1dpwphREoSlAQf7kblzy3OWkEiAA+7t5IFTPDYodEtWsw911A93NSVIoBVFoCmjcR92NKwv4Vti74t13Yc6xDuLkvgIK7gkFhN7tPzlJCqUgCg2DegE07rZy41ovVdtDjbQfuIUAgnUHJ/UNw2FrN9TFvZYzxTGAq0IpiELDoN137obF1zfDST4YoVHHzUsUDSfezcl9AQSzwg1fhHetCaUgAwLybepFJL12gF7hQk/D1j5slGa8POE/9WD8Vlzvy75rCLaF+ns2iOkhez9OrgqlIAOAsJY4WLiIa/amMIYBfHmgQF66EHjP1t560REjQXvczU+kB+I9jzUrojsW9vK760LGeV1lVQrSZ0ApTsVLKo+LNetx/N2DkwcFs1CvH5XqKMjaSLvzOL0aZlUKJglYr2NjkSHurgNoSg+OvpeTa0IpSJ8BBaG94uWXJcjaMkhRvSmmVmUdaZsuJ9cEHe4CgfAGZobBTuGMmKWrQC+2AALomlggsq7g5LpQCjIAwAs72fPCCkQnuH47Hu9vLCnagkt1cdcN9V3RTARA2UcAz3b1+ND4TszSFaCcPSB8nuB1KHcdhf9hlrpQCjIgwIv6LK3qel6ceHn2WjYme2rc0rZalF0ZrpME7MlIZDTMbA2BbAAI1m8q84po1g8bGKa1BD048l6UUXmQzgsQzncxS0PwKYjc/6wpKAVpETSNipfnWYgrkhCwOkHOOgU6bgGCMOGvh7Wl1TrQEWh4Nn+emvV/MneVNjArEkgcgfdVccCnNUneyMzTMArH49GBoKW8JqNvqx+4ohaUgrQBsae7Yt+Fl6zlaPxPxmJjHQ1YLcLhhOIfhmLcKS1XszbXcuprBBQ8Dvn7I6Zo1uN6wP4YWNrqJUX+/kOIQNakGUwcwmxNA3n80Z0fnuE4TmoJSkHaxyxDSxyMF1k1Hi/StuDFXodh2WF8fl3TwhWNju5iBu1x5EHHKlcvS7MfMAJzo3xbW9B16+0Q2JXScqCctB0WbE0F1aYeCHmeA3rel69mvdju1DIJsDtPvI9nYnPsGCdLEQvEqkakVArSIVBXjsb4ptQ2qaTC9PAvhd2gWSfga/8ZCP9iI2wdEC4clXwoBPAkPWR9C79vBs9jpXurEMreijy+3mlHQ3KRp22usjIFafYaPRj/uqmNLiqEPvUY87PI10vsfZ8jQhNRwDvpkcl4b+t1Lb4n39cywuHd34E6eYLq4V0+jWunGKFEKkrnj9BmMjFlb/0Q6WtBNLEhna5XCtJh0HFceKnfx8uvmK7sDqGsbaZmX9XtY8AovjDK82yukpP1PIT9cSjsJiGY9YN3k3AupWATXFTbQLmVaymNkDSkqFKQLoGGUpGgfTZe8EbPC+4UafFHIIhn9vLIYfIGpl6toV6yAcK7+Z0Rst7D2XcSs2nWTVZmdbIm9UDCdy64UpAug2ZWCt164gx06/fgBbtnWRomNNQTuPfXES1+SiQwOm9oaEnvDmOsQOEA08QZqJN0Fq8OPY8v/LUYVjZ8OGdrWDLbLCya+s5h95Nok7vRC7+fby5BKUiPQeE+zeDICPlGURhN9DJfZVvjcijQMnydL6PogRjSnGwER8gWSfPUal8cB2tjyWzy+kUdT4Lg3ADKg9zj/yk80yYMt+7E81xAdlavQ5vSDkTU6aOgM+g4BROE+pyH9/wfZO+R9wC1CbP7QDOVtE+/SDRxwUkKHgwN/T/fvy7K4dvMgwAAAABJRU5ErkJggg==" /></p>
@@ -238,10 +238,10 @@
                         <canvas class="d-none" id="solr-mailcow_NetIOChart" width="400" height="200"></canvas>
                       </div>
                       <div class="col-sm-12 d-flex" style="height: 40px">
-                        <a href data-bs-toggle="modal" 
-                          data-container="solr-mailcow" 
-                          data-bs-target="#RestartContainer" 
-                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto" 
+                        <a href data-bs-toggle="modal"
+                          data-container="solr-mailcow"
+                          data-bs-target="#RestartContainer"
+                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
                           style="height: 30px;">{{ lang.debug.restart_container }}
                             <i class="ms-1 bi
                             {% if containers["solr-mailcow"].State.Running == 1 %}
@@ -255,7 +255,7 @@
                           ></i>
                         </a>
                       </div>
-                    </div>                  
+                    </div>
                   </div>
                   {% endif %}
                 </div>
@@ -291,8 +291,8 @@
                           </button>
                         </div>
                       </div>
-                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">   
-                        <div class="row p-2 pt-4">   
+                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">
+                        <div class="row p-2 pt-4">
                           <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
                             <h6>Disk I/O</h6>
                             <div class="spinner-border my-4 mx-auto" role="status">
@@ -306,12 +306,12 @@
                               <span class="visually-hidden">Loading...</span>
                             </div>
                             <canvas class="d-none" id="{{ container }}_NetIOChart" width="400" height="200"></canvas>
-                          </div>   
-                          <div class="col-12 d-flex" style="height: 40px">             
-                            <a href data-bs-toggle="modal" 
-                              data-container="{{ container }}" 
-                              data-bs-target="#RestartContainer" 
-                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto" 
+                          </div>
+                          <div class="col-12 d-flex" style="height: 40px">
+                            <a href data-bs-toggle="modal"
+                              data-container="{{ container }}"
+                              data-bs-target="#RestartContainer"
+                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
                               style="height: 30px;">{{ lang.debug.restart_container }}
                                 <i class="ms-1 bi
                                 {% if container_info.State.Running == 1 %}
@@ -340,7 +340,7 @@
         <div class="debug-log-info">{{ lang.debug.log_info|format(log_lines+1)|raw }}</div>
         <div class="card">
           <div class="card-header d-flex align-items-center fs-5">
-            <span class="mt-2 ms-2">Postfix</span>      
+            <span class="mt-2 ms-2">Postfix</span>
             <div class="btn-group ms-auto">
               <button class="btn btn-sm btn-secondary refresh_table" data-draw="draw_postfix_logs" data-table="postfix_log">{{ lang.admin.refresh }}</button>
             </div>
@@ -627,6 +627,6 @@
   var lang_debug = {{ lang_debug|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var log_pagination_size = '{{ log_pagination_size }}';
+  var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/domainadmin.twig b/data/web/templates/domainadmin.twig
index 56f5e75f..070bf00c 100644
--- a/data/web/templates/domainadmin.twig
+++ b/data/web/templates/domainadmin.twig
@@ -46,7 +46,7 @@
       <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
       <div class="col-sm-9 col-7">
         <div class="table-responsive">
-          <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+          <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
             <tr>
               <th>ID</th>
               <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
diff --git a/data/web/templates/edit.twig b/data/web/templates/edit.twig
index 29f36435..af83a31d 100644
--- a/data/web/templates/edit.twig
+++ b/data/web/templates/edit.twig
@@ -26,7 +26,7 @@
   var lang_user = {{ lang_user|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index d1044288..1312441c 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -58,7 +58,7 @@
   var lang_rl = {{ lang_rl|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var role = '{{ role }}';
   var is_dual = {{ is_dual }};
   var ALLOW_ADMIN_EMAIL_LOGIN = {{ allow_admin_email_login }};
diff --git a/data/web/templates/quarantine.twig b/data/web/templates/quarantine.twig
index 5ff7fe66..79b5ea16 100644
--- a/data/web/templates/quarantine.twig
+++ b/data/web/templates/quarantine.twig
@@ -37,7 +37,7 @@
           </p>
           {% endif %}
         </p>
-        <table id="quarantinetable" class="table table-striped"></table>
+        <table id="quarantinetable" class="table table-striped w-100"></table>
         <div class="mass-actions-quarantine mt-4">
           <div class="btn-group" data-acl="{{ acl.quarantine }}">
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
@@ -66,7 +66,7 @@ var acl = '{{ acl_json|raw }}';
 var lang = {{ lang_quarantine|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
 var role = '{{ role }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/queue.twig b/data/web/templates/queue.twig
index 1a5d4ff9..e843c18e 100644
--- a/data/web/templates/queue.twig
+++ b/data/web/templates/queue.twig
@@ -55,7 +55,7 @@
   var lang = {{ lang_queue|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/user_domainadmin_common.twig b/data/web/templates/user_domainadmin_common.twig
index 8a7ace39..64a2205d 100644
--- a/data/web/templates/user_domainadmin_common.twig
+++ b/data/web/templates/user_domainadmin_common.twig
@@ -4,7 +4,7 @@
   var acl = '{{ acl_json|raw }}';
   var lang = {{ lang_user|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var mailcow_cc_username = '{{ mailcow_cc_username }}';
   var user_spam_score = [{{ user_spam_score }}];
   var lang_datatables = {{ lang_datatables|raw }};

From 5bf62481d51d0dcd7b8202f65fc73d2e6d349f93 Mon Sep 17 00:00:00 2001
From: Kristian Feldsam <feldsam@gmail.com>
Date: Fri, 6 Jan 2023 19:25:23 +0100
Subject: [PATCH 21/42] [Web] Implemented SSO for domain admins

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

Revert "[Web] Implemented SSO for domain admins"

This reverts commit 6860dc8ebe2c8f53d77df5bca7787f7cb3bb4ee0.

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
---
 data/web/api/openapi.yaml                   |   38 +-
 data/web/inc/functions.domain_admin.inc.php |  875 +++---
 data/web/inc/init_db.inc.php                | 2731 ++++++++++---------
 data/web/inc/sessions.inc.php               |  280 +-
 data/web/inc/triggers.inc.php               |   15 +-
 data/web/json_api.php                       |   12 +
 6 files changed, 2041 insertions(+), 1910 deletions(-)

diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 6310aa58..5e07c4b3 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -699,6 +699,38 @@ paths:
                   type: string
               type: object
       summary: Create Domain Admin user
+  /api/v1/add/sso/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
+          description: OK
+          headers: { }
+      tags:
+        - Single Sign-On
+      description: >-
+        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
+        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
+      operationId: Issue Domain Admin SSO token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: testadmin
+              properties:
+                username:
+                  description: the username for the admin user
+                  type: object
+              type: object
+      summary: Issue Domain Admin SSO token
   /api/v1/edit/da-acl:
     post:
       responses:
@@ -1999,7 +2031,7 @@ paths:
                 - domain.tld
                 - domain2.tld
               properties:
-                items: 
+                items:
                   type: array
                   items:
                     type: string
@@ -2993,7 +3025,7 @@ paths:
             application/json:
               schema:
                 type: array
-                items: 
+                items:
                   type: object
                   properties:
                     log:
@@ -5586,6 +5618,8 @@ tags:
     description: Manage DKIM keys
   - name: Domain admin
     description: Create or udpdate domain admin users
+  - name: Single Sign-On
+    description: Issue tokens for users
   - name: Address Rewriting
     description: Create BCC maps or recipient maps
   - name: Outgoing TLS Policy Map Overrides
diff --git a/data/web/inc/functions.domain_admin.inc.php b/data/web/inc/functions.domain_admin.inc.php
index 804c0f83..bb88ea34 100644
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -1,407 +1,468 @@
-<?php
-function domain_admin($_action, $_data = null) {
-  global $pdo;
-  global $lang;
-  $_data_log = $_data;
-  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
-  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
-  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
-  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
-  switch ($_action) {
-    case 'add':
-      $username		= strtolower(trim($_data['username']));
-      $password		= $_data['password'];
-      $password2  = $_data['password2'];
-      $domains    = (array)$_data['domains'];
-      $active     = intval($_data['active']);
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      if (empty($domains)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'domain_invalid'
-        );
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('username_invalid', $username)
-        );
-        return false;
-      }
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      foreach ($num_results as $num_results_each) {
-        if ($num_results_each != 0) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('object_exists', htmlspecialchars($username))
-          );
-          return false;
-        }
-      }
-      if (password_check($password, $password2) !== true) {
-        continue;
-      }
-      $password_hashed = hash_password($password);
-      $valid_domains = 0;
-      foreach ($domains as $domain) {
-        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_invalid', htmlspecialchars($domain))
-          );
-          continue;
-        }
-        $valid_domains++;
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-            VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
-        ));
-      }
-      if ($valid_domains != 0) {
-        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
-          VALUES (:username, :password_hashed, '0', :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':password_hashed' => $password_hashed,
-          ':active' => $active
-        ));
-      }
-      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
-      $stmt->execute(array(
-        ':username' => $username
-      ));
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => array('domain_admin_added', htmlspecialchars($username))
-      );
-    break;
-    case 'edit':
-      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      // Administrator
-      if ($_SESSION['mailcow_cc_role'] == "admin") {
-        if (!is_array($_data['username'])) {
-          $usernames = array();
-          $usernames[] = $_data['username'];
-        }
-        else {
-          $usernames = $_data['username'];
-        }
-        foreach ($usernames as $username) {
-          $is_now = domain_admin('details', $username);
-          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
-          if (!empty($is_now)) {
-            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
-            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
-            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
-          }
-          else {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => 'access_denied'
-            );
-            continue;
-          }
-          $password     = $_data['password'];
-          $password2    = $_data['password2'];
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-                $_SESSION['return'][] = array(
-                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_data_log),
-                  'msg' => array('domain_invalid', htmlspecialchars($domain))
-                );
-                continue 2;
-              }
-            }
-          }
-          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => array('username_invalid', $username_new)
-            );
-            continue;
-          }
-          if ($username_new != $username) {
-            if (!empty(domain_admin('details', $username_new)['username'])) {
-              $_SESSION['return'][] = array(
-                'type' => 'danger',
-                'log' => array(__FUNCTION__, $_action, $_data_log),
-                'msg' => array('username_invalid', $username_new)
-              );
-              continue;
-            }
-          }
-          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username' => $username,
-          ));
-          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username_new' => $username_new,
-            ':username' => $username
-          ));
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-                VALUES (:username_new, :domain, :created, :active)");
-              $stmt->execute(array(
-                ':username_new' => $username_new,
-                ':domain' => $domain,
-                ':created' => date('Y-m-d H:i:s'),
-                ':active' => $active
-              ));
-            }
-          }
-          if (!empty($password)) {
-            if (password_check($password, $password2) !== true) {
-              return false;
-            }
-            $password_hashed = hash_password($password);
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-            $stmt->execute(array(
-              ':password_hashed' => $password_hashed,
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          else {
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
-            $stmt->execute(array(
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          $_SESSION['return'][] = array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_admin_modified', htmlspecialchars($username))
-          );
-        }
-        return true;
-      }
-      // Domain administrator
-      // Can only edit itself
-      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
-        $username = $_SESSION['mailcow_cc_username'];
-        $password_old		= $_data['user_old_pass'];
-        $password_new	= $_data['user_new_pass'];
-        $password_new2	= $_data['user_new_pass2'];
-
-        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-            WHERE `username` = :user");
-        $stmt->execute(array(':user' => $username));
-        $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!verify_hash($row['password'], $password_old)) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'access_denied'
-          );
-          return false;
-        }
-        if (password_check($password_new, $password_new2) !== true) {
-          return false;
-        }
-        $password_hashed = hash_password($password_new);
-        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
-        $stmt->execute(array(
-          ':password_hashed' => $password_hashed,
-          ':username' => $username
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_modified', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $usernames = (array)$_data['username'];
-      foreach ($usernames as $username) {
-        if (empty(domain_admin('details', $username))) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('username_invalid', $username)
-          );
-          continue;
-        }
-        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_removed', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'get':
-      $domainadmins = array();
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $stmt = $pdo->query("SELECT DISTINCT
-        `username`
-          FROM `domain_admins`
-            WHERE `username` IN (
-              SELECT `username` FROM `admin`
-                WHERE `superadmin`!='1'
-            )");
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while ($row = array_shift($rows)) {
-        $domainadmins[] = $row['username'];
-      }
-      return $domainadmins;
-    break;
-    case 'details':
-      $domainadmindata = array();
-      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
-        return false;
-      }
-      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
-        return false;
-      }
-      $stmt = $pdo->prepare("SELECT
-        `tfa`.`active` AS `tfa_active`,
-        `domain_admins`.`username`,
-        `domain_admins`.`created`,
-        `domain_admins`.`active` AS `active`
-          FROM `domain_admins`
-          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
-            WHERE `domain_admins`.`username`= :domain_admin");
-      $stmt->execute(array(
-        ':domain_admin' => $_data
-      ));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if (empty($row)) {
-        return false;
-      }
-      $domainadmindata['username'] = $row['username'];
-      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['active'] = $row['active'];
-      $domainadmindata['active_int'] = $row['active'];
-      $domainadmindata['created'] = $row['created'];
-      // GET SELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['selected_domains'][] = $row['domain'];
-      }
-      // GET UNSELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` NOT IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['unselected_domains'][] = $row['domain'];
-      }
-      if (!isset($domainadmindata['unselected_domains'])) {
-        $domainadmindata['unselected_domains'] = "";
-      }
-
-      return $domainadmindata;
-    break;
-  }
-}
+<?php
+function domain_admin($_action, $_data = null) {
+  global $pdo;
+  global $lang;
+  $_data_log = $_data;
+  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
+  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
+  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
+  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
+  switch ($_action) {
+    case 'add':
+      $username		= strtolower(trim($_data['username']));
+      $password		= $_data['password'];
+      $password2  = $_data['password2'];
+      $domains    = (array)$_data['domains'];
+      $active     = intval($_data['active']);
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      if (empty($domains)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'domain_invalid'
+        );
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('username_invalid', $username)
+        );
+        return false;
+      }
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      foreach ($num_results as $num_results_each) {
+        if ($num_results_each != 0) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('object_exists', htmlspecialchars($username))
+          );
+          return false;
+        }
+      }
+      if (password_check($password, $password2) !== true) {
+        continue;
+      }
+      $password_hashed = hash_password($password);
+      $valid_domains = 0;
+      foreach ($domains as $domain) {
+        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_invalid', htmlspecialchars($domain))
+          );
+          continue;
+        }
+        $valid_domains++;
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+            VALUES (:username, :domain, :created, :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':domain' => $domain,
+          ':created' => date('Y-m-d H:i:s'),
+          ':active' => $active
+        ));
+      }
+      if ($valid_domains != 0) {
+        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+          VALUES (:username, :password_hashed, '0', :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':password_hashed' => $password_hashed,
+          ':active' => $active
+        ));
+      }
+      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $_data_log),
+        'msg' => array('domain_admin_added', htmlspecialchars($username))
+      );
+    break;
+    case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      // Administrator
+      if ($_SESSION['mailcow_cc_role'] == "admin") {
+        if (!is_array($_data['username'])) {
+          $usernames = array();
+          $usernames[] = $_data['username'];
+        }
+        else {
+          $usernames = $_data['username'];
+        }
+        foreach ($usernames as $username) {
+          $is_now = domain_admin('details', $username);
+          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
+          if (!empty($is_now)) {
+            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
+            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
+          }
+          else {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => 'access_denied'
+            );
+            continue;
+          }
+          $password     = $_data['password'];
+          $password2    = $_data['password2'];
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+                $_SESSION['return'][] = array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $_action, $_data_log),
+                  'msg' => array('domain_invalid', htmlspecialchars($domain))
+                );
+                continue 2;
+              }
+            }
+          }
+          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => array('username_invalid', $username_new)
+            );
+            continue;
+          }
+          if ($username_new != $username) {
+            if (!empty(domain_admin('details', $username_new)['username'])) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_data_log),
+                'msg' => array('username_invalid', $username_new)
+              );
+              continue;
+            }
+          }
+          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username' => $username,
+          ));
+          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username_new' => $username_new,
+            ':username' => $username
+          ));
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+                VALUES (:username_new, :domain, :created, :active)");
+              $stmt->execute(array(
+                ':username_new' => $username_new,
+                ':domain' => $domain,
+                ':created' => date('Y-m-d H:i:s'),
+                ':active' => $active
+              ));
+            }
+          }
+          if (!empty($password)) {
+            if (password_check($password, $password2) !== true) {
+              return false;
+            }
+            $password_hashed = hash_password($password);
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+            $stmt->execute(array(
+              ':password_hashed' => $password_hashed,
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          else {
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
+            $stmt->execute(array(
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_admin_modified', htmlspecialchars($username))
+          );
+        }
+        return true;
+      }
+      // Domain administrator
+      // Can only edit itself
+      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
+        $username = $_SESSION['mailcow_cc_username'];
+        $password_old		= $_data['user_old_pass'];
+        $password_new	= $_data['user_new_pass'];
+        $password_new2	= $_data['user_new_pass2'];
+
+        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+            WHERE `username` = :user");
+        $stmt->execute(array(':user' => $username));
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (!verify_hash($row['password'], $password_old)) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => 'access_denied'
+          );
+          return false;
+        }
+        if (password_check($password_new, $password_new2) !== true) {
+          return false;
+        }
+        $password_hashed = hash_password($password_new);
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
+        $stmt->execute(array(
+          ':password_hashed' => $password_hashed,
+          ':username' => $username
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_modified', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'delete':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $usernames = (array)$_data['username'];
+      foreach ($usernames as $username) {
+        if (empty(domain_admin('details', $username))) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('username_invalid', $username)
+          );
+          continue;
+        }
+        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_removed', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'get':
+      $domainadmins = array();
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $stmt = $pdo->query("SELECT DISTINCT
+        `username`
+          FROM `domain_admins`
+            WHERE `username` IN (
+              SELECT `username` FROM `admin`
+                WHERE `superadmin`!='1'
+            )");
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while ($row = array_shift($rows)) {
+        $domainadmins[] = $row['username'];
+      }
+      return $domainadmins;
+    break;
+    case 'details':
+      $domainadmindata = array();
+      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
+        return false;
+      }
+      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
+        return false;
+      }
+      $stmt = $pdo->prepare("SELECT
+        `tfa`.`active` AS `tfa_active`,
+        `domain_admins`.`username`,
+        `domain_admins`.`created`,
+        `domain_admins`.`active` AS `active`
+          FROM `domain_admins`
+          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
+            WHERE `domain_admins`.`username`= :domain_admin");
+      $stmt->execute(array(
+        ':domain_admin' => $_data
+      ));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if (empty($row)) {
+        return false;
+      }
+      $domainadmindata['username'] = $row['username'];
+      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['active'] = $row['active'];
+      $domainadmindata['active_int'] = $row['active'];
+      $domainadmindata['created'] = $row['created'];
+      // GET SELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['selected_domains'][] = $row['domain'];
+      }
+      // GET UNSELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` NOT IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['unselected_domains'][] = $row['domain'];
+      }
+      if (!isset($domainadmindata['unselected_domains'])) {
+        $domainadmindata['unselected_domains'] = "";
+      }
+
+      return $domainadmindata;
+    break;
+  }
+}
+function domain_admin_sso($_action, $_data) {
+  global $pdo;
+
+  switch ($_action) {
+    case 'check':
+      $token = $_data;
+
+      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `da_sso` AS `t1` JOIN `admin` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL '30' SECOND) AND `t2`.`active` = 1 AND `t2`.`superadmin` = 0;");
+      $stmt->execute(array(
+        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token)
+      ));
+      $return = $stmt->fetch(PDO::FETCH_ASSOC);
+      return empty($return['username']) ? false : $return['username'];
+    case 'issue':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $username = $_data['username'];
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      if ($num_results < 1) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => array('object_doesnt_exist', htmlspecialchars($username))
+        );
+        return false;
+      }
+
+      $token = implode('-', array(
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3)))
+      ));
+
+      $stmt = $pdo->prepare("INSERT INTO `da_sso` (`username`, `token`)
+            VALUES (:username, :token)");
+      $stmt->execute(array(
+        ':username' => $username,
+        ':token' => $token
+      ));
+
+      // perform cleanup
+      $pdo->query("DELETE FROM `da_sso` WHERE created < DATE_SUB(NOW(), INTERVAL '30' SECOND);");
+
+      return ['token' => $token];
+    break;
+  }
+}
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index e781f944..9fc9234e 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1,230 +1,230 @@
-<?php
-function init_db_schema() {
-  try {
-    global $pdo;
-
-    $db_version = "23122022_1445";
-
-    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
-      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
-        return true;
-      }
-      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
-        $_SESSION['return'][] = array(
-          'type' => 'warning',
-          'log' => array(__FUNCTION__),
-          'msg' => 'Database not initialized: not running db_init on slave.'
-        );
-        return true;
-      }
-    }
-
-    $views = array(
-      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
-        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
-        WHERE address!=goto
-        AND active = '1'
-        AND sogo_visible = '1'
-        AND address NOT LIKE '@%'
-        GROUP BY goto;",
-      // START
-      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
-      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
-      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%'
-        GROUP BY logged_in_as;",
-      // END 
-      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%' AND external = '1'
-        GROUP BY logged_in_as;",
-      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
-        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
-        LEFT OUTER JOIN alias_domain ON target_domain=domain
-        GROUP BY username;",
-      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'prefilter';",
-      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'postfilter';"
-    );
-
-    $tables = array(
-      "versions" => array(
-        "cols" => array(
-          "application" => "VARCHAR(255) NOT NULL",
-          "version" => "VARCHAR(100) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("application")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "admin" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "fido2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "friendlyName" => "VARCHAR(255)",
-          "rpId" => "VARCHAR(255) NOT NULL",
-          "credentialPublicKey" => "TEXT NOT NULL",
-          "certificateChain" => "TEXT",
-          // Can be null for format "none"
-          "certificate" => "TEXT",
-          "certificateIssuer" => "VARCHAR(255)",
-          "certificateSubject" => "VARCHAR(255)",
-          "signatureCounter" => "INT",
-          "AAGUID" => "BLOB",
-          "credentialId" => "BLOB NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "_sogo_static_view" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "c_cn" => "VARCHAR(255)",
-          "mail" => "VARCHAR(255) NOT NULL",
-          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
-          "aliases" => "TEXT NOT NULL",
-          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "relayhosts" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "hostname" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "hostname" => array("hostname")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "transports" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "destination" => "VARCHAR(255) NOT NULL",
-          "nexthop" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "destination" => array("destination"),
-            "nexthop" => array("nexthop"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "private_comment" => "TEXT",
-          "public_comment" => "TEXT",
-          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "address" => array("address")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "api" => array(
-        "cols" => array(
-          "api_key" => "VARCHAR(255) NOT NULL",
-          "allow_from" => "VARCHAR(512) NOT NULL",
-          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("api_key")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sender_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "logged_in_as" => "VARCHAR(255) NOT NULL",
-          "send_as" => "VARCHAR(255) NOT NULL",
-          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
+<?php
+function init_db_schema() {
+  try {
+    global $pdo;
+
+    $db_version = "06012023_1924";
+
+    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
+      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
+        return true;
+      }
+      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
+        $_SESSION['return'][] = array(
+          'type' => 'warning',
+          'log' => array(__FUNCTION__),
+          'msg' => 'Database not initialized: not running db_init on slave.'
+        );
+        return true;
+      }
+    }
+
+    $views = array(
+      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
+        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
+        WHERE address!=goto
+        AND active = '1'
+        AND sogo_visible = '1'
+        AND address NOT LIKE '@%'
+        GROUP BY goto;",
+      // START
+      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
+      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
+      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%'
+        GROUP BY logged_in_as;",
+      // END
+      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%' AND external = '1'
+        GROUP BY logged_in_as;",
+      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
+        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
+        LEFT OUTER JOIN alias_domain ON target_domain=domain
+        GROUP BY username;",
+      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'prefilter';",
+      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'postfilter';"
+    );
+
+    $tables = array(
+      "versions" => array(
+        "cols" => array(
+          "application" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(100) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("application")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "admin" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "fido2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "friendlyName" => "VARCHAR(255)",
+          "rpId" => "VARCHAR(255) NOT NULL",
+          "credentialPublicKey" => "TEXT NOT NULL",
+          "certificateChain" => "TEXT",
+          // Can be null for format "none"
+          "certificate" => "TEXT",
+          "certificateIssuer" => "VARCHAR(255)",
+          "certificateSubject" => "VARCHAR(255)",
+          "signatureCounter" => "INT",
+          "AAGUID" => "BLOB",
+          "credentialId" => "BLOB NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "_sogo_static_view" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "c_cn" => "VARCHAR(255)",
+          "mail" => "VARCHAR(255) NOT NULL",
+          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
+          "aliases" => "TEXT NOT NULL",
+          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "relayhosts" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "hostname" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "hostname" => array("hostname")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "transports" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "destination" => "VARCHAR(255) NOT NULL",
+          "nexthop" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "destination" => array("destination"),
+            "nexthop" => array("nexthop"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "private_comment" => "TEXT",
+          "public_comment" => "TEXT",
+          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "address" => array("address")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "api" => array(
+        "cols" => array(
+          "api_key" => "VARCHAR(255) NOT NULL",
+          "allow_from" => "VARCHAR(512) NOT NULL",
+          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("api_key")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sender_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "logged_in_as" => "VARCHAR(255) NOT NULL",
+          "send_as" => "VARCHAR(255) NOT NULL",
+          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "templates" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
@@ -241,1074 +241,1087 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "domain" => array(
-        // Todo: Move some attributes to json
-        "cols" => array(
-          "domain" => "VARCHAR(255) NOT NULL",
-          "description" => "VARCHAR(255)",
-          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
-          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
-          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
-          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
-          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_domain" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_domain" => array(
-              "col" => "domain",
-              "ref" => "domain.domain",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tls_policy_override" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "dest" => "VARCHAR(255) NOT NULL",
-          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
-          "parameters" => "VARCHAR(255) DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "dest" => array("dest")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quarantine" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "qid" => "VARCHAR(30) NOT NULL",
-          "subject" => "VARCHAR(500)",
-          "score" => "FLOAT(8,2)",
-          "ip" => "VARCHAR(50)",
-          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
-          "symbols" => "JSON",
-          "fuzzy_hashes" => "JSON",
-          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-          "rcpt" => "VARCHAR(255)",
-          "msg" => "LONGTEXT",
-          "domain" => "VARCHAR(255)",
-          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "mailbox" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "name" => "VARCHAR(255)",
-          "description" => "VARCHAR(255)",
-          // mailbox_path_prefix is followed by domain/local_part/
-          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "local_part" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "key" => array(
-            "domain" => array("domain"),
-            "kind" => array("kind")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_mailbox" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_mailbox" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sieve_filters" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "script_desc" => "VARCHAR(255) NOT NULL",
-          "script_name" => "ENUM('active','inactive')",
-          "script_data" => "TEXT NOT NULL",
-          "filter_type" => "ENUM('postfilter','prefilter')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "script_desc" => array("script_desc")
-          ),
-          "fkey" => array(
-            "fk_username_sieve_global_before" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "app_passwd" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "name" => "VARCHAR(255) NOT NULL",
-          "mailbox" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "mailbox" => array("mailbox"),
-            "password" => array("password"),
-            "domain" => array("domain"),
-          ),
-          "fkey" => array(
-            "fk_username_app_passwd" => array(
-              "col" => "mailbox",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "user_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          // quarantine is for quarantine actions, todo: rename
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "fkey" => array(
-            "fk_username" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias_domain" => array(
-        "cols" => array(
-          "alias_domain" => "VARCHAR(255) NOT NULL",
-          "target_domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("alias_domain")
-          ),
-          "key" => array(
-            "active" => array("active"),
-            "target_domain" => array("target_domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "spamalias" => array(
-        "cols" => array(
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "validity" => "INT(11)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("address")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "filterconf" => array(
-        "cols" => array(
-          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
-          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("prefid")
-          ),
-          "key" => array(
-            "object" => array("object")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "settingsmap" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "desc" => "VARCHAR(255) NOT NULL",
-          "content" => "LONGTEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "logs" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
-          "type" => "VARCHAR(32) DEFAULT ''",
-          "msg" => "TEXT",
-          "call" => "TEXT",
-          "user" => "VARCHAR(64) NOT NULL",
-          "role" => "VARCHAR(32) NOT NULL",
-          "remote" => "VARCHAR(39) NOT NULL",
-          "time" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sasl_log" => array(
-        "cols" => array(
-          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
-          "app_password" => "INT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "real_rip" => "VARCHAR(64) NOT NULL",
-          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("service", "real_rip", "username")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "service" => array("service"),
-            "datetime" => array("datetime"),
-            "real_rip" => array("real_rip")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2replica" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "domain_admins" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "da_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "imapsync" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "user2" => "VARCHAR(255) NOT NULL",
-          "host1" => "VARCHAR(255) NOT NULL",
-          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
-          "regextrans2" => "VARCHAR(255) DEFAULT ''",
-          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
-          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "user1" => "VARCHAR(255) NOT NULL",
-          "password1" => "VARCHAR(255) NOT NULL",
-          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
-          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
-          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
-          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
-          "port1" => "SMALLINT UNSIGNED NOT NULL",
-          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
-          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
-          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
-          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
-          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "returned_text" => "LONGTEXT",
-          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
-          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
-          "exit_status" => "VARCHAR(50) DEFAULT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "bcc_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "local_dest" => "VARCHAR(255) NOT NULL",
-          "bcc_dest" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "type" => "ENUM('sender','rcpt')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("local_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "recipient_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "old_dest" => "VARCHAR(255) NOT NULL",
-          "new_dest" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("old_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tfa" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "key_id" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
-          "secret" => "VARCHAR(255) DEFAULT NULL",
-          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
-          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
-          "counter" => "INT NOT NULL DEFAULT '0'",
-          "certificate" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "forwarding_hosts" => array(
-        "cols" => array(
-          "host" => "VARCHAR(255) NOT NULL",
-          "source" => "VARCHAR(255) NOT NULL",
-          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("host")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_folder_id" => "INT NOT NULL",
-          "c_object" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_role" => "VARCHAR(80) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
-            "sogo_acl_c_uid_idx" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_alarms_folder" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_recurrence_id" => "INT(11) DEFAULT NULL",
-          "c_alarm_number" => "INT(11) NOT NULL",
-          "c_alarm_date" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_cache_folder" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
-          "c_type" => "TINYINT(3) unsigned NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastmodified" => "INT(11) NOT NULL",
-          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
-          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
-          "c_content" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid", "c_path")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_folder_info" => array(
-        "cols" => array(
-          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_path1" => "VARCHAR(255) NOT NULL",
-          "c_path2" => "VARCHAR(255) DEFAULT NULL",
-          "c_path3" => "VARCHAR(255) DEFAULT NULL",
-          "c_path4" => "VARCHAR(255) DEFAULT NULL",
-          "c_foldername" => "VARCHAR(255) NOT NULL",
-          "c_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_folder_type" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_path")
-          ),
-          "unique" => array(
-            "c_folder_id" => array("c_folder_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_appointment" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(1000) NOT NULL",
-          "c_startdate" => "INT",
-          "c_enddate" => "INT",
-          "c_cycleenddate" => "INT",
-          "c_title" => "VARCHAR(1000) NOT NULL",
-          "c_participants" => "TEXT",
-          "c_isallday" => "INT",
-          "c_iscycle" => "INT",
-          "c_cycleinfo" => "TEXT",
-          "c_classification" => "INT NOT NULL",
-          "c_isopaque" => "INT NOT NULL",
-          "c_status" => "INT NOT NULL",
-          "c_priority" => "INT",
-          "c_location" => "VARCHAR(255)",
-          "c_orgmail" => "VARCHAR(255)",
-          "c_partmails" => "TEXT",
-          "c_partstates" => "TEXT",
-          "c_category" => "VARCHAR(255)",
-          "c_sequence" => "INT",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_nextalarm" => "INT",
-          "c_description" => "TEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_contact" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_givenname" => "VARCHAR(255)",
-          "c_cn" => "VARCHAR(255)",
-          "c_sn" => "VARCHAR(255)",
-          "c_screenname" => "VARCHAR(255)",
-          "c_l" => "VARCHAR(255)",
-          "c_mail" => "TEXT",
-          "c_o" => "VARCHAR(500)",
-          "c_ou" => "VARCHAR(255)",
-          "c_telephonenumber" => "VARCHAR(255)",
-          "c_categories" => "VARCHAR(255)",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_hascertificate" => "INT4 DEFAULT 0"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_sessions_folder" => array(
-        "cols" => array(
-          "c_id" => "VARCHAR(255) NOT NULL",
-          "c_value" => "VARCHAR(4096) NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastseen" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_store" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_content" => "MEDIUMTEXT NOT NULL",
-          "c_creationdate" => "INT NOT NULL",
-          "c_lastmodified" => "INT NOT NULL",
-          "c_version" => "INT NOT NULL",
-          "c_deleted" => "INT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "pushover" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "key" => "VARCHAR(255) NOT NULL",
-          "token" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "title" => "TEXT",
-          "text" => "TEXT",
-          "senders" => "TEXT",
-          "senders_regex" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_user_profile" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_defaults" => "LONGTEXT",
-          "c_settings" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_clients" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "client_secret" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "grant_types" => "VARCHAR(80)",
-          "scope" => "VARCHAR(4000)",
-          "user_id" => "VARCHAR(80)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("client_id")
-          ),
-          "unique" => array(
-            "id" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_access_tokens" => array(
-        "cols" => array(
-          "access_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("access_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_authorization_codes" => array(
-        "cols" => array(
-          "authorization_code" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)",
-          "id_token" => "VARCHAR(1000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("authorization_code")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_refresh_tokens" => array(
-        "cols" => array(
-          "refresh_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("refresh_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      )
-    );
-
-    foreach ($tables as $table => $properties) {
-      // Migrate to quarantine
-      if ($table == 'quarantine') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
-          }
-        }
-      }
-
+      "domain" => array(
+        // Todo: Move some attributes to json
+        "cols" => array(
+          "domain" => "VARCHAR(255) NOT NULL",
+          "description" => "VARCHAR(255)",
+          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
+          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
+          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
+          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
+          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_domain" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_domain" => array(
+              "col" => "domain",
+              "ref" => "domain.domain",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tls_policy_override" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "dest" => "VARCHAR(255) NOT NULL",
+          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
+          "parameters" => "VARCHAR(255) DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "dest" => array("dest")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quarantine" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "qid" => "VARCHAR(30) NOT NULL",
+          "subject" => "VARCHAR(500)",
+          "score" => "FLOAT(8,2)",
+          "ip" => "VARCHAR(50)",
+          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
+          "symbols" => "JSON",
+          "fuzzy_hashes" => "JSON",
+          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+          "rcpt" => "VARCHAR(255)",
+          "msg" => "LONGTEXT",
+          "domain" => "VARCHAR(255)",
+          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "mailbox" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "name" => "VARCHAR(255)",
+          "description" => "VARCHAR(255)",
+          // mailbox_path_prefix is followed by domain/local_part/
+          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "local_part" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "key" => array(
+            "domain" => array("domain"),
+            "kind" => array("kind")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_mailbox" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_mailbox" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sieve_filters" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "script_desc" => "VARCHAR(255) NOT NULL",
+          "script_name" => "ENUM('active','inactive')",
+          "script_data" => "TEXT NOT NULL",
+          "filter_type" => "ENUM('postfilter','prefilter')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "script_desc" => array("script_desc")
+          ),
+          "fkey" => array(
+            "fk_username_sieve_global_before" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "app_passwd" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "name" => "VARCHAR(255) NOT NULL",
+          "mailbox" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "mailbox" => array("mailbox"),
+            "password" => array("password"),
+            "domain" => array("domain"),
+          ),
+          "fkey" => array(
+            "fk_username_app_passwd" => array(
+              "col" => "mailbox",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "user_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          // quarantine is for quarantine actions, todo: rename
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "fkey" => array(
+            "fk_username" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias_domain" => array(
+        "cols" => array(
+          "alias_domain" => "VARCHAR(255) NOT NULL",
+          "target_domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("alias_domain")
+          ),
+          "key" => array(
+            "active" => array("active"),
+            "target_domain" => array("target_domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "spamalias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "validity" => "INT(11)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "filterconf" => array(
+        "cols" => array(
+          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
+          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("prefid")
+          ),
+          "key" => array(
+            "object" => array("object")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "settingsmap" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "desc" => "VARCHAR(255) NOT NULL",
+          "content" => "LONGTEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "logs" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
+          "type" => "VARCHAR(32) DEFAULT ''",
+          "msg" => "TEXT",
+          "call" => "TEXT",
+          "user" => "VARCHAR(64) NOT NULL",
+          "role" => "VARCHAR(32) NOT NULL",
+          "remote" => "VARCHAR(39) NOT NULL",
+          "time" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sasl_log" => array(
+        "cols" => array(
+          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
+          "app_password" => "INT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "real_rip" => "VARCHAR(64) NOT NULL",
+          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("service", "real_rip", "username")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "service" => array("service"),
+            "datetime" => array("datetime"),
+            "real_rip" => array("real_rip")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2replica" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain_admins" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_sso" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("token", "created")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "imapsync" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "user2" => "VARCHAR(255) NOT NULL",
+          "host1" => "VARCHAR(255) NOT NULL",
+          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
+          "regextrans2" => "VARCHAR(255) DEFAULT ''",
+          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
+          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "user1" => "VARCHAR(255) NOT NULL",
+          "password1" => "VARCHAR(255) NOT NULL",
+          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
+          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
+          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
+          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
+          "port1" => "SMALLINT UNSIGNED NOT NULL",
+          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
+          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
+          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
+          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
+          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "returned_text" => "LONGTEXT",
+          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
+          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
+          "exit_status" => "VARCHAR(50) DEFAULT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "bcc_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "local_dest" => "VARCHAR(255) NOT NULL",
+          "bcc_dest" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "type" => "ENUM('sender','rcpt')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("local_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "recipient_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "old_dest" => "VARCHAR(255) NOT NULL",
+          "new_dest" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("old_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tfa" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "key_id" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
+          "secret" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
+          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
+          "counter" => "INT NOT NULL DEFAULT '0'",
+          "certificate" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "forwarding_hosts" => array(
+        "cols" => array(
+          "host" => "VARCHAR(255) NOT NULL",
+          "source" => "VARCHAR(255) NOT NULL",
+          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("host")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_folder_id" => "INT NOT NULL",
+          "c_object" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_role" => "VARCHAR(80) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
+            "sogo_acl_c_uid_idx" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_alarms_folder" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_recurrence_id" => "INT(11) DEFAULT NULL",
+          "c_alarm_number" => "INT(11) NOT NULL",
+          "c_alarm_date" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_cache_folder" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
+          "c_type" => "TINYINT(3) unsigned NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastmodified" => "INT(11) NOT NULL",
+          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
+          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
+          "c_content" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid", "c_path")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_folder_info" => array(
+        "cols" => array(
+          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_path1" => "VARCHAR(255) NOT NULL",
+          "c_path2" => "VARCHAR(255) DEFAULT NULL",
+          "c_path3" => "VARCHAR(255) DEFAULT NULL",
+          "c_path4" => "VARCHAR(255) DEFAULT NULL",
+          "c_foldername" => "VARCHAR(255) NOT NULL",
+          "c_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_folder_type" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_path")
+          ),
+          "unique" => array(
+            "c_folder_id" => array("c_folder_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_appointment" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(1000) NOT NULL",
+          "c_startdate" => "INT",
+          "c_enddate" => "INT",
+          "c_cycleenddate" => "INT",
+          "c_title" => "VARCHAR(1000) NOT NULL",
+          "c_participants" => "TEXT",
+          "c_isallday" => "INT",
+          "c_iscycle" => "INT",
+          "c_cycleinfo" => "TEXT",
+          "c_classification" => "INT NOT NULL",
+          "c_isopaque" => "INT NOT NULL",
+          "c_status" => "INT NOT NULL",
+          "c_priority" => "INT",
+          "c_location" => "VARCHAR(255)",
+          "c_orgmail" => "VARCHAR(255)",
+          "c_partmails" => "TEXT",
+          "c_partstates" => "TEXT",
+          "c_category" => "VARCHAR(255)",
+          "c_sequence" => "INT",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_nextalarm" => "INT",
+          "c_description" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_contact" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_givenname" => "VARCHAR(255)",
+          "c_cn" => "VARCHAR(255)",
+          "c_sn" => "VARCHAR(255)",
+          "c_screenname" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_mail" => "TEXT",
+          "c_o" => "VARCHAR(500)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
+          "c_categories" => "VARCHAR(255)",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_hascertificate" => "INT4 DEFAULT 0"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_sessions_folder" => array(
+        "cols" => array(
+          "c_id" => "VARCHAR(255) NOT NULL",
+          "c_value" => "VARCHAR(4096) NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastseen" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_store" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_content" => "MEDIUMTEXT NOT NULL",
+          "c_creationdate" => "INT NOT NULL",
+          "c_lastmodified" => "INT NOT NULL",
+          "c_version" => "INT NOT NULL",
+          "c_deleted" => "INT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "pushover" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "key" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "title" => "TEXT",
+          "text" => "TEXT",
+          "senders" => "TEXT",
+          "senders_regex" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_user_profile" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_defaults" => "LONGTEXT",
+          "c_settings" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_clients" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "client_secret" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "grant_types" => "VARCHAR(80)",
+          "scope" => "VARCHAR(4000)",
+          "user_id" => "VARCHAR(80)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("client_id")
+          ),
+          "unique" => array(
+            "id" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_access_tokens" => array(
+        "cols" => array(
+          "access_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("access_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_authorization_codes" => array(
+        "cols" => array(
+          "authorization_code" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)",
+          "id_token" => "VARCHAR(1000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("authorization_code")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_refresh_tokens" => array(
+        "cols" => array(
+          "refresh_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("refresh_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      )
+    );
+
+    foreach ($tables as $table => $properties) {
+      // Migrate to quarantine
+      if ($table == 'quarantine') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+          }
+        }
+      }
+
       // Migrate tls_enforce_* options
-      if ($table == 'mailbox') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
-            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-            while ($row = array_shift($tls_options_rows)) {
-              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
-            }
-          }
-        }
-      }
-
-      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
-      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results != 0) {
-        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
-          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
-        $stmt->execute(array(':table' => $table));
-        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-        while ($row = array_shift($rows)) {
-          $pdo->query($row['FKEY_DROP']);
-        }
-        foreach($properties['cols'] as $column => $type) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            if (strpos($type, 'AUTO_INCREMENT') !== false) {
-              $type = $type . ' PRIMARY KEY ';
-              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-              }
-            }
-            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
-          }
-          else {
-            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
-          }
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
-              }
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
-            }
-          }
-        }
-        // Drop all vanished columns
-        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`"); 
-        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        while ($row = array_shift($cols_in_table)) {
-          if (!array_key_exists($row['Field'], $properties['cols'])) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
-          }
-        }
-
-        // Step 1: Get all non-primary keys, that currently exist and those that should exist
-        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'"); 
-        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        $keys_to_exist = array();
-        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
-          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
-          foreach ($properties['keys']['key'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Index for foreign key must exist
-        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
-          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Step 2: Drop all vanished indexes
-        while ($row = array_shift($keys_in_table)) {
-          if (!in_array($row['Key_name'], $keys_to_exist)) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
-          }
-        }
-        // Step 3: Drop all vanished primary keys
-        if (!isset($properties['keys']['primary'])) {
-          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-          }
-        }
-      }
-      else {
-        // Create table if it is missing
-        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
-        foreach($properties['cols'] as $column => $type) {
-          $sql .= "`" . $column . "` " . $type . ",";
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
-            }
-          }
-        }
-        $sql = rtrim($sql, ",");
-        $sql .= ") " . $properties['attr'];
-        $pdo->query($sql);
-      }
-      // Reset table attributes
-      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
-
-    }
-
-    // Recreate SQL views
-    foreach ($views as $view => $create) {
-      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
-      $pdo->query($create);
-    }
-    
-    // Mitigate imapsync argument injection issue
-    $pdo->query("UPDATE `imapsync` SET `custom_params` = '' 
-      WHERE `custom_params` LIKE '%pipemess%' 
-        OR custom_params LIKE '%skipmess%' 
-        OR custom_params LIKE '%delete2foldersonly%' 
-        OR custom_params LIKE '%delete2foldersbutnot%' 
-        OR custom_params LIKE '%regexflag%' 
-        OR custom_params LIKE '%pipemess%' 
-        OR custom_params LIKE '%regextrans2%' 
-        OR custom_params LIKE '%maxlinelengthcmd%';");
-    
-    // Migrate webauthn tfa
-    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
-
-    // Inject admin if not exists
-    $stmt = $pdo->query("SELECT NULL FROM `admin`"); 
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results == 0) {
-    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
-    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
-          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
-    }
-    // Insert new DB schema version
-    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
-
-    // Fix dangling domain admins
-    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-
-    // Migrate attributes
-    // pushover
-    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
-    // mailbox
-    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
-    foreach($tls_options as $tls_user => $tls_options) {
-      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
-        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
-          WHERE `username` = :username");
-      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
-    }
-    // Set tls_enforce_* if still missing (due to deleted attrs for example)
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
-    // Fix ACL
-    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
-    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
-    // Fix domain_admins
-    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
-
+      if ($table == 'mailbox') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
+            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            while ($row = array_shift($tls_options_rows)) {
+              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
+            }
+          }
+        }
+      }
+
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
+        $stmt->execute(array(':table' => $table));
+        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($rows)) {
+          $pdo->query($row['FKEY_DROP']);
+        }
+        foreach($properties['cols'] as $column => $type) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            if (strpos($type, 'AUTO_INCREMENT') !== false) {
+              $type = $type . ' PRIMARY KEY ';
+              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+              }
+            }
+            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
+          }
+          else {
+            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
+          }
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
+              }
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
+            }
+          }
+        }
+        // Drop all vanished columns
+        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`");
+        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($cols_in_table)) {
+          if (!array_key_exists($row['Field'], $properties['cols'])) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
+          }
+        }
+
+        // Step 1: Get all non-primary keys, that currently exist and those that should exist
+        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'");
+        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        $keys_to_exist = array();
+        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
+          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
+          foreach ($properties['keys']['key'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Index for foreign key must exist
+        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
+          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Step 2: Drop all vanished indexes
+        while ($row = array_shift($keys_in_table)) {
+          if (!in_array($row['Key_name'], $keys_to_exist)) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
+          }
+        }
+        // Step 3: Drop all vanished primary keys
+        if (!isset($properties['keys']['primary'])) {
+          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+          }
+        }
+      }
+      else {
+        // Create table if it is missing
+        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
+        foreach($properties['cols'] as $column => $type) {
+          $sql .= "`" . $column . "` " . $type . ",";
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
+            }
+          }
+        }
+        $sql = rtrim($sql, ",");
+        $sql .= ") " . $properties['attr'];
+        $pdo->query($sql);
+      }
+      // Reset table attributes
+      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+
+    }
+
+    // Recreate SQL views
+    foreach ($views as $view => $create) {
+      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
+      $pdo->query($create);
+    }
+
+    // Mitigate imapsync argument injection issue
+    $pdo->query("UPDATE `imapsync` SET `custom_params` = ''
+      WHERE `custom_params` LIKE '%pipemess%'
+        OR custom_params LIKE '%skipmess%'
+        OR custom_params LIKE '%delete2foldersonly%'
+        OR custom_params LIKE '%delete2foldersbutnot%'
+        OR custom_params LIKE '%regexflag%'
+        OR custom_params LIKE '%pipemess%'
+        OR custom_params LIKE '%regextrans2%'
+        OR custom_params LIKE '%maxlinelengthcmd%';");
+
+    // Migrate webauthn tfa
+    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
+
+    // Inject admin if not exists
+    $stmt = $pdo->query("SELECT NULL FROM `admin`");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results == 0) {
+    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
+    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
+          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
+    }
+    // Insert new DB schema version
+    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
+
+    // Fix dangling domain admins
+    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+
+    // Migrate attributes
+    // pushover
+    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
+    // mailbox
+    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
+    foreach($tls_options as $tls_user => $tls_options) {
+      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
+        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
+          WHERE `username` = :username");
+      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
+    }
+    // Set tls_enforce_* if still missing (due to deleted attrs for example)
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
+    // Fix ACL
+    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
+    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
+    // Fix domain_admins
+    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
+
     // add default templates
     $default_domain_template = array(
       "template" => "Default",
@@ -1398,68 +1411,68 @@ function init_db_schema() {
       )); 
     } 
 
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization completed" . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__),
-        'msg' => 'db_init_complete'
-      );
-    }
-  }
-  catch (PDOException $e) {
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'danger',
-        'log' => array(__FUNCTION__),
-        'msg' => array('mysql_error', $e)
-      );
-    }
-  }
-}
-if (php_sapi_name() == "cli") {
-  include '/web/inc/vars.inc.php';
-  include '/web/inc/functions.docker.inc.php';
-  // $now = new DateTime();
-  // $mins = $now->getOffset() / 60;
-  // $sgn = ($mins < 0 ? -1 : 1);
-  // $mins = abs($mins);
-  // $hrs = floor($mins / 60);
-  // $mins -= $hrs * 60;
-  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
-  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
-  $opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
-  ];
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
-  $res = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (intval($res['OK_C']) === 2) {
-    // Be more precise when replacing into _sogo_static_view, col orders may change
-    try {
-      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
-      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
-      echo "Fixed _sogo_static_view" . PHP_EOL;
-    }
-    catch ( Exception $e ) {
-      // Dunno
-    }
-  }
-  try {
-    $m = new Memcached();
-    $m->addServer('memcached', 11211);
-    $m->flush();
-    echo "Cleaned up memcached". PHP_EOL;
-  }
-  catch ( Exception $e ) {
-    // Dunno
-  }
-  init_db_schema();
-}
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization completed" . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__),
+        'msg' => 'db_init_complete'
+      );
+    }
+  }
+  catch (PDOException $e) {
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__),
+        'msg' => array('mysql_error', $e)
+      );
+    }
+  }
+}
+if (php_sapi_name() == "cli") {
+  include '/web/inc/vars.inc.php';
+  include '/web/inc/functions.docker.inc.php';
+  // $now = new DateTime();
+  // $mins = $now->getOffset() / 60;
+  // $sgn = ($mins < 0 ? -1 : 1);
+  // $mins = abs($mins);
+  // $hrs = floor($mins / 60);
+  // $mins -= $hrs * 60;
+  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
+  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+  $opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
+  ];
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
+  $res = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (intval($res['OK_C']) === 2) {
+    // Be more precise when replacing into _sogo_static_view, col orders may change
+    try {
+      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
+      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+      echo "Fixed _sogo_static_view" . PHP_EOL;
+    }
+    catch ( Exception $e ) {
+      // Dunno
+    }
+  }
+  try {
+    $m = new Memcached();
+    $m->addServer('memcached', 11211);
+    $m->flush();
+    echo "Cleaned up memcached". PHP_EOL;
+  }
+  catch ( Exception $e ) {
+    // Dunno
+  }
+  init_db_schema();
+}
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 5c7ec710..1a33e760 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,140 +1,140 @@
-<?php
-// Start session
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  ini_set("session.cookie_httponly", 1);
-  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
-}
-
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 
-  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-elseif (isset($_SERVER['HTTPS'])) {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-else {
-  $IS_HTTPS = false;
-}
-
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_start();
-}
-
-if (!isset($_SESSION['CSRF']['TOKEN'])) {
-  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-}
-
-// Set session UA
-if (!isset($_SESSION['SESS_REMOTE_UA'])) {
-  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
-}
-
-// Keep session active
-if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
-  session_unset();
-  session_destroy();
-}
-$_SESSION['LAST_ACTIVITY'] = time();
-
-// API
-if (!empty($_SERVER['HTTP_X_API_KEY'])) {
-  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
-  $stmt->execute(array(
-    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
-  ));
-  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!empty($api_return['api_key'])) {
-    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
-    $remote = get_remote_ip(false);
-    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
-    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
-      $_SESSION['mailcow_cc_username'] = 'API';
-      $_SESSION['mailcow_cc_role'] = 'admin';
-      $_SESSION['mailcow_cc_api'] = true;
-      if ($api_return['access'] == 'rw') {
-        $_SESSION['mailcow_cc_api_access'] = 'rw';
-      }
-      else {
-        $_SESSION['mailcow_cc_api_access'] = 'ro';
-      }
-    }
-    else {
-      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-      http_response_code(401);
-      echo json_encode(array(
-        'type' => 'error',
-        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
-      ));
-      unset($_POST);
-      exit();
-    }
-  }
-  else {
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    http_response_code(401);
-    echo json_encode(array(
-      'type' => 'error',
-      'msg' => 'authentication failed'
-    ));
-    unset($_POST);
-    exit();
-  }
-}
-
-// Handle logouts
-if (isset($_POST["logout"])) {
-  if (isset($_SESSION["dual-login"])) {
-    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
-    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
-    unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
-    exit();
-  }
-  else {
-    session_regenerate_id(true);
-    session_unset();
-    session_destroy();
-    session_write_close();
-    header("Location: /");
-  }
-}
-
-// Check session
-function session_check() {
-  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
-    return true;
-  }
-  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
-    $_SESSION['return'][] = array(
-      'type' => 'warning',
-      'msg' => 'session_ua'
-    );
-    return false;
-  }
-  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
-        'type' => 'warning',
-        'msg' => 'session_token'
-      );
-      return false;
-    }
-    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
-  }
-  return true;
-}
-
-if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  $_POST = array();
-  $_FILES = array();
-}
+<?php
+// Start session
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  ini_set("session.cookie_httponly", 1);
+  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
+}
+
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
+  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+elseif (isset($_SERVER['HTTPS'])) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+else {
+  $IS_HTTPS = false;
+}
+
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  session_start();
+}
+
+if (!isset($_SESSION['CSRF']['TOKEN'])) {
+  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+}
+
+// Set session UA
+if (!isset($_SESSION['SESS_REMOTE_UA'])) {
+  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
+}
+
+// Keep session active
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+  session_unset();
+  session_destroy();
+}
+$_SESSION['LAST_ACTIVITY'] = time();
+
+// API
+if (!empty($_SERVER['HTTP_X_API_KEY'])) {
+  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
+  $stmt->execute(array(
+    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
+  ));
+  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (!empty($api_return['api_key'])) {
+    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
+    $remote = get_remote_ip(false);
+    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
+    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
+      $_SESSION['mailcow_cc_username'] = 'API';
+      $_SESSION['mailcow_cc_role'] = 'admin';
+      $_SESSION['mailcow_cc_api'] = true;
+      if ($api_return['access'] == 'rw') {
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
+      }
+      else {
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
+      }
+    }
+    else {
+      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
+      echo json_encode(array(
+        'type' => 'error',
+        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
+      ));
+      unset($_POST);
+      exit();
+    }
+  }
+  else {
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
+    echo json_encode(array(
+      'type' => 'error',
+      'msg' => 'authentication failed'
+    ));
+    unset($_POST);
+    exit();
+  }
+}
+
+// Handle logouts
+if (isset($_POST["logout"])) {
+  if (isset($_SESSION["dual-login"])) {
+    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
+    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    unset($_SESSION["dual-login"]);
+    header("Location: /mailbox");
+    exit();
+  }
+  else {
+    session_regenerate_id(true);
+    session_unset();
+    session_destroy();
+    session_write_close();
+    header("Location: /");
+  }
+}
+
+// Check session
+function session_check() {
+  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
+    return true;
+  }
+  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
+    $_SESSION['return'][] = array(
+      'type' => 'warning',
+      'msg' => 'session_ua'
+    );
+    return false;
+  }
+  if (!empty($_POST)) {
+    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+      $_SESSION['return'][] = array(
+        'type' => 'warning',
+        'msg' => 'session_token'
+      );
+      return false;
+    }
+    unset($_POST['csrf_token']);
+    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+    $_SESSION['CSRF']['TIME'] = time();
+  }
+  return true;
+}
+
+if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
+  $_POST = array();
+  $_FILES = array();
+}
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index aec043e9..fde1507f 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,15 @@
 <?php
+// SSO Domain Admin
+if (!empty($_GET['sso_token'])) {
+  $username = domain_admin_sso('check', $_GET['sso_token']);
+
+  if ($username !== false) {
+    $_SESSION['mailcow_cc_username'] = $username;
+    $_SESSION['mailcow_cc_role'] = 'domainadmin';
+    header('Location: /mailbox');
+  }
+}
+
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
     $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
@@ -6,7 +17,7 @@ if (isset($_POST["verify_tfa_login"])) {
     unset($_SESSION['pending_mailcow_cc_username']);
     unset($_SESSION['pending_mailcow_cc_role']);
     unset($_SESSION['pending_tfa_methods']);
-	
+
     header("Location: /user");
   } else {
     unset($_SESSION['pending_mailcow_cc_username']);
@@ -34,7 +45,7 @@ if (isset($_POST["quick_delete"])) {
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$login_user = strtolower(trim($_POST["login_user"]));
 	$as = check_login($login_user, $_POST["pass_user"]);
-  
+
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
diff --git a/data/web/json_api.php b/data/web/json_api.php
index acaeaba9..ec028fe4 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -288,6 +288,18 @@ if (isset($_GET['query'])) {
         case "domain-admin":
           process_add_return(domain_admin('add', $attr));
         break;
+        case "sso":
+          switch ($object) {
+            case "domain-admin":
+              $data = domain_admin_sso('issue', $attr);
+              if($data) {
+                echo json_encode($data);
+                exit(0);
+              }
+              process_add_return($data);
+            break;
+          }
+        break;
         case "admin":
           process_add_return(admin('add', $attr));
         break;

From 58ddc31db6ce3d86471ad6ffdf2fd3e2c33e12a6 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 26 Jan 2023 20:09:52 +0100
Subject: [PATCH 22/42] Translations update from Weblate (#5026)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [Web] Updated lang.en-gb.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.de-de.json

Co-authored-by: Peter <magic@kthx.at>

* [Web] Updated lang.sk-sk.json

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
---
 data/web/lang/lang.de-de.json | 23 +++++++++++++++--------
 data/web/lang/lang.en-gb.json |  2 +-
 data/web/lang/lang.sk-sk.json |  3 ++-
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 4f7feb5b..f348ce6a 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -339,7 +339,8 @@
         "oauth2_add_client": "Füge OAuth2 Client hinzu",
         "api_read_only": "Schreibgeschützter Zugriff",
         "api_read_write": "Lese-Schreib-Zugriff",
-        "oauth2_apps": "OAuth2 Apps"
+        "oauth2_apps": "OAuth2 Apps",
+        "queue_unban": "entsperren"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -366,7 +367,7 @@
         "domain_not_empty": "Domain %s ist nicht leer",
         "domain_not_found": "Domain %s nicht gefunden",
         "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
-        "extended_sender_acl_denied": "Keine Rechte zum setzen von externen Absenderadressen",
+        "extended_sender_acl_denied": "Keine Rechte zum Setzen von externen Absenderadressen",
         "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
         "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
         "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",
@@ -460,11 +461,14 @@
         "username_invalid": "Benutzername %s kann nicht verwendet werden",
         "validity_missing": "Bitte geben Sie eine Gültigkeitsdauer an",
         "value_missing": "Bitte alle Felder ausfüllen",
-        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s"
+        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
+        "template_exists": "Vorlage %s existiert bereits",
+        "template_id_invalid": "Vorlagen-ID %s ungültig",
+        "template_name_invalid": "Name der Vorlage ungültig"
     },
     "datatables": {
         "collapse_all": "Alle Einklappen",
-        "decimal": "",
+        "decimal": ",",
         "emptyTable": "Keine Daten in der Tabelle vorhanden",
         "expand_all": "Alle Ausklappen",
         "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
@@ -498,7 +502,7 @@
         "current_time": "Systemzeit",
         "disk_usage": "Festplattennutzung",
         "docs": "Dokumente",
-        "error_show_ip": "konnte die öffentlichen IP Adressen nicht auflösen",
+        "error_show_ip": "Konnte die öffentlichen IP Adressen nicht auflösen",
         "external_logs": "Externe Logs",
         "history_all_servers": "History (alle Server)",
         "in_memory_logs": "In-memory Logs",
@@ -651,7 +655,8 @@
         "title": "Objekt bearbeiten",
         "unchanged_if_empty": "Unverändert, wenn leer",
         "username": "Benutzername",
-        "validate_save": "Validieren und speichern"
+        "validate_save": "Validieren und speichern",
+        "pushover_sound": "Ton"
     },
     "fido2": {
         "confirm": "Bestätigen",
@@ -692,7 +697,8 @@
         "quarantine": "Quarantäne",
         "restart_netfilter": "Netfilter neustarten",
         "restart_sogo": "SOGo neustarten",
-        "user_settings": "Benutzereinstellungen"
+        "user_settings": "Benutzereinstellungen",
+        "mailcow_system": "System"
     },
     "info": {
         "awaiting_tfa_confirmation": "Warte auf TFA-Verifizierung",
@@ -1236,7 +1242,8 @@
         "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
         "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort"
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort",
+        "pushover_sound": "Ton"
     },
     "warning": {
         "cannot_delete_self": "Kann derzeit eingeloggten Benutzer nicht entfernen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 5719049e..f7fc0577 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -468,7 +468,7 @@
     },
     "datatables": {
         "collapse_all": "Collapse All",
-        "decimal": "",
+        "decimal": ".",
         "emptyTable": "No data available in table",
         "expand_all": "Expand All",
         "info": "Showing _START_ to _END_ of _TOTAL_ entries",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index b6933b28..f2f23681 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -106,7 +106,8 @@
         "username": "Používateľské meno",
         "validate": "Overiť",
         "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie",
+        "tags": "Štítky"
     },
     "admin": {
         "access": "Prístup",

From a1f033e4c167e2d87eafc4acfdbed4177285c3b0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 30 Jan 2023 19:58:17 +0100
Subject: [PATCH 23/42] Update docker/build-push-action action to v4 (#5032)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/rebuild_backup_image.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
index 120d68d9..21c218a8 100644
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -26,7 +26,7 @@ jobs:
           password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: .
           file: data/Dockerfiles/backup/Dockerfile

From d62c27500430da91463e731cdf1ddb701e25366e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 09:49:18 +0100
Subject: [PATCH 24/42] [Web] match PAGINATION_SIZE to an existing datatable
 option

---
 data/web/inc/vars.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 4f09d5f9..5e6d72e7 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -124,7 +124,7 @@ $MAILCOW_APPS = array(
 );
 
 // Rows until pagination begins
-$PAGINATION_SIZE = 20;
+$PAGINATION_SIZE = 25;
 
 // Default number of rows/lines to display (log table)
 $LOG_LINES = 1000;

From 72e8180c6be0f8ae9444e4ae10129ffa830c0c9b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 10:37:51 +0100
Subject: [PATCH 25/42] [Web] datatable adjustment

---
 data/web/css/build/013-datatables.css | 20 +++++++++++++++++++-
 data/web/css/build/014-mailcow.css    | 11 -----------
 data/web/css/build/015-responsive.css |  3 +++
 data/web/js/site/admin.js             | 12 ++++++------
 data/web/js/site/mailbox.js           | 24 ++++++++++++------------
 data/web/js/site/quarantine.js        |  2 +-
 data/web/js/site/queue.js             |  2 +-
 data/web/js/site/user.js              |  6 +++---
 8 files changed, 45 insertions(+), 35 deletions(-)

diff --git a/data/web/css/build/013-datatables.css b/data/web/css/build/013-datatables.css
index e5518ff8..13378460 100644
--- a/data/web/css/build/013-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -77,4 +77,22 @@ li .dtr-data {
 table.dataTable>tbody>tr.child span.dtr-title {
     width: 30%;
     max-width: 250px;
-}
\ No newline at end of file
+}
+
+
+div.dataTables_wrapper div.dataTables_filter {
+    text-align: left;
+}
+div.dataTables_wrapper div.dataTables_length {
+    text-align: right;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+    margin: 10px 0!important;
+}
+
+td.dt-text-right {
+    text-align: end !important;
+}
+th.dt-text-right {
+    text-align: end !important;
+}
diff --git a/data/web/css/build/014-mailcow.css b/data/web/css/build/014-mailcow.css
index 3d0eeaee..374d484d 100644
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -370,14 +370,3 @@ button[aria-expanded='true'] > .caret {
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
     background-color: #f0f0f0 !important;
 }
-
-
-div.dataTables_wrapper div.dataTables_filter {
-  text-align: left;
-}
-div.dataTables_wrapper div.dataTables_length {
-  text-align: right;
-}
-.dataTables_paginate, .dataTables_length, .dataTables_filter {
-  margin: 10px 0!important;
-}
\ No newline at end of file
diff --git a/data/web/css/build/015-responsive.css b/data/web/css/build/015-responsive.css
index 47eadb53..a626a384 100644
--- a/data/web/css/build/015-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -203,6 +203,9 @@
     text-align: left;
   }
 
+  .senders-mw220 {
+    max-width: 100% !important;
+  }
 }
 
 @media (max-width: 350px) {
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index 0e5a9ae6..23ef1d25 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -133,7 +133,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ],
@@ -204,7 +204,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -277,7 +277,7 @@ jQuery(function($){
           title: lang.action,
           data: 'action',
           defaultContent: '',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right'
+          className: 'dt-sm-head-hidden dt-text-right'
         },
       ]
     });
@@ -343,7 +343,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -421,7 +421,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
@@ -499,7 +499,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 49cce1b2..2ef84688 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -613,7 +613,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -823,7 +823,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1095,7 +1095,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1326,7 +1326,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
@@ -1439,7 +1439,7 @@ jQuery(function($){
           data: 'action',
           responsivePriority: 5,
           defaultContent: '',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right'
         },
       ]
     });
@@ -1575,7 +1575,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1672,7 +1672,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1779,7 +1779,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -1933,7 +1933,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2028,7 +2028,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2181,7 +2181,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
@@ -2292,7 +2292,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index e69863f7..18d7a1d5 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -163,7 +163,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-text-right dt-sm-head-hidden',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index bc4c7369..f37884a6 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -116,7 +116,7 @@ jQuery(function($){
         {
           title: lang_admin.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         },
       ]
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index d93e692f..b2139829 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -208,7 +208,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         }
       ]
@@ -363,7 +363,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: '',
           responsivePriority: 5
         }
@@ -460,7 +460,7 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
           defaultContent: ''
         }
       ]

From 64ac6a88911e4a644fad3bba17d6e40887447eea Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 31 Jan 2023 10:54:16 +0100
Subject: [PATCH 26/42] [Web] Skip update_sogo_static_view if sogo is disabled

---
 data/web/inc/functions.mailbox.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index f96894ff..4529ee7b 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -5264,7 +5264,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
       }
     break;
   }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource')) && getenv('SKIP_SOGO') != "y") {
     update_sogo_static_view();
   }
 }

From 6aebb8352eabe0a144f4c3b48d038a6c11cb9bc7 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 2 Feb 2023 11:03:51 +0100
Subject: [PATCH 27/42] [Fix] SOGo Update Fix for 5.8.0 (macOS fix)

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 44dc8f10..05a2f9aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.114
+      image: mailcow/sogo:1.115
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From e8fd34d31f4551c7415b38a8a401e619a9fe24e4 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 2 Feb 2023 11:28:51 +0100
Subject: [PATCH 28/42] [Web] webauthn add lang strings

---
 data/web/inc/functions.inc.php | 24 ++++++++++++------------
 data/web/lang/lang.de-de.json  |  3 +++
 data/web/lang/lang.en-gb.json  |  3 +++
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3bab56bb..de1855fa 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1739,7 +1739,7 @@ function verify_tfa_login($username, $_data) {
               $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'authenticator not found')
+                  'msg' => array('webauthn_authenticator_failed')
               );
               return false;
             } 
@@ -1748,11 +1748,20 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                     'type' => 'danger',
                     'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
+                    'msg' => array('webauthn_publickey_failed')
                 );
                 return false;
             }
 
+            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
+              $_SESSION['return'][] =  array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $username, '*'),
+                  'msg' => array('webauthn_username_failed')
+              );
+              return false;
+            }
+
             try {
                 $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
             }
@@ -1784,21 +1793,12 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'could not determine user role')
+                  'msg' => array('webauthn_role_failed')
                 );
                 return false;
               }
             }
 
-            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
-                $_SESSION['return'][] =  array(
-                    'type' => 'danger',
-                    'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
-                );
-                return false;
-            }
-
             $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
             $_SESSION['tfa_id'] = $process_webauthn['id'];
             $_SESSION['authReq'] = null;
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index f348ce6a..3d1e2d59 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -455,6 +455,9 @@
         "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
         "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
         "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
+        "webauthn_authenticator_failed": "Der ausgewählte Authenticator wurde nicht gefunden",
+        "webauthn_publickey_failed": "Zu dem ausgewählten Authenticator wurde kein Publickey hinterlegt",
+        "webauthn_username_failed": "Der ausgewählte Authenticator gehört zu einem anderen Konto",
         "unknown": "Ein unbekannter Fehler trat auf",
         "unknown_tfa_method": "Unbekannte TFA-Methode",
         "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index f7fc0577..02db0b0d 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -458,6 +458,9 @@
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
+        "webauthn_authenticator_failed": "The selected authenticator was not found",
+        "webauthn_publickey_failed": "No public key was stored for the selected authenticator",
+        "webauthn_username_failed": "The selected authenticator belongs to another account",
         "unknown": "An unknown error occurred",
         "unknown_tfa_method": "Unknown TFA method",
         "unlimited_quota_acl": "Unlimited quota prohibited by ACL",

From 2bc663dcd573c16c4bd246646dfca15c1ac9a4dd Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 2 Feb 2023 14:55:44 +0100
Subject: [PATCH 29/42] Removed Twitter Action due to Twitter Paid API (soon).
 Thx Elon!

---
 .../tweet-trigger-publish-release.yml         | 20 -------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/tweet-trigger-publish-release.yml

diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
deleted file mode 100644
index 9aab121a..00000000
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: "Tweet trigger release"
-on:
-  release:
-    types: [published]
-
-jobs:
-  tweet:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Get Release Tag"
-        run:  |
-          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
-      - name: Tweet-trigger-publish-release
-        uses: mugi111/tweet-trigger-release@v1.2
-        with:
-          consumer_key: ${{ secrets.CONSUMER_KEY }}
-          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
-          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
-          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: https://github.com/mailcow/mailcow-dockerized/releases/latest'

From 5dca4dac81260d92ce62f4b6c825a8c630e6c65e Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Sat, 4 Feb 2023 15:00:07 +0100
Subject: [PATCH 30/42] [Web] Updated lang.ru-ru.json (#5046)

Co-authored-by: Aleksandr Kliushenok <alex.1501@icloud.com>
---
 data/web/lang/lang.ru-ru.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 60aba927..017ffd02 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -37,7 +37,7 @@
         "add_domain_only": "Только добавить домен",
         "add_domain_restart": "Добавить домен и перезапустить SOGo",
         "alias_address": "Псевдоним/ы",
-        "alias_address_info": "<small>Укажите почтовые адреса разделенные запятыми или, если хотите пересылать все сообщения для домена владельцам псевдонима то: <code>@example.com</code>. <b>Только домены mailcow разрешены</b>.</small>",
+        "alias_address_info": "<small>Адрес(а) электронной почты (через запятую) или @example.com (для перехвата всех писем для домена). <b>только домены mailcow</b>.</small>",
         "alias_domain": "Псевдоним домена",
         "alias_domain_info": "<small>Действительные имена доменов, раздёленные запятыми.</small>",
         "app_name": "Название приложения",
@@ -335,7 +335,8 @@
         "username": "Имя пользователя",
         "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
         "verify": "Проверить",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "queue_unban": "разблокировать"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",

From dc85f4996192210cdd1ab3b2a43bccca59e7e52a Mon Sep 17 00:00:00 2001
From: Tomy Hsieh <git@tomy.me>
Date: Sat, 11 Feb 2023 21:49:21 +0800
Subject: [PATCH 31/42] =?UTF-8?q?=E2=9C=A8=20feat:=20Change=20FIDO2=20logi?=
 =?UTF-8?q?n=20to=20independent=20button?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/web/templates/index.twig | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index e90a720a..45054b5f 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -38,15 +38,8 @@
             </div>
           </div>
           <div class="d-flex mt-4" style="position: relative">
-            <div class="btn-group">
-              <div class="btn-group">
-                <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-                <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-                <ul class="dropdown-menu">
-                  <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
-                </ul>
-              </div>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
+            <button type="button" class="btn btn-xs-lg btn-success ms-2" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</button>
             {% if not oauth2_request %}
             <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-xs-lg btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
               <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>

From ca64ff2c0b9e2edbd3b564169cea92eca6c358b9 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 12 Feb 2023 23:56:14 +0100
Subject: [PATCH 32/42] Update devops-infra/action-pull-request action to
 v0.5.5 (#5060)

Signed-off-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index 54dbda34..57aac781 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.3
+        uses: devops-infra/action-pull-request@v0.5.5
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 38291d123fe3af0769fbb5a48b7d9011da8b0aa5 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Tue, 14 Feb 2023 10:11:55 +0100
Subject: [PATCH 33/42] [DB] Fix espacing of special db names during upgrade

---
 data/web/inc/init_db.inc.php | 216 +++++++++++++++++------------------
 1 file changed, 108 insertions(+), 108 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 9fc9234e..e286ab55 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "06012023_1924";
+    $db_version = "14022023_1000";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -225,22 +225,22 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "templates" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "template" => "VARCHAR(255) NOT NULL",
-          "type" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
+      "templates" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "template" => "VARCHAR(255) NOT NULL",
+          "type" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "domain" => array(
         // Todo: Move some attributes to json
         "cols" => array(
@@ -1076,7 +1076,7 @@ function init_db_schema() {
         }
       }
 
-      // Migrate tls_enforce_* options
+      // Migrate tls_enforce_* options
       if ($table == 'mailbox') {
         $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
         $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -1096,7 +1096,7 @@ function init_db_schema() {
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
-        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE `', `table_schema`, '`.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
           WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
         $stmt->execute(array(':table' => $table));
         $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -1322,95 +1322,95 @@ function init_db_schema() {
     // Fix domain_admins
     $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
 
-    // add default templates
-    $default_domain_template = array(
-      "template" => "Default",
-      "type" => "domain",
-      "attributes" => array(
-        "tags" => array(),
-        "max_num_aliases_for_domain" => 400,
-        "max_num_mboxes_for_domain" => 10,
-        "def_quota_for_mbox" => 3072 * 1048576,
-        "max_quota_for_mbox" => 10240 * 1048576,
-        "max_quota_for_domain" => 10240 * 1048576,
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "active" => 1,
-        "gal" => 1,
-        "backupmx" => 0,
-        "relay_all_recipients" => 0,
-        "relay_unknown_only" => 0,
-        "dkim_selector" => "dkim",
-        "key_size" => 2048,
-        "max_quota_for_domain" => 10240 * 1048576,
-      )
-    );     
-    $default_mailbox_template = array(
-      "template" => "Default",
-      "type" => "mailbox",
-      "attributes" => array(
-        "tags" => array(),
-        "quota" => 0,
-        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
-        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
-        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
-        "active" => 1,
-        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
-        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
-        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
-        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
-        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
-        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
-        "acl_spam_alias" => 1,
-        "acl_tls_policy" => 1,
-        "acl_spam_score" => 1,
-        "acl_spam_policy" => 1,
-        "acl_delimiter_action" => 1,
-        "acl_syncjobs" => 0,
-        "acl_eas_reset" => 1,
-        "acl_sogo_profile_reset" => 0,
-        "acl_pushover" => 1,
-        "acl_quarantine" => 1,
-        "acl_quarantine_attachments" => 1,
-        "acl_quarantine_notification" => 1,
-        "acl_quarantine_category" => 1,
-        "acl_app_passwds" => 1,
-      )
-    );        
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "domain",
-      ":template" => $default_domain_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "domain",
-        ":template" => $default_domain_template["template"],
-        ":attributes" => json_encode($default_domain_template["attributes"])
-      )); 
-    }    
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "mailbox",
-      ":template" => $default_mailbox_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "mailbox",
-        ":template" => $default_mailbox_template["template"],
-        ":attributes" => json_encode($default_mailbox_template["attributes"])
-      )); 
-    } 
-
+    // add default templates
+    $default_domain_template = array(
+      "template" => "Default",
+      "type" => "domain",
+      "attributes" => array(
+        "tags" => array(),
+        "max_num_aliases_for_domain" => 400,
+        "max_num_mboxes_for_domain" => 10,
+        "def_quota_for_mbox" => 3072 * 1048576,
+        "max_quota_for_mbox" => 10240 * 1048576,
+        "max_quota_for_domain" => 10240 * 1048576,
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "active" => 1,
+        "gal" => 1,
+        "backupmx" => 0,
+        "relay_all_recipients" => 0,
+        "relay_unknown_only" => 0,
+        "dkim_selector" => "dkim",
+        "key_size" => 2048,
+        "max_quota_for_domain" => 10240 * 1048576,
+      )
+    );     
+    $default_mailbox_template = array(
+      "template" => "Default",
+      "type" => "mailbox",
+      "attributes" => array(
+        "tags" => array(),
+        "quota" => 0,
+        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
+        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
+        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
+        "active" => 1,
+        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
+        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
+        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
+        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
+        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
+        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
+        "acl_spam_alias" => 1,
+        "acl_tls_policy" => 1,
+        "acl_spam_score" => 1,
+        "acl_spam_policy" => 1,
+        "acl_delimiter_action" => 1,
+        "acl_syncjobs" => 0,
+        "acl_eas_reset" => 1,
+        "acl_sogo_profile_reset" => 0,
+        "acl_pushover" => 1,
+        "acl_quarantine" => 1,
+        "acl_quarantine_attachments" => 1,
+        "acl_quarantine_notification" => 1,
+        "acl_quarantine_category" => 1,
+        "acl_app_passwds" => 1,
+      )
+    );        
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "domain",
+      ":template" => $default_domain_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "domain",
+        ":template" => $default_domain_template["template"],
+        ":attributes" => json_encode($default_domain_template["attributes"])
+      )); 
+    }    
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "mailbox",
+      ":template" => $default_mailbox_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "mailbox",
+        ":template" => $default_mailbox_template["template"],
+        ":attributes" => json_encode($default_mailbox_template["attributes"])
+      )); 
+    } 
+
     if (php_sapi_name() == "cli") {
       echo "DB initialization completed" . PHP_EOL;
     } else {

From 9054ca18be0bc9ea9399658499910a5f7a653ef5 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Tue, 14 Feb 2023 19:33:12 +0100
Subject: [PATCH 34/42] [Web] Updated lang.lv-lv.json (#5061)

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>
---
 data/web/lang/lang.lv-lv.json | 42 ++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index b03848a4..962b9000 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -3,7 +3,8 @@
         "bcc_maps": "BCC kartes",
         "filters": "Filtri",
         "recipient_maps": "Saņēmēja kartes",
-        "syncjobs": "Sinhronizācijas uzdevumi"
+        "syncjobs": "Sinhronizācijas uzdevumi",
+        "spam_score": "Mēstules novērtējums"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -104,10 +105,10 @@
         "host": "Hosts",
         "import": "Importēt",
         "import_private_key": "Importēt privātu atslēgu",
-        "in_use_by": "Tiek lietots ar",
+        "in_use_by": "Izmanto",
         "inactive": "Neaktīvs",
         "link": "Saite",
-        "loading": "Lūdzu uzgaidiet...",
+        "loading": "Lūgums uzgaidīt...",
         "logo_info": "Jūsu attēls augšējā navigācijas joslā tiks palielināts līdz 40 pikseļiem un maks. sākumlapas platums par 250 pikseļi. Ir ļoti ieteicama pielāgojama grafikaYour image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. Ir ļoti ieteicama pielāgojamā grafika",
         "main_name": "\"mailcow UI\" nosaukums",
         "merged_vars_hint": "Pelēkās rindas tika apvienotas <code>vars.(local.)inc.php</code> un nevar tikt modificētas.",
@@ -144,7 +145,10 @@
         "ui_texts": "UI etiķetes un teksti",
         "unchanged_if_empty": "Ja nav veiktas izmaiņas, atstājiet tukšu",
         "upload": "Augšupielādēt",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
+        "generate": "izveidot",
+        "message": "Ziņojums",
+        "last_applied": "Pēdējoreiz pielietots"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -170,7 +174,7 @@
         "is_alias": "%s jau ir zināms alias",
         "is_alias_or_mailbox": "%s jau ir zināms alias, pastkastes vai alias addrese izvērsta no alias domēna.",
         "is_spam_alias": "%s ir jau zināms spam alias",
-        "last_key": "Pēdējā atslēga nevar būt dzēsta",
+        "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
         "login_failed": "Ielogošanās neveiksmīga",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
         "mailbox_quota_exceeded": "Kvota pārsniedz domēna limitu (max. %d MiB)",
@@ -262,7 +266,8 @@
         "title": "Labot priekšmetu",
         "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
         "username": "Lietotājvārds",
-        "validate_save": "Apstiprināt un saglabāt"
+        "validate_save": "Apstiprināt un saglabāt",
+        "last_modified": "Pēdējoreiz mainīts"
     },
     "footer": {
         "cancel": "Atcelt",
@@ -314,21 +319,21 @@
         "bcc_destinations": "BCC galamērķi/s",
         "bcc_info": "BCC kartes tiek izmantotas, lai klusu pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes tipa ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta adresāts. Sūtītāja kartes atbilst vienam un tam pašam principam. <br/>\r\n   Vietējais galamērķis netiks informēts par piegādes neveiksmi. ",
         "bcc_local_dest": "Vietējais galamērķis",
-        "bcc_map_type": "BCC tips",
+        "bcc_map_type": "BCC veids",
         "bcc_maps": "BCC kartes",
         "bcc_rcpt_map": "saņēmēja karte",
         "bcc_sender_map": "Sūtītāja karte",
         "bcc_to_rcpt": "Pārslēdzieties uz adresāta kartes tipu",
         "bcc_to_sender": "Pārslēgties uz sūtītāja kartes tipu",
         "bcc_type": "BCC tips",
-        "deactivate": "Deaktivizēt",
+        "deactivate": "Deaktivēt",
         "description": "Apraksts",
         "dkim_key_length": "DKIM atslēgas garums (bits)",
         "domain": "Domēns",
         "domain_admins": "Domēna administratori",
         "domain_aliases": "Domēna aliases",
         "domain_quota": "Kvota",
-        "domain_quota_total": "Kopējā  domēna kvota",
+        "domain_quota_total": "Kopējais domēna ierobežojums",
         "domains": "Domēns",
         "edit": "Labot",
         "empty": "Nav rezultātu",
@@ -341,7 +346,7 @@
         "inactive": "Neaktīvs",
         "kind": "Veids",
         "last_run": "Pēdējā norise",
-        "last_run_reset": "Nākamais grafiks",
+        "last_run_reset": "Ievietot sarakstā kā nākamo",
         "mailbox_quota": "Maks. pastkastes izmērs",
         "mailboxes": "Pastkaste",
         "max_aliases": "Maks. iespejamās aliases",
@@ -374,7 +379,13 @@
         "tls_enforce_out": "Piespiest TLS izejošajiem",
         "toggle_all": "Pārslēgt visu",
         "username": "Lietotājvārds",
-        "waiting": "Gaidīšana"
+        "waiting": "Gaidīšana",
+        "last_modified": "Pēdējoreiz mainīts",
+        "booking_0_short": "Vienmēŗ bezmaksas",
+        "daily": "Ik dienu",
+        "hourly": "Ik stundu",
+        "last_mail_login": "Pēdējā pieteikšanās pastkastē",
+        "mailbox": "Pastkaste"
     },
     "quarantine": {
         "action": "Darbības",
@@ -547,5 +558,14 @@
         "waiting": "Waiting",
         "week": "Nedēļa",
         "weeks": "Nedēļas"
+    },
+    "datatables": {
+        "paginate": {
+            "first": "Pirmā",
+            "last": "Pēdējā"
+        }
+    },
+    "debug": {
+        "last_modified": "Pēdējoreiz mainīts"
     }
 }

From aa4d8b1f47675bd47148aa5ad5358f899325fea6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:51:12 +0000
Subject: [PATCH 35/42] Update dependency composer/composer to v2.5.4

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 data/Dockerfiles/phpfpm/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 05081c6d..c8713e04 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -12,7 +12,7 @@ ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
-ARG COMPOSER_VERSION=2.5.1
+ARG COMPOSER_VERSION=2.5.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \

From 63e92e0897acffb770ab6e6517fb1bc7ba93ef22 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 16 Feb 2023 14:56:56 +0100
Subject: [PATCH 36/42] [CLAMAV] Update to 1.0.1

---
 data/Dockerfiles/clamd/Dockerfile | 2 +-
 docker-compose.yml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index 91716b84..f381e0ef 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:1.0_base
+FROM clamav/clamav:1.0.1-1_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 05a2f9aa..d9bad657 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.60
+      image: mailcow/clamd:1.61
       restart: always
       depends_on:
         - unbound-mailcow

From 29e5b87207bd4e3d20b468a03a8c408924257c36 Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Thu, 16 Feb 2023 16:30:36 +0100
Subject: [PATCH 37/42] Changed Language strings for clearer button meaning

---
 data/web/lang/lang.cs-cz.json | 2 +-
 data/web/lang/lang.da-dk.json | 2 +-
 data/web/lang/lang.de-de.json | 2 +-
 data/web/lang/lang.en-gb.json | 2 +-
 data/web/lang/lang.fr-fr.json | 2 +-
 data/web/lang/lang.it-it.json | 2 +-
 data/web/lang/lang.nl-nl.json | 2 +-
 data/web/lang/lang.ro-ro.json | 2 +-
 data/web/lang/lang.ru-ru.json | 2 +-
 data/web/lang/lang.sk-sk.json | 2 +-
 data/web/lang/lang.sv-se.json | 2 +-
 data/web/lang/lang.uk-ua.json | 2 +-
 data/web/lang/lang.zh-cn.json | 2 +-
 data/web/lang/lang.zh-tw.json | 2 +-
 14 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index d1f2bb07..5e119fbd 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -650,7 +650,7 @@
     },
     "login": {
         "delayed": "Přihlášení zpožděno o %s sekund.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Přihlásit",
         "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
         "other_logins": "Přihlášení klíčem",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index fa50ff59..18080080 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -586,7 +586,7 @@
     },
     "login": {
         "delayed": "Login blev forsinket med% s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Log ind som postkassebruger for at downloade den anmodede Apple-forbindelsesprofil.",
         "other_logins": "Nøgle login",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 3d1e2d59..8ff1cf06 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -710,7 +710,7 @@
     },
     "login": {
         "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "other_logins": "Key Login",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 02db0b0d..bfac011e 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -710,7 +710,7 @@
     },
     "login": {
         "delayed": "Login was delayed by %s seconds.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 8afc5738..4db773e0 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -612,7 +612,7 @@
     },
     "login": {
         "delayed": "La connexion a été retardée de %s secondes.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Connexion",
         "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte pour télécharger le profil de connexion Apple demandé.",
         "other_logins": "Clé d'authentification",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index 8bfa9738..d8d6978c 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -674,7 +674,7 @@
     },
     "login": {
         "delayed": "L'accesso è stato ritardato di %s secondi.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index 547c7bb7..774627ca 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -598,7 +598,7 @@
     },
     "login": {
         "delayed": "Aanmelding vertraagd met %s seconden.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Aanmelden",
         "mobileconfig_info": "Log in als mailboxgebruiker om het Apple-verbindingsprofiel te downloaden.",
         "other_logins": "Meld aan met key",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index fe0d2064..8e6e1d45 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -656,7 +656,7 @@
     },
     "login": {
         "delayed": "Conectarea a fost întârziată cu %s secunde.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Autentificare",
         "mobileconfig_info": "Autentificați-vă cu adresa de email pentru a descărca profilul de conexiune Apple.",
         "other_logins": "Autentificare cu cheie",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index 60aba927..47dae3fd 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -654,7 +654,7 @@
     },
     "login": {
         "delayed": "Вход был отложен на %s секунд.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Войти",
         "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
         "other_logins": "Вход с помощью ключа",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index f2f23681..2b93650f 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -657,7 +657,7 @@
     },
     "login": {
         "delayed": "Prihlásenie bolo oneskorené o %s sekúnd.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Prihlásenie",
         "mobileconfig_info": "Prosím, prihláste sa ako mailový používateľ pre stiahnutie požadovaného Apple profilu.",
         "other_logins": "Prihlásenie kľúčom",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index 4cc84619..31bc0ab3 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -618,7 +618,7 @@
     },
     "login": {
         "delayed": "Av säkerhetsskäl har inloggning inaktiverats i %s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Logga in",
         "mobileconfig_info": "Logga in som en användare av brevlåda för att ladda ner den begärda Apple-anslutningsprofilen.",
         "other_logins": "Loggain med nyckel",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index e3acb8b5..0a5c71b8 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -656,7 +656,7 @@
         "awaiting_tfa_confirmation": "В очікуванні підтвердження TFA"
     },
     "login": {
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Увійти",
         "other_logins": "Вхід за допомогою ключа",
         "password": "Пароль",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index 5d05ef62..e57ea2a7 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -661,7 +661,7 @@
     },
     "login": {
         "delayed": "请在 %s 秒后重新登录。",
-        "fido2_webauthn": "使用 FIDO2/WebAuthn 登录",
+        "fido2_webauthn": "使用 FIDO2/WebAuthn Login 登录",
         "login": "登录",
         "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
         "other_logins": "Key 登录",
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index f9c81c66..916188db 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -655,7 +655,7 @@
     },
     "login": {
         "delayed": "請在 %s 秒後重新登入。",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "登入",
         "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
         "other_logins": "金鑰登入",

From e1cd719a178b77a388662a9ec50b1e8faf118ea6 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 16 Feb 2023 17:12:03 +0100
Subject: [PATCH 38/42] [Web] fix mbox percentage sorting

---
 data/web/js/site/mailbox.js | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 2ef84688..f4039268 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -926,9 +926,12 @@ jQuery(function($){
               '<a href="#" data-action="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '</div>';
             }
-            item.in_use = '<div class="progress">' +
+            item.in_use = {
+              sortBy: item.percent_in_use,
+              value: '<div class="progress">' +
               '<div class="progress-bar-mailbox progress-bar progress-bar-' + item.percent_class + '" role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
-              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
+              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>'
+            };
             item.username = escapeHtml(item.username);
 
             if (Array.isArray(item.tags)){
@@ -994,10 +997,11 @@ jQuery(function($){
         },
         {
           title: lang.in_use,
-          data: 'in_use',
+          data: 'in_use.value',
           defaultContent: '',
           responsivePriority: 9,
-          className: 'dt-data-w100'
+          className: 'dt-data-w100',
+          orderData: 24
         },
         {
           title: lang.fname,
@@ -1102,7 +1106,12 @@ jQuery(function($){
         {
           title: "",
           data: 'quota.sortBy',
-          responsivePriority: 8,
+          defaultContent: '',
+          className: "d-none"
+        },
+        {
+          title: "",
+          data: 'in_use.sortBy',
           defaultContent: '',
           className: "d-none"
         },

From 7f0dd7d0d7a52115c3b97bb8c634b4b67d0693bb Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Fri, 17 Feb 2023 12:53:31 +0100
Subject: [PATCH 39/42] [Nextcloud] Added bzip2 as required package

---
 helper-scripts/nextcloud.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 31cdb6a4..50fcbab3 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -2,9 +2,12 @@
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
 NEXTCLOUD_VERSION=25.0.3
 
-for bin in curl dirmngr; do
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+echo -ne "Checking prerequisites..."
+sleep 1
+for bin in curl dirmngr tar bzip2; do
+  if [[ -z $(which ${bin}) ]]; then echo -ne "\r\033[31mCannot find ${bin}, exiting...\033[0m\n"; exit 1; fi
 done
+echo -ne "\r\033[32mFound all prerequisites! Continuing...\033[0m\n"
 
 [[ -z ${1} ]] && NC_HELP=y
 
@@ -215,5 +218,4 @@ elif [[ ${NC_RESETPW} == "y" ]]; then
       read -p "Enter the username: " NC_USER
     done
     docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ user:resetpassword ${NC_USER}
-
 fi

From 04403aaf70b106bdffa19614b1ce25f715d4d7c0 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 17 Feb 2023 13:15:44 +0100
Subject: [PATCH 40/42] [Netfilter] fix setting SNAT Rule if chain is empty

---
 data/Dockerfiles/netfilter/server.py | 37 +++++++++++++++++-----------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 1ccc150e..0b0e2a41 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -359,21 +359,28 @@ def snat4(snat_target):
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
         new_rule = get_snat4_rule()
-        for position, rule in enumerate(chain.rules):
-          match = all((
-            new_rule.get_src() == rule.get_src(),
-            new_rule.get_dst() == rule.get_dst(),
-            new_rule.target.parameters == rule.target.parameters,
-            new_rule.target.name == rule.target.name
-          ))
-          if position == 0:
-            if not match:
-              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
-              chain.insert_rule(new_rule)
-          else:
-            if match:
-              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
-              chain.delete_rule(rule)
+
+        if not chain.rules:
+          # if there are no rules in the chain, insert the new rule directly
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+          chain.insert_rule(new_rule)
+        else:
+          for position, rule in enumerate(chain.rules):
+            match = all((
+              new_rule.get_src() == rule.get_src(),
+              new_rule.get_dst() == rule.get_dst(),
+              new_rule.target.parameters == rule.target.parameters,
+              new_rule.target.name == rule.target.name
+            ))
+            if position == 0:
+              if not match:
+                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+                chain.insert_rule(new_rule)
+            else:
+              if match:
+                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+                chain.delete_rule(rule)
+
         table.commit()
         table.autocommit = True
       except:

From 1a4f11209a52ac38847ac9562cedf6972b25307b Mon Sep 17 00:00:00 2001
From: Niklas Meyer <derlinkman@gmail.com>
Date: Fri, 17 Feb 2023 13:22:23 +0100
Subject: [PATCH 41/42] Updated netfilter to 1.51

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d9bad657..7c6c5d6a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -425,7 +425,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.50
+      image: mailcow/netfilter:1.51
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 02afc45a158ac7ed17046f5143b453c4d71bb6b9 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 23 Feb 2023 20:07:37 +0000
Subject: [PATCH 42/42] Update dependency nextcloud/server to v25.0.4

Signed-off-by: milkmaker <milkmaker@mailcow.de>
---
 helper-scripts/nextcloud.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 50fcbab3..9377ddbb 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=25.0.3
+NEXTCLOUD_VERSION=25.0.4
 
 echo -ne "Checking prerequisites..."
 sleep 1