diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index befe7db7..11402129 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +1 @@
-custom: https://mailcow.github.io/mailcow-dockerized-docs/#help-mailcow
+custom: ["https://www.servercow.de/mailcow?lang=en#sal"]
diff --git a/.github/ISSUE_TEMPLATE/Bug_report.yml b/.github/ISSUE_TEMPLATE/Bug_report.yml
index 6134a9ad..3cfbbe0d 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -7,8 +7,8 @@ body:
       label: Contribution guidelines
       description: Please read the contribution guidelines before proceeding.
       options:
-        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
-          required: true
+      - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+        required: true
   - type: checkboxes
     attributes:
       label: I've found a bug and checked that ...
@@ -26,70 +26,132 @@ body:
     attributes:
       label: Description
       description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Logs
-      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
-      render: bash
+      label: "Logs:"
+      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
+      render: plain text
     validations:
       required: true
   - type: textarea
     attributes:
-      label: Steps to reproduce
-      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      render: plain text
       placeholder: |-
         1. ...
         2. ...
         3. ...
     validations:
       required: true
-  - type: textarea
+  - type: markdown
     attributes:
-      label: System information
-      description: In this stage we would kindly ask you to attach general system information about your setup.
-      value: |-
-             | Question | Answer |
-             | --- | --- |
-             | My operating system | I_DO_REPLY_HERE |
-             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-             | Virtualization technology (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-             | Docker version (`docker version`) | I_DO_REPLY_HERE |
-             | docker-compose version (`docker-compose version`) | I_DO_REPLY_HERE |
-             | mailcow version (```git describe --tags `git rev-list --tags --max-count=1` ```) | I_DO_REPLY_HERE |
-             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
-             iptables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             iptables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
+      value: |
+        ## System information
+        ### In this stage we would kindly ask you to attach general system information about your setup.
+  - type: dropdown
+    attributes:
+      label: "Which branch are you using?"
+      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      multiple: false
+      options:
+        - master
+        - nightly
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Operating System:"
+      placeholder: "e.g. Ubuntu 22.04 LTS"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Server/VM specifications:"
+      placeholder: "Memory, CPU Cores"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Is Apparmor, SELinux or similar active?"
+      placeholder: "yes/no"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Virtualization technology:"
+      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Docker version:"
+      description: "#### `docker version`"
+      placeholder: "20.10.21"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "docker-compose version or docker compose version:"
+      description: "#### `docker-compose version` or `docker compose version`"
+      placeholder: "v2.12.2"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "mailcow version:"
+      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Reverse proxy:"
+      placeholder: "e.g. Nginx/Traefik"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of git diff:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn:"
+      description: "#### Output of `iptables -L -vn`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn:"
+      description: "#### Output of `ip6tables -L -vn`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn -t nat:"
+      description: "#### Output of `iptables -L -vn -t nat`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn -t nat:"
+      description: "#### Output of `ip6tables -L -vn -t nat`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "DNS check:"
+      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
+      render: plain text
     validations:
       required: true
diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 00000000..36b4aec5
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,31 @@
+{
+  "enabled": true,
+  "timezone": "Europe/Berlin",
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard",
+  "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
+  "rebaseWhen": "auto",
+  "labels": ["renovate"],
+  "assignees": [
+    "@magiccc"
+  ],
+  "baseBranches": ["staging"],
+  "enabledManagers": ["github-actions", "regex", "docker-compose"],
+  "ignorePaths": [
+    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
+       ]
+    },
+    {
+      "fileMatch": ["(^|/)Dockerfile[^/]*$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s"
+       ]
+    }
+  ]
+}
diff --git a/.github/workflows/assets/check_prs_if_on_staging.png b/.github/workflows/assets/check_prs_if_on_staging.png
new file mode 100644
index 00000000..2e0fc7ff
Binary files /dev/null and b/.github/workflows/assets/check_prs_if_on_staging.png differ
diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
new file mode 100644
index 00000000..485dc26e
--- /dev/null
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -0,0 +1,33 @@
+name: Check PRs if on staging
+on:
+    pull_request_target:
+      types: [opened, edited]
+permissions: {}
+
+jobs:
+  is_not_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
+    steps:
+      - name: Send message
+        uses: thollander/actions-comment-pull-request@v2.3.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          message: |
+                   Thanks for contributing!
+
+                   I noticed that you didn't select `staging` as your base branch. Please change the base branch to `staging`.
+                   See the attached picture on how to change the base branch to `staging`:
+
+                   ![check_prs_if_on_staging.png](https://raw.githubusercontent.com/mailcow/mailcow-dockerized/master/.github/workflows/assets/check_prs_if_on_staging.png)
+
+      - name: Fail #we want to see failed checks in the PR
+        if: ${{ success() }} #set exit code to 1 even if commenting somehow failed
+        run: exit 1
+
+  is_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref == 'staging' #check if the target branch is staging
+    steps:
+      - name: Success
+        run: exit 0
diff --git a/.github/workflows/close_old_issues_and_prs.yml b/.github/workflows/close_old_issues_and_prs.yml
index 83a75d25..64002617 100644
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v6.0.1
+        uses: actions/stale@v7.0.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60
diff --git a/.github/workflows/image_builds.yml b/.github/workflows/image_builds.yml
index fe660754..65678dff 100644
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -33,13 +33,11 @@ jobs:
         run: |
           curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
           sudo service docker start
-          sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
-          sudo chmod +x /usr/local/bin/docker-compose
       - name: Prepair Image Builds
         run: |
           cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
       - name: Build Docker Images
         run: |
-          docker-compose build ${image}
+          docker compose build ${image}
         env:
           image: ${{ matrix.images }}
diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
deleted file mode 100644
index ee083bf4..00000000
--- a/.github/workflows/integration_tests.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: mailcow Integration Tests
-
-on:
-  push:
-    branches: [ "master", "staging" ]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  integration_tests:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup Ansible
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          sudo apt-get update
-          sudo apt-get install python3 python3-pip git
-          sudo pip3 install ansible
-      - name: Prepair Test Environment
-        run: |
-          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
-          ./fork_check.sh
-          ./ci.sh
-          ./ci-pip-requirements.sh
-        env:
-          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
-          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
-      - name: Start Integration Test Server
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-start-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Setup Integration Test Server
-        run: |
-          ./fork_check.sh
-          sleep 30
-          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Run Integration Tests
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
-      - name: Delete Integration Test Server
-        if: always()
-        run: |
-          ./fork_check.sh
-          ansible-playbook mailcow-delete-server.yml --diff
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_HOST_KEY_CHECKING: 'false'
diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index fd9e4946..57aac781 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.1
+        uses: devops-infra/action-pull-request@v0.5.5
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
diff --git a/.github/workflows/rebuild_backup_image.yml b/.github/workflows/rebuild_backup_image.yml
new file mode 100644
index 00000000..21c218a8
--- /dev/null
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -0,0 +1,34 @@
+name: Build mailcow backup image
+
+on:
+  schedule:
+    # At 00:00 on Sunday
+    - cron: "0 0 * * 0"
+  workflow_dispatch: # Allow to run workflow manually
+
+jobs:
+  docker_image_build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: data/Dockerfiles/backup/Dockerfile
+          push: true
+          tags: mailcow/backup:latest
diff --git a/.github/workflows/tweet-trigger-publish-release.yml b/.github/workflows/tweet-trigger-publish-release.yml
deleted file mode 100644
index 82f1dc3a..00000000
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: "Tweet trigger release"
-on:
-  release:
-    types: [published]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Tweet-trigger-publish-release
-        uses: mugi111/tweet-trigger-release@v1.1
-        with:
-          consumer_key: ${{ secrets.CONSUMER_KEY }}
-          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
-          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
-          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
-          tweet_body: 'A new mailcow-dockerized Release has been Released on GitHub! Checkout our GitHub Page for the latest Release: github.com/mailcow/mailcow-dockerized/releases/latest'
diff --git a/README.md b/README.md
index 313fa13b..c15b8ef0 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-## We stand with 🇺🇦
-
-[![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 
@@ -36,3 +33,9 @@ Telegram desktop clients are available for [multiple platforms](https://desktop.
 
 **Important**: mailcow makes use of various open-source software. Please assure you agree with their license before using mailcow.
 Any part of mailcow itself is released under **GNU General Public License, Version 3**.
+
+mailcow is a registered word mark of The Infrastructure Company GmbH, Parkstr. 42, 47877 Willich, Germany.
+
+The project is managed and maintained by The Infrastructure Company GmbH.
+
+Originated from @andryyy (André)
\ No newline at end of file
diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
index f5b7b56c..571c3d08 100644
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/acme/acme.sh b/data/Dockerfiles/acme/acme.sh
index 4f5cb803..1cd456a4 100755
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -213,11 +213,13 @@ while true; do
   done
   ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
 
+  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
   # Start IP detection
   log_f "Detecting IP addresses..."
   IPV4=$(get_ipv4)
   IPV6=$(get_ipv6)
   log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
+  fi
 
   #########################################
   # IP and webroot challenge verification #
diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
index efbc6a4d..f381e0ef 100644
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:0.105.1_base
+FROM clamav/clamav:1.0.1-1_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index f021b73e..aa4a3858 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
@@ -13,6 +13,7 @@ RUN apk add --update --no-cache python3 \
   fastapi \
   uvicorn \
   aiodocker \
+  docker \
   redis 
 
 COPY docker-entrypoint.sh /app/
diff --git a/data/Dockerfiles/dockerapi/dockerapi.py b/data/Dockerfiles/dockerapi/dockerapi.py
index 304c1781..9e699c22 100644
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI, Response, Request
 import aiodocker
+import docker
 import psutil
 import sys
 import re
@@ -9,11 +10,38 @@ import json
 import asyncio
 import redis
 from datetime import datetime
+import logging
+from logging.config import dictConfig
 
 
+log_config = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+
+        },
+    },
+    "handlers": {
+        "default": {
+            "formatter": "default",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stderr",
+        },
+    },
+    "loggers": {
+        "api-logger": {"handlers": ["default"], "level": "INFO"},
+    },
+}
+dictConfig(log_config)
+
 containerIds_to_update = []
 host_stats_isUpdating = False
 app = FastAPI()
+logger = logging.getLogger('api-logger')
 
 
 @app.get("/host/stats")
@@ -21,18 +49,15 @@ async def get_host_update_stats():
   global host_stats_isUpdating
 
   if host_stats_isUpdating == False:
-    print("start host stats task")
     asyncio.create_task(get_host_stats())
     host_stats_isUpdating = True
 
   while True:
     if redis_client.exists('host_stats'):
       break
-    print("wait for host_stats results")
     await asyncio.sleep(1.5)
 
 
-  print("host stats pulled")
   stats = json.loads(redis_client.get('host_stats'))
   return Response(content=json.dumps(stats, indent=4), media_type="application/json")
 
@@ -106,14 +131,14 @@ async def post_containers(container_id : str, post_action : str, request: Reques
       else:
         api_call_method_name = '__'.join(['container_post', str(post_action) ])
 
-      docker_utils = DockerUtils(async_docker_client)
+      docker_utils = DockerUtils(sync_docker_client)
       api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
 
 
-      print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-      return await api_call_method(container_id, request_json)
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      return api_call_method(container_id, request_json)
     except Exception as e:
-      print("error - container_post: %s" % str(e))
+      logger.error("error - container_post: %s" % str(e))
       res = {
         "type": "danger",
         "msg": str(e)
@@ -152,398 +177,289 @@ class DockerUtils:
     self.docker_client = docker_client
 
   # api call: container_post - post_action: stop
-  async def container_post__stop(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.stop()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  def container_post__stop(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.stop()
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: start
-  async def container_post__start(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.start()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__start(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.start()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: restart
-  async def container_post__restart(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        await container.restart()
-    res = {
-      'type': 'success', 
-      'msg': 'command completed successfully'
-    }
+  def container_post__restart(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      container.restart()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
     return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
   # api call: container_post - post_action: top
-  async def container_post__top(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        ps_exec = await container.exec("ps")      
-        async with ps_exec.start(detach=False) as stream:
-          ps_return = await stream.read_out()
-
-        exec_details = await ps_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'success', 
-            'msg': ps_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'danger', 
-            'msg': ''
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
+  def container_post__top(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      res = { 'type': 'success', 'msg': container.top()}
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: stats
+  def container_post__stats(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      for stat in container.stats(decode=True, stream=True):
+        res = { 'type': 'success', 'msg': stat}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
   # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  async def container_post__exec__mailq__delete(self, container_id, request_json):
+  def container_post__exec__mailq__delete(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-d %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  async def container_post__exec__mailq__hold(self, container_id, request_json):
+  def container_post__exec__mailq__hold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-h %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  async def container_post__exec__mailq__cat(self, container_id, request_json):
+  def container_post__exec__mailq__cat(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
-        sanitized_string = str(' '.join(filtered_qids))
+        sanitized_string = str(' '.join(filtered_qids));
 
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postcat_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
-            return await exec_run_handler('utf8_text_only', postcat_exec)
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
+        if not postcat_return:
+          postcat_return = 'err: invalid'
+        return exec_run_handler('utf8_text_only', postcat_return)
 
    # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  async def container_post__exec__mailq__unhold(self, container_id, request_json):
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-H %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-            return await exec_run_handler('generic', postsuper_r_exec)
-
+        sanitized_string = str(' '.join(flagged_qids));
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  async def container_post__exec__mailq__deliver(self, container_id, request_json):
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
     if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
       filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-i %s' % i for i in filtered_qids]
-
-        for container in (await self.docker_client.containers.list()):
-          if container._id == container_id:
-            for i in flagged_qids:
-              postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')      
-              async with postsuper_r_exec.start(detach=False) as stream:
-                postsuper_r_return = await stream.read_out()
-              # todo: check each exit code
-            res = {
-              'type': 'success', 
-              'msg': 'Scheduled immediate delivery'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: list
-  async def container_post__exec__mailq__list(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        mailq_exec = await container.exec(["/usr/sbin/postqueue", "-j"], user='postfix')
-        return await exec_run_handler('utf8_text_only', mailq_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  async def container_post__exec__mailq__flush(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postqueue", "-f"], user='postfix')
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  async def container_post__exec__mailq__super_delete(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        postsuper_r_exec = await container.exec(["/usr/sbin/postsuper", "-d", "ALL"])
-        return await exec_run_handler('generic', postsuper_r_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  async def container_post__exec__system__fts_rescan(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')         
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-    if 'all' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')          
-          async with rescan_exec.start(detach=False) as stream:
-            rescan_return = await stream.read_out()
-
-          exec_details = await rescan_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            res = {
-              'type': 'success', 
-              'msg': 'fts_rescan: rescan triggered'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'warning', 
-              'msg': 'fts_rescan error'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: df
-  async def container_post__exec__system__df(self, container_id, request_json):
-    if 'dir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          df_exec = await container.exec(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
-          async with df_exec.start(detach=False) as stream:
-            df_return = await stream.read_out()
-
-          print(df_return)
-          print(await df_exec.inspect())
-          exec_details = await df_exec.inspect()
-          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-            return df_return.data.decode('utf-8').rstrip()
-          else:
-            return "0,0,0,0,0,0"
-
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  async def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          matched = False
-          for line in sql_return.data.decode('utf-8').split("\n"):
-            if 'is already upgraded to' in line:
-              matched = True
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'mysql_upgrade: already upgraded',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            await container.restart()
-            res = {
-              'type': 'warning', 
-              'msg': 'mysql_upgrade: upgrade was applied',
-              'text': sql_return.data.decode('utf-8')
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_upgrade: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
+          for i in flagged_qids:
+            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
+            # todo: check each exit code
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
           return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  async def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
-        async with sql_exec.start(detach=False) as stream:
-          sql_return = await stream.read_out()
-
-        exec_details = await sql_exec.inspect()
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-          res = {
-            'type': 'info', 
-            'msg': 'mysql_tzinfo_to_sql: command completed successfully',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = {
-            'type': 'error', 
-            'msg': 'mysql_tzinfo_to_sql: error running command',
-            'text': sql_return.data.decode('utf-8')
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  async def container_post__exec__reload__dovecot(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  async def container_post__exec__reload__postfix(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  async def container_post__exec__reload__nginx(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
-      if container._id == container_id:
-        reload_exec = await container.exec(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
-        return await exec_run_handler('generic', reload_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: list
-  async def container_post__exec__sieve__list(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sieve_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: sieve - task: print
-  async def container_post__exec__sieve__print(self, container_id, request_json):
-    if 'username' in request_json and 'script_name' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
-          sieve_exec = await container.exec(cmd)
-          return await exec_run_handler('utf8_text_only', sieve_exec)
-
-
-  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  async def container_post__exec__maildir__cleanup(self, container_id, request_json):
-    if 'maildir' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
-          sane_name = re.sub(r'\W+', '', request_json['maildir'])
-          cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
-          maildir_cleanup_exec = await container.exec(cmd, user='vmail')
-          return await exec_run_handler('generic', maildir_cleanup_exec)
-
-  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  async def container_post__exec__rspamd__worker_password(self, container_id, request_json):
-    if 'raw' in request_json:
-      for container in (await self.docker_client.containers.list()):
-        if container._id == container_id:
           
-          cmd = "./set_worker_password.sh '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
-          rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
-          async with rspamd_password_exec.start(detach=False) as stream:
-            rspamd_password_return = await stream.read_out()
-
-          matched = False
-          if "OK" in rspamd_password_return.data.decode('utf-8'):
+  # api call: container_post - post_action: exec - cmd: mailq - task: list
+  def container_post__exec__mailq__list(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
+      return exec_run_handler('utf8_text_only', mailq_return)
+  # api call: container_post - post_action: exec - cmd: mailq - task: flush
+  def container_post__exec__mailq__flush(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
+      return exec_run_handler('generic', postqueue_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
+  def container_post__exec__mailq__super_delete(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
+      return exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
+  def container_post__exec__system__fts_rescan(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if 'all' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: df
+  def container_post__exec__system__df(self, container_id, request_json):
+    if 'dir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+        if df_return.exit_code == 0:
+          return df_return.output.decode('utf-8').rstrip()
+        else:
+          return "0,0,0,0,0,0"
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
+  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
+      if sql_return.exit_code == 0:
+        matched = False
+        for line in sql_return.output.decode('utf-8').split("\n"):
+          if 'is already upgraded to' in line:
             matched = True
-            await container.restart()
+        if matched:
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          container.restart()
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
+      if sql_return.exit_code == 0:
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
+  def container_post__exec__reload__dovecot(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: postfix
+  def container_post__exec__reload__postfix(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: nginx
+  def container_post__exec__reload__nginx(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
+      return exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: list
+  def container_post__exec__sieve__list(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: print
+  def container_post__exec__sieve__print(self, container_id, request_json):
+    if 'username' in request.json and 'script_name' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
+        sieve_return = container.exec_run(cmd)
+        return exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
+  def container_post__exec__maildir__cleanup(self, container_id, request_json):
+    if 'maildir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
+        maildir_cleanup = container.exec_run(cmd, user='vmail')
+        return exec_run_handler('generic', maildir_cleanup)
+  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
+  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
+    if 'raw' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
 
-          if matched:
-            res = {
-              'type': 'success', 
-              'msg': 'command completed successfully'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          else:
-            res = {
-              'type': 'danger', 
-              'msg': 'command did not complete'
-            }
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        matched = False
+        for line in cmd_response.split("\n"):
+          if '$2$' in line:
+            hash = line.strip()
+            hash_out = re.search('\$2\$.+$', hash).group(0)
+            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
+            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
+            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
+            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
+            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
+              container.restart()
+              matched = True
+        if matched:
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
+          logger.info('success changing Rspamd password')
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          logger.error('failed changing Rspamd password')
+          res = { 'type': 'danger', 'msg': 'command did not complete' }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
 
+def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
 
-async def exec_run_handler(type, exec_obj):
-  async with exec_obj.start(detach=False) as stream:
-    exec_return = await stream.read_out()
+  def recv_socket_data(c_socket, timeout):
+    c_socket.setblocking(0)
+    total_data=[]
+    data=''
+    begin=time.time()
+    while True:
+      if total_data and time.time()-begin > timeout:
+        break
+      elif time.time()-begin > timeout*2:
+        break
+      try:
+        data = c_socket.recv(8192)
+        if data:
+          total_data.append(data.decode('utf-8'))
+          #change the beginning time for measurement
+          begin=time.time()
+        else:
+          #sleep for sometime to indicate a gap
+          time.sleep(0.1)
+          break
+      except:
+        pass
+    return ''.join(total_data)
+    
 
-  if exec_return == None:
-    exec_return = ""
-  else:
-    exec_return = exec_return.data.decode('utf-8')
-
-  if type == 'generic':       
-    exec_details = await exec_obj.inspect()
-    if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
-      res = {
-        "type": "success",
-        "msg": "command completed successfully"
-      }
+  try :
+    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
+    if not cmd.endswith("\n"):
+      cmd = cmd + "\n"
+    socket.send(cmd.encode('utf-8'))
+    data = recv_socket_data(socket, timeout)
+    socket.close()
+    return data
+  except Exception as e:
+    logger.error("error - exec_cmd_container: %s" % str(e))
+    traceback.print_exc(file=sys.stdout)
+def exec_run_handler(type, output):
+  if type == 'generic':
+    if output.exit_code == 0:
+      res = { 'type': 'success', 'msg': 'command completed successfully' }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
     else:
-      res = {
-        "type": "success",
-        "msg": "'command failed: " + exec_return
-      }
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
       return Response(content=json.dumps(res, indent=4), media_type="application/json")
   if type == 'utf8_text_only':
-    return Response(content=exec_return, media_type="text/plain")
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
 
 async def get_host_stats(wait=5):
   global host_stats_isUpdating
@@ -570,12 +486,10 @@ async def get_host_stats(wait=5):
       "type": "danger",
       "msg": str(e)
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   host_stats_isUpdating = False
   
-
 async def get_container_stats(container_id, wait=5, stop=False):
   global containerIds_to_update
 
@@ -598,13 +512,11 @@ async def get_container_stats(container_id, wait=5, stop=False):
         "type": "danger",
         "msg": str(e)
       }
-      print(json.dumps(res, indent=4))
   else:
     res = {
       "type": "danger",
       "msg": "no or invalid id defined"
     }
-    print(json.dumps(res, indent=4))
 
   await asyncio.sleep(wait)
   if stop == True:
@@ -615,9 +527,13 @@ async def get_container_stats(container_id, wait=5, stop=False):
     await get_container_stats(container_id, wait=0, stop=True)
 
 
+
 if os.environ['REDIS_SLAVEOF_IP'] != "":
   redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
 else:
   redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
 
+sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
+
+logger.info('DockerApi started')
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 1fa97641..2460cb04 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -6,7 +6,7 @@ ARG DOVECOT=2.3.19.1
 ARG FLATCURVE=v0.3.2
 ARG XAPIAN=1.4.21
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
+
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN touch /etc/default/locale \
diff --git a/data/Dockerfiles/dovecot/imapsync_runner.pl b/data/Dockerfiles/dovecot/imapsync_runner.pl
index d3aed97b..5b297abd 100644
--- a/data/Dockerfiles/dovecot/imapsync_runner.pl
+++ b/data/Dockerfiles/dovecot/imapsync_runner.pl
@@ -51,8 +51,8 @@ sub sig_handler {
   die "sig_handler received signal, preparing to exit...\n";
 };
 
-open my $file, '<', "/etc/sogo/sieve.creds";
-my $creds = <$file>;
+open my $file, '<', "/etc/sogo/sieve.creds"; 
+my $creds = <$file>; 
 close $file;
 my ($master_user, $master_pass) = split /:/, $creds;
 my $sth = $dbh->prepare("SELECT id,
@@ -166,17 +166,11 @@ while ($row = $sth->fetchrow_arrayref()) {
       $success = 1;
     }
 
-    $keep_job_active = 1;
-    if (defined $exit_status && $exit_status eq "EXIT_AUTHENTICATION_FAILURE_USER1") {
-      $keep_job_active = 0;
-    }
-
-    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ?, active = ? WHERE id = ?");
+    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ? WHERE id = ?");
     $update->bind_param( 1, ${stdout} );
     $update->bind_param( 2, ${success} );
     $update->bind_param( 3, ${exit_status} );
-    $update->bind_param( 4, ${keep_job_active} );
-    $update->bind_param( 5, ${id} );
+    $update->bind_param( 4, ${id} );
     $update->execute();
   } catch {
     $update = $dbh->prepare("UPDATE imapsync SET returned_text = 'Could not start or finish imapsync', success = 0 WHERE id = ?");
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
index 621da149..bc707391 100644
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ENV XTABLES_LIBDIR /usr/lib/xtables
diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 382a3f78..0b0e2a41 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -97,9 +97,9 @@ def refreshF2bregex():
     f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = '-login: Aborted login \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+    f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
     f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
     f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
@@ -359,21 +359,28 @@ def snat4(snat_target):
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
         new_rule = get_snat4_rule()
-        for position, rule in enumerate(chain.rules):
-          match = all((
-            new_rule.get_src() == rule.get_src(),
-            new_rule.get_dst() == rule.get_dst(),
-            new_rule.target.parameters == rule.target.parameters,
-            new_rule.target.name == rule.target.name
-          ))
-          if position == 0:
-            if not match:
-              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
-              chain.insert_rule(new_rule)
-          else:
-            if match:
-              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
-              chain.delete_rule(rule)
+
+        if not chain.rules:
+          # if there are no rules in the chain, insert the new rule directly
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+          chain.insert_rule(new_rule)
+        else:
+          for position, rule in enumerate(chain.rules):
+            match = all((
+              new_rule.get_src() == rule.get_src(),
+              new_rule.get_dst() == rule.get_dst(),
+              new_rule.target.parameters == rule.target.parameters,
+              new_rule.target.name == rule.target.name
+            ))
+            if position == 0:
+              if not match:
+                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+                chain.insert_rule(new_rule)
+            else:
+              if match:
+                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+                chain.delete_rule(rule)
+
         table.commit()
         table.autocommit = True
       except:
diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile
index 889f84b4..10d63d02 100644
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 WORKDIR /app
diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 74035c02..c8713e04 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,18 @@
-FROM php:8.0-fpm-alpine3.16
+FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.21
-ENV IMAGICK_PECL 3.7.0
-# Mailparse is pulled from master branch
-#ENV MAILPARSE_PECL 3.0.2
-ENV MEMCACHED_PECL 3.2.0
-ENV REDIS_PECL 5.3.7
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
+ARG APCU_PECL_VERSION=5.1.22
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
+ARG IMAGICK_PECL_VERSION=3.7.0
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
+ARG MAILPARSE_PECL_VERSION=3.1.4
+# renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
+ARG MEMCACHED_PECL_VERSION=3.2.0
+# renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
+ARG REDIS_PECL_VERSION=5.3.7
+# renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
+ARG COMPOSER_VERSION=2.5.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -18,6 +24,7 @@ RUN apk add -U --no-cache autoconf \
   freetype-dev \
   g++ \
   git \
+  gettext \
   gettext-dev \
   gmp-dev \
   gnupg \
@@ -27,8 +34,11 @@ RUN apk add -U --no-cache autoconf \
   imagemagick-dev \
   imap-dev \
   jq \
+  libavif \
+  libavif-dev \
   libjpeg-turbo \
   libjpeg-turbo-dev \
+  libmemcached \
   libmemcached-dev \
   libpng \
   libpng-dev \
@@ -38,7 +48,9 @@ RUN apk add -U --no-cache autoconf \
   libtool \
   libwebp-dev \
   libxml2-dev \
+  libxpm \
   libxpm-dev \
+  libzip \
   libzip-dev \
   make \
   mysql-client \
@@ -49,22 +61,24 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && git clone https://github.com/php/pecl-mail-mailparse \
-  && cd pecl-mail-mailparse \
-  && pecl install package.xml \
-  && cd .. \
-  && rm -r pecl-mail-mailparse \
-  && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
   && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
     --with-jpeg=/usr/include/ \
+    --with-webp \
+    --with-xpm \
+    --with-avif \
   && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -72,15 +86,21 @@ RUN apk add -U --no-cache autoconf \
     cyrus-sasl-dev \
     freetype-dev \
     g++ \
+    gettext-dev \
     icu-dev \
     imagemagick-dev \
     imap-dev \
+    libavif-dev \
     libjpeg-turbo-dev \
+    libmemcached-dev \
     libpng-dev \
     libressl-dev \
     libwebp-dev \
     libxml2-dev \
+    libxpm-dev \
+    libzip-dev \
     make \
+    openldap-dev \
     pcre-dev \
     zlib-dev
 
@@ -88,4 +108,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["php-fpm"]
+CMD ["php-fpm"]
\ No newline at end of file
diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index f08600ac..da8f23be 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -3,8 +3,9 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
 
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
diff --git a/data/Dockerfiles/solr/Dockerfile b/data/Dockerfiles/solr/Dockerfile
index 06299257..0c5af1af 100644
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@@ -2,7 +2,8 @@ FROM solr:7.7-slim
 
 USER root
 
-ENV GOSU_VERSION 1.11
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 
 COPY solr.sh /
 COPY solr-config-7.7.0.xml /
diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
index 0b1cefe9..d9756d04 100644
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
index 637c4680..654dea08 100644
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
 # Installation
diff --git a/data/conf/rspamd/custom/bulk_header.map b/data/conf/rspamd/custom/bulk_header.map
index 39aa7fea..69a20af8 100644
--- a/data/conf/rspamd/custom/bulk_header.map
+++ b/data/conf/rspamd/custom/bulk_header.map
@@ -3,7 +3,6 @@
 /.*episerver.*/i
 /.*supergewinne.*/i
 /List-Unsubscribe.*nbps\.eu/i
-/X-Mailer: AWeber.*/i
 /.*regiofinder.*/i
 /.*EmailSocket.*/i
 /List-Unsubscribe:.*respread.*/i
diff --git a/data/conf/rspamd/local.d/metadata_exporter.conf b/data/conf/rspamd/local.d/metadata_exporter.conf
index 47373d99..daaa79b4 100644
--- a/data/conf/rspamd/local.d/metadata_exporter.conf
+++ b/data/conf/rspamd/local.d/metadata_exporter.conf
@@ -16,8 +16,7 @@ rules {
     backend = "http";
     url = "http://nginx:9081/pushover.php";
     selector = "mailcow_rcpt";
-    # Only return msgid, do not parse the full message
-    formatter = "msgid";
+    formatter = "json";
     meta_headers = true;
   }
 }
diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf
index 17ada99e..3f554c5b 100644
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
   type = "header";
   header = "subject";
   regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
   score = 6.0;
   symbols_set = ["BAD_SUBJECT_00"];
 }
diff --git a/data/conf/rspamd/meta_exporter/pushover.php b/data/conf/rspamd/meta_exporter/pushover.php
index a5e83343..10265d15 100644
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -47,12 +47,14 @@ if (!function_exists('getallheaders'))  {
 }
 
 $headers = getallheaders();
+$json_body = json_decode(file_get_contents('php://input'));
 
 $qid      = $headers['X-Rspamd-Qid'];
 $rcpts    = $headers['X-Rspamd-Rcpt'];
 $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
 $subject  = $headers['X-Rspamd-Subject'];
+$messageid= $json_body->message_id;
 $priority = 0;
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
@@ -65,6 +67,20 @@ if (is_array($symbols_array)) {
   }
 }
 
+$sender_address = $json_body->header_from[0];
+$sender_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $sender_address, $matches)) {
+	$sender_address = $matches['address'];
+  $sender_name =  trim($matches['name'], '"\' ');
+}
+
+$to_address = $json_body->header_to[0];
+$to_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $to_address, $matches)) {
+	$to_address = $matches['address'];
+  $to_name =  trim($matches['name'], '"\' ');
+}
+
 $rcpt_final_mailboxes = array();
 
 // Loop through all rcpts
@@ -229,9 +245,16 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $title)),
+      "title" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid), $title)
+      ),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $text))
+      "message" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}', '\n'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid, PHP_EOL), $text)
+      ),
+      "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
       $post_fields['expire'] = 600;
diff --git a/data/web/_status.502.html b/data/web/_status.502.html
index efbc0e8b..35a66ba9 100644
--- a/data/web/_status.502.html
+++ b/data/web/_status.502.html
@@ -13,12 +13,12 @@
     Please check the logs or contact support if the error persists.</p>
     <h2>Quick debugging</h2>
     <p>Check Nginx and PHP logs:</p>
-    <pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
+    <pre>docker compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
     <p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
-    <pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
+    <pre>source mailcow.conf ; docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
     <p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
     <pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
-    <pre>docker-compose down --volumes ; docker-compose up -d</pre>
+    <pre>docker compose down --volumes ; docker compose up -d</pre>
     <p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
     <br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
   </body>
diff --git a/data/web/admin.php b/data/web/admin.php
index e53d18fd..cd3eb890 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -10,9 +10,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $tfa_data = get_tfa();
 $fido2_data = fido2(array("action" => "get_friendly_names"));
-if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
-  $_SESSION['gal'] = json_decode($license_cache, true);
-}
 
 $js_minifier->add('/web/js/site/admin.js');
 $js_minifier->add('/web/js/presets/rspamd.js');
@@ -89,7 +86,6 @@ $template_data = [
   'tfa_id' => @$_SESSION['tfa_id'],
   'fido2_cid' => @$_SESSION['fido2_cid'],
   'fido2_data' => $fido2_data,
-  'gal' => @$_SESSION['gal'],
   'api' => [
     'ro' => admin_api('ro', 'get'),
     'rw' => admin_api('rw', 'get'),
@@ -107,6 +103,7 @@ $template_data = [
   'rsettings' => $rsettings,
   'rspamd_regex_maps' => $rspamd_regex_maps,
   'logo_specs' => customize('get', 'main_logo_specs'),
+  'ip_check' => customize('get', 'ip_check'),
   'password_complexity' => password_complexity('get'),
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
   'lang_admin' => json_encode($lang['admin']),
diff --git a/data/web/api/openapi.yaml b/data/web/api/openapi.yaml
index 8fb6245c..5e07c4b3 100644
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -699,6 +699,38 @@ paths:
                   type: string
               type: object
       summary: Create Domain Admin user
+  /api/v1/add/sso/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
+          description: OK
+          headers: { }
+      tags:
+        - Single Sign-On
+      description: >-
+        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
+        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
+      operationId: Issue Domain Admin SSO token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: testadmin
+              properties:
+                username:
+                  description: the username for the admin user
+                  type: object
+              type: object
+      summary: Issue Domain Admin SSO token
   /api/v1/edit/da-acl:
     post:
       responses:
@@ -1999,7 +2031,7 @@ paths:
                 - domain.tld
                 - domain2.tld
               properties:
-                items: 
+                items:
                   type: array
                   items:
                     type: string
@@ -2993,7 +3025,7 @@ paths:
             application/json:
               schema:
                 type: array
-                items: 
+                items:
                   type: object
                   properties:
                     log:
@@ -3349,6 +3381,7 @@ paths:
                           evaluate_x_prio: "0"
                           key: 21e8918e1jksdjcpis712
                           only_x_prio: "0"
+                          sound: "pushover"
                           senders: ""
                           senders_regex: ""
                           text: ""
@@ -3392,6 +3425,7 @@ paths:
                   evaluate_x_prio: "0"
                   key: 21e8918e1jksdjcpis712
                   only_x_prio: "0"
+                  sound: "pushover"
                   senders: ""
                   senders_regex: ""
                   text: ""
@@ -3413,6 +3447,9 @@ paths:
                     only_x_prio:
                       description: Only send push for prio mails
                       type: number
+                    sound:
+                      description: Set notification sound
+                      type: string
                     senders:
                       description: Only send push for emails from these senders
                       type: string
@@ -5501,6 +5538,60 @@ paths:
                   attr:
                     spam_score: "8,15"
       summary: Edit mailbox spam filter score
+  "/api/v1/get/mailbox/all/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      domain: domain3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@domain3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system for a specific domain.
+      operationId: Get mailboxes of a domain
+      summary: Get mailboxes of a domain
 
 tags:
   - name: Domains
@@ -5527,6 +5618,8 @@ tags:
     description: Manage DKIM keys
   - name: Domain admin
     description: Create or udpdate domain admin users
+  - name: Single Sign-On
+    description: Issue tokens for users
   - name: Address Rewriting
     description: Create BCC maps or recipient maps
   - name: Outgoing TLS Policy Map Overrides
diff --git a/data/web/css/build/011-datatables.css b/data/web/css/build/011-datatables.css
index e0512bdf..d03514ff 100644
--- a/data/web/css/build/011-datatables.css
+++ b/data/web/css/build/011-datatables.css
@@ -4,10 +4,10 @@
  *
  * To rebuild or modify this file with the latest versions of the included
  * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
  *
  * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
  */
 
 @charset "UTF-8";
@@ -63,7 +63,7 @@ table.dataTable thead > tr > td.sorting_desc_disabled:after {
   opacity: 0.125;
   right: 10px;
   line-height: 9px;
-  font-size: 0.9em;
+  font-size: 0.8em;
 }
 table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:before,
 table.dataTable thead > tr > td.sorting:before,
@@ -72,7 +72,7 @@ table.dataTable thead > tr > td.sorting_desc:before,
 table.dataTable thead > tr > td.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:before {
   bottom: 50%;
-  content: "▴";
+  content: "▲";
 }
 table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting:after,
@@ -81,7 +81,7 @@ table.dataTable thead > tr > td.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:after,
 table.dataTable thead > tr > td.sorting_desc_disabled:after {
   top: 50%;
-  content: "▾";
+  content: "▼";
 }
 table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc:before,
@@ -287,6 +287,9 @@ table.dataTable > tbody > tr.selected > * {
   box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9);
   color: white;
 }
+table.dataTable > tbody > tr.selected a {
+  color: #090a0b;
+}
 table.dataTable.table-striped > tbody > tr.odd > * {
   box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05);
 }
@@ -335,6 +338,9 @@ div.dataTables_wrapper div.dataTables_paginate ul.pagination {
   white-space: nowrap;
   justify-content: flex-end;
 }
+div.dataTables_wrapper div.dt-row {
+  position: relative;
+}
 
 div.dataTables_scrollHead table.dataTable {
   margin-bottom: 0 !important;
@@ -380,17 +386,6 @@ div.dataTables_wrapper div.dataTables_paginate {
 table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) {
   padding-right: 20px;
 }
-table.dataTable.table-sm .sorting:before,
-table.dataTable.table-sm .sorting_asc:before,
-table.dataTable.table-sm .sorting_desc:before {
-  top: 5px;
-  right: 0.85em;
-}
-table.dataTable.table-sm .sorting:after,
-table.dataTable.table-sm .sorting_asc:after,
-table.dataTable.table-sm .sorting_desc:after {
-  top: 5px;
-}
 
 table.table-bordered.dataTable {
   border-right-width: 0;
@@ -629,13 +624,13 @@ table.dataTable > tbody > tr > .selected {
   background-color: rgba(13, 110, 253, 0.9);
   color: white;
 }
-table.dataTable tbody td.select-checkbox,
-table.dataTable tbody th.select-checkbox {
+table.dataTable > tbody > tr > td.select-checkbox,
+table.dataTable > tbody > tr > th.select-checkbox {
   position: relative;
 }
-table.dataTable tbody td.select-checkbox:before, table.dataTable tbody td.select-checkbox:after,
-table.dataTable tbody th.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:after {
+table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after,
+table.dataTable > tbody > tr > th.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:after {
   display: block;
   position: absolute;
   top: 1.2em;
@@ -644,20 +639,20 @@ table.dataTable tbody th.select-checkbox:after {
   height: 12px;
   box-sizing: border-box;
 }
-table.dataTable tbody td.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:before {
+table.dataTable > tbody > tr > td.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:before {
   content: " ";
   margin-top: -5px;
   margin-left: -6px;
   border: 1px solid black;
   border-radius: 3px;
 }
-table.dataTable tr.selected td.select-checkbox:before,
-table.dataTable tr.selected th.select-checkbox:before {
+table.dataTable > tbody > tr.selected > td.select-checkbox:before,
+table.dataTable > tbody > tr.selected > th.select-checkbox:before {
   border: 1px solid white;
 }
-table.dataTable tr.selected td.select-checkbox:after,
-table.dataTable tr.selected th.select-checkbox:after {
+table.dataTable > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable > tbody > tr.selected > th.select-checkbox:after {
   content: "✓";
   font-size: 20px;
   margin-top: -19px;
@@ -665,12 +660,12 @@ table.dataTable tr.selected th.select-checkbox:after {
   text-align: center;
   text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9;
 }
-table.dataTable.compact tbody td.select-checkbox:before,
-table.dataTable.compact tbody th.select-checkbox:before {
+table.dataTable.compact > tbody > tr > td.select-checkbox:before,
+table.dataTable.compact > tbody > tr > th.select-checkbox:before {
   margin-top: -12px;
 }
-table.dataTable.compact tr.selected td.select-checkbox:after,
-table.dataTable.compact tr.selected th.select-checkbox:after {
+table.dataTable.compact > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable.compact > tbody > tr.selected > th.select-checkbox:after {
   margin-top: -16px;
 }
 
@@ -690,4 +685,3 @@ table.dataTable.table-sm tbody td.select-checkbox::before {
   margin-top: -9px;
 }
 
-
diff --git a/data/web/css/build/015-datatables.css b/data/web/css/build/013-datatables.css
similarity index 86%
rename from data/web/css/build/015-datatables.css
rename to data/web/css/build/013-datatables.css
index e5518ff8..13378460 100644
--- a/data/web/css/build/015-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -77,4 +77,22 @@ li .dtr-data {
 table.dataTable>tbody>tr.child span.dtr-title {
     width: 30%;
     max-width: 250px;
-}
\ No newline at end of file
+}
+
+
+div.dataTables_wrapper div.dataTables_filter {
+    text-align: left;
+}
+div.dataTables_wrapper div.dataTables_length {
+    text-align: right;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+    margin: 10px 0!important;
+}
+
+td.dt-text-right {
+    text-align: end !important;
+}
+th.dt-text-right {
+    text-align: end !important;
+}
diff --git a/data/web/css/build/013-mailcow.css b/data/web/css/build/014-mailcow.css
similarity index 100%
rename from data/web/css/build/013-mailcow.css
rename to data/web/css/build/014-mailcow.css
diff --git a/data/web/css/build/014-responsive.css b/data/web/css/build/015-responsive.css
similarity index 96%
rename from data/web/css/build/014-responsive.css
rename to data/web/css/build/015-responsive.css
index a9877271..a626a384 100644
--- a/data/web/css/build/014-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -199,6 +199,13 @@
     display: none !important;
   }
 
+  div.dataTables_wrapper div.dataTables_length {
+    text-align: left;
+  }
+
+  .senders-mw220 {
+    max-width: 100% !important;
+  }
 }
 
 @media (max-width: 350px) {
diff --git a/data/web/css/site/quarantine.css b/data/web/css/site/quarantine.css
index 98a74d66..0455b7c1 100644
--- a/data/web/css/site/quarantine.css
+++ b/data/web/css/site/quarantine.css
@@ -1,102 +1,104 @@
-.pagination a {
-  text-decoration: none !important;
-}
-
-.panel.panel-default {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow: visible !important;
-}
-
-.table-responsive {
-  overflow-x: scroll !important;
-}
-
-.footer-add-item {
-  display: block;
-  text-align: center;
-  font-style: italic;
-  padding: 10px;
-  background: #F5F5F5;
-}
-
-@media (min-width: 992px) {
-  .container {
-    width: 100%;
-  }
-}
-@media (min-width: 1920px) {
-  .container {
-      width: 80%;
-  }
-}
-
-.mass-actions-quarantine {
-  user-select: none;
-}
-
-.inputMissingAttr {
-  border-color: #FF4136;
-}
-
-.modal#qidDetailModal p {
-  word-break: break-all;
-}
-
-span#qid_detail_score {
-  font-weight: 700;
-  margin-left: 5px;
-}
-
-span.rspamd-symbol {
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-  border-radius: 4px;
-  padding: 0 7px;
-}
-
-span.rspamd-symbol.positive {
-  background: #4CAF50;
-  border: 1px solid #4CAF50;
-  color: white;
-}
-
-span.rspamd-symbol.negative {
-  background: #ff4136;
-  border: 1px solid #ff4136;
-  color: white;
-}
-
-span.rspamd-symbol.neutral {
-  background: #f5f5f5;
-  color: #333;
-  border: 1px solid #ccc;
-}
-
-span.rspamd-symbol span.score {
-  font-weight: 700;
-}
-
-span.mail-address-item {
-  background-color: #f5f5f5;
-  border-radius: 4px;
-  border: 1px solid #ccc;
-  padding: 2px 7px;
-  display: inline-block;
-  margin: 2px 6px 2px 0;
-}
-
-table tbody tr {
-  cursor: pointer;
-}
-
-table tbody tr td input[type="checkbox"] {
-  cursor: pointer;
-}
-.label-rspamd-action {
-  font-size:110%;
-  margin:20px;
-}
-
+.pagination a {
+  text-decoration: none !important;
+}
+
+.panel.panel-default {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow: visible !important;
+}
+
+.table-responsive {
+  overflow-x: scroll !important;
+}
+
+.footer-add-item {
+  display: block;
+  text-align: center;
+  font-style: italic;
+  padding: 10px;
+  background: #F5F5F5;
+}
+
+@media (min-width: 992px) {
+  .container {
+    width: 100%;
+  }
+}
+@media (min-width: 1920px) {
+  .container {
+      width: 80%;
+  }
+}
+
+.mass-actions-quarantine {
+  user-select: none;
+}
+
+.inputMissingAttr {
+  border-color: #FF4136;
+}
+
+.modal#qidDetailModal p {
+  word-break: break-all;
+}
+
+span#qid_detail_score {
+  font-weight: 700;
+  margin-left: 5px;
+}
+
+span.rspamd-symbol {
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+  border-radius: 4px;
+  padding: 0 7px;
+}
+
+span.rspamd-symbol.positive {
+  background: #4CAF50;
+  border: 1px solid #4CAF50;
+  color: white;
+}
+
+span.rspamd-symbol.negative {
+  background: #ff4136;
+  border: 1px solid #ff4136;
+  color: white;
+}
+
+span.rspamd-symbol.neutral {
+  background: #f5f5f5;
+  color: #333;
+  border: 1px solid #ccc;
+}
+
+span.rspamd-symbol span.score {
+  font-weight: 700;
+}
+
+span.mail-address-item {
+  background-color: #f5f5f5;
+  border-radius: 4px;
+  border: 1px solid #ccc;
+  padding: 2px 7px;
+  display: inline-block;
+  margin: 2px 6px 2px 0;
+}
+
+table tbody tr {
+  cursor: pointer;
+}
+
+table tbody tr td input[type="checkbox"] {
+  cursor: pointer;
+}
+.label-rspamd-action {
+  font-size:110%;
+  margin:20px;
+}
+.senders-mw220 {
+  max-width: 220px;
+}
diff --git a/data/web/css/themes/lumen-bootstrap.css b/data/web/css/themes/lumen-bootstrap.css
index a7582237..bcf62683 100644
--- a/data/web/css/themes/lumen-bootstrap.css
+++ b/data/web/css/themes/lumen-bootstrap.css
@@ -11,7 +11,86 @@
  * Copyright 2011-2021 Twitter, Inc.
  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
  */
-@import url("https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,300;0,400;0,700;1,400&display=swap");
+
+/* source-sans-pro-300 - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 300;
+  src: url('/fonts/source-sans-pro-v21-latin-300.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-300.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-300.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-300.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-300italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 300;
+  src: url('/fonts/source-sans-pro-v21-latin-300italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-300italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-300italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-300italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-300italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-regular - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 400;
+  src: url('/fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 400;
+  src: url('/fonts/source-sans-pro-v21-latin-italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-700 - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: normal;
+  font-weight: 700;
+  src: url('/fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+/* source-sans-pro-700italic - latin */
+@font-face {
+  font-family: 'Source Sans Pro';
+  font-style: italic;
+  font-weight: 700;
+  src: url('/fonts/source-sans-pro-v21-latin-700italic.eot'); /* IE9 Compat Modes */
+  src: local(''),
+       url('/fonts/source-sans-pro-v21-latin-700italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
+       url('/fonts/source-sans-pro-v21-latin-700italic.woff2') format('woff2'), /* Super Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700italic.woff') format('woff'), /* Modern Browsers */
+       url('/fonts/source-sans-pro-v21-latin-700italic.ttf') format('truetype'), /* Safari, Android, iOS */
+       url('/fonts/source-sans-pro-v21-latin-700italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
+}
+
 :root {
   --bs-blue: #158cba;
   --bs-indigo: #6610f2;
diff --git a/data/web/css/themes/mailcow-darkmode.css b/data/web/css/themes/mailcow-darkmode.css
index e1824420..6e0db0e9 100644
--- a/data/web/css/themes/mailcow-darkmode.css
+++ b/data/web/css/themes/mailcow-darkmode.css
@@ -358,3 +358,11 @@ table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
     background: #333;
 }
 
+span.mail-address-item {
+    background-color: #333;
+    border-radius: 4px;
+    border: 1px solid #555;
+    padding: 2px 7px;
+    display: inline-block;
+    margin: 2px 6px 2px 0;
+}
diff --git a/data/web/debug.php b/data/web/debug.php
index 5618ec00..52052f68 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -11,6 +11,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $solr_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_SOLR"])) ? false : solr_status();
 $clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
 
+
+if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
+  $_SESSION['gal'] = json_decode($license_cache, true);
+}
+
 $js_minifier->add('/web/js/site/debug.js');
 
 // vmail df
@@ -54,11 +59,13 @@ $template_data = [
   'vmail_df' => $vmail_df,
   'hostname' => $hostname,
   'timezone' => $timezone,
+  'gal' => @$_SESSION['gal'],
   'license_guid' => license('guid'),
   'solr_status' => $solr_status,
   'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
   'clamd_status' => $clamd_status,
   'containers' => $containers,
+  'ip_check' => customize('get', 'ip_check'),
   'lang_admin' => json_encode($lang['admin']),
   'lang_debug' => json_encode($lang['debug']),
   'lang_datatables' => json_encode($lang['datatables']),
diff --git a/data/web/fonts/source-sans-pro-v21-latin-300.woff b/data/web/fonts/source-sans-pro-v21-latin-300.woff
new file mode 100644
index 00000000..e966494d
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-300.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-300.woff2 b/data/web/fonts/source-sans-pro-v21-latin-300.woff2
new file mode 100644
index 00000000..fed32a93
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-300.woff2 differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
new file mode 100644
index 00000000..c0dca072
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
new file mode 100644
index 00000000..a8e1fff2
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2 differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-700.woff b/data/web/fonts/source-sans-pro-v21-latin-700.woff
new file mode 100644
index 00000000..a6786d1f
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-700.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-700.woff2 b/data/web/fonts/source-sans-pro-v21-latin-700.woff2
new file mode 100644
index 00000000..cd6bfd0f
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-700.woff2 differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
new file mode 100644
index 00000000..729bdee9
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
new file mode 100644
index 00000000..b413356f
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2 differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-italic.woff b/data/web/fonts/source-sans-pro-v21-latin-italic.woff
new file mode 100644
index 00000000..f927419c
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-italic.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-italic.woff2 b/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
new file mode 100644
index 00000000..9448cd52
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-italic.woff2 differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-regular.woff b/data/web/fonts/source-sans-pro-v21-latin-regular.woff
new file mode 100644
index 00000000..db90a83e
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-regular.woff differ
diff --git a/data/web/fonts/source-sans-pro-v21-latin-regular.woff2 b/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
new file mode 100644
index 00000000..e49928e8
Binary files /dev/null and b/data/web/fonts/source-sans-pro-v21-latin-regular.woff2 differ
diff --git a/data/web/inc/functions.customize.inc.php b/data/web/inc/functions.customize.inc.php
index 16c5c036..6025d97d 100644
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -160,6 +160,25 @@ function customize($_action, $_item, $_data = null) {
             'msg' => 'ui_texts'
           );
         break;
+        case 'ip_check':
+          $ip_check = ($_data['ip_check_opt_in'] == "1") ? 1 : 0;
+          try {
+            $redis->set('IP_CHECK', $ip_check);
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_item, $_data),
+            'msg' => 'ip_check_opt_in_modified'
+          );
+        break;
       }
     break;
     case 'delete':
@@ -276,6 +295,20 @@ function customize($_action, $_item, $_data = null) {
             return false;
           }
         break;
+        case 'ip_check':
+          try {
+            $ip_check = ($ip_check = $redis->get('IP_CHECK')) ? $ip_check : 0;
+            return $ip_check;
+          }
+          catch (RedisException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_item, $_data),
+              'msg' => array('redis_error', $e)
+            );
+            return false;
+          }
+        break;
       }
     break;
   }
diff --git a/data/web/inc/functions.domain_admin.inc.php b/data/web/inc/functions.domain_admin.inc.php
index 804c0f83..bb88ea34 100644
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -1,407 +1,468 @@
-<?php
-function domain_admin($_action, $_data = null) {
-  global $pdo;
-  global $lang;
-  $_data_log = $_data;
-  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
-  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
-  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
-  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
-  switch ($_action) {
-    case 'add':
-      $username		= strtolower(trim($_data['username']));
-      $password		= $_data['password'];
-      $password2  = $_data['password2'];
-      $domains    = (array)$_data['domains'];
-      $active     = intval($_data['active']);
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      if (empty($domains)) {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'domain_invalid'
-        );
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('username_invalid', $username)
-        );
-        return false;
-      }
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
-      foreach ($num_results as $num_results_each) {
-        if ($num_results_each != 0) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('object_exists', htmlspecialchars($username))
-          );
-          return false;
-        }
-      }
-      if (password_check($password, $password2) !== true) {
-        continue;
-      }
-      $password_hashed = hash_password($password);
-      $valid_domains = 0;
-      foreach ($domains as $domain) {
-        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_invalid', htmlspecialchars($domain))
-          );
-          continue;
-        }
-        $valid_domains++;
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-            VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
-        ));
-      }
-      if ($valid_domains != 0) {
-        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
-          VALUES (:username, :password_hashed, '0', :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':password_hashed' => $password_hashed,
-          ':active' => $active
-        ));
-      }
-      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
-      $stmt->execute(array(
-        ':username' => $username
-      ));
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => array('domain_admin_added', htmlspecialchars($username))
-      );
-    break;
-    case 'edit':
-      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      // Administrator
-      if ($_SESSION['mailcow_cc_role'] == "admin") {
-        if (!is_array($_data['username'])) {
-          $usernames = array();
-          $usernames[] = $_data['username'];
-        }
-        else {
-          $usernames = $_data['username'];
-        }
-        foreach ($usernames as $username) {
-          $is_now = domain_admin('details', $username);
-          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
-          if (!empty($is_now)) {
-            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
-            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
-            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
-          }
-          else {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => 'access_denied'
-            );
-            continue;
-          }
-          $password     = $_data['password'];
-          $password2    = $_data['password2'];
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-                $_SESSION['return'][] = array(
-                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_data_log),
-                  'msg' => array('domain_invalid', htmlspecialchars($domain))
-                );
-                continue 2;
-              }
-            }
-          }
-          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => array('username_invalid', $username_new)
-            );
-            continue;
-          }
-          if ($username_new != $username) {
-            if (!empty(domain_admin('details', $username_new)['username'])) {
-              $_SESSION['return'][] = array(
-                'type' => 'danger',
-                'log' => array(__FUNCTION__, $_action, $_data_log),
-                'msg' => array('username_invalid', $username_new)
-              );
-              continue;
-            }
-          }
-          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username' => $username,
-          ));
-          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
-          $stmt->execute(array(
-            ':username_new' => $username_new,
-            ':username' => $username
-          ));
-          if (!empty($domains)) {
-            foreach ($domains as $domain) {
-              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-                VALUES (:username_new, :domain, :created, :active)");
-              $stmt->execute(array(
-                ':username_new' => $username_new,
-                ':domain' => $domain,
-                ':created' => date('Y-m-d H:i:s'),
-                ':active' => $active
-              ));
-            }
-          }
-          if (!empty($password)) {
-            if (password_check($password, $password2) !== true) {
-              return false;
-            }
-            $password_hashed = hash_password($password);
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-            $stmt->execute(array(
-              ':password_hashed' => $password_hashed,
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          else {
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
-            $stmt->execute(array(
-              ':username_new' => $username_new,
-              ':username' => $username,
-              ':active' => $active
-            ));
-            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
-            }
-            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
-          }
-          $_SESSION['return'][] = array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_admin_modified', htmlspecialchars($username))
-          );
-        }
-        return true;
-      }
-      // Domain administrator
-      // Can only edit itself
-      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
-        $username = $_SESSION['mailcow_cc_username'];
-        $password_old		= $_data['user_old_pass'];
-        $password_new	= $_data['user_new_pass'];
-        $password_new2	= $_data['user_new_pass2'];
-
-        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-            WHERE `username` = :user");
-        $stmt->execute(array(':user' => $username));
-        $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!verify_hash($row['password'], $password_old)) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'access_denied'
-          );
-          return false;
-        }
-        if (password_check($password_new, $password_new2) !== true) {
-          return false;
-        }
-        $password_hashed = hash_password($password_new);
-        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
-        $stmt->execute(array(
-          ':password_hashed' => $password_hashed,
-          ':username' => $username
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_modified', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $usernames = (array)$_data['username'];
-      foreach ($usernames as $username) {
-        if (empty(domain_admin('details', $username))) {
-          $_SESSION['return'][] = array(
-            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('username_invalid', $username)
-          );
-          continue;
-        }
-        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
-        $stmt->execute(array(
-          ':username' => $username,
-        ));
-        $_SESSION['return'][] = array(
-          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_removed', htmlspecialchars($username))
-        );
-      }
-    break;
-    case 'get':
-      $domainadmins = array();
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
-          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
-        );
-        return false;
-      }
-      $stmt = $pdo->query("SELECT DISTINCT
-        `username`
-          FROM `domain_admins`
-            WHERE `username` IN (
-              SELECT `username` FROM `admin`
-                WHERE `superadmin`!='1'
-            )");
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while ($row = array_shift($rows)) {
-        $domainadmins[] = $row['username'];
-      }
-      return $domainadmins;
-    break;
-    case 'details':
-      $domainadmindata = array();
-      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
-        return false;
-      }
-      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
-      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
-        return false;
-      }
-      $stmt = $pdo->prepare("SELECT
-        `tfa`.`active` AS `tfa_active`,
-        `domain_admins`.`username`,
-        `domain_admins`.`created`,
-        `domain_admins`.`active` AS `active`
-          FROM `domain_admins`
-          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
-            WHERE `domain_admins`.`username`= :domain_admin");
-      $stmt->execute(array(
-        ':domain_admin' => $_data
-      ));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if (empty($row)) {
-        return false;
-      }
-      $domainadmindata['username'] = $row['username'];
-      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['active'] = $row['active'];
-      $domainadmindata['active_int'] = $row['active'];
-      $domainadmindata['created'] = $row['created'];
-      // GET SELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['selected_domains'][] = $row['domain'];
-      }
-      // GET UNSELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` NOT IN (
-          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
-        $domainadmindata['unselected_domains'][] = $row['domain'];
-      }
-      if (!isset($domainadmindata['unselected_domains'])) {
-        $domainadmindata['unselected_domains'] = "";
-      }
-
-      return $domainadmindata;
-    break;
-  }
-}
+<?php
+function domain_admin($_action, $_data = null) {
+  global $pdo;
+  global $lang;
+  $_data_log = $_data;
+  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
+  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
+  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
+  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
+  switch ($_action) {
+    case 'add':
+      $username		= strtolower(trim($_data['username']));
+      $password		= $_data['password'];
+      $password2  = $_data['password2'];
+      $domains    = (array)$_data['domains'];
+      $active     = intval($_data['active']);
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      if (empty($domains)) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'domain_invalid'
+        );
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('username_invalid', $username)
+        );
+        return false;
+      }
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      foreach ($num_results as $num_results_each) {
+        if ($num_results_each != 0) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('object_exists', htmlspecialchars($username))
+          );
+          return false;
+        }
+      }
+      if (password_check($password, $password2) !== true) {
+        continue;
+      }
+      $password_hashed = hash_password($password);
+      $valid_domains = 0;
+      foreach ($domains as $domain) {
+        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_invalid', htmlspecialchars($domain))
+          );
+          continue;
+        }
+        $valid_domains++;
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+            VALUES (:username, :domain, :created, :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':domain' => $domain,
+          ':created' => date('Y-m-d H:i:s'),
+          ':active' => $active
+        ));
+      }
+      if ($valid_domains != 0) {
+        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+          VALUES (:username, :password_hashed, '0', :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':password_hashed' => $password_hashed,
+          ':active' => $active
+        ));
+      }
+      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $_action, $_data_log),
+        'msg' => array('domain_admin_added', htmlspecialchars($username))
+      );
+    break;
+    case 'edit':
+      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      // Administrator
+      if ($_SESSION['mailcow_cc_role'] == "admin") {
+        if (!is_array($_data['username'])) {
+          $usernames = array();
+          $usernames[] = $_data['username'];
+        }
+        else {
+          $usernames = $_data['username'];
+        }
+        foreach ($usernames as $username) {
+          $is_now = domain_admin('details', $username);
+          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
+          if (!empty($is_now)) {
+            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
+            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
+          }
+          else {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => 'access_denied'
+            );
+            continue;
+          }
+          $password     = $_data['password'];
+          $password2    = $_data['password2'];
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+                $_SESSION['return'][] = array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $_action, $_data_log),
+                  'msg' => array('domain_invalid', htmlspecialchars($domain))
+                );
+                continue 2;
+              }
+            }
+          }
+          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'msg' => array('username_invalid', $username_new)
+            );
+            continue;
+          }
+          if ($username_new != $username) {
+            if (!empty(domain_admin('details', $username_new)['username'])) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_data_log),
+                'msg' => array('username_invalid', $username_new)
+              );
+              continue;
+            }
+          }
+          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username' => $username,
+          ));
+          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
+          $stmt->execute(array(
+            ':username_new' => $username_new,
+            ':username' => $username
+          ));
+          if (!empty($domains)) {
+            foreach ($domains as $domain) {
+              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+                VALUES (:username_new, :domain, :created, :active)");
+              $stmt->execute(array(
+                ':username_new' => $username_new,
+                ':domain' => $domain,
+                ':created' => date('Y-m-d H:i:s'),
+                ':active' => $active
+              ));
+            }
+          }
+          if (!empty($password)) {
+            if (password_check($password, $password2) !== true) {
+              return false;
+            }
+            $password_hashed = hash_password($password);
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+            $stmt->execute(array(
+              ':password_hashed' => $password_hashed,
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          else {
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
+            $stmt->execute(array(
+              ':username_new' => $username_new,
+              ':username' => $username,
+              ':active' => $active
+            ));
+            if (isset($_data['disable_tfa'])) {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt->execute(array(':username' => $username));
+            }
+            else {
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+            }
+          }
+          $_SESSION['return'][] = array(
+            'type' => 'success',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('domain_admin_modified', htmlspecialchars($username))
+          );
+        }
+        return true;
+      }
+      // Domain administrator
+      // Can only edit itself
+      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
+        $username = $_SESSION['mailcow_cc_username'];
+        $password_old		= $_data['user_old_pass'];
+        $password_new	= $_data['user_new_pass'];
+        $password_new2	= $_data['user_new_pass2'];
+
+        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+            WHERE `username` = :user");
+        $stmt->execute(array(':user' => $username));
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (!verify_hash($row['password'], $password_old)) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => 'access_denied'
+          );
+          return false;
+        }
+        if (password_check($password_new, $password_new2) !== true) {
+          return false;
+        }
+        $password_hashed = hash_password($password_new);
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
+        $stmt->execute(array(
+          ':password_hashed' => $password_hashed,
+          ':username' => $username
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_modified', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'delete':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $usernames = (array)$_data['username'];
+      foreach ($usernames as $username) {
+        if (empty(domain_admin('details', $username))) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'msg' => array('username_invalid', $username)
+          );
+          continue;
+        }
+        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
+        $stmt->execute(array(
+          ':username' => $username,
+        ));
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('domain_admin_removed', htmlspecialchars($username))
+        );
+      }
+    break;
+    case 'get':
+      $domainadmins = array();
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+      $stmt = $pdo->query("SELECT DISTINCT
+        `username`
+          FROM `domain_admins`
+            WHERE `username` IN (
+              SELECT `username` FROM `admin`
+                WHERE `superadmin`!='1'
+            )");
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while ($row = array_shift($rows)) {
+        $domainadmins[] = $row['username'];
+      }
+      return $domainadmins;
+    break;
+    case 'details':
+      $domainadmindata = array();
+      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
+        return false;
+      }
+      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
+        return false;
+      }
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
+        return false;
+      }
+      $stmt = $pdo->prepare("SELECT
+        `tfa`.`active` AS `tfa_active`,
+        `domain_admins`.`username`,
+        `domain_admins`.`created`,
+        `domain_admins`.`active` AS `active`
+          FROM `domain_admins`
+          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
+            WHERE `domain_admins`.`username`= :domain_admin");
+      $stmt->execute(array(
+        ':domain_admin' => $_data
+      ));
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      if (empty($row)) {
+        return false;
+      }
+      $domainadmindata['username'] = $row['username'];
+      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['active'] = $row['active'];
+      $domainadmindata['active_int'] = $row['active'];
+      $domainadmindata['created'] = $row['created'];
+      // GET SELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['selected_domains'][] = $row['domain'];
+      }
+      // GET UNSELECTED
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+        WHERE `domain` NOT IN (
+          SELECT `domain` FROM `domain_admins`
+            WHERE `username`= :domain_admin)");
+      $stmt->execute(array(':domain_admin' => $_data));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $domainadmindata['unselected_domains'][] = $row['domain'];
+      }
+      if (!isset($domainadmindata['unselected_domains'])) {
+        $domainadmindata['unselected_domains'] = "";
+      }
+
+      return $domainadmindata;
+    break;
+  }
+}
+function domain_admin_sso($_action, $_data) {
+  global $pdo;
+
+  switch ($_action) {
+    case 'check':
+      $token = $_data;
+
+      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `da_sso` AS `t1` JOIN `admin` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL '30' SECOND) AND `t2`.`active` = 1 AND `t2`.`superadmin` = 0;");
+      $stmt->execute(array(
+        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token)
+      ));
+      $return = $stmt->fetch(PDO::FETCH_ASSOC);
+      return empty($return['username']) ? false : $return['username'];
+    case 'issue':
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }
+
+      $username = $_data['username'];
+
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+        WHERE `username` = :username");
+      $stmt->execute(array(':username' => $username));
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+
+      if ($num_results < 1) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data),
+          'msg' => array('object_doesnt_exist', htmlspecialchars($username))
+        );
+        return false;
+      }
+
+      $token = implode('-', array(
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3))),
+        strtoupper(bin2hex(random_bytes(3)))
+      ));
+
+      $stmt = $pdo->prepare("INSERT INTO `da_sso` (`username`, `token`)
+            VALUES (:username, :token)");
+      $stmt->execute(array(
+        ':username' => $username,
+        ':token' => $token
+      ));
+
+      // perform cleanup
+      $pdo->query("DELETE FROM `da_sso` WHERE created < DATE_SUB(NOW(), INTERVAL '30' SECOND);");
+
+      return ['token' => $token];
+    break;
+  }
+}
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3bab56bb..de1855fa 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1739,7 +1739,7 @@ function verify_tfa_login($username, $_data) {
               $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'authenticator not found')
+                  'msg' => array('webauthn_authenticator_failed')
               );
               return false;
             } 
@@ -1748,11 +1748,20 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                     'type' => 'danger',
                     'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
+                    'msg' => array('webauthn_publickey_failed')
                 );
                 return false;
             }
 
+            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
+              $_SESSION['return'][] =  array(
+                  'type' => 'danger',
+                  'log' => array(__FUNCTION__, $username, '*'),
+                  'msg' => array('webauthn_username_failed')
+              );
+              return false;
+            }
+
             try {
                 $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
             }
@@ -1784,21 +1793,12 @@ function verify_tfa_login($username, $_data) {
                 $_SESSION['return'][] =  array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'could not determine user role')
+                  'msg' => array('webauthn_role_failed')
                 );
                 return false;
               }
             }
 
-            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
-                $_SESSION['return'][] =  array(
-                    'type' => 'danger',
-                    'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
-                );
-                return false;
-            }
-
             $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
             $_SESSION['tfa_id'] = $process_webauthn['id'];
             $_SESSION['authReq'] = null;
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 55c8d6bc..4529ee7b 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1420,11 +1420,11 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           // check attributes
           $attr = array();
           $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
-          $attr['max_num_aliases_for_domain'] = (isset($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 0;
-          $attr['max_num_mboxes_for_domain']  = (isset($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 0;
-          $attr['def_quota_for_mbox']         = (isset($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 0;
-          $attr['max_quota_for_mbox']         = (isset($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 0;
-          $attr['max_quota_for_domain']       = (isset($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 0;
+          $attr['max_num_aliases_for_domain'] = (!empty($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 400;
+          $attr['max_num_mboxes_for_domain']  = (!empty($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 10;
+          $attr['def_quota_for_mbox']         = (!empty($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 3072 * 1048576;
+          $attr['max_quota_for_mbox']         = (!empty($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 10240 * 1048576;
+          $attr['max_quota_for_domain']       = (!empty($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 10240 * 1048576;
           $attr['rl_frame']                   = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
           $attr['rl_value']                   = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
           $attr['active']                     = isset($_data['active']) ? intval($_data['active']) : 1;
@@ -1435,7 +1435,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
           $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
 
-
           // save template
           $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
             VALUES (:type, :template, :attributes)");
@@ -2880,67 +2879,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                 $_SESSION['return'][] = array(
                   'type' => 'danger',
                   'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'access_denied'
+                  'msg' => 'extended_sender_acl_denied'
                 );
-                return false;
               }
-              $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
-              foreach ($extra_acls as $i => &$extra_acl) {
-                if (empty($extra_acl)) {
-                  continue;
-                }
-                if (substr($extra_acl, 0, 1) === "@") {
-                  $extra_acl = ltrim($extra_acl, '@');
-                }
-                if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
-                  $_SESSION['return'][] = array(
-                    'type' => 'danger',
-                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                    'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
-                  );
-                  unset($extra_acls[$i]);
-                  continue;
-                }
-                $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
-                if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
-                  $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
-                  if (in_array($extra_acl_domain, $domains)) {
+              else {
+                $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
+                foreach ($extra_acls as $i => &$extra_acl) {
+                  if (empty($extra_acl)) {
+                    continue;
+                  }
+                  if (substr($extra_acl, 0, 1) === "@") {
+                    $extra_acl = ltrim($extra_acl, '@');
+                  }
+                  if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
                     $_SESSION['return'][] = array(
                       'type' => 'danger',
                       'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                     );
                     unset($extra_acls[$i]);
                     continue;
                   }
-                }
-                else {
-                  if (in_array($extra_acl, $domains)) {
-                    $_SESSION['return'][] = array(
-                      'type' => 'danger',
-                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
-                    );
-                    unset($extra_acls[$i]);
-                    continue;
+                  $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
+                  if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
+                    $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
+                    if (in_array($extra_acl_domain, $domains)) {
+                      $_SESSION['return'][] = array(
+                        'type' => 'danger',
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      );
+                      unset($extra_acls[$i]);
+                      continue;
+                    }
+                  }
+                  else {
+                    if (in_array($extra_acl, $domains)) {
+                      $_SESSION['return'][] = array(
+                        'type' => 'danger',
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      );
+                      unset($extra_acls[$i]);
+                      continue;
+                    }
+                    $extra_acl = '@' . $extra_acl;
                   }
-                  $extra_acl = '@' . $extra_acl;
                 }
-              }
-              $extra_acls = array_filter($extra_acls);
-              $extra_acls = array_values($extra_acls);
-              $extra_acls = array_unique($extra_acls);
-              $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
-              $stmt->execute(array(
-                ':username' => $username
-              ));
-              foreach ($extra_acls as $sender_acl_external) {
-                $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
-                  VALUES (:sender_acl, :username, 1)");
+                $extra_acls = array_filter($extra_acls);
+                $extra_acls = array_values($extra_acls);
+                $extra_acls = array_unique($extra_acls);
+                $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
                 $stmt->execute(array(
-                  ':sender_acl' => $sender_acl_external,
                   ':username' => $username
                 ));
+                foreach ($extra_acls as $sender_acl_external) {
+                  $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
+                    VALUES (:sender_acl, :username, 1)");
+                  $stmt->execute(array(
+                    ':sender_acl' => $sender_acl_external,
+                    ':username' => $username
+                  ));
+                }
               }
             }
             if (isset($_data['sender_acl'])) {
@@ -4756,15 +4756,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               ":id" => $id,
               ":type" => "domain",
               ":template" => "Default"
-            )); 
-          }
+            ));
 
-          $_SESSION['return'][] = array(
-            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-            'msg' => 'template_removed'
-          );
-          return true;
+            $_SESSION['return'][] = array(
+              'type' => 'success',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => array('template_removed', htmlspecialchars($id))
+            );
+            return true;
+          }
         break;
         case 'alias':
           if (!is_array($_data['id'])) {
@@ -5171,15 +5171,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $tags = $_data['tags'];
           if (!is_array($tags)) $tags = array();
 
-          
-          if ($_SESSION['mailcow_cc_role'] != "admin") {
-            $_SESSION['return'][] = array(
-              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-              'msg' => 'access_denied'
-            );
-            return false;
-          }
 
           $wasModified = false;
           foreach ($domains as $domain) {            
@@ -5191,7 +5182,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => 'access_denied'
+              );
+              return false;
+            }
+            
             foreach($tags as $tag){
               // delete tag
               $wasModified = true;
@@ -5265,7 +5264,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
       }
     break;
   }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource')) && getenv('SKIP_SOGO') != "y") {
     update_sogo_static_view();
   }
 }
diff --git a/data/web/inc/functions.pushover.inc.php b/data/web/inc/functions.pushover.inc.php
index 74e8bb1c..5393c0d5 100644
--- a/data/web/inc/functions.pushover.inc.php
+++ b/data/web/inc/functions.pushover.inc.php
@@ -51,6 +51,7 @@ function pushover($_action, $_data = null) {
           $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
           $evaluate_x_prio = (isset($_data['evaluate_x_prio'])) ? intval($_data['evaluate_x_prio']) : $is_now['evaluate_x_prio'];
           $only_x_prio = (isset($_data['only_x_prio'])) ? intval($_data['only_x_prio']) : $is_now['only_x_prio'];
+          $sound = (isset($_data['sound'])) ? $_data['sound'] : $is_now['sound'];
         }
         else {
           $_SESSION['return'][] = array(
@@ -101,7 +102,8 @@ function pushover($_action, $_data = null) {
         $po_attributes = json_encode(
           array(
             'evaluate_x_prio' => strval(intval($evaluate_x_prio)),
-            'only_x_prio' => strval(intval($only_x_prio))
+            'only_x_prio' => strval(intval($only_x_prio)),
+            'sound' => strval($sound)
           )
         );
         $stmt = $pdo->prepare("REPLACE INTO `pushover` (`username`, `key`, `attributes`, `senders_regex`, `senders`, `token`, `title`, `text`, `active`)
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index d43c9060..e286ab55 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -1,1464 +1,1478 @@
-<?php
-function init_db_schema() {
-  try {
-    global $pdo;
-
-    $db_version = "16112022_1325";
-
-    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
-      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
-        return true;
-      }
-      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
-        $_SESSION['return'][] = array(
-          'type' => 'warning',
-          'log' => array(__FUNCTION__),
-          'msg' => 'Database not initialized: not running db_init on slave.'
-        );
-        return true;
-      }
-    }
-
-    $views = array(
-      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
-        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
-        WHERE address!=goto
-        AND active = '1'
-        AND sogo_visible = '1'
-        AND address NOT LIKE '@%'
-        GROUP BY goto;",
-      // START
-      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
-      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
-      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%'
-        GROUP BY logged_in_as;",
-      // END 
-      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
-        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-        WHERE send_as NOT LIKE '@%' AND external = '1'
-        GROUP BY logged_in_as;",
-      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
-        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
-        LEFT OUTER JOIN alias_domain ON target_domain=domain
-        GROUP BY username;",
-      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'prefilter';",
-      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
-        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
-        WHERE filter_type = 'postfilter';"
-    );
-
-    $tables = array(
-      "versions" => array(
-        "cols" => array(
-          "application" => "VARCHAR(255) NOT NULL",
-          "version" => "VARCHAR(100) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("application")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "admin" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "fido2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "friendlyName" => "VARCHAR(255)",
-          "rpId" => "VARCHAR(255) NOT NULL",
-          "credentialPublicKey" => "TEXT NOT NULL",
-          "certificateChain" => "TEXT",
-          // Can be null for format "none"
-          "certificate" => "TEXT",
-          "certificateIssuer" => "VARCHAR(255)",
-          "certificateSubject" => "VARCHAR(255)",
-          "signatureCounter" => "INT",
-          "AAGUID" => "BLOB",
-          "credentialId" => "BLOB NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "_sogo_static_view" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "c_cn" => "VARCHAR(255)",
-          "mail" => "VARCHAR(255) NOT NULL",
-          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
-          "aliases" => "TEXT NOT NULL",
-          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "relayhosts" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "hostname" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "hostname" => array("hostname")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "transports" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "destination" => "VARCHAR(255) NOT NULL",
-          "nexthop" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "destination" => array("destination"),
-            "nexthop" => array("nexthop"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "private_comment" => "TEXT",
-          "public_comment" => "TEXT",
-          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "address" => array("address")
-          ),
-          "key" => array(
-            "domain" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "api" => array(
-        "cols" => array(
-          "api_key" => "VARCHAR(255) NOT NULL",
-          "allow_from" => "VARCHAR(512) NOT NULL",
-          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE NOW(0)",
-          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("api_key")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sender_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "logged_in_as" => "VARCHAR(255) NOT NULL",
-          "send_as" => "VARCHAR(255) NOT NULL",
-          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "templates" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "template" => "VARCHAR(255) NOT NULL",
-          "type" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "domain" => array(
-        // Todo: Move some attributes to json
-        "cols" => array(
-          "domain" => "VARCHAR(255) NOT NULL",
-          "description" => "VARCHAR(255)",
-          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
-          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
-          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
-          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
-          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_domain" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_domain" => array(
-              "col" => "domain",
-              "ref" => "domain.domain",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tls_policy_override" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "dest" => "VARCHAR(255) NOT NULL",
-          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
-          "parameters" => "VARCHAR(255) DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "unique" => array(
-            "dest" => array("dest")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quarantine" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "qid" => "VARCHAR(30) NOT NULL",
-          "subject" => "VARCHAR(500)",
-          "score" => "FLOAT(8,2)",
-          "ip" => "VARCHAR(50)",
-          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
-          "symbols" => "JSON",
-          "fuzzy_hashes" => "JSON",
-          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-          "rcpt" => "VARCHAR(255)",
-          "msg" => "LONGTEXT",
-          "domain" => "VARCHAR(255)",
-          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "mailbox" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "name" => "VARCHAR(255)",
-          "description" => "VARCHAR(255)",
-          // mailbox_path_prefix is followed by domain/local_part/
-          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
-          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
-          "local_part" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "key" => array(
-            "domain" => array("domain"),
-            "kind" => array("kind")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tags_mailbox" => array(
-        "cols" => array(
-          "tag_name" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "fkey" => array(
-            "fk_tags_mailbox" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          ),
-          "unique" => array(
-            "tag_name" => array("tag_name", "username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sieve_filters" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "script_desc" => "VARCHAR(255) NOT NULL",
-          "script_name" => "ENUM('active','inactive')",
-          "script_data" => "TEXT NOT NULL",
-          "filter_type" => "ENUM('postfilter','prefilter')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "script_desc" => array("script_desc")
-          ),
-          "fkey" => array(
-            "fk_username_sieve_global_before" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "app_passwd" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "name" => "VARCHAR(255) NOT NULL",
-          "mailbox" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "password" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "mailbox" => array("mailbox"),
-            "password" => array("password"),
-            "domain" => array("domain"),
-          ),
-          "fkey" => array(
-            "fk_username_app_passwd" => array(
-              "col" => "mailbox",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "user_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          // quarantine is for quarantine actions, todo: rename
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          ),
-          "fkey" => array(
-            "fk_username" => array(
-              "col" => "username",
-              "ref" => "mailbox.username",
-              "delete" => "CASCADE",
-              "update" => "NO ACTION"
-            )
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "alias_domain" => array(
-        "cols" => array(
-          "alias_domain" => "VARCHAR(255) NOT NULL",
-          "target_domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("alias_domain")
-          ),
-          "key" => array(
-            "active" => array("active"),
-            "target_domain" => array("target_domain")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "spamalias" => array(
-        "cols" => array(
-          "address" => "VARCHAR(255) NOT NULL",
-          "goto" => "TEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "validity" => "INT(11)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("address")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "filterconf" => array(
-        "cols" => array(
-          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
-          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("prefid")
-          ),
-          "key" => array(
-            "object" => array("object")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "settingsmap" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "desc" => "VARCHAR(255) NOT NULL",
-          "content" => "LONGTEXT NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "logs" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
-          "type" => "VARCHAR(32) DEFAULT ''",
-          "msg" => "TEXT",
-          "call" => "TEXT",
-          "user" => "VARCHAR(64) NOT NULL",
-          "role" => "VARCHAR(32) NOT NULL",
-          "remote" => "VARCHAR(39) NOT NULL",
-          "time" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sasl_log" => array(
-        "cols" => array(
-          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
-          "app_password" => "INT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "real_rip" => "VARCHAR(64) NOT NULL",
-          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("service", "real_rip", "username")
-          ),
-          "key" => array(
-            "username" => array("username"),
-            "service" => array("service"),
-            "datetime" => array("datetime"),
-            "real_rip" => array("real_rip")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "quota2replica" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
-          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "domain_admins" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "username" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "username" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "da_acl" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
-          ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "imapsync" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "user2" => "VARCHAR(255) NOT NULL",
-          "host1" => "VARCHAR(255) NOT NULL",
-          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
-          "regextrans2" => "VARCHAR(255) DEFAULT ''",
-          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
-          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
-          "user1" => "VARCHAR(255) NOT NULL",
-          "password1" => "VARCHAR(255) NOT NULL",
-          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
-          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
-          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
-          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
-          "port1" => "SMALLINT UNSIGNED NOT NULL",
-          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
-          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
-          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
-          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
-          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "returned_text" => "LONGTEXT",
-          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
-          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
-          "exit_status" => "VARCHAR(50) DEFAULT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "bcc_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "local_dest" => "VARCHAR(255) NOT NULL",
-          "bcc_dest" => "VARCHAR(255) NOT NULL",
-          "domain" => "VARCHAR(255) NOT NULL",
-          "type" => "ENUM('sender','rcpt')",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("local_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "recipient_maps" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "old_dest" => "VARCHAR(255) NOT NULL",
-          "new_dest" => "VARCHAR(255) NOT NULL",
-          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
-          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "local_dest" => array("old_dest"),
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "tfa" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "key_id" => "VARCHAR(255) NOT NULL",
-          "username" => "VARCHAR(255) NOT NULL",
-          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
-          "secret" => "VARCHAR(255) DEFAULT NULL",
-          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
-          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
-          "counter" => "INT NOT NULL DEFAULT '0'",
-          "certificate" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "forwarding_hosts" => array(
-        "cols" => array(
-          "host" => "VARCHAR(255) NOT NULL",
-          "source" => "VARCHAR(255) NOT NULL",
-          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("host")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_acl" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_folder_id" => "INT NOT NULL",
-          "c_object" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_role" => "VARCHAR(80) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          ),
-          "key" => array(
-            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
-            "sogo_acl_c_uid_idx" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_alarms_folder" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_recurrence_id" => "INT(11) DEFAULT NULL",
-          "c_alarm_number" => "INT(11) NOT NULL",
-          "c_alarm_date" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_cache_folder" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
-          "c_type" => "TINYINT(3) unsigned NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastmodified" => "INT(11) NOT NULL",
-          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
-          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
-          "c_content" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid", "c_path")
-          ),
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_folder_info" => array(
-        "cols" => array(
-          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
-          "c_path" => "VARCHAR(255) NOT NULL",
-          "c_path1" => "VARCHAR(255) NOT NULL",
-          "c_path2" => "VARCHAR(255) DEFAULT NULL",
-          "c_path3" => "VARCHAR(255) DEFAULT NULL",
-          "c_path4" => "VARCHAR(255) DEFAULT NULL",
-          "c_foldername" => "VARCHAR(255) NOT NULL",
-          "c_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
-          "c_folder_type" => "VARCHAR(255) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_path")
-          ),
-          "unique" => array(
-            "c_folder_id" => array("c_folder_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_appointment" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_uid" => "VARCHAR(1000) NOT NULL",
-          "c_startdate" => "INT",
-          "c_enddate" => "INT",
-          "c_cycleenddate" => "INT",
-          "c_title" => "VARCHAR(1000) NOT NULL",
-          "c_participants" => "TEXT",
-          "c_isallday" => "INT",
-          "c_iscycle" => "INT",
-          "c_cycleinfo" => "TEXT",
-          "c_classification" => "INT NOT NULL",
-          "c_isopaque" => "INT NOT NULL",
-          "c_status" => "INT NOT NULL",
-          "c_priority" => "INT",
-          "c_location" => "VARCHAR(255)",
-          "c_orgmail" => "VARCHAR(255)",
-          "c_partmails" => "TEXT",
-          "c_partstates" => "TEXT",
-          "c_category" => "VARCHAR(255)",
-          "c_sequence" => "INT",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_nextalarm" => "INT",
-          "c_description" => "TEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_quick_contact" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_givenname" => "VARCHAR(255)",
-          "c_cn" => "VARCHAR(255)",
-          "c_sn" => "VARCHAR(255)",
-          "c_screenname" => "VARCHAR(255)",
-          "c_l" => "VARCHAR(255)",
-          "c_mail" => "TEXT",
-          "c_o" => "VARCHAR(500)",
-          "c_ou" => "VARCHAR(255)",
-          "c_telephonenumber" => "VARCHAR(255)",
-          "c_categories" => "VARCHAR(255)",
-          "c_component" => "VARCHAR(10) NOT NULL",
-          "c_hascertificate" => "INT4 DEFAULT 0"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_sessions_folder" => array(
-        "cols" => array(
-          "c_id" => "VARCHAR(255) NOT NULL",
-          "c_value" => "VARCHAR(4096) NOT NULL",
-          "c_creationdate" => "INT(11) NOT NULL",
-          "c_lastseen" => "INT(11) NOT NULL"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_store" => array(
-        "cols" => array(
-          "c_folder_id" => "INT NOT NULL",
-          "c_name" => "VARCHAR(255) NOT NULL",
-          "c_content" => "MEDIUMTEXT NOT NULL",
-          "c_creationdate" => "INT NOT NULL",
-          "c_lastmodified" => "INT NOT NULL",
-          "c_version" => "INT NOT NULL",
-          "c_deleted" => "INT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_folder_id", "c_name")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "pushover" => array(
-        "cols" => array(
-          "username" => "VARCHAR(255) NOT NULL",
-          "key" => "VARCHAR(255) NOT NULL",
-          "token" => "VARCHAR(255) NOT NULL",
-          "attributes" => "JSON",
-          "title" => "TEXT",
-          "text" => "TEXT",
-          "senders" => "TEXT",
-          "senders_regex" => "TEXT",
-          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("username")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "sogo_user_profile" => array(
-        "cols" => array(
-          "c_uid" => "VARCHAR(255) NOT NULL",
-          "c_defaults" => "LONGTEXT",
-          "c_settings" => "LONGTEXT"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("c_uid")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_clients" => array(
-        "cols" => array(
-          "id" => "INT NOT NULL AUTO_INCREMENT",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "client_secret" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "grant_types" => "VARCHAR(80)",
-          "scope" => "VARCHAR(4000)",
-          "user_id" => "VARCHAR(80)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("client_id")
-          ),
-          "unique" => array(
-            "id" => array("id")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_access_tokens" => array(
-        "cols" => array(
-          "access_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("access_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_authorization_codes" => array(
-        "cols" => array(
-          "authorization_code" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "redirect_uri" => "VARCHAR(2000)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)",
-          "id_token" => "VARCHAR(1000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("authorization_code")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      ),
-      "oauth_refresh_tokens" => array(
-        "cols" => array(
-          "refresh_token" => "VARCHAR(40) NOT NULL",
-          "client_id" => "VARCHAR(80) NOT NULL",
-          "user_id" => "VARCHAR(80)",
-          "expires" => "TIMESTAMP NOT NULL",
-          "scope" => "VARCHAR(4000)"
-        ),
-        "keys" => array(
-          "primary" => array(
-            "" => array("refresh_token")
-          )
-        ),
-        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
-      )
-    );
-
-    foreach ($tables as $table => $properties) {
-      // Migrate to quarantine
-      if ($table == 'quarantine') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
-          }
-        }
-      }
-
-      // Migrate tls_enforce_* options
-      if ($table == 'mailbox') {
-        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
-        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-        if ($num_results != 0) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
-            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-            while ($row = array_shift($tls_options_rows)) {
-              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
-            }
-          }
-        }
-      }
-
-      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
-      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results != 0) {
-        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
-          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
-        $stmt->execute(array(':table' => $table));
-        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-        while ($row = array_shift($rows)) {
-          $pdo->query($row['FKEY_DROP']);
-        }
-        foreach($properties['cols'] as $column => $type) {
-          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results == 0) {
-            if (strpos($type, 'AUTO_INCREMENT') !== false) {
-              $type = $type . ' PRIMARY KEY ';
-              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-              }
-            }
-            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
-          }
-          else {
-            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
-          }
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
-              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
-            }
-          }
-          if (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
-              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-              if ($num_results != 0) {
-                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
-              }
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
-            }
-          }
-        }
-        // Drop all vanished columns
-        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`"); 
-        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        while ($row = array_shift($cols_in_table)) {
-          if (!array_key_exists($row['Field'], $properties['cols'])) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
-          }
-        }
-
-        // Step 1: Get all non-primary keys, that currently exist and those that should exist
-        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'"); 
-        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
-        $keys_to_exist = array();
-        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
-          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
-          foreach ($properties['keys']['key'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Index for foreign key must exist
-        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
-          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
-             $keys_to_exist[] = $key_name;
-          }
-        }
-        // Step 2: Drop all vanished indexes
-        while ($row = array_shift($keys_in_table)) {
-          if (!in_array($row['Key_name'], $keys_to_exist)) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
-          }
-        }
-        // Step 3: Drop all vanished primary keys
-        if (!isset($properties['keys']['primary'])) {
-          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
-          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-          if ($num_results != 0) {
-            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
-          }
-        }
-      }
-      else {
-        // Create table if it is missing
-        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
-        foreach($properties['cols'] as $column => $type) {
-          $sql .= "`" . $column . "` " . $type . ",";
-        }
-        foreach($properties['keys'] as $key_type => $key_content) {
-          if (strtolower($key_type) == 'primary') {
-            foreach ($key_content as $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'key') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'unique') {
-            foreach ($key_content as $key_name => $key_values) {
-              $fields = "`" . implode("`, `", $key_values) . "`";
-              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
-            }
-          }
-          elseif (strtolower($key_type) == 'fkey') {
-            foreach ($key_content as $key_name => $key_values) {
-              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
-              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
-                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
-            }
-          }
-        }
-        $sql = rtrim($sql, ",");
-        $sql .= ") " . $properties['attr'];
-        $pdo->query($sql);
-      }
-      // Reset table attributes
-      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
-
-    }
-
-    // Recreate SQL views
-    foreach ($views as $view => $create) {
-      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
-      $pdo->query($create);
-    }
-    
-    // Mitigate imapsync argument injection issue
-    $pdo->query("UPDATE `imapsync` SET `custom_params` = '' 
-      WHERE `custom_params` LIKE '%pipemess%' 
-        OR custom_params LIKE '%skipmess%' 
-        OR custom_params LIKE '%delete2foldersonly%' 
-        OR custom_params LIKE '%delete2foldersbutnot%' 
-        OR custom_params LIKE '%regexflag%' 
-        OR custom_params LIKE '%pipemess%' 
-        OR custom_params LIKE '%regextrans2%' 
-        OR custom_params LIKE '%maxlinelengthcmd%';");
-    
-    // Migrate webauthn tfa
-    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
-
-    // Inject admin if not exists
-    $stmt = $pdo->query("SELECT NULL FROM `admin`"); 
-    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results == 0) {
-    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
-    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
-          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
-    }
-    // Insert new DB schema version
-    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
-
-    // Fix dangling domain admins
-    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
-
-    // Migrate attributes
-    // pushover
-    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
-    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
-    // mailbox
-    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
-    foreach($tls_options as $tls_user => $tls_options) {
-      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
-        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
-          WHERE `username` = :username");
-      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
-    }
-    // Set tls_enforce_* if still missing (due to deleted attrs for example)
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
-    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
-    // Fix ACL
-    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
-    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
-    // Fix domain_admins
-    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
-
-    // add default templates
-    $default_domain_template = array(
-      "template" => "Default",
-      "type" => "domain",
-      "attributes" => array(
-        "tags" => array(),
-        "max_num_aliases_for_domain" => 400,
-        "max_num_mboxes_for_domain" => 10,
-        "def_quota_for_mbox" => 3072 * 1048576,
-        "max_quota_for_mbox" => 10240 * 1048576,
-        "max_quota_for_domain" => 10240 * 1048576,
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "active" => 1,
-        "gal" => 1,
-        "backupmx" => 0,
-        "relay_all_recipients" => 0,
-        "relay_unknown_only" => 0,
-        "dkim_selector" => "dkim",
-        "key_size" => 2048,
-        "max_quota_for_domain" => 10240 * 1048576,
-      )
-    );     
-    $default_mailbox_template = array(
-      "template" => "Default",
-      "type" => "mailbox",
-      "attributes" => array(
-        "tags" => array(),
-        "quota" => 0,
-        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
-        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
-        "rl_frame" => "s",
-        "rl_value" => "",
-        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
-        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
-        "active" => 1,
-        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
-        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
-        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
-        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
-        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
-        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
-        "acl_spam_alias" => 1,
-        "acl_tls_policy" => 1,
-        "acl_spam_score" => 1,
-        "acl_spam_policy" => 1,
-        "acl_delimiter_action" => 1,
-        "acl_syncjobs" => 0,
-        "acl_eas_reset" => 1,
-        "acl_sogo_profile_reset" => 0,
-        "acl_pushover" => 1,
-        "acl_quarantine" => 1,
-        "acl_quarantine_attachments" => 1,
-        "acl_quarantine_notification" => 1,
-        "acl_quarantine_category" => 1,
-        "acl_app_passwds" => 1,
-      )
-    );        
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "domain",
-      ":template" => $default_domain_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "domain",
-        ":template" => $default_domain_template["template"],
-        ":attributes" => json_encode($default_domain_template["attributes"])
-      )); 
-    }    
-    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
-    $stmt->execute(array(
-      ":type" => "mailbox",
-      ":template" => $default_mailbox_template["template"]
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (empty($row)){
-      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
-        VALUES (:type, :template, :attributes)");
-      $stmt->execute(array(
-        ":type" => "mailbox",
-        ":template" => $default_mailbox_template["template"],
-        ":attributes" => json_encode($default_mailbox_template["attributes"])
-      )); 
-    } 
-
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization completed" . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'success',
-        'log' => array(__FUNCTION__),
-        'msg' => 'db_init_complete'
-      );
-    }
-  }
-  catch (PDOException $e) {
-    if (php_sapi_name() == "cli") {
-      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
-    } else {
-      $_SESSION['return'][] = array(
-        'type' => 'danger',
-        'log' => array(__FUNCTION__),
-        'msg' => array('mysql_error', $e)
-      );
-    }
-  }
-}
-if (php_sapi_name() == "cli") {
-  include '/web/inc/vars.inc.php';
-  include '/web/inc/functions.docker.inc.php';
-  // $now = new DateTime();
-  // $mins = $now->getOffset() / 60;
-  // $sgn = ($mins < 0 ? -1 : 1);
-  // $mins = abs($mins);
-  // $hrs = floor($mins / 60);
-  // $mins -= $hrs * 60;
-  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
-  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
-  $opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
-  ];
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
-  $res = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (intval($res['OK_C']) === 2) {
-    // Be more precise when replacing into _sogo_static_view, col orders may change
-    try {
-      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
-      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
-      echo "Fixed _sogo_static_view" . PHP_EOL;
-    }
-    catch ( Exception $e ) {
-      // Dunno
-    }
-  }
-  try {
-    $m = new Memcached();
-    $m->addServer('memcached', 11211);
-    $m->flush();
-    echo "Cleaned up memcached". PHP_EOL;
-  }
-  catch ( Exception $e ) {
-    // Dunno
-  }
-  init_db_schema();
-}
+<?php
+function init_db_schema() {
+  try {
+    global $pdo;
+
+    $db_version = "14022023_1000";
+
+    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $stmt = $pdo->query("SELECT `version` FROM `versions` WHERE `application` = 'db_schema'");
+      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
+        return true;
+      }
+      if (!preg_match('/y|yes/i', getenv('MASTER'))) {
+        $_SESSION['return'][] = array(
+          'type' => 'warning',
+          'log' => array(__FUNCTION__),
+          'msg' => 'Database not initialized: not running db_init on slave.'
+        );
+        return true;
+      }
+    }
+
+    $views = array(
+      "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
+        SELECT goto, IFNULL(GROUP_CONCAT(address ORDER BY address SEPARATOR ' '), '') AS address FROM alias
+        WHERE address!=goto
+        AND active = '1'
+        AND sogo_visible = '1'
+        AND address NOT LIKE '@%'
+        GROUP BY goto;",
+      // START
+      // Unused at the moment - we cannot allow to show a foreign mailbox as sender address in SOGo, as SOGo does not like this
+      // We need to create delegation in SOGo AND set a sender_acl in mailcow to allow to send as user X
+      "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%'
+        GROUP BY logged_in_as;",
+      // END
+      "grouped_sender_acl_external" => "CREATE VIEW grouped_sender_acl_external (username, send_as_acl) AS
+        SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+        WHERE send_as NOT LIKE '@%' AND external = '1'
+        GROUP BY logged_in_as;",
+      "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
+        SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
+        LEFT OUTER JOIN alias_domain ON target_domain=domain
+        GROUP BY username;",
+      "sieve_before" => "CREATE VIEW sieve_before (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'prefilter';",
+      "sieve_after" => "CREATE VIEW sieve_after (id, username, script_name, script_data) AS
+        SELECT md5(script_data), username, script_name, script_data FROM sieve_filters
+        WHERE filter_type = 'postfilter';"
+    );
+
+    $tables = array(
+      "versions" => array(
+        "cols" => array(
+          "application" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(100) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("application")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "admin" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "fido2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "friendlyName" => "VARCHAR(255)",
+          "rpId" => "VARCHAR(255) NOT NULL",
+          "credentialPublicKey" => "TEXT NOT NULL",
+          "certificateChain" => "TEXT",
+          // Can be null for format "none"
+          "certificate" => "TEXT",
+          "certificateIssuer" => "VARCHAR(255)",
+          "certificateSubject" => "VARCHAR(255)",
+          "signatureCounter" => "INT",
+          "AAGUID" => "BLOB",
+          "credentialId" => "BLOB NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "_sogo_static_view" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "c_cn" => "VARCHAR(255)",
+          "mail" => "VARCHAR(255) NOT NULL",
+          // TODO -> use TEXT and check if SOGo login breaks on empty aliases
+          "aliases" => "TEXT NOT NULL",
+          "ad_aliases" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "ext_acl" => "VARCHAR(6144) NOT NULL DEFAULT ''",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "relayhosts" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "hostname" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "hostname" => array("hostname")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "transports" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "destination" => "VARCHAR(255) NOT NULL",
+          "nexthop" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "password" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "is_mx_based" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "destination" => array("destination"),
+            "nexthop" => array("nexthop"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "private_comment" => "TEXT",
+          "public_comment" => "TEXT",
+          "sogo_visible" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "address" => array("address")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "api" => array(
+        "cols" => array(
+          "api_key" => "VARCHAR(255) NOT NULL",
+          "allow_from" => "VARCHAR(512) NOT NULL",
+          "skip_ip_check" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "access" => "ENUM('ro', 'rw') NOT NULL DEFAULT 'rw'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("api_key")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sender_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "logged_in_as" => "VARCHAR(255) NOT NULL",
+          "send_as" => "VARCHAR(255) NOT NULL",
+          "external" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "templates" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "template" => "VARCHAR(255) NOT NULL",
+          "type" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain" => array(
+        // Todo: Move some attributes to json
+        "cols" => array(
+          "domain" => "VARCHAR(255) NOT NULL",
+          "description" => "VARCHAR(255)",
+          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
+          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
+          "defquota" => "BIGINT(20) NOT NULL DEFAULT '3072'",
+          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "relayhost" => "VARCHAR(255) NOT NULL DEFAULT '0'",
+          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_domain" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_domain" => array(
+              "col" => "domain",
+              "ref" => "domain.domain",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tls_policy_override" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "dest" => "VARCHAR(255) NOT NULL",
+          "policy" => "ENUM('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL",
+          "parameters" => "VARCHAR(255) DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "unique" => array(
+            "dest" => array("dest")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quarantine" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "qid" => "VARCHAR(30) NOT NULL",
+          "subject" => "VARCHAR(500)",
+          "score" => "FLOAT(8,2)",
+          "ip" => "VARCHAR(50)",
+          "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
+          "symbols" => "JSON",
+          "fuzzy_hashes" => "JSON",
+          "sender" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+          "rcpt" => "VARCHAR(255)",
+          "msg" => "LONGTEXT",
+          "domain" => "VARCHAR(255)",
+          "notified" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "user" => "VARCHAR(255) NOT NULL DEFAULT 'unknown'",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "mailbox" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "name" => "VARCHAR(255)",
+          "description" => "VARCHAR(255)",
+          // mailbox_path_prefix is followed by domain/local_part/
+          "mailbox_path_prefix" => "VARCHAR(150) DEFAULT '/var/vmail/'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
+          "local_part" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "INT NOT NULL DEFAULT -1",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "key" => array(
+            "domain" => array("domain"),
+            "kind" => array("kind")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tags_mailbox" => array(
+        "cols" => array(
+          "tag_name" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "fkey" => array(
+            "fk_tags_mailbox" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          ),
+          "unique" => array(
+            "tag_name" => array("tag_name", "username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sieve_filters" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "script_desc" => "VARCHAR(255) NOT NULL",
+          "script_name" => "ENUM('active','inactive')",
+          "script_data" => "TEXT NOT NULL",
+          "filter_type" => "ENUM('postfilter','prefilter')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "script_desc" => array("script_desc")
+          ),
+          "fkey" => array(
+            "fk_username_sieve_global_before" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "app_passwd" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "name" => "VARCHAR(255) NOT NULL",
+          "mailbox" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "imap_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "dav_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "eas_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pop3_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sieve_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "mailbox" => array("mailbox"),
+            "password" => array("password"),
+            "domain" => array("domain"),
+          ),
+          "fkey" => array(
+            "fk_username_app_passwd" => array(
+              "col" => "mailbox",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "user_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          // quarantine is for quarantine actions, todo: rename
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "fkey" => array(
+            "fk_username" => array(
+              "col" => "username",
+              "ref" => "mailbox.username",
+              "delete" => "CASCADE",
+              "update" => "NO ACTION"
+            )
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias_domain" => array(
+        "cols" => array(
+          "alias_domain" => "VARCHAR(255) NOT NULL",
+          "target_domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("alias_domain")
+          ),
+          "key" => array(
+            "active" => array("active"),
+            "target_domain" => array("target_domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "spamalias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "validity" => "INT(11)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "filterconf" => array(
+        "cols" => array(
+          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
+          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("prefid")
+          ),
+          "key" => array(
+            "object" => array("object")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "settingsmap" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "desc" => "VARCHAR(255) NOT NULL",
+          "content" => "LONGTEXT NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "logs" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "task" => "CHAR(32) NOT NULL DEFAULT '000000'",
+          "type" => "VARCHAR(32) DEFAULT ''",
+          "msg" => "TEXT",
+          "call" => "TEXT",
+          "user" => "VARCHAR(64) NOT NULL",
+          "role" => "VARCHAR(32) NOT NULL",
+          "remote" => "VARCHAR(39) NOT NULL",
+          "time" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sasl_log" => array(
+        "cols" => array(
+          "service" => "VARCHAR(32) NOT NULL DEFAULT ''",
+          "app_password" => "INT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "real_rip" => "VARCHAR(64) NOT NULL",
+          "datetime" => "DATETIME(0) NOT NULL DEFAULT NOW(0)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("service", "real_rip", "username")
+          ),
+          "key" => array(
+            "username" => array("username"),
+            "service" => array("service"),
+            "datetime" => array("datetime"),
+            "real_rip" => array("real_rip")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2replica" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain_admins" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "username" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_acl" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "extend_sender_acl" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "unlimited_quota" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "protocol_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "smtp_ip_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
+          ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "da_sso" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("token", "created")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "imapsync" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "user2" => "VARCHAR(255) NOT NULL",
+          "host1" => "VARCHAR(255) NOT NULL",
+          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
+          "regextrans2" => "VARCHAR(255) DEFAULT ''",
+          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
+          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "user1" => "VARCHAR(255) NOT NULL",
+          "password1" => "VARCHAR(255) NOT NULL",
+          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
+          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
+          "mins_interval" => "SMALLINT UNSIGNED NOT NULL DEFAULT '0'",
+          "maxbytespersecond" => "VARCHAR(50) NOT NULL DEFAULT '0'",
+          "port1" => "SMALLINT UNSIGNED NOT NULL",
+          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
+          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "delete1" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "delete2" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "automap" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "skipcrossduplicates" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "custom_params" => "VARCHAR(512) NOT NULL DEFAULT ''",
+          "timeout1" => "SMALLINT NOT NULL DEFAULT '600'",
+          "timeout2" => "SMALLINT NOT NULL DEFAULT '600'",
+          "subscribeall" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "is_running" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "returned_text" => "LONGTEXT",
+          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
+          "success" => "TINYINT(1) UNSIGNED DEFAULT NULL",
+          "exit_status" => "VARCHAR(50) DEFAULT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "bcc_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "local_dest" => "VARCHAR(255) NOT NULL",
+          "bcc_dest" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "type" => "ENUM('sender','rcpt')",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("local_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "recipient_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "old_dest" => "VARCHAR(255) NOT NULL",
+          "new_dest" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("old_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tfa" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "key_id" => "VARCHAR(255) NOT NULL",
+          "username" => "VARCHAR(255) NOT NULL",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')",
+          "secret" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(1023) DEFAULT NULL",
+          "publicKey" => "VARCHAR(4096) DEFAULT NULL",
+          "counter" => "INT NOT NULL DEFAULT '0'",
+          "certificate" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "forwarding_hosts" => array(
+        "cols" => array(
+          "host" => "VARCHAR(255) NOT NULL",
+          "source" => "VARCHAR(255) NOT NULL",
+          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("host")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_acl" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_folder_id" => "INT NOT NULL",
+          "c_object" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_role" => "VARCHAR(80) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
+            "sogo_acl_c_uid_idx" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_alarms_folder" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_recurrence_id" => "INT(11) DEFAULT NULL",
+          "c_alarm_number" => "INT(11) NOT NULL",
+          "c_alarm_date" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_cache_folder" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
+          "c_type" => "TINYINT(3) unsigned NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastmodified" => "INT(11) NOT NULL",
+          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
+          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
+          "c_content" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid", "c_path")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_folder_info" => array(
+        "cols" => array(
+          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_path1" => "VARCHAR(255) NOT NULL",
+          "c_path2" => "VARCHAR(255) DEFAULT NULL",
+          "c_path3" => "VARCHAR(255) DEFAULT NULL",
+          "c_path4" => "VARCHAR(255) DEFAULT NULL",
+          "c_foldername" => "VARCHAR(255) NOT NULL",
+          "c_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_folder_type" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_path")
+          ),
+          "unique" => array(
+            "c_folder_id" => array("c_folder_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_appointment" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(1000) NOT NULL",
+          "c_startdate" => "INT",
+          "c_enddate" => "INT",
+          "c_cycleenddate" => "INT",
+          "c_title" => "VARCHAR(1000) NOT NULL",
+          "c_participants" => "TEXT",
+          "c_isallday" => "INT",
+          "c_iscycle" => "INT",
+          "c_cycleinfo" => "TEXT",
+          "c_classification" => "INT NOT NULL",
+          "c_isopaque" => "INT NOT NULL",
+          "c_status" => "INT NOT NULL",
+          "c_priority" => "INT",
+          "c_location" => "VARCHAR(255)",
+          "c_orgmail" => "VARCHAR(255)",
+          "c_partmails" => "TEXT",
+          "c_partstates" => "TEXT",
+          "c_category" => "VARCHAR(255)",
+          "c_sequence" => "INT",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_nextalarm" => "INT",
+          "c_description" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_contact" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_givenname" => "VARCHAR(255)",
+          "c_cn" => "VARCHAR(255)",
+          "c_sn" => "VARCHAR(255)",
+          "c_screenname" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_mail" => "TEXT",
+          "c_o" => "VARCHAR(500)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
+          "c_categories" => "VARCHAR(255)",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_hascertificate" => "INT4 DEFAULT 0"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_sessions_folder" => array(
+        "cols" => array(
+          "c_id" => "VARCHAR(255) NOT NULL",
+          "c_value" => "VARCHAR(4096) NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastseen" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_store" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_content" => "MEDIUMTEXT NOT NULL",
+          "c_creationdate" => "INT NOT NULL",
+          "c_lastmodified" => "INT NOT NULL",
+          "c_version" => "INT NOT NULL",
+          "c_deleted" => "INT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "pushover" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "key" => "VARCHAR(255) NOT NULL",
+          "token" => "VARCHAR(255) NOT NULL",
+          "attributes" => "JSON",
+          "title" => "TEXT",
+          "text" => "TEXT",
+          "senders" => "TEXT",
+          "senders_regex" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_user_profile" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_defaults" => "LONGTEXT",
+          "c_settings" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_clients" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "client_secret" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "grant_types" => "VARCHAR(80)",
+          "scope" => "VARCHAR(4000)",
+          "user_id" => "VARCHAR(80)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("client_id")
+          ),
+          "unique" => array(
+            "id" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_access_tokens" => array(
+        "cols" => array(
+          "access_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("access_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_authorization_codes" => array(
+        "cols" => array(
+          "authorization_code" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "redirect_uri" => "VARCHAR(2000)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)",
+          "id_token" => "VARCHAR(1000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("authorization_code")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "oauth_refresh_tokens" => array(
+        "cols" => array(
+          "refresh_token" => "VARCHAR(40) NOT NULL",
+          "client_id" => "VARCHAR(80) NOT NULL",
+          "user_id" => "VARCHAR(80)",
+          "expires" => "TIMESTAMP NOT NULL",
+          "scope" => "VARCHAR(4000)"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("refresh_token")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      )
+    );
+
+    foreach ($tables as $table => $properties) {
+      // Migrate to quarantine
+      if ($table == 'quarantine') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+          }
+        }
+      }
+
+      // Migrate tls_enforce_* options
+      if ($table == 'mailbox') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
+            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            while ($row = array_shift($tls_options_rows)) {
+              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
+            }
+          }
+        }
+      }
+
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE `', `table_schema`, '`.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
+          WHERE `constraint_type` = 'FOREIGN KEY' AND `table_name` = :table;");
+        $stmt->execute(array(':table' => $table));
+        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($rows)) {
+          $pdo->query($row['FKEY_DROP']);
+        }
+        foreach($properties['cols'] as $column => $type) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            if (strpos($type, 'AUTO_INCREMENT') !== false) {
+              $type = $type . ' PRIMARY KEY ';
+              // Adding an AUTO_INCREMENT key, need to drop primary keys first, if exists
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+              }
+            }
+            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
+          }
+          else {
+            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
+          }
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              if ($num_results != 0) {
+                $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $key_name . "`");
+              }
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
+            }
+          }
+        }
+        // Drop all vanished columns
+        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`");
+        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        while ($row = array_shift($cols_in_table)) {
+          if (!array_key_exists($row['Field'], $properties['cols'])) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
+          }
+        }
+
+        // Step 1: Get all non-primary keys, that currently exist and those that should exist
+        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'");
+        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        $keys_to_exist = array();
+        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
+          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
+          foreach ($properties['keys']['key'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Index for foreign key must exist
+        if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
+          foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Step 2: Drop all vanished indexes
+        while ($row = array_shift($keys_in_table)) {
+          if (!in_array($row['Key_name'], $keys_to_exist)) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
+          }
+        }
+        // Step 3: Drop all vanished primary keys
+        if (!isset($properties['keys']['primary'])) {
+          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+          }
+        }
+      }
+      else {
+        // Create table if it is missing
+        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
+        foreach($properties['cols'] as $column => $type) {
+          $sql .= "`" . $column . "` " . $type . ",";
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'fkey') {
+            foreach ($key_content as $key_name => $key_values) {
+              @list($table_ref, $field_ref) = explode('.', $key_values['ref']);
+              $sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
+                ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
+            }
+          }
+        }
+        $sql = rtrim($sql, ",");
+        $sql .= ") " . $properties['attr'];
+        $pdo->query($sql);
+      }
+      // Reset table attributes
+      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+
+    }
+
+    // Recreate SQL views
+    foreach ($views as $view => $create) {
+      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
+      $pdo->query($create);
+    }
+
+    // Mitigate imapsync argument injection issue
+    $pdo->query("UPDATE `imapsync` SET `custom_params` = ''
+      WHERE `custom_params` LIKE '%pipemess%'
+        OR custom_params LIKE '%skipmess%'
+        OR custom_params LIKE '%delete2foldersonly%'
+        OR custom_params LIKE '%delete2foldersbutnot%'
+        OR custom_params LIKE '%regexflag%'
+        OR custom_params LIKE '%pipemess%'
+        OR custom_params LIKE '%regextrans2%'
+        OR custom_params LIKE '%maxlinelengthcmd%';");
+
+    // Migrate webauthn tfa
+    $stmt = $pdo->query("ALTER TABLE `tfa` MODIFY COLUMN `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp', 'webauthn')");
+
+    // Inject admin if not exists
+    $stmt = $pdo->query("SELECT NULL FROM `admin`");
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results == 0) {
+    $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1)");
+    $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
+          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `admin` WHERE `username` NOT IN  (SELECT `username` FROM `domain_admins`);");
+    }
+    // Insert new DB schema version
+    $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');");
+
+    // Fix dangling domain admins
+    $pdo->query("DELETE FROM `admin` WHERE `superadmin` = 0 AND `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+    $pdo->query("DELETE FROM `da_acl` WHERE `username` NOT IN (SELECT `username`FROM `domain_admins`);");
+
+    // Migrate attributes
+    // pushover
+    $pdo->query("UPDATE `pushover` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.evaluate_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.evaluate_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.only_x_prio', \"0\") WHERE JSON_VALUE(`attributes`, '$.only_x_prio') IS NULL;");
+    $pdo->query("UPDATE `pushover` SET `attributes` =  JSON_SET(`attributes`, '$.sound', \"pushover\") WHERE JSON_VALUE(`attributes`, '$.sound') IS NULL;");
+    // mailbox
+    $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
+    foreach($tls_options as $tls_user => $tls_options) {
+      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
+        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
+          WHERE `username` = :username");
+      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
+    }
+    // Set tls_enforce_* if still missing (due to deleted attrs for example)
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_out', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_out') IS NULL;");
+    $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.tls_enforce_in', \"1\") WHERE JSON_VALUE(`attributes`, '$.tls_enforce_in') IS NULL;");
+    // Fix ACL
+    $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
+    $pdo->query("INSERT INTO `da_acl` (`username`) SELECT DISTINCT `username` FROM `domain_admins` WHERE `username` != 'admin' AND NOT EXISTS (SELECT `username` FROM `da_acl`);");
+    // Fix domain_admins
+    $pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
+
+    // add default templates
+    $default_domain_template = array(
+      "template" => "Default",
+      "type" => "domain",
+      "attributes" => array(
+        "tags" => array(),
+        "max_num_aliases_for_domain" => 400,
+        "max_num_mboxes_for_domain" => 10,
+        "def_quota_for_mbox" => 3072 * 1048576,
+        "max_quota_for_mbox" => 10240 * 1048576,
+        "max_quota_for_domain" => 10240 * 1048576,
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "active" => 1,
+        "gal" => 1,
+        "backupmx" => 0,
+        "relay_all_recipients" => 0,
+        "relay_unknown_only" => 0,
+        "dkim_selector" => "dkim",
+        "key_size" => 2048,
+        "max_quota_for_domain" => 10240 * 1048576,
+      )
+    );     
+    $default_mailbox_template = array(
+      "template" => "Default",
+      "type" => "mailbox",
+      "attributes" => array(
+        "tags" => array(),
+        "quota" => 0,
+        "quarantine_notification" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_notification']),
+        "quarantine_category" => strval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['quarantine_category']),
+        "rl_frame" => "s",
+        "rl_value" => "",
+        "force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
+        "sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
+        "active" => 1,
+        "tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
+        "tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
+        "imap_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['imap_access']),
+        "pop3_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['pop3_access']),
+        "smtp_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['smtp_access']),
+        "sieve_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sieve_access']),
+        "acl_spam_alias" => 1,
+        "acl_tls_policy" => 1,
+        "acl_spam_score" => 1,
+        "acl_spam_policy" => 1,
+        "acl_delimiter_action" => 1,
+        "acl_syncjobs" => 0,
+        "acl_eas_reset" => 1,
+        "acl_sogo_profile_reset" => 0,
+        "acl_pushover" => 1,
+        "acl_quarantine" => 1,
+        "acl_quarantine_attachments" => 1,
+        "acl_quarantine_notification" => 1,
+        "acl_quarantine_category" => 1,
+        "acl_app_passwds" => 1,
+      )
+    );        
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "domain",
+      ":template" => $default_domain_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "domain",
+        ":template" => $default_domain_template["template"],
+        ":attributes" => json_encode($default_domain_template["attributes"])
+      )); 
+    }    
+    $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
+    $stmt->execute(array(
+      ":type" => "mailbox",
+      ":template" => $default_mailbox_template["template"]
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (empty($row)){
+      $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
+        VALUES (:type, :template, :attributes)");
+      $stmt->execute(array(
+        ":type" => "mailbox",
+        ":template" => $default_mailbox_template["template"],
+        ":attributes" => json_encode($default_mailbox_template["attributes"])
+      )); 
+    } 
+
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization completed" . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__),
+        'msg' => 'db_init_complete'
+      );
+    }
+  }
+  catch (PDOException $e) {
+    if (php_sapi_name() == "cli") {
+      echo "DB initialization failed: " . print_r($e, true) . PHP_EOL;
+    } else {
+      $_SESSION['return'][] = array(
+        'type' => 'danger',
+        'log' => array(__FUNCTION__),
+        'msg' => array('mysql_error', $e)
+      );
+    }
+  }
+}
+if (php_sapi_name() == "cli") {
+  include '/web/inc/vars.inc.php';
+  include '/web/inc/functions.docker.inc.php';
+  // $now = new DateTime();
+  // $mins = $now->getOffset() / 60;
+  // $sgn = ($mins < 0 ? -1 : 1);
+  // $mins = abs($mins);
+  // $hrs = floor($mins / 60);
+  // $mins -= $hrs * 60;
+  // $offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
+  $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+  $opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+    //PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "', group_concat_max_len = 3423543543;",
+  ];
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+  $stmt = $pdo->query("SELECT COUNT('OK') AS OK_C FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view' OR TABLE_NAME = '_sogo_static_view';");
+  $res = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (intval($res['OK_C']) === 2) {
+    // Be more precise when replacing into _sogo_static_view, col orders may change
+    try {
+      $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+        SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
+      $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+      echo "Fixed _sogo_static_view" . PHP_EOL;
+    }
+    catch ( Exception $e ) {
+      // Dunno
+    }
+  }
+  try {
+    $m = new Memcached();
+    $m->addServer('memcached', 11211);
+    $m->flush();
+    echo "Cleaned up memcached". PHP_EOL;
+  }
+  catch ( Exception $e ) {
+    // Dunno
+  }
+  init_db_schema();
+}
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 754d98d5..b3b1cc13 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -234,7 +234,7 @@ if (!isset($_SESSION['mailcow_locale']) && !isset($_COOKIE['mailcow_locale'])) {
 
     // Try suggest match
     // e.g. suggest en-gb when only en-us is provided
-    if (!isset($_COOKIE['mailcow_locale'])) {
+    if (!isset($_SESSION['mailcow_locale'])) {
       foreach ($lang2pref as $lang => $q) {
         if (array_key_exists(substr($lang, 0, 2), $AVAILABLE_BASE_LANGUAGES)) {
           $_SESSION['mailcow_locale'] = $AVAILABLE_BASE_LANGUAGES[substr($lang, 0, 2)];
diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 5c7ec710..1a33e760 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,140 +1,140 @@
-<?php
-// Start session
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  ini_set("session.cookie_httponly", 1);
-  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
-}
-
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 
-  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-elseif (isset($_SERVER['HTTPS'])) {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
-  }
-  $IS_HTTPS = true;
-}
-else {
-  $IS_HTTPS = false;
-}
-
-if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_start();
-}
-
-if (!isset($_SESSION['CSRF']['TOKEN'])) {
-  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-}
-
-// Set session UA
-if (!isset($_SESSION['SESS_REMOTE_UA'])) {
-  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
-}
-
-// Keep session active
-if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
-  session_unset();
-  session_destroy();
-}
-$_SESSION['LAST_ACTIVITY'] = time();
-
-// API
-if (!empty($_SERVER['HTTP_X_API_KEY'])) {
-  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
-  $stmt->execute(array(
-    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
-  ));
-  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!empty($api_return['api_key'])) {
-    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
-    $remote = get_remote_ip(false);
-    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
-    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
-      $_SESSION['mailcow_cc_username'] = 'API';
-      $_SESSION['mailcow_cc_role'] = 'admin';
-      $_SESSION['mailcow_cc_api'] = true;
-      if ($api_return['access'] == 'rw') {
-        $_SESSION['mailcow_cc_api_access'] = 'rw';
-      }
-      else {
-        $_SESSION['mailcow_cc_api_access'] = 'ro';
-      }
-    }
-    else {
-      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-      http_response_code(401);
-      echo json_encode(array(
-        'type' => 'error',
-        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
-      ));
-      unset($_POST);
-      exit();
-    }
-  }
-  else {
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    http_response_code(401);
-    echo json_encode(array(
-      'type' => 'error',
-      'msg' => 'authentication failed'
-    ));
-    unset($_POST);
-    exit();
-  }
-}
-
-// Handle logouts
-if (isset($_POST["logout"])) {
-  if (isset($_SESSION["dual-login"])) {
-    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
-    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
-    unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
-    exit();
-  }
-  else {
-    session_regenerate_id(true);
-    session_unset();
-    session_destroy();
-    session_write_close();
-    header("Location: /");
-  }
-}
-
-// Check session
-function session_check() {
-  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
-    return true;
-  }
-  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
-    $_SESSION['return'][] = array(
-      'type' => 'warning',
-      'msg' => 'session_ua'
-    );
-    return false;
-  }
-  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
-        'type' => 'warning',
-        'msg' => 'session_token'
-      );
-      return false;
-    }
-    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
-  }
-  return true;
-}
-
-if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  $_POST = array();
-  $_FILES = array();
-}
+<?php
+// Start session
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  ini_set("session.cookie_httponly", 1);
+  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
+}
+
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
+  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+elseif (isset($_SERVER['HTTPS'])) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
+    ini_set("session.cookie_secure", 1);
+  }
+  $IS_HTTPS = true;
+}
+else {
+  $IS_HTTPS = false;
+}
+
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  session_start();
+}
+
+if (!isset($_SESSION['CSRF']['TOKEN'])) {
+  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+}
+
+// Set session UA
+if (!isset($_SESSION['SESS_REMOTE_UA'])) {
+  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
+}
+
+// Keep session active
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+  session_unset();
+  session_destroy();
+}
+$_SESSION['LAST_ACTIVITY'] = time();
+
+// API
+if (!empty($_SERVER['HTTP_X_API_KEY'])) {
+  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
+  $stmt->execute(array(
+    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
+  ));
+  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
+  if (!empty($api_return['api_key'])) {
+    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
+    $remote = get_remote_ip(false);
+    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
+    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
+      $_SESSION['mailcow_cc_username'] = 'API';
+      $_SESSION['mailcow_cc_role'] = 'admin';
+      $_SESSION['mailcow_cc_api'] = true;
+      if ($api_return['access'] == 'rw') {
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
+      }
+      else {
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
+      }
+    }
+    else {
+      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
+      echo json_encode(array(
+        'type' => 'error',
+        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
+      ));
+      unset($_POST);
+      exit();
+    }
+  }
+  else {
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
+    echo json_encode(array(
+      'type' => 'error',
+      'msg' => 'authentication failed'
+    ));
+    unset($_POST);
+    exit();
+  }
+}
+
+// Handle logouts
+if (isset($_POST["logout"])) {
+  if (isset($_SESSION["dual-login"])) {
+    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
+    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    unset($_SESSION["dual-login"]);
+    header("Location: /mailbox");
+    exit();
+  }
+  else {
+    session_regenerate_id(true);
+    session_unset();
+    session_destroy();
+    session_write_close();
+    header("Location: /");
+  }
+}
+
+// Check session
+function session_check() {
+  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
+    return true;
+  }
+  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
+    $_SESSION['return'][] = array(
+      'type' => 'warning',
+      'msg' => 'session_ua'
+    );
+    return false;
+  }
+  if (!empty($_POST)) {
+    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+      $_SESSION['return'][] = array(
+        'type' => 'warning',
+        'msg' => 'session_token'
+      );
+      return false;
+    }
+    unset($_POST['csrf_token']);
+    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+    $_SESSION['CSRF']['TIME'] = time();
+  }
+  return true;
+}
+
+if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
+  $_POST = array();
+  $_FILES = array();
+}
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index aec043e9..fde1507f 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,15 @@
 <?php
+// SSO Domain Admin
+if (!empty($_GET['sso_token'])) {
+  $username = domain_admin_sso('check', $_GET['sso_token']);
+
+  if ($username !== false) {
+    $_SESSION['mailcow_cc_username'] = $username;
+    $_SESSION['mailcow_cc_role'] = 'domainadmin';
+    header('Location: /mailbox');
+  }
+}
+
 if (isset($_POST["verify_tfa_login"])) {
   if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
     $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
@@ -6,7 +17,7 @@ if (isset($_POST["verify_tfa_login"])) {
     unset($_SESSION['pending_mailcow_cc_username']);
     unset($_SESSION['pending_mailcow_cc_role']);
     unset($_SESSION['pending_tfa_methods']);
-	
+
     header("Location: /user");
   } else {
     unset($_SESSION['pending_mailcow_cc_username']);
@@ -34,7 +45,7 @@ if (isset($_POST["quick_delete"])) {
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$login_user = strtolower(trim($_POST["login_user"]));
 	$as = check_login($login_user, $_POST["pass_user"]);
-  
+
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 4f09d5f9..5e6d72e7 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -124,7 +124,7 @@ $MAILCOW_APPS = array(
 );
 
 // Rows until pagination begins
-$PAGINATION_SIZE = 20;
+$PAGINATION_SIZE = 25;
 
 // Default number of rows/lines to display (log table)
 $LOG_LINES = 1000;
diff --git a/data/web/js/build/003-slider.min.js b/data/web/js/build/002-slider.min.js
similarity index 100%
rename from data/web/js/build/003-slider.min.js
rename to data/web/js/build/002-slider.min.js
diff --git a/data/web/js/build/004-bootstrap-select.js b/data/web/js/build/003-bootstrap-select.js
similarity index 100%
rename from data/web/js/build/004-bootstrap-select.js
rename to data/web/js/build/003-bootstrap-select.js
diff --git a/data/web/js/build/011-datatables.js b/data/web/js/build/004-datatables.js
similarity index 98%
rename from data/web/js/build/011-datatables.js
rename to data/web/js/build/004-datatables.js
index 7dadd85a..9ece8ea5 100644
--- a/data/web/js/build/011-datatables.js
+++ b/data/web/js/build/004-datatables.js
@@ -4,20 +4,20 @@
  *
  * To rebuild or modify this file with the latest versions of the included
  * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
  *
  * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
  */
 
-/*! DataTables 1.12.0
+/*! DataTables 1.13.1
  * ©2008-2022 SpryMedia Ltd - datatables.net/license
  */
 
 /**
  * @summary     DataTables
  * @description Paginate, search and order HTML tables
- * @version     1.12.0
+ * @version     1.13.1
  * @author      SpryMedia Ltd
  * @contact     www.datatables.net
  * @copyright   SpryMedia Ltd.
@@ -1162,6 +1162,10 @@
 				$( rowOne[0] ).children('th, td').each( function (i, cell) {
 					var col = oSettings.aoColumns[i];
 			
+					if (! col) {
+						_fnLog( oSettings, 0, 'Incorrect column count', 18 );
+					}
+			
 					if ( col.mData === i ) {
 						var sort = a( cell, 'sort' ) || a( cell, 'order' );
 						var filter = a( cell, 'filter' ) || a( cell, 'search' );
@@ -3166,6 +3170,11 @@
 				create = nTrIn ? false : true;
 	
 				nTd = create ? document.createElement( oCol.sCellType ) : anTds[i];
+	
+				if (! nTd) {
+					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
+				}
+	
 				nTd._DT_CellIndex = {
 					row: iRow,
 					column: i
@@ -3316,10 +3325,16 @@
 	
 			for ( i=0, ien=cells.length ; i<ien ; i++ ) {
 				column = columns[i];
-				column.nTf = cells[i].cell;
 	
-				if ( column.sClass ) {
-					$(column.nTf).addClass( column.sClass );
+				if (column) {
+					column.nTf = cells[i].cell;
+		
+					if ( column.sClass ) {
+						$(column.nTf).addClass( column.sClass );
+					}
+				}
+				else {
+					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
 				}
 			}
 		}
@@ -5079,6 +5094,10 @@
 				_fnDraw( settings );
 			}
 		}
+		else {
+			// No change event - paging was called, but no change
+			_fnCallbackFire( settings, null, 'page-nc', [settings] );
+		}
 	
 		return changed;
 	}
@@ -5348,6 +5367,7 @@
 			footerCopy = footer.clone().prependTo( table );
 			footerTrgEls = footer.find('tr'); // the original tfoot is in its own table and must be sized
 			footerSrcEls = footerCopy.find('tr');
+			footerCopy.find('[id]').removeAttr('id');
 		}
 	
 		// Clone the current header and footer elements and then place it into the inner table
@@ -5355,6 +5375,7 @@
 		headerTrgEls = header.find('tr'); // original header is in its own table
 		headerSrcEls = headerCopy.find('tr');
 		headerCopy.find('th, td').removeAttr('tabindex');
+		headerCopy.find('[id]').removeAttr('id');
 	
 	
 		/*
@@ -8332,8 +8353,12 @@
 	
 	$(document).on('plugin-init.dt', function (e, context) {
 		var api = new _Api( context );
+		
+		const namespace = 'on-plugin-init';
+		const stateSaveParamsEvent = `stateSaveParams.${namespace}`;
+		const destroyEvent = `destroy.${namespace}`;
 	
-		api.on( 'stateSaveParams', function ( e, settings, d ) {
+		api.on( stateSaveParamsEvent, function ( e, settings, d ) {
 			// This could be more compact with the API, but it is a lot faster as a simple
 			// internal loop
 			var idFn = settings.rowIdFn;
@@ -8347,7 +8372,11 @@
 			}
 	
 			d.childRows = ids;
-		})
+		});
+	
+		api.on( destroyEvent, function () {
+			api.off(`${stateSaveParamsEvent} ${destroyEvent}`);
+		});
 	
 		var loaded = api.state.loaded();
 	
@@ -9668,7 +9697,7 @@
 	 *  @type string
 	 *  @default Version number
 	 */
-	DataTable.version = "1.12.0";
+	DataTable.version = "1.13.1";
 	
 	/**
 	 * Private data store, containing all of the settings objects that are
@@ -14092,7 +14121,7 @@
 		 *
 		 *  @type string
 		 */
-		build:"bs5/dt-1.12.0/r-2.3.0/sl-1.4.0",
+		build:"bs5/dt-1.13.1/r-2.4.0/sl-1.5.0",
 	
 	
 		/**
@@ -14730,7 +14759,7 @@
 				var classes = settings.oClasses;
 				var lang = settings.oLanguage.oPaginate;
 				var aria = settings.oLanguage.oAria.paginate || {};
-				var btnDisplay, btnClass, counter=0;
+				var btnDisplay, btnClass;
 	
 				var attach = function( container, buttons ) {
 					var i, ien, node, button, tabIndex;
@@ -14805,7 +14834,7 @@
 										'class': classes.sPageButton+' '+btnClass,
 										'aria-controls': settings.sTableId,
 										'aria-label': aria[ button ],
-										'data-dt-idx': counter,
+										'data-dt-idx': button,
 										'tabindex': tabIndex,
 										'id': idx === 0 && typeof button === 'string' ?
 											settings.sTableId +'_'+ button :
@@ -14817,8 +14846,6 @@
 								_fnBindAction(
 									node, {action: button}, clickHandler
 								);
-	
-								counter++;
 							}
 						}
 					}
@@ -15163,7 +15190,7 @@
 			}
 		}
 		else if (window.luxon) {
-			dt = format
+			dt = format && typeof d === 'string'
 				? window.luxon.DateTime.fromFormat( d, format )
 				: window.luxon.DateTime.fromISO( d );
 	
@@ -15303,14 +15330,26 @@
 	}
 	
 	// Based on locale, determine standard number formatting
-	var __thousands = '';
-	var __decimal = '';
+	// Fallback for legacy browsers is US English
+	var __thousands = ',';
+	var __decimal = '.';
 	
 	if (Intl) {
-		var num = new Intl.NumberFormat().formatToParts(1000.1);
-	
-		__thousands = num[1].value;
-		__decimal = num[3].value;
+		try {
+			var num = new Intl.NumberFormat().formatToParts(100000.1);
+		
+			for (var i=0 ; i<num.length ; i++) {
+				if (num[i].type === 'group') {
+					__thousands = num[i].value;
+				}
+				else if (num[i].type === 'decimal') {
+					__decimal = num[i].value;
+				}
+			}
+		}
+		catch (e) {
+			// noop
+		}
 	}
 	
 	// Formatted date time detection - use by declaring the formats you are going to use
@@ -15379,6 +15418,10 @@
 						return d;
 					}
 	
+					if (d === '' || d === null) {
+						return d;
+					}
+	
 					var negative = d < 0 ? '-' : '';
 					var flo = parseFloat( d );
 	
@@ -15569,7 +15612,7 @@
 	$.each( DataTable, function ( prop, val ) {
 		$.fn.DataTable[ prop ] = val;
 	} );
-	
+
 	return DataTable;
 }));
 
@@ -15578,14 +15621,6 @@
  * 2020 SpryMedia Ltd - datatables.net/license
  */
 
-/**
- * DataTables integration for Bootstrap 4. This requires Bootstrap 5 and
- * DataTables 1.10 or newer.
- *
- * This file sets the defaults and adds options to DataTables to style its
- * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
- * for further information.
- */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -15597,16 +15632,22 @@
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				// Require DataTables, which attaches to jQuery, including
-				// jQuery if needed and have a $ property so we can access the
-				// jQuery object that is used
-				$ = require('datatables.net')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -15619,11 +15660,21 @@
 var DataTable = $.fn.dataTable;
 
 
+
+/**
+ * DataTables integration for Bootstrap 5. This requires Bootstrap 5 and
+ * DataTables 1.10 or newer.
+ *
+ * This file sets the defaults and adds options to DataTables to style its
+ * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
+ * for further information.
+ */
+
 /* Set the defaults for DataTables initialisation */
 $.extend( true, DataTable.defaults, {
 	dom:
 		"<'row'<'col-sm-12 col-md-6'l><'col-sm-12 col-md-6'f>>" +
-		"<'row'<'col-sm-12'tr>>" +
+		"<'row dt-row'<'col-sm-12'tr>>" +
 		"<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
 	renderer: 'bootstrap'
 } );
@@ -15645,7 +15696,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 	var classes = settings.oClasses;
 	var lang    = settings.oLanguage.oPaginate;
 	var aria = settings.oLanguage.oAria.paginate || {};
-	var btnDisplay, btnClass, counter=0;
+	var btnDisplay, btnClass;
 
 	var attach = function( container, buttons ) {
 		var i, ien, node, button;
@@ -15714,7 +15765,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 								'href': '#',
 								'aria-controls': settings.sTableId,
 								'aria-label': aria[ button ],
-								'data-dt-idx': counter,
+								'data-dt-idx': button,
 								'tabindex': settings.iTabIndex,
 								'class': 'page-link'
 							} )
@@ -15725,13 +15776,12 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 					settings.oApi._fnBindAction(
 						node, {action: button}, clickHandler
 					);
-
-					counter++;
 				}
 			}
 		}
 	};
 
+	var hostEl = $(host);
 	// IE9 throws an 'unknown error' if document.activeElement is used
 	// inside an iframe or frame. 
 	var activeEl;
@@ -15741,17 +15791,26 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 		// elements, focus is lost on the select button which is bad for
 		// accessibility. So we want to restore focus once the draw has
 		// completed
-		activeEl = $(host).find(document.activeElement).data('dt-idx');
+		activeEl = hostEl.find(document.activeElement).data('dt-idx');
 	}
 	catch (e) {}
 
+	var paginationEl = hostEl.children('ul.pagination');
+
+	if (paginationEl.length) {
+		paginationEl.empty();
+	}
+	else {
+		paginationEl = hostEl.html('<ul/>').children('ul').addClass('pagination');
+	}
+
 	attach(
-		$(host).empty().html('<ul class="pagination"/>').children('ul'),
+		paginationEl,
 		buttons
 	);
 
 	if ( activeEl !== undefined ) {
-		$(host).find( '[data-dt-idx='+activeEl+']' ).trigger('focus');
+		hostEl.find('[data-dt-idx='+activeEl+']').trigger('focus');
 	}
 };
 
@@ -15760,14 +15819,54 @@ return DataTable;
 }));
 
 
-/*! Responsive 2.3.0
+/*! Responsive 2.4.0
  * 2014-2022 SpryMedia Ltd - datatables.net/license
  */
 
+(function( factory ){
+	if ( typeof define === 'function' && define.amd ) {
+		// AMD
+		define( ['jquery', 'datatables.net'], function ( $ ) {
+			return factory( $, window, document );
+		} );
+	}
+	else if ( typeof exports === 'object' ) {
+		// CommonJS
+		module.exports = function (root, $) {
+			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
+				root = window;
+			}
+
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
+			}
+
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
+			return factory( $, root, root.document );
+		};
+	}
+	else {
+		// Browser
+		factory( jQuery, window, document );
+	}
+}(function( $, window, document, undefined ) {
+'use strict';
+var DataTable = $.fn.dataTable;
+
+
+
 /**
  * @summary     Responsive
  * @description Responsive tables plug-in for DataTables
- * @version     2.3.0
+ * @version     2.4.0
  * @author      SpryMedia Ltd (www.sprymedia.co.uk)
  * @contact     www.sprymedia.co.uk/contact
  * @copyright   SpryMedia Ltd.
@@ -15781,35 +15880,6 @@ return DataTable;
  *
  * For details please refer to: http://www.datatables.net
  */
-(function( factory ){
-	if ( typeof define === 'function' && define.amd ) {
-		// AMD
-		define( ['jquery', 'datatables.net'], function ( $ ) {
-			return factory( $, window, document );
-		} );
-	}
-	else if ( typeof exports === 'object' ) {
-		// CommonJS
-		module.exports = function (root, $) {
-			if ( ! root ) {
-				root = window;
-			}
-
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net')(root, $).$;
-			}
-
-			return factory( $, root, root.document );
-		};
-	}
-	else {
-		// Browser
-		factory( jQuery, window, document );
-	}
-}(function( $, window, document, undefined ) {
-'use strict';
-var DataTable = $.fn.dataTable;
-
 
 /**
  * Responsive is a plug-in for the DataTables library that makes use of
@@ -15863,9 +15933,10 @@ var Responsive = function ( settings, opts ) {
 	}
 
 	this.s = {
-		dt: new DataTable.Api( settings ),
+		childNodeStore: {},
 		columns: [],
-		current: []
+		current: [],
+		dt: new DataTable.Api( settings )
 	};
 
 	// Check if responsive has already been initialised on this table
@@ -16070,6 +16141,63 @@ $.extend( Responsive.prototype, {
 	 * Private methods
 	 */
 
+	/**
+	 * Get and store nodes from a cell - use for node moving renderers
+	 *
+	 * @param {*} dt DT instance
+	 * @param {*} row Row index
+	 * @param {*} col Column index
+	 */
+	_childNodes: function( dt, row, col ) {
+		var name = row+'-'+col;
+
+		if ( this.s.childNodeStore[ name ] ) {
+			return this.s.childNodeStore[ name ];
+		}
+
+		// https://jsperf.com/childnodes-array-slice-vs-loop
+		var nodes = [];
+		var children = dt.cell( row, col ).node().childNodes;
+		for ( var i=0, ien=children.length ; i<ien ; i++ ) {
+			nodes.push( children[i] );
+		}
+
+		this.s.childNodeStore[ name ] = nodes;
+
+		return nodes;
+	},
+
+	/**
+	 * Restore nodes from the cache to a table cell
+	 *
+	 * @param {*} dt DT instance
+	 * @param {*} row Row index
+	 * @param {*} col Column index
+	 */
+	_childNodesRestore: function( dt, row, col ) {
+		var name = row+'-'+col;
+
+		if ( ! this.s.childNodeStore[ name ] ) {
+			return;
+		}
+
+		var node = dt.cell( row, col ).node();
+		var store = this.s.childNodeStore[ name ];
+		var parent = store[0].parentNode;
+		var parentChildren = parent.childNodes;
+		var a = [];
+
+		for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
+			a.push( parentChildren[i] );
+		}
+
+		for ( var j=0, jen=a.length ; j<jen ; j++ ) {
+			node.appendChild( a[j] );
+		}
+
+		this.s.childNodeStore[ name ] = undefined;
+	},
+
 	/**
 	 * Calculate the visibility for the columns in a table for a given
 	 * breakpoint. The result is pre-determined based on the class logic if
@@ -16399,8 +16527,8 @@ $.extend( Responsive.prototype, {
 				: details.renderer;
 
 			var res = details.display( row, update, function () {
-				return renderer(
-					dt, row[0], that._detailsObj(row[0])
+				return renderer.call(
+					that, dt, row[0], that._detailsObj(row[0])
 				);
 			} );
 
@@ -16622,9 +16750,11 @@ $.extend( Responsive.prototype, {
 			}
 		} );
 
-		if ( changed ) {
-			this._redrawChildren();
+		// Always need to update the display, regardless of if it has changed or not, so nodes
+		// can be re-inserted for listHiddenNodes
+		this._redrawChildren();
 
+		if ( changed ) {
 			// Inform listeners of the change
 			$(dt.table().node()).trigger( 'responsive-resize.dt', [dt, this.s.current] );
 
@@ -16650,6 +16780,7 @@ $.extend( Responsive.prototype, {
 	{
 		var dt = this.s.dt;
 		var columns = this.s.columns;
+		var that = this;
 
 		// Are we allowed to do auto sizing?
 		if ( ! this.c.auto ) {
@@ -16663,11 +16794,11 @@ $.extend( Responsive.prototype, {
 		}
 
 		// Need to restore all children. They will be reinstated by a re-render
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
-			$.each( _childNodeStore, function ( key ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
+			$.each( this.s.childNodeStore, function ( key ) {
 				var idx = key.split('-');
 
-				_childNodesRestore( dt, idx[0]*1, idx[1]*1 );
+				that._childNodesRestore( dt, idx[0]*1, idx[1]*1 );
 			} );
 		}
 
@@ -16787,6 +16918,7 @@ $.extend( Responsive.prototype, {
 	 */
 	_setColumnVis: function ( col, showHide )
 	{
+		var that = this;
 		var dt = this.s.dt;
 		var display = showHide ? '' : 'none'; // empty string will remove the attr
 
@@ -16803,9 +16935,9 @@ $.extend( Responsive.prototype, {
 			.toggleClass('dtr-hidden', !showHide);
 
 		// If the are child nodes stored, we might need to reinsert them
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
 			dt.cells( null, col ).indexes().each( function (idx) {
-				_childNodesRestore( dt, idx.row, idx.column );
+				that._childNodesRestore( dt, idx.row, idx.column );
 			} );
 		}
 	},
@@ -16972,52 +17104,6 @@ Responsive.display = {
 };
 
 
-var _childNodeStore = {};
-
-function _childNodes( dt, row, col ) {
-	var name = row+'-'+col;
-
-	if ( _childNodeStore[ name ] ) {
-		return _childNodeStore[ name ];
-	}
-
-	// https://jsperf.com/childnodes-array-slice-vs-loop
-	var nodes = [];
-	var children = dt.cell( row, col ).node().childNodes;
-	for ( var i=0, ien=children.length ; i<ien ; i++ ) {
-		nodes.push( children[i] );
-	}
-
-	_childNodeStore[ name ] = nodes;
-
-	return nodes;
-}
-
-function _childNodesRestore( dt, row, col ) {
-	var name = row+'-'+col;
-
-	if ( ! _childNodeStore[ name ] ) {
-		return;
-	}
-
-	var node = dt.cell( row, col ).node();
-	var store = _childNodeStore[ name ];
-	var parent = store[0].parentNode;
-	var parentChildren = parent.childNodes;
-	var a = [];
-
-	for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
-		a.push( parentChildren[i] );
-	}
-
-	for ( var j=0, jen=a.length ; j<jen ; j++ ) {
-		node.appendChild( a[j] );
-	}
-
-	_childNodeStore[ name ] = undefined;
-}
-
-
 /**
  * Display methods - functions which define how the hidden data should be shown
  * in the table.
@@ -17029,6 +17115,7 @@ function _childNodesRestore( dt, row, col ) {
 Responsive.renderer = {
 	listHiddenNodes: function () {
 		return function ( api, rowIdx, columns ) {
+			var that = this;
 			var ul = $('<ul data-dtr-index="'+rowIdx+'" class="dtr-details"/>');
 			var found = false;
 
@@ -17045,7 +17132,7 @@ Responsive.renderer = {
 							'</span> '+
 						'</li>'
 					)
-						.append( $('<span class="dtr-data"/>').append( _childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
+						.append( $('<span class="dtr-data"/>').append( that._childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
 						.appendTo( ul );
 
 					found = true;
@@ -17229,7 +17316,7 @@ Api.registerPlural( 'columns().responsiveHidden()', 'column().responsiveHidden()
  * @name Responsive.version
  * @static
  */
-Responsive.version = '2.3.0';
+Responsive.version = '2.4.0';
 
 
 $.fn.dataTable.Responsive = Responsive;
@@ -17256,12 +17343,12 @@ $(document).on( 'preInit.dt.dtr', function (e, settings, json) {
 } );
 
 
-return Responsive;
+return DataTable;
 }));
 
 
 /*! Bootstrap 5 integration for DataTables' Responsive
- * ©2021 SpryMedia Ltd - datatables.net/license
+ * © SpryMedia Ltd - datatables.net/license
  */
 
 (function( factory ){
@@ -17275,17 +17362,26 @@ return Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net-bs5')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
-			if ( ! $.fn.dataTable.Responsive ) {
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net-bs5')(root, $);
+			}
+
+			if ( ! $.fn.dataTable ) {
 				require('datatables.net-responsive')(root, $);
 			}
 
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -17298,6 +17394,7 @@ return Responsive;
 var DataTable = $.fn.dataTable;
 
 
+
 var _display = DataTable.Responsive.display;
 var _original = _display.modal;
 var _modal = $(
@@ -17359,33 +17456,14 @@ _display.modal = function ( options ) {
 };
 
 
-return DataTable.Responsive;
+return DataTable;
 }));
 
 
-/*! Select for DataTables 1.4.0
+/*! Select for DataTables 1.5.0
  * 2015-2021 SpryMedia Ltd - datatables.net/license/mit
  */
 
-/**
- * @summary     Select for DataTables
- * @description A collection of API methods, events and buttons for DataTables
- *   that provides selection options of the items in a DataTable
- * @version     1.4.0
- * @file        dataTables.select.js
- * @author      SpryMedia Ltd (www.sprymedia.co.uk)
- * @contact     datatables.net/forums
- * @copyright   Copyright 2015-2021 SpryMedia Ltd.
- *
- * This source file is free software, available under the following license:
- *   MIT license - http://datatables.net/license/mit
- *
- * This source file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the license files for details.
- *
- * For details please refer to: http://www.datatables.net/extensions/select
- */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -17397,13 +17475,22 @@ return DataTable.Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
+				// CommonJS environments without a window global must pass a
+				// root. This will give an error otherwise
 				root = window;
 			}
 
-			if ( ! $ || ! $.fn.dataTable ) {
-				$ = require('datatables.net')(root, $).$;
+			if ( ! $ ) {
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
+					require('jquery') :
+					require('jquery')( root );
 			}
 
+			if ( ! $.fn.dataTable ) {
+				require('datatables.net')(root, $);
+			}
+
+
 			return factory( $, root, root.document );
 		};
 	}
@@ -17416,10 +17503,11 @@ return DataTable.Responsive;
 var DataTable = $.fn.dataTable;
 
 
+
 // Version information for debugger
 DataTable.select = {};
 
-DataTable.select.version = '1.4.0';
+DataTable.select.version = '1.5.0';
 
 DataTable.select.init = function ( dt ) {
 	var ctx = dt.settings()[0];
@@ -18688,7 +18776,6 @@ $(document).on( 'preInit.dt.dtSelect', function (e, ctx) {
 } );
 
 
-return DataTable.select;
+return DataTable;
 }));
 
-
diff --git a/data/web/js/build/006-notifications.min.js b/data/web/js/build/005-notifications.min.js
similarity index 100%
rename from data/web/js/build/006-notifications.min.js
rename to data/web/js/build/005-notifications.min.js
diff --git a/data/web/js/build/007-formcache.min.js b/data/web/js/build/006-formcache.min.js
similarity index 100%
rename from data/web/js/build/007-formcache.min.js
rename to data/web/js/build/006-formcache.min.js
diff --git a/data/web/js/build/008-chart.js b/data/web/js/build/007-chart.js
similarity index 100%
rename from data/web/js/build/008-chart.js
rename to data/web/js/build/007-chart.js
diff --git a/data/web/js/build/012-api.js b/data/web/js/build/011-api.js
similarity index 100%
rename from data/web/js/build/012-api.js
rename to data/web/js/build/011-api.js
diff --git a/data/web/js/build/013-markdown-it.min.js b/data/web/js/build/012-markdown-it.min.js
similarity index 100%
rename from data/web/js/build/013-markdown-it.min.js
rename to data/web/js/build/012-markdown-it.min.js
diff --git a/data/web/js/build/014-mailcow.js b/data/web/js/build/013-mailcow.js
similarity index 95%
rename from data/web/js/build/014-mailcow.js
rename to data/web/js/build/013-mailcow.js
index 13bc2911..e060a2d0 100644
--- a/data/web/js/build/014-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -1,353 +1,363 @@
-$(document).ready(function() {
-  // mailcow alert box generator
-  window.mailcow_alert_box = function(message, type) {
-    msg = $('<span/>').text(message).text();
-    if (type == 'danger' || type == 'info') {
-      auto_hide = 0;
-      $('#' + localStorage.getItem("add_modal")).modal('show');
-      localStorage.removeItem("add_modal");
-    } else {
-      auto_hide = 5000;
-    }
-    $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
-  }
-
-  $(".generate_password").click(function( event ) {
-    event.preventDefault();
-    $('[data-hibp]').trigger('input');
-    if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
-      var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
-    }
-    else {
-      var random_passwd = GPW.pronounceable(8)
-    }
-    $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
-    $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
-  });
-  function str_rot13(str) {
-    return (str + '').replace(/[a-z]/gi, function(s){
-      return String.fromCharCode(s.charCodeAt(0) + (s.toLowerCase() < 'n' ? 13 : -13))
-    })
-  }
-  $(".rot-enc").html(function(){
-    return str_rot13($(this).html())
-  });
-  // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
-  function shake(div,interval,distance,times) {
-      if(typeof interval === 'undefined') {
-        interval = 100;
-      }
-      if(typeof distance === 'undefined') {
-        distance = 10;
-      }
-      if(typeof times === 'undefined') {
-        times = 4;
-      }
-    $(div).css('position','relative');
-    for(var iter=0;iter<(times+1);iter++){
-      $(div).animate({ left: ((iter%2==0 ? distance : distance*-1))}, interval);
-    }
-    $(div).animate({ left: 0},interval);
-  } 
-
-  // form cache
-  $('[data-cached-form="true"]').formcache({key: $(this).data('id')});
-
-  //  tooltips
-  $(function () {
-    $('[data-bs-toggle="tooltip"]').tooltip()
-  });
-
-  // remember last navigation pill
-  (function () {
-    'use strict';
-      // remember desktop tabs
-      $('button[data-bs-toggle="tab"]').on('click', function (e) {
-        if ($(this).data('dont-remember') == 1) {
-          return true;
-        }
-        var id = $(this).parents('[role="tablist"]').attr('id');
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-
-        var tab_id = $(e.target).attr('data-bs-target').substring(1);
-        localStorage.setItem(key, tab_id);
-      });
-      // remember mobile tabs
-      $('button[data-bs-target^="#collapse-tab-"]').on('click', function (e) {
-        // only remember tab if its being opened
-        if ($(this).hasClass('collapsed')) return false;
-        var tab_id = $(this).closest('div[role="tabpanel"]').attr('id');
-
-        if ($(this).data('dont-remember') == 1) {
-          return true;
-        }
-        var id = $(this).parents('[role="tablist"]').attr('id');;
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-
-        localStorage.setItem(key, tab_id);
-      });
-      // open last tab
-      $('[role="tablist"]').each(function (idx, elem) {
-        var id = $(elem).attr('id');
-        var key = 'lastTag';
-        if (id) {
-          key += ':' + id;
-        }
-        var lastTab = localStorage.getItem(key);
-        if (lastTab) {
-          $('[data-bs-target="#' + lastTab + '"]').click();
-          var tab = $('[id^="' + lastTab + '"]');
-          $(tab).find('.card-body.collapse').collapse('show');
-        }
-      });
-  })();
-
-  // IE fix to hide scrollbars when table body is empty
-  $('tbody').filter(function (index) {
-    return $(this).children().length < 1;
-  }).remove();
-
-  // selectpicker
-  $('select').selectpicker({
-    'styleBase': 'btn btn-xs-lg',
-    'noneSelectedText': lang_footer.nothing_selected
-  });
-
-  // haveibeenpwned and passwd policy
-  $.ajax({
-    url: '/api/v1/get/passwordpolicy/html',
-    type: 'GET',
-    success: function(res) {
-      $(".hibp-out").after(res);
-    }
-  });
-  $('[data-hibp]').after('<p class="small haveibeenpwned"><i class="bi bi-shield-fill-exclamation"></i> ' + lang_footer.hibp_check + '</p><span class="hibp-out"></span>');
-  $('[data-hibp]').on('input', function() {
-    out_field = $(this).next('.haveibeenpwned').next('.hibp-out').text('').attr('class', 'hibp-out');
-  });
-  $('.haveibeenpwned:not(.task-running)').on('click', function() {
-    var hibp_field = $(this)
-    $(hibp_field).addClass('task-running');
-    var hibp_result = $(hibp_field).next('.hibp-out')
-    var password_field = $(this).prev('[data-hibp]')
-    if ($(password_field).val() == '') {
-      shake(password_field);
-    }
-    else {
-      $(hibp_result).attr('class', 'hibp-out badge fs-5 bg-info');
-      $(hibp_result).text(lang_footer.loading);
-      var password_digest = $.sha1($(password_field).val())
-      var digest_five = password_digest.substring(0, 5).toUpperCase();
-      var queryURL = "https://api.pwnedpasswords.com/range/" + digest_five;
-      var compl_digest = password_digest.substring(5, 41).toUpperCase();
-      $.ajax({
-        url: queryURL,
-        type: 'GET',
-        success: function(res) {
-          if (res.search(compl_digest) > -1){
-            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-danger');
-            $(hibp_result).text(lang_footer.hibp_nok)
-          } else {
-            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-success');
-            $(hibp_result).text(lang_footer.hibp_ok)
-          }
-          $(hibp_field).removeClass('task-running');
-        },
-        error: function(xhr, status, error) {
-          $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-warning');
-          $(hibp_result).text('API error: ' + xhr.responseText)
-          $(hibp_field).removeClass('task-running');
-        }
-      });
-    }
-  });
-
-  // Disable disallowed inputs
-  $('[data-acl="0"]').each(function(event){
-    if ($(this).is("a")) {
-      $(this).removeAttr("data-bs-toggle");
-      $(this).removeAttr("data-bs-target");
-      $(this).removeAttr("data-action");
-      $(this).click(function(event) {
-        event.preventDefault();
-      });
-    }
-    if ($(this).is("select")) {
-      $(this).selectpicker('destroy');
-      $(this).replaceWith(function() {
-        return '<label class="control-label"><b>' + this.innerText + '</b></label>';
-      });
-    }
-    if ($(this).hasClass('btn-group')) {
-      $(this).find('a').each(function(){
-        $(this).removeClass('dropdown-toggle')
-          .removeAttr('data-bs-toggle')
-          .removeAttr('data-bs-target')
-          .removeAttr('data-action')
-          .removeAttr('id')
-          .attr("disabled", true);
-        $(this).click(function(event) {
-          event.preventDefault();
-          return;
-        });
-      });
-      $(this).find('button').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('input-group')) {
-      $(this).find('input').each(function() {
-        $(this).removeClass('dropdown-toggle')
-          .removeAttr('data-bs-toggle')
-          .attr("disabled", true);
-        $(this).click(function(event) {
-          event.preventDefault();
-        });
-      });
-      $(this).find('button').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('form-group')) {
-      $(this).find('input').each(function() {
-        $(this).attr("disabled", true);
-      });
-    } else if ($(this).hasClass('btn')) {
-      $(this).attr("disabled", true);
-    } else if ($(this).attr('data-provide') == 'slider') {
-      $(this).attr('disabled', true);
-    } else if ($(this).is(':checkbox')) {
-      $(this).attr("disabled", true);
-    }
-    $(this).data("toggle", "tooltip");
-    $(this).attr("title", lang_acl.prohibited);
-    $(this).tooltip();
-  });
-
-  // disable submit after submitting form (not API driven buttons)
-  $('form').submit(function() {
-    if ($('form button[type="submit"]').data('submitted') == '1') {
-      return false;
-    } else {
-      $(this).find('button[type="submit"]').first().text(lang_footer.loading);
-      $('form button[type="submit"]').attr('data-submitted', '1');
-      function disableF5(e) { if ((e.which || e.keyCode) == 116 || (e.which || e.keyCode) == 82) e.preventDefault(); };
-      $(document).on("keydown", disableF5);
-    }
-  });
-  // Textarea line numbers
-  $(".textarea-code").numberedtextarea({allowTabChar: true});
-  // trigger container restart
-  $('#RestartContainer').on('show.bs.modal', function(e) {
-    var container = $(e.relatedTarget).data('container');
-    $('#containerName').text(container);
-    $('#triggerRestartContainer').click(function(){
-      $(this).prop("disabled",true);
-      $(this).html('<div class="spinner-border text-white" role="status"><span class="visually-hidden">Loading...</span></div>');
-      $('#statusTriggerRestartContainer').html(lang_footer.restarting_container);
-      $.ajax({
-        method: 'get',
-        url: '/inc/ajax/container_ctrl.php',
-        timeout: docker_timeout,
-        data: {
-        'service': container,
-        'action': 'restart'
-        }
-      })
-      .always( function (data, status) {
-        $('#statusTriggerRestartContainer').append(data);
-        var htmlResponse = $.parseHTML(data)
-        if ($(htmlResponse).find('span').hasClass('text-success')) {
-          $('#triggerRestartContainer').html('<i class="bi bi-check-lg"></i> ');
-          setTimeout(function(){
-            $('#RestartContainer').modal('toggle');
-            window.location = window.location.href.split("#")[0];
-          }, 1200);
-        } else {
-          $('#triggerRestartContainer').html('<i class="bi bi-slash-lg"></i> ');
-        }
-      })
-    });
-  })
-
-  // Jquery Datatables, enable responsive plugin
-  $.extend($.fn.dataTable.defaults, {
-    responsive: true
-  });
-
-  // tag boxes
-  $('.tag-box .tag-add').click(function(){
-    addTag(this);
-  });
-  $(".tag-box .tag-input").keydown(function (e) {
-    if (e.which == 13){
-      e.preventDefault();
-      addTag(this);
-    } 
-  });
-
-  // Dark Mode Loader
-  $('#dark-mode-toggle').click(toggleDarkMode);
-  if ($('#dark-mode-theme').length) {
-    $('#dark-mode-toggle').prop('checked', true);
-    if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
-    if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
-  }
-  function toggleDarkMode(){
-    if($('#dark-mode-theme').length){
-      $('#dark-mode-theme').remove();
-      $('#dark-mode-toggle').prop('checked', false);
-      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
-      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
-      localStorage.setItem('darkmode', 'false');
-    }else{
-      $('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
-      $('#dark-mode-toggle').prop('checked', true);
-      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
-      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
-      localStorage.setItem('darkmode', 'true');
-    }
-  }
-});
-
-
-// https://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-function escapeHtml(n){var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"}; return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-function unescapeHtml(t){var n={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#39;":"'","&#x2F;":"/","&#x60;":"`","&#x3D;":"="};return String(t).replace(/&amp;|&lt;|&gt;|&quot;|&#39;|&#x2F|&#x60|&#x3D;/g,function(t){return n[t]})}
-
-function addTag(tagAddElem, tag = null){
-  var tagboxElem = $(tagAddElem).parent();
-  var tagInputElem = $(tagboxElem).find(".tag-input")[0];
-  var tagValuesElem = $(tagboxElem).find(".tag-values")[0];
-
-  if (!tag)
-    tag = $(tagInputElem).val();
-  if (!tag) return;
-  var value_tags = [];
-  try {
-    value_tags = JSON.parse($(tagValuesElem).val());
-  } catch {}
-  if (!Array.isArray(value_tags)) value_tags = [];
-  if (value_tags.includes(tag)) return;
-
-  $('<span class="badge bg-primary tag-badge btn-badge"><i class="bi bi-tag-fill"></i> ' + escapeHtml(tag) + '</span>').insertBefore('.tag-input').click(function(){
-    var del_tag = unescapeHtml($(this).text());
-    var del_tags = [];
-    try {
-      del_tags = JSON.parse($(tagValuesElem).val());
-    } catch {}
-    if (Array.isArray(del_tags)){
-      del_tags.splice(del_tags.indexOf(del_tag), 1);
-      $(tagValuesElem).val(JSON.stringify(del_tags));
-    }
-    $(this).remove();
-  });
-
-  value_tags.push(tag);
-  $(tagValuesElem).val(JSON.stringify(value_tags));
-  $(tagInputElem).val('');
-}
\ No newline at end of file
+$(document).ready(function() {
+  // mailcow alert box generator
+  window.mailcow_alert_box = function(message, type) {
+    msg = $('<span/>').text(message).text();
+    if (type == 'danger' || type == 'info') {
+      auto_hide = 0;
+      $('#' + localStorage.getItem("add_modal")).modal('show');
+      localStorage.removeItem("add_modal");
+    } else {
+      auto_hide = 5000;
+    }
+    $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
+  }
+
+  $(".generate_password").click(async function( event ) {   
+    try { 
+      var password_policy = await window.fetch("/api/v1/get/passwordpolicy", { method:'GET', cache:'no-cache' });
+      var password_policy = await password_policy.json();
+      random_passwd_length = password_policy.length;
+    } catch(err) {
+      var random_passwd_length = 8;
+    }
+
+    event.preventDefault();
+    $('[data-hibp]').trigger('input');
+    if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
+      var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
+    }
+    else {
+      var random_passwd = GPW.pronounceable(random_passwd_length)
+    }
+    $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
+    $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
+  });
+  function str_rot13(str) {
+    return (str + '').replace(/[a-z]/gi, function(s){
+      return String.fromCharCode(s.charCodeAt(0) + (s.toLowerCase() < 'n' ? 13 : -13))
+    })
+  }
+  $(".rot-enc").html(function(){
+    return str_rot13($(this).html())
+  });
+  // https://stackoverflow.com/questions/4399005/implementing-jquerys-shake-effect-with-animate
+  function shake(div,interval,distance,times) {
+      if(typeof interval === 'undefined') {
+        interval = 100;
+      }
+      if(typeof distance === 'undefined') {
+        distance = 10;
+      }
+      if(typeof times === 'undefined') {
+        times = 4;
+      }
+    $(div).css('position','relative');
+    for(var iter=0;iter<(times+1);iter++){
+      $(div).animate({ left: ((iter%2==0 ? distance : distance*-1))}, interval);
+    }
+    $(div).animate({ left: 0},interval);
+  }
+
+  // form cache
+  $('[data-cached-form="true"]').formcache({key: $(this).data('id')});
+
+  //  tooltips
+  $(function () {
+    $('[data-bs-toggle="tooltip"]').tooltip()
+  });
+
+  // remember last navigation pill
+  (function () {
+    'use strict';
+      // remember desktop tabs
+      $('button[data-bs-toggle="tab"]').on('click', function (e) {
+        if ($(this).data('dont-remember') == 1) {
+          return true;
+        }
+        var id = $(this).parents('[role="tablist"]').attr('id');
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+
+        var tab_id = $(e.target).attr('data-bs-target').substring(1);
+        localStorage.setItem(key, tab_id);
+      });
+      // remember mobile tabs
+      $('button[data-bs-target^="#collapse-tab-"]').on('click', function (e) {
+        // only remember tab if its being opened
+        if ($(this).hasClass('collapsed')) return false;
+        var tab_id = $(this).closest('div[role="tabpanel"]').attr('id');
+
+        if ($(this).data('dont-remember') == 1) {
+          return true;
+        }
+        var id = $(this).parents('[role="tablist"]').attr('id');;
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+
+        localStorage.setItem(key, tab_id);
+      });
+      // open last tab
+      $('[role="tablist"]').each(function (idx, elem) {
+        var id = $(elem).attr('id');
+        var key = 'lastTag';
+        if (id) {
+          key += ':' + id;
+        }
+        var lastTab = localStorage.getItem(key);
+        if (lastTab) {
+          $('[data-bs-target="#' + lastTab + '"]').click();
+          var tab = $('[id^="' + lastTab + '"]');
+          $(tab).find('.card-body.collapse').collapse('show');
+        }
+      });
+  })();
+
+  // IE fix to hide scrollbars when table body is empty
+  $('tbody').filter(function (index) {
+    return $(this).children().length < 1;
+  }).remove();
+
+  // selectpicker
+  $('select').selectpicker({
+    'styleBase': 'btn btn-xs-lg',
+    'noneSelectedText': lang_footer.nothing_selected
+  });
+
+  // haveibeenpwned and passwd policy
+  $.ajax({
+    url: '/api/v1/get/passwordpolicy/html',
+    type: 'GET',
+    success: function(res) {
+      $(".hibp-out").after(res);
+    }
+  });
+  $('[data-hibp]').after('<p class="small haveibeenpwned"><i class="bi bi-shield-fill-exclamation"></i> ' + lang_footer.hibp_check + '</p><span class="hibp-out"></span>');
+  $('[data-hibp]').on('input', function() {
+    out_field = $(this).next('.haveibeenpwned').next('.hibp-out').text('').attr('class', 'hibp-out');
+  });
+  $('.haveibeenpwned:not(.task-running)').on('click', function() {
+    var hibp_field = $(this)
+    $(hibp_field).addClass('task-running');
+    var hibp_result = $(hibp_field).next('.hibp-out')
+    var password_field = $(this).prev('[data-hibp]')
+    if ($(password_field).val() == '') {
+      shake(password_field);
+    }
+    else {
+      $(hibp_result).attr('class', 'hibp-out badge fs-5 bg-info');
+      $(hibp_result).text(lang_footer.loading);
+      var password_digest = $.sha1($(password_field).val())
+      var digest_five = password_digest.substring(0, 5).toUpperCase();
+      var queryURL = "https://api.pwnedpasswords.com/range/" + digest_five;
+      var compl_digest = password_digest.substring(5, 41).toUpperCase();
+      $.ajax({
+        url: queryURL,
+        type: 'GET',
+        success: function(res) {
+          if (res.search(compl_digest) > -1){
+            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-danger');
+            $(hibp_result).text(lang_footer.hibp_nok)
+          } else {
+            $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-success');
+            $(hibp_result).text(lang_footer.hibp_ok)
+          }
+          $(hibp_field).removeClass('task-running');
+        },
+        error: function(xhr, status, error) {
+          $(hibp_result).removeClass('badge fs-5 bg-info').addClass('badge fs-5 bg-warning');
+          $(hibp_result).text('API error: ' + xhr.responseText)
+          $(hibp_field).removeClass('task-running');
+        }
+      });
+    }
+  });
+
+  // Disable disallowed inputs
+  $('[data-acl="0"]').each(function(event){
+    if ($(this).is("a")) {
+      $(this).removeAttr("data-bs-toggle");
+      $(this).removeAttr("data-bs-target");
+      $(this).removeAttr("data-action");
+      $(this).click(function(event) {
+        event.preventDefault();
+      });
+    }
+    if ($(this).is("select")) {
+      $(this).selectpicker('destroy');
+      $(this).replaceWith(function() {
+        return '<label class="control-label"><b>' + this.innerText + '</b></label>';
+      });
+    }
+    if ($(this).hasClass('btn-group')) {
+      $(this).find('a').each(function(){
+        $(this).removeClass('dropdown-toggle')
+          .removeAttr('data-bs-toggle')
+          .removeAttr('data-bs-target')
+          .removeAttr('data-action')
+          .removeAttr('id')
+          .attr("disabled", true);
+        $(this).click(function(event) {
+          event.preventDefault();
+          return;
+        });
+      });
+      $(this).find('button').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('input-group')) {
+      $(this).find('input').each(function() {
+        $(this).removeClass('dropdown-toggle')
+          .removeAttr('data-bs-toggle')
+          .attr("disabled", true);
+        $(this).click(function(event) {
+          event.preventDefault();
+        });
+      });
+      $(this).find('button').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('form-group')) {
+      $(this).find('input').each(function() {
+        $(this).attr("disabled", true);
+      });
+    } else if ($(this).hasClass('btn')) {
+      $(this).attr("disabled", true);
+    } else if ($(this).attr('data-provide') == 'slider') {
+      $(this).attr('disabled', true);
+    } else if ($(this).is(':checkbox')) {
+      $(this).attr("disabled", true);
+    }
+    $(this).data("toggle", "tooltip");
+    $(this).attr("title", lang_acl.prohibited);
+    $(this).tooltip();
+  });
+
+  // disable submit after submitting form (not API driven buttons)
+  $('form').submit(function() {
+    if ($('form button[type="submit"]').data('submitted') == '1') {
+      return false;
+    } else {
+      $(this).find('button[type="submit"]').first().text(lang_footer.loading);
+      $('form button[type="submit"]').attr('data-submitted', '1');
+      function disableF5(e) { if ((e.which || e.keyCode) == 116 || (e.which || e.keyCode) == 82) e.preventDefault(); };
+      $(document).on("keydown", disableF5);
+    }
+  });
+  // Textarea line numbers
+  $(".textarea-code").numberedtextarea({allowTabChar: true});
+  // trigger container restart
+  $('#RestartContainer').on('show.bs.modal', function(e) {
+    var container = $(e.relatedTarget).data('container');
+    $('#containerName').text(container);
+    $('#triggerRestartContainer').click(function(){
+      $(this).prop("disabled",true);
+      $(this).html('<div class="spinner-border text-white" role="status"><span class="visually-hidden">Loading...</span></div>');
+      $('#statusTriggerRestartContainer').html(lang_footer.restarting_container);
+      $.ajax({
+        method: 'get',
+        url: '/inc/ajax/container_ctrl.php',
+        timeout: docker_timeout,
+        data: {
+        'service': container,
+        'action': 'restart'
+        }
+      })
+      .always( function (data, status) {
+        $('#statusTriggerRestartContainer').append(data);
+        var htmlResponse = $.parseHTML(data)
+        if ($(htmlResponse).find('span').hasClass('text-success')) {
+          $('#triggerRestartContainer').html('<i class="bi bi-check-lg"></i> ');
+          setTimeout(function(){
+            $('#RestartContainer').modal('toggle');
+            window.location = window.location.href.split("#")[0];
+          }, 1200);
+        } else {
+          $('#triggerRestartContainer').html('<i class="bi bi-slash-lg"></i> ');
+        }
+      })
+    });
+  })
+
+  // Jquery Datatables, enable responsive plugin
+  $.extend($.fn.dataTable.defaults, {
+    responsive: true
+  });
+  // disable default datatable click listener
+  $(document).off('click', 'tbody>tr');
+
+  // tag boxes
+  $('.tag-box .tag-add').click(function(){
+    addTag(this);
+  });
+  $(".tag-box .tag-input").keydown(function (e) {
+    if (e.which == 13){
+      e.preventDefault();
+      addTag(this);
+    }
+  });
+
+  // Dark Mode Loader
+  $('#dark-mode-toggle').click(toggleDarkMode);
+  if ($('#dark-mode-theme').length) {
+    $('#dark-mode-toggle').prop('checked', true);
+    if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
+    if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
+  }
+  function toggleDarkMode(){
+    if($('#dark-mode-theme').length){
+      $('#dark-mode-theme').remove();
+      $('#dark-mode-toggle').prop('checked', false);
+      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
+      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
+      localStorage.setItem('theme', 'light');
+    }else{
+      $('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
+      $('#dark-mode-toggle').prop('checked', true);
+      if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
+      if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
+      localStorage.setItem('theme', 'dark');
+    }
+  }
+});
+
+
+// https://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+function escapeHtml(n){var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"}; return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+function unescapeHtml(t){var n={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#39;":"'","&#x2F;":"/","&#x60;":"`","&#x3D;":"="};return String(t).replace(/&amp;|&lt;|&gt;|&quot;|&#39;|&#x2F|&#x60|&#x3D;/g,function(t){return n[t]})}
+
+function addTag(tagAddElem, tag = null){
+  var tagboxElem = $(tagAddElem).parent();
+  var tagInputElem = $(tagboxElem).find(".tag-input")[0];
+  var tagValuesElem = $(tagboxElem).find(".tag-values")[0];
+
+  if (!tag)
+    tag = $(tagInputElem).val();
+  if (!tag) return;
+  var value_tags = [];
+  try {
+    value_tags = JSON.parse($(tagValuesElem).val());
+  } catch {}
+  if (!Array.isArray(value_tags)) value_tags = [];
+  if (value_tags.includes(tag)) return;
+
+  $('<span class="badge bg-primary tag-badge btn-badge"><i class="bi bi-tag-fill"></i> ' + escapeHtml(tag) + '</span>').insertBefore('.tag-input').click(function(){
+    var del_tag = unescapeHtml($(this).text());
+    var del_tags = [];
+    try {
+      del_tags = JSON.parse($(tagValuesElem).val());
+    } catch {}
+    if (Array.isArray(del_tags)){
+      del_tags.splice(del_tags.indexOf(del_tag), 1);
+      $(tagValuesElem).val(JSON.stringify(del_tags));
+    }
+    $(this).remove();
+  });
+
+  value_tags.push(tag);
+  $(tagValuesElem).val(JSON.stringify(value_tags));
+  $(tagInputElem).val('');
+}
diff --git a/data/web/js/site/admin.js b/data/web/js/site/admin.js
index d47a2227..23ef1d25 100644
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@@ -1,698 +1,737 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
-  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
-  $("#dkim_missing_keys").on('click', function(e) {
-    e.preventDefault();
-     var domains = [];
-     $('.dkim_missing').each(function() {
-       domains.push($(this).val());
-     });
-     $('#dkim_add_domains').val(domains);
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
-  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
-  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
-  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
-  $(".validate_rspamd_regex").click(function( event ) {
-    event.preventDefault();
-    var regex_map_id = $(this).data('regex-map');
-    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
-    var regex_valid = true;
-    for(var i = 0;i < regex_data.length;i++){
-      if(regex_data[i].startsWith('#') || !regex_data[i]){
-        continue;
-      }
-      if(!validateRegex(regex_data[i])) {
-        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
-        var regex_valid = false;
-        break;
-      }
-      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
-        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
-        var regex_valid = false;
-        break;
-      }
-    }
-    if (regex_valid) {
-      mailcow_alert_box('Regex OK', 'success');
-      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
-    }
-  });
-	$('.textarea-code').on('keyup', function() {
-    $('.submit_rspamd_regex').attr({"disabled": true});
-	});
-  $("#show_rspamd_global_filters").click(function() {
-    $.get("inc/ajax/show_rspamd_global_filters.php");
-    $("#confirm_show_rspamd_global_filters").hide();
-    $("#rspamd_global_filters").removeClass("d-none");
-  });
-  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
-  
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_domain_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
-      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#domainadminstable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/domain-admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'domainadminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.admin_domains,
-            data: 'selected_domains',
-            defaultContent: '',
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ],
-      initComplete: function(settings, json){
-      }
-    });
-  }
-  function draw_oauth2_clients() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
-      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#oauth2clientstable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/oauth2-client/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'oauth2clientstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_id,
-            data: 'client_id',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_client_secret,
-            data: 'client_secret',
-            defaultContent: ''
-          },
-          {
-            title: lang.oauth2_redirect_uri,
-            data: 'redirect_uri',
-            defaultContent: ''
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_admins() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#adminstable') ) {
-      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#adminstable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/admin/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'adminstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: "TFA",
-            data: 'tfa_active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            defaultContent: '',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right'
-          },
-      ]
-    });
-  }
-  function draw_fwd_hosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
-      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#forwardinghoststable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/fwdhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'forwardinghoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'host',
-            defaultContent: ''
-          },
-          {
-            title: lang.source,
-            data: 'source',
-            defaultContent: ''
-          },
-          {
-            title: lang.spamfilter,
-            data: 'keep_spam',
-            defaultContent: ''
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_relayhosts() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
-      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#relayhoststable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/relayhost/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'relayhoststable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.host,
-            data: 'hostname',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use_by,
-            data: 'in_use_by',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-  function draw_transport_maps() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#transportstable') ) {
-      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#transportstable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/transport/all",
-        dataSrc: function(data){
-          return process_table_data(data, 'transportstable');
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.destination,
-            data: 'destination',
-            defaultContent: ''
-          },
-          {
-            title: lang.nexthop,
-            data: 'nexthop',
-            defaultContent: ''
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              if(data == 1) return '<i class="bi bi-check-lg"></i>';
-              else return '<i class="bi bi-x-lg"></i>'
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-
-  function process_table_data(data, table) {
-    if (table == 'relayhoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
-        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
-        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
-        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'transportstable') {
-      $.each(data, function (i, item) {
-        if (item.is_mx_based) {
-          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
-        }
-        if (item.username) {
-          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
-        }
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
-          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'queuetable') {
-      $.each(data, function (i, item) {
-        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-        rcpts = $.map(item.recipients, function(i) {
-          return escapeHtml(i);
-        });
-        item.recipients = rcpts.join('<hr style="margin:1px!important">');
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
-          '</div>';
-      });
-    } else if (table == 'forwardinghoststable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
-      });
-    } else if (table == 'oauth2clientstable') {
-      $.each(data, function (i, item) {
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-        item.scope = "profile";
-        item.grant_types = 'refresh_token password authorization_code';
-        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
-      });
-    } else if (table == 'domainadminstable') {
-      $.each(data, function (i, item) {
-        item.selected_domains = escapeHtml(item.selected_domains);
-        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
-        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
-          '</div>';
-      });
-    } else if (table == 'adminstable') {
-      $.each(data, function (i, item) {
-        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
-          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
-        } else {
-          item.usr = item.username;
-        }
-        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-          '</div>';
-      });
-    }
-    return data
-  };
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=adminstable]", () => draw_admins());
-  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
-  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
-  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
-  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
-  onVisible("[id^=transportstable]", () => draw_transport_maps());
-
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // API IP check toggle
-  $("#skip_ip_check_ro").click(function( event ) {
-   $("#skip_ip_check_ro").not(this).prop('checked', false);
-    if ($("#skip_ip_check_ro:checked").length > 0) {
-      $('#allow_from_ro').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_ro").removeAttr('disabled');
-    }
-  });
-  $("#skip_ip_check_rw").click(function( event ) {
-   $("#skip_ip_check_rw").not(this).prop('checked', false);
-    if ($("#skip_ip_check_rw:checked").length > 0) {
-      $('#allow_from_rw').prop('disabled', true);
-    }
-    else {
-      $("#allow_from_rw").removeAttr('disabled');
-    }
-  });
-  // Relayhost
-  $('#testRelayhostModal').on('show.bs.modal', function (e) {
-    $('#test_relayhost_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#relayhost_id').val(button.data('relayhost-id'));
-    }
-  })
-  $('#test_relayhost').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_relayhost').text();
-    $(this).prop("disabled",true);
-    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/relay_check.php',
-        dataType: 'text',
-        data: $('#test_relayhost_form').serialize(),
-        complete: function (data) {
-          $('#test_relayhost_result').html(data.responseText);
-          $('#test_relayhost').prop("disabled",false);
-          $('#test_relayhost').text(prev);
-        }
-    });
-  })
-  // Transport
-  $('#testTransportModal').on('show.bs.modal', function (e) {
-    $('#test_transport_result').text("-");
-    button = $(e.relatedTarget)
-    if (button != null) {
-      $('#transport_id').val(button.data('transport-id'));
-      $('#transport_type').val(button.data('transport-type'));
-    }
-  })
-  $('#test_transport').on('click', function (e) {
-    e.preventDefault();
-    prev = $('#test_transport').text();
-    $(this).prop("disabled",true);
-    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
-    $.ajax({
-        type: 'GET',
-        url: 'inc/ajax/transport_check.php',
-        dataType: 'text',
-        data: $('#test_transport_form').serialize(),
-        complete: function (data) {
-          $('#test_transport_result').html(data.responseText);
-          $('#test_transport').prop("disabled",false);
-          $('#test_transport').text(prev);
-        }
-    });
-  })
-  // DKIM private key modal
-  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
-    $('#priv_key_pre').text("-");
-    p_related = $(e.relatedTarget)
-    if (p_related != null) {
-      var decoded_key = Base64.decode((p_related.data('priv-key')));
-      $('#priv_key_pre').text(decoded_key);
-    }
-  })
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-  // App links
-  function add_table_row(table_id, type) {
-    var row = $('<tr />');
-    if (type == "app_link") {
-      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    } else if (type == "f2b_regex") {
-      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
-      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
-      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
-    }
-    row.append(cols);
-    table_id.append(row);
-  }
-  $('#app_link_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#f2b_regex_table').on('click', 'tr a', function (e) {
-    e.preventDefault();
-    $(this).parents('tr').remove();
-  });
-  $('#add_app_link_row').click(function() {
-      add_table_row($('#app_link_table'), "app_link");
-  });
-  $('#add_f2b_regex_row').click(function() {
-      add_table_row($('#f2b_regex_table'), "f2b_regex");
-  });
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function jq(myid) {return "#" + myid.replace( /(:|\.|\[|\]|,|=|@)/g, "\\$1" );}
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function validateRegex(e){var t=e.split("/"),n=e,r="";t.length>1&&(n=t[1],r=t[2]);try{return new RegExp(n,r),!0}catch(e){return!1}}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
+  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
+  $("#dkim_missing_keys").on('click', function(e) {
+    e.preventDefault();
+     var domains = [];
+     $('.dkim_missing').each(function() {
+       domains.push($(this).val());
+     });
+     $('#dkim_add_domains').val(domains);
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#mass_exclude").change(function(){ $("#mass_include").selectpicker('deselectAll'); });
+  $("#mass_include").change(function(){ $("#mass_exclude").selectpicker('deselectAll'); });
+  $("#mass_disarm").click(function() { $("#mass_send").attr("disabled", !this.checked); });
+  $(".admin-ays-dialog").click(function() { return confirm(lang.ays); });
+  $(".validate_rspamd_regex").click(function( event ) {
+    event.preventDefault();
+    var regex_map_id = $(this).data('regex-map');
+    var regex_data = $(jq(regex_map_id)).val().split(/\r?\n/);
+    var regex_valid = true;
+    for(var i = 0;i < regex_data.length;i++){
+      if(regex_data[i].startsWith('#') || !regex_data[i]){
+        continue;
+      }
+      if(!validateRegex(regex_data[i])) {
+        mailcow_alert_box('Cannot build regex from line ' + (i+1), 'danger');
+        var regex_valid = false;
+        break;
+      }
+      if(!regex_data[i].startsWith('/') || !/\/[ims]?$/.test(regex_data[i])){
+        mailcow_alert_box('Line ' + (i+1) + ' is invalid', 'danger');
+        var regex_valid = false;
+        break;
+      }
+    }
+    if (regex_valid) {
+      mailcow_alert_box('Regex OK', 'success');
+      $('button[data-id="' + regex_map_id + '"]').attr({"disabled": false});
+    }
+  });
+  $('.textarea-code').on('keyup', function() {
+    $('.submit_rspamd_regex').attr({"disabled": true});
+  });
+  $("#show_rspamd_global_filters").click(function() {
+    $.get("inc/ajax/show_rspamd_global_filters.php");
+    $("#confirm_show_rspamd_global_filters").hide();
+    $("#rspamd_global_filters").removeClass("d-none");
+  });
+  $("#super_delete").click(function() { return confirm(lang.queue_ays); });
+
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_domain_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#domainadminstable') ) {
+      $('#domainadminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#domainadminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/domain-admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'domainadminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.admin_domains,
+          data: 'selected_domains',
+          defaultContent: '',
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+            render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
+      ],
+      initComplete: function(settings, json){
+      }
+    });
+  }
+  function draw_oauth2_clients() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#oauth2clientstable') ) {
+      $('#oauth2clientstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#oauth2clientstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/oauth2-client/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'oauth2clientstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_id,
+          data: 'client_id',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_client_secret,
+          data: 'client_secret',
+          defaultContent: ''
+        },
+        {
+          title: lang.oauth2_redirect_uri,
+          data: 'redirect_uri',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_admins() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#adminstable') ) {
+      $('#adminstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#adminstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/admin/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'adminstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: "TFA",
+          data: 'tfa_active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          defaultContent: '',
+          className: 'dt-sm-head-hidden dt-text-right'
+        },
+      ]
+    });
+  }
+  function draw_fwd_hosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#forwardinghoststable') ) {
+      $('#forwardinghoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#forwardinghoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/fwdhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'forwardinghoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'host',
+          defaultContent: ''
+        },
+        {
+          title: lang.source,
+          data: 'source',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter,
+          data: 'keep_spam',
+          defaultContent: '',
+          render: function(data, type){
+            return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_relayhosts() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#relayhoststable') ) {
+      $('#relayhoststable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#relayhoststable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/relayhost/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'relayhoststable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.host,
+          data: 'hostname',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use_by,
+          data: 'in_use_by',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+  function draw_transport_maps() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#transportstable') ) {
+      $('#transportstable').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#transportstable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/transport/all",
+        dataSrc: function(data){
+          return process_table_data(data, 'transportstable');
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.destination,
+          data: 'destination',
+          defaultContent: ''
+        },
+        {
+          title: lang.nexthop,
+          data: 'nexthop',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            if(data == 1) return '<i class="bi bi-check-lg"></i>';
+            else return '<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
+      ]
+    });
+  }
+
+  function process_table_data(data, table) {
+    if (table == 'relayhoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="sender-dependent" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/relayhost/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-rlyhost" data-api-url="delete/relayhost" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        if (item.used_by_mailboxes == '') { item.in_use_by = item.used_by_domains; }
+        else if (item.used_by_domains == '') { item.in_use_by = item.used_by_mailboxes; }
+        else { item.in_use_by = item.used_by_mailboxes + '<hr style="margin:5px 0px 5px 0px;">' + item.used_by_domains; }
+        item.chkbox = '<input type="checkbox" data-id="rlyhosts" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'transportstable') {
+      $.each(data, function (i, item) {
+        if (item.is_mx_based) {
+          item.destination = '<i class="bi bi-info-circle-fill text-info mx-info" data-bs-toggle="tooltip" title="' + lang.is_mx_based + '"></i> <code>' + item.destination + '</code>';
+        }
+        if (item.username) {
+          item.username = '<i style="color:#' + intToRGB(hashCode(item.nexthop)) + ';" class="bi bi-square-fill"></i> ' + item.username;
+        }
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#testTransportModal" data-transport-id="' + encodeURI(item.id) + '" data-transport-type="transport-map" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-caret-right-fill"></i> Test</a>' +
+          '<a href="/edit/transport/' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-transport" data-api-url="delete/transport" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="transports" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'queuetable') {
+      $.each(data, function (i, item) {
+        item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+        rcpts = $.map(item.recipients, function(i) {
+          return escapeHtml(i);
+        });
+        item.recipients = rcpts.join('<hr style="margin:1px!important">');
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+          '</div>';
+      });
+    } else if (table == 'forwardinghoststable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="#" data-action="delete_selected" data-id="single-fwdhost" data-api-url="delete/fwdhost" data-item="' + encodeURI(item.host) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.chkbox = '<input type="checkbox" data-id="fwdhosts" name="multi_select" value="' + item.host + '" />';
+      });
+    } else if (table == 'oauth2clientstable') {
+      $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit.php?oauth2client=' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-oauth2-client" data-api-url="delete/oauth2-client" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+        item.scope = "profile";
+        item.grant_types = 'refresh_token password authorization_code';
+        item.chkbox = '<input type="checkbox" data-id="oauth2_clients" name="multi_select" value="' + item.id + '" />';
+      });
+    } else if (table == 'domainadminstable') {
+      $.each(data, function (i, item) {
+        item.selected_domains = escapeHtml(item.selected_domains);
+        item.selected_domains = item.selected_domains.toString().replace(/,/g, "<br>");
+        item.chkbox = '<input type="checkbox" data-id="domain_admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/domainadmin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-domain-admin" data-api-url="delete/domain-admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-third btn-success"><i class="bi bi-person-fill"></i> Login</a>' +
+          '</div>';
+      });
+    } else if (table == 'adminstable') {
+      $.each(data, function (i, item) {
+        if (admin_username.toLowerCase() == item.username.toLowerCase()) {
+          item.usr = '<i class="bi bi-person-check"></i> ' + item.username;
+        } else {
+          item.usr = item.username;
+        }
+        item.chkbox = '<input type="checkbox" data-id="admins" name="multi_select" value="' + item.username + '" />';
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit/admin/' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+          '<a href="#" data-action="delete_selected" data-id="single-admin" data-api-url="delete/admin" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+          '</div>';
+      });
+    }
+    return data
+  };
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=adminstable]", () => draw_admins());
+  onVisible("[id^=domainadminstable]", () => draw_domain_admins());
+  onVisible("[id^=oauth2clientstable]", () => draw_oauth2_clients());
+  onVisible("[id^=forwardinghoststable]", () => draw_fwd_hosts());
+  onVisible("[id^=relayhoststable]", () => draw_relayhosts());
+  onVisible("[id^=transportstable]", () => draw_transport_maps());
+
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // API IP check toggle
+  $("#skip_ip_check_ro").click(function( event ) {
+   $("#skip_ip_check_ro").not(this).prop('checked', false);
+    if ($("#skip_ip_check_ro:checked").length > 0) {
+      $('#allow_from_ro').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_ro").removeAttr('disabled');
+    }
+  });
+  $("#skip_ip_check_rw").click(function( event ) {
+   $("#skip_ip_check_rw").not(this).prop('checked', false);
+    if ($("#skip_ip_check_rw:checked").length > 0) {
+      $('#allow_from_rw').prop('disabled', true);
+    }
+    else {
+      $("#allow_from_rw").removeAttr('disabled');
+    }
+  });
+  // Relayhost
+  $('#testRelayhostModal').on('show.bs.modal', function (e) {
+    $('#test_relayhost_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#relayhost_id').val(button.data('relayhost-id'));
+    }
+  })
+  $('#test_relayhost').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_relayhost').text();
+    $(this).prop("disabled",true);
+    $(this).html('<i class="bi bi-arrow-repeat icon-spin"></i> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/relay_check.php',
+      dataType: 'text',
+      data: $('#test_relayhost_form').serialize(),
+      complete: function (data) {
+        $('#test_relayhost_result').html(data.responseText);
+        $('#test_relayhost').prop("disabled",false);
+        $('#test_relayhost').text(prev);
+      }
+    });
+  })
+  // Transport
+  $('#testTransportModal').on('show.bs.modal', function (e) {
+    $('#test_transport_result').text("-");
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#transport_id').val(button.data('transport-id'));
+      $('#transport_type').val(button.data('transport-type'));
+    }
+  })
+  $('#test_transport').on('click', function (e) {
+    e.preventDefault();
+    prev = $('#test_transport').text();
+    $(this).prop("disabled",true);
+    $(this).html('<div class="spinner-border" role="status"><span class="visually-hidden">Loading...</span></div> ');
+    $.ajax({
+      type: 'GET',
+      url: 'inc/ajax/transport_check.php',
+      dataType: 'text',
+      data: $('#test_transport_form').serialize(),
+      complete: function (data) {
+        $('#test_transport_result').html(data.responseText);
+        $('#test_transport').prop("disabled",false);
+        $('#test_transport').text(prev);
+      }
+    });
+  })
+  // DKIM private key modal
+  $('#showDKIMprivKey').on('show.bs.modal', function (e) {
+    $('#priv_key_pre').text("-");
+    p_related = $(e.relatedTarget)
+    if (p_related != null) {
+      var decoded_key = Base64.decode((p_related.data('priv-key')));
+      $('#priv_key_pre').text(decoded_key);
+    }
+  })
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+  // App links
+  function add_table_row(table_id, type) {
+    var row = $('<tr />');
+    if (type == "app_link") {
+      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="app" required></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="app_links" type="text" name="href" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    } else if (type == "f2b_regex") {
+      cols = '<td><input style="text-align:center" class="input-sm input-xs-lg form-control" data-id="f2b_regex" type="text" value="+" disabled></td>';
+      cols += '<td><input class="input-sm input-xs-lg form-control regex-input" data-id="f2b_regex" type="text" name="regex" required></td>';
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang.remove_row + '</a></td>';
+    }
+    row.append(cols);
+    table_id.append(row);
+  }
+  $('#app_link_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#f2b_regex_table').on('click', 'tr a', function (e) {
+    e.preventDefault();
+    $(this).parents('tr').remove();
+  });
+  $('#add_app_link_row').click(function() {
+    add_table_row($('#app_link_table'), "app_link");
+  });
+  $('#add_f2b_regex_row').click(function() {
+    add_table_row($('#f2b_regex_table'), "f2b_regex");
+  });
+});
diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index b57f1dbc..e0b9a5ab 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -1,1533 +1,1715 @@
-$(document).ready(function() {
-  // Parse seconds ago to date
-  // Get "now" timestamp
-  var ts_now = Math.round((new Date()).getTime() / 1000);
-  $('.parse_s_ago').each(function(i, parse_s_ago) {
-    var started_s_ago = parseInt($(this).text(), 10);
-    if (typeof started_s_ago != 'NaN') {
-      var started_date = new Date((ts_now - started_s_ago) * 1000);
-      if (started_date instanceof Date && !isNaN(started_date)) {
-        var started_local_date = started_date.toLocaleDateString(undefined, {
-          year: "numeric",
-          month: "2-digit",
-          day: "2-digit",
-          hour: "2-digit",
-          minute: "2-digit",
-          second: "2-digit"
-        });
-        $(this).text(started_local_date);
-      } else {
-        $(this).text('-');
-      }
-    }
-  });
-  // Parse general dates
-  $('.parse_date').each(function(i, parse_date) {
-    var started_date = new Date(Date.parse($(this).text()));
-    if (typeof started_date != 'NaN') {
-      var started_local_date = started_date.toLocaleDateString(undefined, {
-        year: "numeric",
-        month: "2-digit",
-        day: "2-digit",
-        hour: "2-digit",
-        minute: "2-digit",
-        second: "2-digit"
-      });
-      $(this).text(started_local_date);
-    }
-  });
-
-  // set update loop container list
-  containersToUpdate = {}
-  // set default ChartJs Font Color
-  Chart.defaults.color = '#999';
-  // create host cpu and mem charts
-  createHostCpuAndMemChart();
-  // check for new version
-  if (mailcow_info.branch === "master"){
-    check_update(mailcow_info.version_tag, mailcow_info.project_url);
-  }
-  $("#maiclow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
-      return;
-
-    showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
-  })
-  // get public ips
-  get_public_ips();
-  update_container_stats();
-});
-jQuery(function($){
-  if (localStorage.getItem("current_page") === null) {
-    var current_page = {};
-  } else {
-    var current_page = JSON.parse(localStorage.getItem('current_page'));
-  }
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
-  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_autodiscover_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#autodiscover_log') ) {
-      $('#autodiscover_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#autodiscover_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/autodiscover/100",
-        dataSrc: function(data){
-          return process_table_data(data, 'autodiscover_log');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          responsivePriority: 1,
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'User-Agent',
-          data: 'ua',
-          defaultContent: '',
-          className: 'dtr-col-md',
-          responsivePriority: 5
-        },
-        {
-          title: 'Username',
-          data: 'user',
-          defaultContent: '',
-          responsivePriority: 4
-        },
-        {
-          title: 'IP',
-          data: 'ip',
-          defaultContent: '',
-          responsivePriority: 2
-        },
-        {
-          title: 'Service',
-          data: 'service',
-          defaultContent: '',
-          responsivePriority: 3
-        }
-      ]
-    });
-  }
-  function draw_postfix_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#postfix_log') ) {
-      $('#postfix_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#postfix_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/postfix",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_watchdog_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#watchdog_log') ) {
-      $('#watchdog_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#watchdog_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/watchdog",
-        dataSrc: function(data){
-          return process_table_data(data, 'watchdog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'Service',
-          data: 'service',
-          defaultContent: ''
-        },
-        {
-          title: 'Trend',
-          data: 'trend',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_api_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#api_log') ) {
-      $('#api_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#api_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/api",
-        dataSrc: function(data){
-          return process_table_data(data, 'apilog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'URI',
-          data: 'uri',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: 'Method',
-          data: 'method',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'remote',
-          defaultContent: ''
-        },
-        {
-          title: 'Data',
-          data: 'data',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_rl_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#rl_log') ) {
-      $('#rl_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#rl_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/ratelimited",
-        dataSrc: function(data){
-          return process_table_data(data, 'rllog');
-        }
-      },
-      columns: [
-        {
-          title: ' ',
-          data: 'indicator',
-          defaultContent: ''
-        },
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.rate_name,
-          data: 'rl_name',
-          defaultContent: ''
-        },
-        {
-          title: lang.sender,
-          data: 'from',
-          defaultContent: ''
-        },
-        {
-          title: lang.recipients,
-          data: 'rcpt',
-          defaultContent: ''
-        },
-        {
-          title: lang.authed_user,
-          data: 'user',
-          defaultContent: ''
-        },
-        {
-          title: 'Msg ID',
-          data: 'message_id',
-          defaultContent: ''
-        },
-        {
-          title: 'Header From',
-          data: 'header_from',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'header_subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Hash',
-          data: 'rl_hash',
-          defaultContent: ''
-        },
-        {
-          title: 'Rspamd QID',
-          data: 'qid',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'ip',
-          defaultContent: ''
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_ui_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#ui_logs') ) {
-      $('#ui_logs').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#ui_logs').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/ui",
-        dataSrc: function(data){
-          return process_table_data(data, 'mailcow_ui');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'Type',
-          data: 'type',
-          defaultContent: ''
-        },
-        {
-          title: 'Task',
-          data: 'task',
-          defaultContent: ''
-        },
-        {
-          title: 'User',
-          data: 'user',
-          defaultContent: '',
-          className: 'dtr-col-sm'
-        },
-        {
-          title: 'Role',
-          data: 'role',
-          defaultContent: '',
-          className: 'dtr-col-sm'
-        },
-        {
-          title: 'IP',
-          data: 'remote',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: lang.message,
-          data: 'msg',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        },
-        {
-          title: 'Call',
-          data: 'call',
-          defaultContent: '',
-          className: 'none dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_sasl_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sasl_logs') ) {
-      $('#sasl_logs').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sasl_logs').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/sasl",
-        dataSrc: function(data){
-          return process_table_data(data, 'sasl_log_table');
-        }
-      },
-      columns: [
-        {
-          title: lang.username,
-          data: 'username',
-          defaultContent: ''
-        },
-        {
-          title: lang.service,
-          data: 'service',
-          defaultContent: ''
-        },
-        {
-          title: 'IP',
-          data: 'real_rip',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        },
-        {
-          title: lang.login_time,
-          data: 'datetime',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data.replace(/-/g, "/")); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        }
-      ]
-    });
-  }
-  function draw_acme_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#acme_log') ) {
-      $('#acme_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#acme_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/acme",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md dtr-break-all'
-        }
-      ]
-    });
-  }
-  function draw_netfilter_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#netfilter_log') ) {
-      $('#netfilter_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#netfilter_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/netfilter",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_sogo_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sogo_log') ) {
-      $('#sogo_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sogo_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/sogo",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function draw_dovecot_logs() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#dovecot_log') ) {
-      $('#dovecot_log').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#dovecot_log').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      order: [[0, 'desc']],
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/dovecot",
-        dataSrc: function(data){
-          return process_table_data(data, 'general_syslog');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.priority,
-          data: 'priority',
-          defaultContent: ''
-        },
-        {
-          title: lang.message,
-          data: 'message',
-          defaultContent: '',
-          className: 'dtr-col-md text-break'
-        }
-      ]
-    });
-  }
-  function rspamd_pie_graph() {
-    $.ajax({
-      url: '/api/v1/get/rspamd/actions',
-      async: true,
-      success: function(data){
-        console.log(data);
-
-        var total = 0;
-        $(data).map(function(){total += this[1];});
-        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
-        var values = $.makeArray($(data).map(function(){return this[1];}));
-        console.log(values);
-
-        var graphdata = {
-          labels: labels,
-          datasets: [{
-            data: values,
-            backgroundColor: ['#DC3023', '#59ABE3', '#FFA400', '#FFA400', '#26A65B']
-          }]
-        };
-
-        var options = {
-          responsive: true,
-          maintainAspectRatio: false,
-          plugins: {
-            datalabels: {
-              color: '#FFF',
-              font: {
-                weight: 'bold'
-              },
-              display: function(context) {
-                return context.dataset.data[context.dataIndex] !== 0;
-              },
-              formatter: function(value, context) {
-                return Math.round(value/total*100) + '%';
-              }
-            }
-          }
-        };
-        var chartcanvas = document.getElementById('rspamd_donut');
-        Chart.register('ChartDataLabels');
-        if(typeof chart == 'undefined') {
-          chart = new Chart(chartcanvas.getContext("2d"), {
-            plugins: [ChartDataLabels],
-            type: 'doughnut',
-            data: graphdata,
-            options: options
-          });
-        }
-        else {
-          chart.destroy();
-          chart = new Chart(chartcanvas.getContext("2d"), {
-            plugins: [ChartDataLabels],
-            type: 'doughnut',
-            data: graphdata,
-            options: options
-          });
-        }
-      }
-    });
-  }
-  function draw_rspamd_history() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#rspamd_history') ) {
-      $('#rspamd_history').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#rspamd_history').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/logs/rspamd-history",
-        dataSrc: function(data){
-          return process_table_data(data, 'rspamd_history');
-        }
-      },
-      columns: [
-        {
-          title: lang.time,
-          data: 'time',
-          defaultContent: '',
-          render: function(data, type){
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: 'IP address',
-          data: 'ip',
-          defaultContent: ''
-        },
-        {
-          title: 'From',
-          data: 'sender_mime',
-          defaultContent: ''
-        },
-        {
-          title: 'To',
-          data: 'rcpt',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Action',
-          data: 'action',
-          defaultContent: ''
-        },
-        {
-          title: 'Score',
-          data: 'score',
-          defaultContent: ''
-        },
-        {
-          title: 'Subject',
-          data: 'header_subject',
-          defaultContent: ''
-        },
-        {
-          title: 'Symbols',
-          data: 'symbols',
-          defaultContent: '',
-          className: 'none dtr-col-md'
-        },
-        {
-          title: 'Msg size',
-          data: 'size',
-          defaultContent: ''
-        },
-        {
-          title: 'Scan Time',
-          data: 'scan_time',
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'message-id',
-          defaultContent: ''
-        },
-        {
-          title: 'Authenticated user',
-          data: 'user',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function process_table_data(data, table) {
-    if (table == 'rspamd_history') {
-    $.each(data, function (i, item) {
-      if (item.rcpt_mime != "") {
-        item.rcpt = escapeHtml(item.rcpt_mime.join(", "));
-      }
-      else {
-        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
-      }
-      item.symbols = Object.keys(item.symbols).sort(function (a, b) {
-        if (item.symbols[a].score === 0) return 1
-        if (item.symbols[b].score === 0) return -1
-        if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
-          return item.symbols[a].score - item.symbols[b].score
-        }
-        if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
-          return item.symbols[b].score - item.symbols[a].score
-        }
-        return item.symbols[b].score - item.symbols[a].score
-      }).map(function(key) {
-        var sym = item.symbols[key];
-        if (sym.score < 0) {
-          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
-        }
-        else if (sym.score === 0) {
-          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
-        }
-        else {
-          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
-        }
-        var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
-        if (sym.options) {
-          str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
-        }
-        return str
-      }).join('<br>\n');
-      item.subject = escapeHtml(item.subject);
-      var scan_time = item.time_real.toFixed(3);
-      if (item.time_virtual) {
-        scan_time += ' / ' + item.time_virtual.toFixed(3);
-      }
-      item.scan_time = {
-        "options": {
-          "sortValue": item.time_real
-        },
-        "value": scan_time
-      };
-      if (item.action === 'clean' || item.action === 'no action') {
-        item.action = "<div class='badge fs-6 bg-success'>" + item.action + "</div>";
-      } else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') {
-        item.action = "<div class='badge fs-6 bg-warning'>" + item.action + "</div>";
-      } else if (item.action === 'spam' || item.action === 'reject') {
-        item.action = "<div class='badge fs-6 bg-danger'>" + item.action + "</div>";
-      } else {
-        item.action = "<div class='badge fs-6 bg-info'>" + item.action + "</div>";
-      }
-      var score_content;
-      if (item.score < item.required_score) {
-        score_content = "[ <span class='text-success'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
-      } else {
-        score_content = "[ <span class='text-danger'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
-      }
-      item.score = {
-        "options": {
-          "sortValue": item.score
-        },
-        "value": score_content
-      };
-      if (item.user == null) {
-        item.user = "none";
-      }
-    });
-    } else if (table == 'autodiscover_log') {
-      $.each(data, function (i, item) {
-        if (item.ua == null) {
-          item.ua = 'unknown';
-        } else {
-          item.ua = escapeHtml(item.ua);
-        }
-        item.ua = '<span style="font-size:small">' + item.ua + '</span>';
-        if (item.service == "activesync") {
-          item.service = '<span class="badge fs-6 bg-info">ActiveSync</span>';
-        }
-        else if (item.service == "imap") {
-          item.service = '<span class="badge fs-6 bg-success">IMAP, SMTP, Cal-/CardDAV</span>';
-        }
-        else {
-          item.service = '<span class="badge fs-6 bg-danger">' + escapeHtml(item.service) + '</span>';
-        }
-      });
-    } else if (table == 'watchdog') {
-      $.each(data, function (i, item) {
-        if (item.message == null) {
-          item.message = 'Health level: ' + item.lvl + '% (' + item.hpnow + '/' + item.hptotal + ')';
-          if (item.hpdiff < 0) {
-            item.trend = '<span class="badge fs-6 bg-danger"><i class="bi bi-caret-down-fill"></i> ' + item.hpdiff + '</span>';
-          }
-          else if (item.hpdiff == 0) {
-            item.trend = '<span class="badge fs-6 bg-info"><i class="bi bi-caret-right-fill"></i> ' + item.hpdiff + '</span>';
-          }
-          else {
-            item.trend = '<span class="badge fs-6 bg-success"><i class="bi bi-caret-up-fill"></i> ' + item.hpdiff + '</span>';
-          }
-        }
-        else {
-          item.trend = '';
-          item.service = '';
-        }
-      });
-    } else if (table == 'mailcow_ui') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        item.user = escapeHtml(item.user);
-        item.call = escapeHtml(item.call);
-        item.task = '<code>' + item.task + '</code>';
-        item.type = '<span class="badge fs-6 bg-' + item.type + '">' + item.type + '</span>';
-      });
-    } else if (table == 'sasl_log_table') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        item.username = escapeHtml(item.username);
-        item.service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
-      });
-    } else if (table == 'general_syslog') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        if (item.message.match("^base64,")) {
-          try {
-            item.message = atob(item.message.slice(7)).replace(/\\n/g, "<br />");
-          } catch(e) {
-            item.message = item.message.slice(7);
-          }
-        } else {
-          item.message = escapeHtml(item.message);
-        }
-        item.call = escapeHtml(item.call);
-        var danger_class = ["emerg", "alert", "crit", "err"];
-        var warning_class = ["warning", "warn"];
-        var info_class = ["notice", "info", "debug"];
-        if (jQuery.inArray(item.priority, danger_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-danger">' + item.priority + '</span>';
-        } else if (jQuery.inArray(item.priority, warning_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-warning">' + item.priority + '</span>';
-        } else if (jQuery.inArray(item.priority, info_class) !== -1) {
-          item.priority = '<span class="badge fs-6 bg-info">' + item.priority + '</span>';
-        }
-      });
-    } else if (table == 'apilog') {
-      $.each(data, function (i, item) {
-        if (item === null) { return true; }
-        if (item.method == 'GET') {
-          item.method = '<span class="badge fs-6 bg-success">' + item.method + '</span>';
-        } else if (item.method == 'POST') {
-          item.method = '<span class="badge fs-6 bg-warning">' + item.method + '</span>';
-        }
-        item.data = escapeHtml(item.data);
-      });
-    } else if (table == 'rllog') {
-      $.each(data, function (i, item) {
-        if (item.user == null) {
-          item.user = "none";
-        }
-        if (item.rl_hash == null) {
-          item.rl_hash = "err";
-        }
-        item.indicator = '<span style="border-right:6px solid #' + intToRGB(hashCode(item.rl_hash)) + ';padding-left:5px;">&nbsp;</span>';
-        if (item.rl_hash != 'err') {
-          item.action = '<a href="#" data-action="delete_selected" data-id="single-hash" data-api-url="delete/rlhash" data-item="' + encodeURI(item.rl_hash) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.reset_limit + '</a>';
-        }
-      });
-    }
-    return data
-  };
-  $('.add_log_lines').on('click', function (e) {
-    e.preventDefault();
-    var log_table= $(this).data("table")
-    var new_nrows = $(this).data("nrows")
-    var post_process = $(this).data("post-process")
-    var log_url = $(this).data("log-url")
-    if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
-      console.log("no data-table or data-nrows or log_url or data-post-process attr found");
-      return;
-    }
-
-    // BUG TODO: loading 100 results in loading 10 - loading 1000 results in loading 100
-    if (table = $('#' + log_table).DataTable()) {
-      var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
-
-      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
-        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
-        var rows = process_table_data(data, post_process);
-        var rows_now = (table.page.len() + data.length);
-        $(heading).children('.table-lines').text(rows_now)
-        mailcow_alert_box(data.length + lang.additional_rows, "success");
-        table.rows.add(rows).draw();
-      });
-    }
-  })
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=postfix_log]", () => draw_postfix_logs());
-  onVisible("[id^=dovecot_log]", () => draw_dovecot_logs());
-  onVisible("[id^=sogo_log]", () => draw_sogo_logs());
-  onVisible("[id^=watchdog_log]", () => draw_watchdog_logs());
-  onVisible("[id^=autodiscover_log]", () => draw_autodiscover_logs());
-  onVisible("[id^=acme_log]", () => draw_acme_logs());
-  onVisible("[id^=api_log]", () => draw_api_logs());
-  onVisible("[id^=rl_log]", () => draw_rl_logs());
-  onVisible("[id^=ui_logs]", () => draw_ui_logs());
-  onVisible("[id^=sasl_logs]", () => draw_sasl_logs());
-  onVisible("[id^=netfilter_log]", () => draw_netfilter_logs());
-  onVisible("[id^=rspamd_history]", () => draw_rspamd_history());
-  onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
-
-
-
-  // start polling host stats if tab is active
-  onVisible("[id^=tab-containers]", () => update_stats());
-  // start polling container stats if collapse is active
-  var containerElements = document.querySelectorAll(".container-details-collapse");
-  for (let i = 0; i < containerElements.length; i++){
-    new IntersectionObserver((entries, observer) => {
-      entries.forEach(entry => {
-        if(entry.intersectionRatio > 0) {
-
-          if (!containerElements[i].classList.contains("show")){
-            var container = containerElements[i].id.replace("Collapse", "");
-            var container_id = containerElements[i].getAttribute("data-id");
-
-            // check if chart exists or needs to be created
-            if (!Chart.getChart(container + "_DiskIOChart"))
-              createReadWriteChart(container + "_DiskIOChart", "Read", "Write");
-            if (!Chart.getChart(container + "_NetIOChart"))
-              createReadWriteChart(container + "_NetIOChart", "Recv", "Sent");
-
-            // add container to polling list
-            containersToUpdate[container] = {
-              id: container_id,
-              state: "idle"
-            }
-
-            // stop polling if collapse is closed
-            containerElements[i].addEventListener('hidden.bs.collapse', function () {
-              var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
-              var netIOCtx = Chart.getChart(container + "_NetIOChart");
-
-              diskIOCtx.data.datasets[0].data = [];
-              diskIOCtx.data.datasets[1].data = [];
-              diskIOCtx.data.labels = [];
-              netIOCtx.data.datasets[0].data = [];
-              netIOCtx.data.datasets[1].data = [];
-              netIOCtx.data.labels = [];
-            
-              diskIOCtx.update();
-              netIOCtx.update();
-              
-              delete containersToUpdate[container];
-            });
-          }
-
-        }
-      });
-    }).observe(containerElements[i]);
-  }
-});
-
-
-// update system stats - every 5 seconds if system & container tab is active
-function update_stats(timeout=5){
-  if (!$('#tab-containers').hasClass('active')) {
-    // tab not active - dont fetch stats - run again in n seconds
-    return;
-  }
-
-  window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(data) {
-    console.log(data);
-
-    if (data){
-      // display table data
-      $("#host_date").text(data.system_time);
-      $("#host_uptime").text(formatUptime(data.uptime));
-      $("#host_cpu_cores").text(data.cpu.cores);
-      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
-      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
-      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
-
-      // update cpu and mem chart
-      var cpu_chart = Chart.getChart("host_cpu_chart");
-      var mem_chart = Chart.getChart("host_mem_chart");
-
-      cpu_chart.data.labels.push(data.system_time.split(" ")[1]);
-      if (cpu_chart.data.labels.length > 30) cpu_chart.data.labels.shift();
-      mem_chart.data.labels.push(data.system_time.split(" ")[1]);
-      if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
-
-      cpu_chart.data.datasets[0].data.push(data.cpu.usage);
-      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
-      mem_chart.data.datasets[0].data.push(data.memory.usage);
-      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
-
-      cpu_chart.update();
-      mem_chart.update();
-    }
-
-    // run again in n seconds
-    setTimeout(update_stats, timeout * 1000);
-  });
-}
-// update specific container stats - every n (default 5s) seconds
-function update_container_stats(timeout=5){
-  
-  if ($('#tab-containers').hasClass('active')) {
-    for (let container in containersToUpdate){
-      container_id = containersToUpdate[container].id;
-      // check if container update stats is already running
-      if (containersToUpdate[container].state == "running")
-        continue;
-      containersToUpdate[container].state = "running";
-
-
-      window.fetch("/api/v1/get/status/container/" + container_id, {method:'GET',cache:'no-cache'}).then(function(response) {
-        return response.json();
-      }).then(function(data) {
-        var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
-        var netIOCtx = Chart.getChart(container + "_NetIOChart");
-
-        console.log(container);
-        console.log(data);
-        prev_stats = null;
-        if (data.length >= 2){
-          prev_stats = data[data.length -2];
-
-          // hide spinners if we collected enough data
-          $('#' + container + "_DiskIOChart").removeClass('d-none');
-          $('#' + container + "_DiskIOChart").prev().addClass('d-none');
-          $('#' + container + "_NetIOChart").removeClass('d-none');
-          $('#' + container + "_NetIOChart").prev().addClass('d-none');
-        }
-          
-        data = data[data.length -1];
-
-        if (prev_stats != null){
-          // calc time diff
-          var time_diff = (new Date(data.read) - new Date(prev_stats.read)) / 1000;
-    
-          // calc disk io b/s
-          if ('io_service_bytes_recursive' in prev_stats.blkio_stats && prev_stats.blkio_stats.io_service_bytes_recursive !== null){
-            var prev_read_bytes = 0;
-            var prev_write_bytes = 0;
-            for (var i = 0; i < prev_stats.blkio_stats.io_service_bytes_recursive.length; i++){
-              if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "read")
-                prev_read_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
-              else if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "write")
-                prev_write_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
-            }
-            var read_bytes = 0;
-            var write_bytes = 0;
-            for (var i = 0; i < data.blkio_stats.io_service_bytes_recursive.length; i++){
-              if (data.blkio_stats.io_service_bytes_recursive[i].op == "read")
-                read_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
-              else if (data.blkio_stats.io_service_bytes_recursive[i].op == "write")
-                write_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
-            }
-            var diff_bytes_read = (read_bytes - prev_read_bytes) / time_diff;
-            var diff_bytes_write = (write_bytes - prev_write_bytes) / time_diff;
-          }
-    
-          // calc net io b/s
-          if ('networks' in prev_stats){
-            var prev_recv_bytes = 0;
-            var prev_sent_bytes = 0;
-            for (var key in prev_stats.networks){
-              prev_recv_bytes += prev_stats.networks[key].rx_bytes;
-              prev_sent_bytes += prev_stats.networks[key].tx_bytes;
-            }
-            var recv_bytes = 0;
-            var sent_bytes = 0;
-            for (var key in data.networks){
-              recv_bytes += data.networks[key].rx_bytes;
-              sent_bytes += data.networks[key].tx_bytes;
-            }
-            var diff_bytes_recv = (recv_bytes - prev_recv_bytes) / time_diff;
-            var diff_bytes_sent = (sent_bytes - prev_sent_bytes) / time_diff;
-          }
-    
-          addReadWriteChart(diskIOCtx, diff_bytes_read, diff_bytes_write, "");
-          addReadWriteChart(netIOCtx, diff_bytes_recv, diff_bytes_sent, "");
-        }
-    
-        // run again in n seconds
-        containersToUpdate[container].state = "idle";
-      }).catch(err => {
-        console.log(err);
-      });
-    }
-  }
-
-  // run again in n seconds
-  setTimeout(update_container_stats, timeout * 1000);
-}
-// get public ips
-function get_public_ips(){
-  window.fetch("/api/v1/get/status/host/ip", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(data) {
-    console.log(data);
-
-    // display host ips
-    if (data.ipv4)
-      $("#host_ipv4").text(data.ipv4);
-    if (data.ipv6)
-      $("#host_ipv6").text(data.ipv6);
-  });
-}
-// format hosts uptime seconds to readable string
-function formatUptime(seconds){
-  seconds = Number(seconds);
-  var d = Math.floor(seconds / (3600*24));
-  var h = Math.floor(seconds % (3600*24) / 3600);
-  var m = Math.floor(seconds % 3600 / 60);
-  var s = Math.floor(seconds % 60);
-
-  var dFormat = d > 0 ? d + "D " : "";
-  var hFormat = h > 0 ? h + "H " : "";
-  var mFormat = m > 0 ? m + "M " : "";
-  var sFormat = s > 0 ? s + "S" : "";
-  return dFormat + hFormat + mFormat + sFormat;
-} 
-// format bytes to readable string
-function formatBytes(bytes){
-  // b
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' B/s';
-  // b to kb
-  bytes = bytes / 1024;
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' KB/s';
-  // kb to mb
-  bytes = bytes / 1024;
-  if (bytes < 1000) return bytes.toFixed(2).toString()+' MB/s';
-  // final mb to gb
-  return (bytes / 1024).toFixed(2).toString()+' GB/s';
-}
-// create read write line chart
-function createReadWriteChart(chart_id, read_lable, write_lable){
-  var ctx = document.getElementById(chart_id);
-
-  var dataNet = {
-    labels: [],
-    datasets: [{
-      label: read_lable,
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }, {
-      label: write_lable,
-      backgroundColor: "rgba(239, 60, 41, 0.3)",
-      borderColor: "rgba(239, 60, 41, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsNet = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-             return formatBytes(i);
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-  
-  return new Chart(ctx, {
-    type: 'line',
-    data: dataNet,
-    options: optionsNet
-  });
-}
-// add to read write line chart
-function addReadWriteChart(chart_context, read_point, write_point, time, limit = 30){
-  // push time label for x-axis
-  chart_context.data.labels.push(time);
-  if (chart_context.data.labels.length > limit) chart_context.data.labels.shift();
-
-  // push datapoints
-  chart_context.data.datasets[0].data.push(read_point);
-  chart_context.data.datasets[1].data.push(write_point);
-  // shift data if more than 20 entires exists
-  if (chart_context.data.datasets[0].data.length > limit)  chart_context.data.datasets[0].data.shift();
-  if (chart_context.data.datasets[1].data.length > limit) chart_context.data.datasets[1].data.shift();
-
-  chart_context.update();
-}
-// create host cpu and mem chart
-function createHostCpuAndMemChart(){
-  var cpu_ctx = document.getElementById("host_cpu_chart");
-  var mem_ctx = document.getElementById("host_mem_chart");
-
-  var dataCpu = {
-    labels: [],
-    datasets: [{
-      label: "CPU %",
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsCpu = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-             return i.toFixed(0).toString() + "%";
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-
-  var dataMem = {
-    labels: [],
-    datasets: [{
-      label: "MEM %",
-      backgroundColor: "rgba(41, 187, 239, 0.3)",
-      borderColor: "rgba(41, 187, 239, 0.6)",
-      pointRadius: 1,
-      pointHitRadius: 6,
-      borderWidth: 2,
-      fill: true,
-      tension: 0.2,
-      data: []
-    }]
-  };
-  var optionsMem = {
-    interaction: {
-        mode: 'index'
-    },
-    scales: {
-      yAxis: {
-        min: 0,
-        grid: {
-            display: false
-        },
-        ticks: {
-          callback: function(i, index, ticks) {
-            return i.toFixed(0).toString() + "%";
-          }
-        }  
-      },
-      xAxis: {
-        grid: {
-            display: false
-        }  
-      }
-    }
-  };
-
-  
-  var net_io_chart = new Chart(cpu_ctx, {
-    type: 'line',
-    data: dataCpu,
-    options: optionsCpu
-  });
-  var disk_io_chart = new Chart(mem_ctx, {
-    type: 'line',
-    data: dataMem,
-    options: optionsMem
-  });
-}
-// check for mailcow updates
-function check_update(current_version, github_repo_url){
-  if (!current_version || !github_repo_url) return false; 
-
-  var github_account = github_repo_url.split("/")[3];
-  var github_repo_name = github_repo_url.split("/")[4];
-
-  // get details about latest release
-  window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/latest", {method:'GET',cache:'no-cache'}).then(function(response) {
-    return response.json();
-  }).then(function(latest_data) {
-    // get details about current release
-    window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/tags/"+current_version, {method:'GET',cache:'no-cache'}).then(function(response) {
-      return response.json();
-    }).then(function(current_data) {
-      // compare releases
-      var date_current = new Date(current_data.created_at);
-      var date_latest = new Date(latest_data.created_at);
-      if (date_latest.getTime() <= date_current.getTime()){
-        // no update available
-        $("#mailcow_update").removeClass("text-warning text-danger").addClass("text-success");
-        $("#mailcow_update").html("<b>" + lang_debug.no_update_available + "</b>");
-      } else {
-        // update available
-        $("#mailcow_update").removeClass("text-danger text-success").addClass("text-warning");
-        $("#mailcow_update").html(lang_debug.update_available + ` <a href="#" id="mailcow_update_changelog">`+latest_data.tag_name+`</a>`);
-        $("#mailcow_update_changelog").click(function(){
-          if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
-            return;
-      
-          showVersionModal("New Release " + latest_data.tag_name, latest_data.tag_name);
-        })
-      }
-    }).catch(err => {
-      // err
-      console.log(err);
-      $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
-      $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
-    });
-  }).catch(err => {
-    // err
-    console.log(err);
-    $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
-    $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
-  });
-}
-// show version changelog modal
-function showVersionModal(title, version){
-  $.ajax({
-    type: 'GET',
-    url: 'https://api.github.com/repos/' + mailcow_info.project_owner + '/' + mailcow_info.project_repo + '/releases/tags/' + version,
-    dataType: 'json',
-    success: function (data) { 
-      var md = window.markdownit();
-      var result = md.render(data.body);
-      result = parseGithubMarkdownLinks(result);
-
-      $('#showVersionModal').find(".modal-title").html(title);
-      $('#showVersionModal').find(".modal-body").html(`
-        <h3>` + data.name + `</h3>
-        <span class="mt-4">` + result + `</span>
-        <span><b>Github Link:</b> 
-          <a target="_blank" href="https://github.com/` + mailcow_info.project_owner + `/` + mailcow_info.project_repo + `/releases/tag/` + version + `">` + version + `</a>
-        </span>
-      `);
-
-      new bootstrap.Modal(document.getElementById("showVersionModal"), {
-        backdrop: 'static',
-        keyboard: false
-      }).show();
-    }
-  });
-}
-function parseGithubMarkdownLinks(inputText) {
-  var replacedText, replacePattern1;
-
-  replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
-  replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
-      if (matched.includes('github.com')){
-        // return short link if it's github link
-        last_uri_path = matched.split('/');
-        last_uri_path = last_uri_path[last_uri_path.length - 1];
-
-        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
-        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
-          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
-          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
-        }
-        
-        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
-      };
-
-      // if it's not a github link, return complete link
-      return '<a href="' + matched + '" target="_blank">' + matched + '</a>'; 
-  });
-
-  return replacedText;
-}
\ No newline at end of file
+const LOCALE = undefined;
+const DATETIME_FORMAT = {
+  year: "numeric",
+  month: "2-digit",
+  day: "2-digit",
+  hour: "2-digit",
+  minute: "2-digit",
+  second: "2-digit"
+};
+
+$(document).ready(function() {
+  // Parse seconds ago to date
+  // Get "now" timestamp
+  var ts_now = Math.round((new Date()).getTime() / 1000);
+  $('.parse_s_ago').each(function(i, parse_s_ago) {
+    var started_s_ago = parseInt($(this).text(), 10);
+    if (typeof started_s_ago != 'NaN') {
+      var started_date = new Date((ts_now - started_s_ago) * 1000);
+      if (started_date instanceof Date && !isNaN(started_date)) {
+        var started_local_date = started_date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+        $(this).text(started_local_date);
+      } else {
+        $(this).text('-');
+      }
+    }
+  });
+  // Parse general dates
+  $('.parse_date').each(function(i, parse_date) {
+    var started_date = new Date(Date.parse($(this).text()));
+    if (typeof started_date != 'NaN') {
+      var started_local_date = started_date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+      $(this).text(started_local_date);
+    }
+  });
+
+  // set update loop container list
+  containersToUpdate = {};
+  // set default ChartJs Font Color
+  Chart.defaults.color = '#999';
+  // create host cpu and mem charts
+  createHostCpuAndMemChart();
+  // check for new version
+  if (mailcow_info.branch === "master"){
+    check_update(mailcow_info.version_tag, mailcow_info.project_url);
+  }
+  $("#maiclow_version").click(function(){
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" || mailcow_info.branch !== "master")
+      return;
+
+    showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
+  })
+  // get public ips
+  $("#host_show_ip").click(function(){
+    $("#host_show_ip").find(".text").addClass("d-none");
+    $("#host_show_ip").find(".spinner-border").removeClass("d-none");
+
+    window.fetch("/api/v1/get/status/host/ip", { method:'GET', cache:'no-cache' }).then(function(response) {
+      return response.json();
+    }).then(function(data) {
+      console.log(data);
+
+      // display host ips
+      if (data.ipv4)
+        $("#host_ipv4").text(data.ipv4);
+      if (data.ipv6)
+        $("#host_ipv6").text(data.ipv6);
+
+      $("#host_show_ip").addClass("d-none");
+      $("#host_show_ip").find(".text").removeClass("d-none");
+      $("#host_show_ip").find(".spinner-border").addClass("d-none");
+      $("#host_ipv4").removeClass("d-none");
+      $("#host_ipv6").removeClass("d-none");
+      $("#host_ipv6").removeClass("text-danger");
+      $("#host_ipv4").addClass("d-block");
+      $("#host_ipv6").addClass("d-block");
+    }).catch(function(error){
+      console.log(error);
+
+      $("#host_ipv6").removeClass("d-none");
+      $("#host_ipv6").addClass("d-block");
+      $("#host_ipv6").addClass("text-danger");
+      $("#host_ipv6").text(lang_debug.error_show_ip);
+      $("#host_show_ip").find(".text").removeClass("d-none");
+      $("#host_show_ip").find(".spinner-border").addClass("d-none");
+    });
+  });
+  update_container_stats();
+});
+jQuery(function($){
+  if (localStorage.getItem("current_page") === null) {
+    var current_page = {};
+  } else {
+    var current_page = JSON.parse(localStorage.getItem('current_page'));
+  }
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function hashCode(t){for(var n=0,r=0;r<t.length;r++)n=t.charCodeAt(r)+((n<<5)-n);return n}
+  function intToRGB(t){var n=(16777215&t).toString(16).toUpperCase();return"00000".substring(0,6-n.length)+n}
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function createSortableDate(td, cellData) {
+    $(td).attr({
+      "data-order": cellData,
+      "data-sort": cellData
+    });
+    $(td).html(convertTimestampToLocalFormat(cellData));
+  }
+  function draw_autodiscover_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#autodiscover_log') ) {
+      $('#autodiscover_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#autodiscover_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/autodiscover/100",
+        dataSrc: function(data){
+          return process_table_data(data, 'autodiscover_log');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          responsivePriority: 1,
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'User-Agent',
+          data: 'ua',
+          defaultContent: '',
+          className: 'dtr-col-md',
+          responsivePriority: 5
+        },
+        {
+          title: 'Username',
+          data: 'user',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: 'IP',
+          data: 'ip',
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'Service',
+          data: 'service',
+          defaultContent: '',
+          responsivePriority: 3
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
+    });
+  }
+  function draw_postfix_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#postfix_log') ) {
+      $('#postfix_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#postfix_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/postfix",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
+    });
+  }
+  function draw_watchdog_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#watchdog_log') ) {
+      $('#watchdog_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#watchdog_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/watchdog",
+        dataSrc: function(data){
+          return process_table_data(data, 'watchdog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'Service',
+          data: 'service',
+          defaultContent: ''
+        },
+        {
+          title: 'Trend',
+          data: 'trend',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: ''
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
+    });
+  }
+  function draw_api_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#api_log') ) {
+      $('#api_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table =  $('#api_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/api",
+        dataSrc: function(data){
+          return process_table_data(data, 'apilog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'URI',
+          data: 'uri',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: 'Method',
+          data: 'method',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'remote',
+          defaultContent: ''
+        },
+        {
+          title: 'Data',
+          data: 'data',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
+    });
+  }
+  function draw_rl_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#rl_log') ) {
+      $('#rl_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#rl_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/ratelimited",
+        dataSrc: function(data){
+          return process_table_data(data, 'rllog');
+        }
+      },
+      columns: [
+        {
+          title: ' ',
+          data: 'indicator',
+          defaultContent: ''
+        },
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.rate_name,
+          data: 'rl_name',
+          defaultContent: ''
+        },
+        {
+          title: lang.sender,
+          data: 'from',
+          defaultContent: ''
+        },
+        {
+          title: lang.recipients,
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: lang.authed_user,
+          data: 'user',
+          defaultContent: ''
+        },
+        {
+          title: 'Msg ID',
+          data: 'message_id',
+          defaultContent: ''
+        },
+        {
+          title: 'Header From',
+          data: 'header_from',
+          defaultContent: ''
+        },
+        {
+          title: 'Subject',
+          data: 'header_subject',
+          defaultContent: ''
+        },
+        {
+          title: 'Hash',
+          data: 'rl_hash',
+          defaultContent: ''
+        },
+        {
+          title: 'Rspamd QID',
+          data: 'qid',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'ip',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          defaultContent: ''
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
+    });
+  }
+  function draw_ui_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#ui_logs') ) {
+      $('#ui_logs').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#ui_logs').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_logs');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/ui",
+        dataSrc: function(data){
+          return process_table_data(data, 'mailcow_ui');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'Type',
+          data: 'type',
+          defaultContent: ''
+        },
+        {
+          title: 'Task',
+          data: 'task',
+          defaultContent: ''
+        },
+        {
+          title: 'User',
+          data: 'user',
+          defaultContent: '',
+          className: 'dtr-col-sm'
+        },
+        {
+          title: 'Role',
+          data: 'role',
+          defaultContent: '',
+          className: 'dtr-col-sm'
+        },
+        {
+          title: 'IP',
+          data: 'remote',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: lang.message,
+          data: 'msg',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        },
+        {
+          title: 'Call',
+          data: 'call',
+          defaultContent: '',
+          className: 'none dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_log');
+    });
+  }
+  function draw_sasl_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sasl_logs') ) {
+      $('#sasl_logs').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#sasl_logs').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/sasl",
+        dataSrc: function(data){
+          return process_table_data(data, 'sasl_log_table');
+        }
+      },
+      columns: [
+        {
+          title: lang.username,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.service,
+          data: 'service',
+          defaultContent: ''
+        },
+        {
+          title: 'IP',
+          data: 'real_rip',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        },
+        {
+          title: lang.login_time,
+          data: 'datetime',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            cellData = Math.floor((new Date(cellData.replace(/-/g, "/"))).getTime() / 1000);
+            createSortableDate(td, cellData)
+          }
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
+    });
+  }
+  function draw_acme_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#acme_log') ) {
+      $('#acme_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#acme_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/acme",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md dtr-break-all'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
+    });
+  }
+  function draw_netfilter_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#netfilter_log') ) {
+      $('#netfilter_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#netfilter_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/netfilter",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
+    });
+  }
+  function draw_sogo_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sogo_log') ) {
+      $('#sogo_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#sogo_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/sogo",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
+    });
+  }
+  function draw_dovecot_logs() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#dovecot_log') ) {
+      $('#dovecot_log').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#dovecot_log').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/dovecot",
+        dataSrc: function(data){
+          return process_table_data(data, 'general_syslog');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: lang.priority,
+          data: 'priority',
+          defaultContent: ''
+        },
+        {
+          title: lang.message,
+          data: 'message',
+          defaultContent: '',
+          className: 'dtr-col-md text-break'
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
+    });
+  }
+  function rspamd_pie_graph() {
+    $.ajax({
+      url: '/api/v1/get/rspamd/actions',
+      async: true,
+      success: function(data){
+        console.log(data);
+
+        var total = 0;
+        $(data).map(function(){total += this[1];});
+        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
+        var values = $.makeArray($(data).map(function(){return this[1];}));
+        console.log(values);
+
+        var graphdata = {
+          labels: labels,
+          datasets: [{
+            data: values,
+            backgroundColor: ['#DC3023', '#59ABE3', '#FFA400', '#FFA400', '#26A65B']
+          }]
+        };
+
+        var options = {
+          responsive: true,
+          maintainAspectRatio: false,
+          plugins: {
+            datalabels: {
+              color: '#FFF',
+              font: {
+                weight: 'bold'
+              },
+              display: function(context) {
+                return context.dataset.data[context.dataIndex] !== 0;
+              },
+              formatter: function(value, context) {
+                return Math.round(value/total*100) + '%';
+              }
+            }
+          }
+        };
+        var chartcanvas = document.getElementById('rspamd_donut');
+        Chart.register('ChartDataLabels');
+        if(typeof chart == 'undefined') {
+          chart = new Chart(chartcanvas.getContext("2d"), {
+            plugins: [ChartDataLabels],
+            type: 'doughnut',
+            data: graphdata,
+            options: options
+          });
+        }
+        else {
+          chart.destroy();
+          chart = new Chart(chartcanvas.getContext("2d"), {
+            plugins: [ChartDataLabels],
+            type: 'doughnut',
+            data: graphdata,
+            options: options
+          });
+        }
+      }
+    });
+  }
+  function draw_rspamd_history() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#rspamd_history') ) {
+      $('#rspamd_history').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    var table = $('#rspamd_history').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: log_pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      order: [[0, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-rspamd-logs', '#rspamd_history');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/logs/rspamd-history",
+        dataSrc: function(data){
+          return process_table_data(data, 'rspamd_history');
+        }
+      },
+      columns: [
+        {
+          title: lang.time,
+          data: 'unix_time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
+          }
+        },
+        {
+          title: 'IP address',
+          data: 'ip',
+          defaultContent: ''
+        },
+        {
+          title: 'From',
+          data: 'sender_mime',
+          defaultContent: ''
+        },
+        {
+          title: 'To',
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: 'Subject',
+          data: 'subject',
+          defaultContent: ''
+        },
+        {
+          title: 'Action',
+          data: 'action',
+          defaultContent: ''
+        },
+        {
+          title: 'Score',
+          data: 'score',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData.sortBy,
+              "data-sort": cellData.sortBy
+            });
+            $(td).html(cellData.value);
+          }
+        },
+        {
+          title: 'Symbols',
+          data: 'symbols',
+          defaultContent: '',
+          className: 'none dtr-col-md'
+        },
+        {
+          title: 'Msg size',
+          data: 'size',
+          defaultContent: ''
+        },
+        {
+          title: 'Scan Time',
+          data: 'scan_time',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData.sortBy,
+              "data-sort": cellData.sortBy
+            });
+            $(td).html(cellData.value);
+          }
+        },
+        {
+          title: 'ID',
+          data: 'message-id',
+          defaultContent: ''
+        },
+        {
+          title: 'Authenticated user',
+          data: 'user',
+          defaultContent: ''
+        }
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-rspamd-history', '#rspamd_history');
+    });
+  }
+  function process_table_data(data, table) {
+    if (table == 'rspamd_history') {
+    $.each(data, function (i, item) {
+      if (item.rcpt_mime != "") {
+        item.rcpt = escapeHtml(item.rcpt_mime.join(", "));
+      }
+      else {
+        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
+      }
+      item.symbols = Object.keys(item.symbols).sort(function (a, b) {
+        if (item.symbols[a].score === 0) return 1;
+        if (item.symbols[b].score === 0) return -1;
+        if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
+          return item.symbols[a].score - item.symbols[b].score;
+        }
+        if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
+          return item.symbols[b].score - item.symbols[a].score;
+        }
+        return item.symbols[b].score - item.symbols[a].score;
+      }).map(function(key) {
+        var sym = item.symbols[key];
+        if (sym.score < 0) {
+          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)';
+        }
+        else if (sym.score === 0) {
+          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)';
+        }
+        else {
+          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)';
+        }
+        var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
+        if (sym.options) {
+          str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
+        }
+        return str;
+      }).join('<br>\n');
+      item.subject = escapeHtml(item.subject);
+      var scan_time = item.time_real.toFixed(3);
+      if (item.time_virtual) {
+        scan_time += ' / ' + item.time_virtual.toFixed(3);
+      }
+      item.scan_time = {
+        "sortBy": item.time_real,
+        "value": scan_time
+      };
+      if (item.action === 'clean' || item.action === 'no action') {
+        item.action = "<div class='badge fs-6 bg-success'>" + item.action + "</div>";
+      } else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') {
+        item.action = "<div class='badge fs-6 bg-warning'>" + item.action + "</div>";
+      } else if (item.action === 'spam' || item.action === 'reject') {
+        item.action = "<div class='badge fs-6 bg-danger'>" + item.action + "</div>";
+      } else {
+        item.action = "<div class='badge fs-6 bg-info'>" + item.action + "</div>";
+      }
+      var score_content;
+      if (item.score < item.required_score) {
+        score_content = "[ <span class='text-success'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
+      } else {
+        score_content = "[ <span class='text-danger'>" + item.score.toFixed(2) + " / " + item.required_score + "</span> ]";
+      }
+      item.score = {
+        "sortBy": item.score,
+        "value": score_content
+      };
+      if (item.user == null) {
+        item.user = "none";
+      }
+    });
+    } else if (table == 'autodiscover_log') {
+      $.each(data, function (i, item) {
+        if (item.ua == null) {
+          item.ua = 'unknown';
+        } else {
+          item.ua = escapeHtml(item.ua);
+        }
+        item.ua = '<span style="font-size:small">' + item.ua + '</span>';
+        if (item.service == "activesync") {
+          item.service = '<span class="badge fs-6 bg-info">ActiveSync</span>';
+        }
+        else if (item.service == "imap") {
+          item.service = '<span class="badge fs-6 bg-success">IMAP, SMTP, Cal-/CardDAV</span>';
+        }
+        else {
+          item.service = '<span class="badge fs-6 bg-danger">' + escapeHtml(item.service) + '</span>';
+        }
+      });
+    } else if (table == 'watchdog') {
+      $.each(data, function (i, item) {
+        if (item.message == null) {
+          item.message = 'Health level: ' + item.lvl + '% (' + item.hpnow + '/' + item.hptotal + ')';
+          if (item.hpdiff < 0) {
+            item.trend = '<span class="badge fs-6 bg-danger"><i class="bi bi-caret-down-fill"></i> ' + item.hpdiff + '</span>';
+          }
+          else if (item.hpdiff == 0) {
+            item.trend = '<span class="badge fs-6 bg-info"><i class="bi bi-caret-right-fill"></i> ' + item.hpdiff + '</span>';
+          }
+          else {
+            item.trend = '<span class="badge fs-6 bg-success"><i class="bi bi-caret-up-fill"></i> ' + item.hpdiff + '</span>';
+          }
+        }
+        else {
+          item.trend = '';
+          item.service = '';
+        }
+      });
+    } else if (table == 'mailcow_ui') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        item.user = escapeHtml(item.user);
+        item.call = escapeHtml(item.call);
+        item.task = '<code>' + item.task + '</code>';
+        item.type = '<span class="badge fs-6 bg-' + item.type + '">' + item.type + '</span>';
+      });
+    } else if (table == 'sasl_log_table') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        item.username = escapeHtml(item.username);
+        item.service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+      });
+    } else if (table == 'general_syslog') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        if (item.message.match("^base64,")) {
+          try {
+            item.message = atob(item.message.slice(7)).replace(/\\n/g, "<br />");
+          } catch(e) {
+            item.message = item.message.slice(7);
+          }
+        } else {
+          item.message = escapeHtml(item.message);
+        }
+        item.call = escapeHtml(item.call);
+        var danger_class = ["emerg", "alert", "crit", "err"];
+        var warning_class = ["warning", "warn"];
+        var info_class = ["notice", "info", "debug"];
+        if (jQuery.inArray(item.priority, danger_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-danger">' + item.priority + '</span>';
+        } else if (jQuery.inArray(item.priority, warning_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-warning">' + item.priority + '</span>';
+        } else if (jQuery.inArray(item.priority, info_class) !== -1) {
+          item.priority = '<span class="badge fs-6 bg-info">' + item.priority + '</span>';
+        }
+      });
+    } else if (table == 'apilog') {
+      $.each(data, function (i, item) {
+        if (item === null) { return true; }
+        if (item.method == 'GET') {
+          item.method = '<span class="badge fs-6 bg-success">' + item.method + '</span>';
+        } else if (item.method == 'POST') {
+          item.method = '<span class="badge fs-6 bg-warning">' + item.method + '</span>';
+        }
+        item.data = escapeHtml(item.data);
+      });
+    } else if (table == 'rllog') {
+      $.each(data, function (i, item) {
+        if (item.user == null) {
+          item.user = "none";
+        }
+        if (item.rl_hash == null) {
+          item.rl_hash = "err";
+        }
+        item.indicator = '<span style="border-right:6px solid #' + intToRGB(hashCode(item.rl_hash)) + ';padding-left:5px;">&nbsp;</span>';
+        if (item.rl_hash != 'err') {
+          item.action = '<a href="#" data-action="delete_selected" data-id="single-hash" data-api-url="delete/rlhash" data-item="' + encodeURI(item.rl_hash) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.reset_limit + '</a>';
+        }
+      });
+    }
+    return data;
+  };
+  $('.add_log_lines').on('click', function (e) {
+    e.preventDefault();
+    var log_table= $(this).data("table");
+    var new_nrows = $(this).data("nrows");
+    var post_process = $(this).data("post-process");
+    var log_url = $(this).data("log-url");
+    if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
+      console.log("no data-table or data-nrows or log_url or data-post-process attr found");
+      return;
+    }
+
+    if (table = $('#' + log_table).DataTable()) {
+      var heading = $('#' + log_table).closest('.card').find('.card-header');
+      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
+
+      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
+        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
+        var rows = process_table_data(data, post_process);
+        var rows_now = (table.page.len() + data.length);
+        $(heading).children('.table-lines').text(rows_now)
+        mailcow_alert_box(data.length + lang.additional_rows, "success");
+        table.rows.add(rows).draw();
+      });
+    }
+  })
+  function hideTableExpandCollapseBtn(tab, table){
+    if ($(table).hasClass('collapsed'))
+      $(tab).find(".table_collapse_option").show();
+    else
+      $(tab).find(".table_collapse_option").hide();
+  }
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=postfix_log]", () => draw_postfix_logs());
+  onVisible("[id^=dovecot_log]", () => draw_dovecot_logs());
+  onVisible("[id^=sogo_log]", () => draw_sogo_logs());
+  onVisible("[id^=watchdog_log]", () => draw_watchdog_logs());
+  onVisible("[id^=autodiscover_log]", () => draw_autodiscover_logs());
+  onVisible("[id^=acme_log]", () => draw_acme_logs());
+  onVisible("[id^=api_log]", () => draw_api_logs());
+  onVisible("[id^=rl_log]", () => draw_rl_logs());
+  onVisible("[id^=ui_logs]", () => draw_ui_logs());
+  onVisible("[id^=sasl_logs]", () => draw_sasl_logs());
+  onVisible("[id^=netfilter_log]", () => draw_netfilter_logs());
+  onVisible("[id^=rspamd_history]", () => draw_rspamd_history());
+  onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
+
+
+  // start polling host stats if tab is active
+  onVisible("[id^=tab-containers]", () => update_stats());
+  // start polling container stats if collapse is active
+  var containerElements = document.querySelectorAll(".container-details-collapse");
+  for (let i = 0; i < containerElements.length; i++){
+    new IntersectionObserver((entries, observer) => {
+      entries.forEach(entry => {
+        if(entry.intersectionRatio > 0) {
+
+          if (!containerElements[i].classList.contains("show")){
+            var container = containerElements[i].id.replace("Collapse", "");
+            var container_id = containerElements[i].getAttribute("data-id");
+
+            // check if chart exists or needs to be created
+            if (!Chart.getChart(container + "_DiskIOChart"))
+              createReadWriteChart(container + "_DiskIOChart", "Read", "Write");
+            if (!Chart.getChart(container + "_NetIOChart"))
+              createReadWriteChart(container + "_NetIOChart", "Recv", "Sent");
+
+            // add container to polling list
+            containersToUpdate[container] = {
+              id: container_id,
+              state: "idle"
+            }
+
+            // stop polling if collapse is closed
+            containerElements[i].addEventListener('hidden.bs.collapse', function () {
+              var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
+              var netIOCtx = Chart.getChart(container + "_NetIOChart");
+
+              diskIOCtx.data.datasets[0].data = [];
+              diskIOCtx.data.datasets[1].data = [];
+              diskIOCtx.data.labels = [];
+              netIOCtx.data.datasets[0].data = [];
+              netIOCtx.data.datasets[1].data = [];
+              netIOCtx.data.labels = [];
+
+              diskIOCtx.update();
+              netIOCtx.update();
+
+              delete containersToUpdate[container];
+            });
+          }
+
+        }
+      });
+    }).observe(containerElements[i]);
+  }
+});
+
+
+// update system stats - every 5 seconds if system & container tab is active
+function update_stats(timeout=5){
+  if (!$('#tab-containers').hasClass('active')) {
+    // tab not active - dont fetch stats - run again in n seconds
+    return;
+  }
+
+  window.fetch("/api/v1/get/status/host", {method:'GET',cache:'no-cache'}).then(function(response) {
+    return response.json();
+  }).then(function(data) {
+    console.log(data);
+
+    if (data){
+      // display table data
+      $("#host_date").text(data.system_time);
+      $("#host_uptime").text(formatUptime(data.uptime));
+      $("#host_cpu_cores").text(data.cpu.cores);
+      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
+      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
+      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
+
+      // update cpu and mem chart
+      var cpu_chart = Chart.getChart("host_cpu_chart");
+      var mem_chart = Chart.getChart("host_mem_chart");
+
+      cpu_chart.data.labels.push(data.system_time.split(" ")[1]);
+      if (cpu_chart.data.labels.length > 30) cpu_chart.data.labels.shift();
+      mem_chart.data.labels.push(data.system_time.split(" ")[1]);
+      if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
+
+      cpu_chart.data.datasets[0].data.push(data.cpu.usage);
+      if (cpu_chart.data.datasets[0].data.length > 30) cpu_chart.data.datasets[0].data.shift();
+      mem_chart.data.datasets[0].data.push(data.memory.usage);
+      if (mem_chart.data.datasets[0].data.length > 30) mem_chart.data.datasets[0].data.shift();
+
+      cpu_chart.update();
+      mem_chart.update();
+    }
+
+    // run again in n seconds
+    setTimeout(update_stats, timeout * 1000);
+  });
+}
+// update specific container stats - every n (default 5s) seconds
+function update_container_stats(timeout=5){
+
+  if ($('#tab-containers').hasClass('active')) {
+    for (let container in containersToUpdate){
+      container_id = containersToUpdate[container].id;
+      // check if container update stats is already running
+      if (containersToUpdate[container].state == "running")
+        continue;
+      containersToUpdate[container].state = "running";
+
+
+      window.fetch("/api/v1/get/status/container/" + container_id, {method:'GET',cache:'no-cache'}).then(function(response) {
+        return response.json();
+      }).then(function(data) {
+        var diskIOCtx = Chart.getChart(container + "_DiskIOChart");
+        var netIOCtx = Chart.getChart(container + "_NetIOChart");
+
+        console.log(container);
+        console.log(data);
+        prev_stats = null;
+        if (data.length >= 2){
+          prev_stats = data[data.length -2];
+
+          // hide spinners if we collected enough data
+          $('#' + container + "_DiskIOChart").removeClass('d-none');
+          $('#' + container + "_DiskIOChart").prev().addClass('d-none');
+          $('#' + container + "_NetIOChart").removeClass('d-none');
+          $('#' + container + "_NetIOChart").prev().addClass('d-none');
+        }
+
+        data = data[data.length -1];
+
+        if (prev_stats != null){
+          // calc time diff
+          var time_diff = (new Date(data.read) - new Date(prev_stats.read)) / 1000;
+
+          // calc disk io b/s
+          if ('io_service_bytes_recursive' in prev_stats.blkio_stats && prev_stats.blkio_stats.io_service_bytes_recursive !== null){
+            var prev_read_bytes = 0;
+            var prev_write_bytes = 0;
+            for (var i = 0; i < prev_stats.blkio_stats.io_service_bytes_recursive.length; i++){
+              if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "read")
+                prev_read_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
+              else if (prev_stats.blkio_stats.io_service_bytes_recursive[i].op == "write")
+                prev_write_bytes = prev_stats.blkio_stats.io_service_bytes_recursive[i].value;
+            }
+            var read_bytes = 0;
+            var write_bytes = 0;
+            for (var i = 0; i < data.blkio_stats.io_service_bytes_recursive.length; i++){
+              if (data.blkio_stats.io_service_bytes_recursive[i].op == "read")
+                read_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
+              else if (data.blkio_stats.io_service_bytes_recursive[i].op == "write")
+                write_bytes = data.blkio_stats.io_service_bytes_recursive[i].value;
+            }
+            var diff_bytes_read = (read_bytes - prev_read_bytes) / time_diff;
+            var diff_bytes_write = (write_bytes - prev_write_bytes) / time_diff;
+          }
+
+          // calc net io b/s
+          if ('networks' in prev_stats){
+            var prev_recv_bytes = 0;
+            var prev_sent_bytes = 0;
+            for (var key in prev_stats.networks){
+              prev_recv_bytes += prev_stats.networks[key].rx_bytes;
+              prev_sent_bytes += prev_stats.networks[key].tx_bytes;
+            }
+            var recv_bytes = 0;
+            var sent_bytes = 0;
+            for (var key in data.networks){
+              recv_bytes += data.networks[key].rx_bytes;
+              sent_bytes += data.networks[key].tx_bytes;
+            }
+            var diff_bytes_recv = (recv_bytes - prev_recv_bytes) / time_diff;
+            var diff_bytes_sent = (sent_bytes - prev_sent_bytes) / time_diff;
+          }
+
+          addReadWriteChart(diskIOCtx, diff_bytes_read, diff_bytes_write, "");
+          addReadWriteChart(netIOCtx, diff_bytes_recv, diff_bytes_sent, "");
+        }
+
+        // run again in n seconds
+        containersToUpdate[container].state = "idle";
+      }).catch(err => {
+        console.log(err);
+      });
+    }
+  }
+
+  // run again in n seconds
+  setTimeout(update_container_stats, timeout * 1000);
+}
+// format hosts uptime seconds to readable string
+function formatUptime(seconds){
+  seconds = Number(seconds);
+  var d = Math.floor(seconds / (3600*24));
+  var h = Math.floor(seconds % (3600*24) / 3600);
+  var m = Math.floor(seconds % 3600 / 60);
+  var s = Math.floor(seconds % 60);
+
+  var dFormat = d > 0 ? d + "D " : "";
+  var hFormat = h > 0 ? h + "H " : "";
+  var mFormat = m > 0 ? m + "M " : "";
+  var sFormat = s > 0 ? s + "S" : "";
+  return dFormat + hFormat + mFormat + sFormat;
+}
+// format bytes to readable string
+function formatBytes(bytes){
+  // b
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' B/s';
+  // b to kb
+  bytes = bytes / 1024;
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' KB/s';
+  // kb to mb
+  bytes = bytes / 1024;
+  if (bytes < 1000) return bytes.toFixed(2).toString()+' MB/s';
+  // final mb to gb
+  return (bytes / 1024).toFixed(2).toString()+' GB/s';
+}
+// create read write line chart
+function createReadWriteChart(chart_id, read_lable, write_lable){
+  var ctx = document.getElementById(chart_id);
+
+  var dataNet = {
+    labels: [],
+    datasets: [{
+      label: read_lable,
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }, {
+      label: write_lable,
+      backgroundColor: "rgba(239, 60, 41, 0.3)",
+      borderColor: "rgba(239, 60, 41, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsNet = {
+    interaction: {
+      mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+          display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+            return formatBytes(i);
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+          display: false
+        }
+      }
+    }
+  };
+
+  return new Chart(ctx, {
+    type: 'line',
+    data: dataNet,
+    options: optionsNet
+  });
+}
+// add to read write line chart
+function addReadWriteChart(chart_context, read_point, write_point, time, limit = 30){
+  // push time label for x-axis
+  chart_context.data.labels.push(time);
+  if (chart_context.data.labels.length > limit) chart_context.data.labels.shift();
+
+  // push datapoints
+  chart_context.data.datasets[0].data.push(read_point);
+  chart_context.data.datasets[1].data.push(write_point);
+  // shift data if more than 20 entires exists
+  if (chart_context.data.datasets[0].data.length > limit)  chart_context.data.datasets[0].data.shift();
+  if (chart_context.data.datasets[1].data.length > limit) chart_context.data.datasets[1].data.shift();
+
+  chart_context.update();
+}
+// create host cpu and mem chart
+function createHostCpuAndMemChart(){
+  var cpu_ctx = document.getElementById("host_cpu_chart");
+  var mem_ctx = document.getElementById("host_mem_chart");
+
+  var dataCpu = {
+    labels: [],
+    datasets: [{
+      label: "CPU %",
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsCpu = {
+    interaction: {
+      mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+          display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+             return i.toFixed(0).toString() + "%";
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+          display: false
+        }
+      }
+    }
+  };
+
+  var dataMem = {
+    labels: [],
+    datasets: [{
+      label: "MEM %",
+      backgroundColor: "rgba(41, 187, 239, 0.3)",
+      borderColor: "rgba(41, 187, 239, 0.6)",
+      pointRadius: 1,
+      pointHitRadius: 6,
+      borderWidth: 2,
+      fill: true,
+      tension: 0.2,
+      data: []
+    }]
+  };
+  var optionsMem = {
+    interaction: {
+      mode: 'index'
+    },
+    scales: {
+      yAxis: {
+        min: 0,
+        grid: {
+          display: false
+        },
+        ticks: {
+          callback: function(i, index, ticks) {
+            return i.toFixed(0).toString() + "%";
+          }
+        }
+      },
+      xAxis: {
+        grid: {
+          display: false
+        }
+      }
+    }
+  };
+
+
+  var net_io_chart = new Chart(cpu_ctx, {
+    type: 'line',
+    data: dataCpu,
+    options: optionsCpu
+  });
+  var disk_io_chart = new Chart(mem_ctx, {
+    type: 'line',
+    data: dataMem,
+    options: optionsMem
+  });
+}
+// check for mailcow updates
+function check_update(current_version, github_repo_url){
+  if (!current_version || !github_repo_url) return false;
+
+  var github_account = github_repo_url.split("/")[3];
+  var github_repo_name = github_repo_url.split("/")[4];
+
+  // get details about latest release
+  window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/latest", {method:'GET',cache:'no-cache'}).then(function(response) {
+    return response.json();
+  }).then(function(latest_data) {
+    // get details about current release
+    window.fetch("https://api.github.com/repos/"+github_account+"/"+github_repo_name+"/releases/tags/"+current_version, {method:'GET',cache:'no-cache'}).then(function(response) {
+      return response.json();
+    }).then(function(current_data) {
+      // compare releases
+      var date_current = new Date(current_data.created_at);
+      var date_latest = new Date(latest_data.created_at);
+      if (date_latest.getTime() <= date_current.getTime()){
+        // no update available
+        $("#mailcow_update").removeClass("text-warning text-danger").addClass("text-success");
+        $("#mailcow_update").html("<b>" + lang_debug.no_update_available + "</b>");
+      } else {
+        // update available
+        $("#mailcow_update").removeClass("text-danger text-success").addClass("text-warning");
+        $("#mailcow_update").html(lang_debug.update_available + ` <a href="#" id="mailcow_update_changelog">`+latest_data.tag_name+`</a>`);
+        $("#mailcow_update_changelog").click(function(){
+          if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin")
+            return;
+
+          showVersionModal("New Release " + latest_data.tag_name, latest_data.tag_name);
+        })
+      }
+    }).catch(err => {
+      // err
+      console.log(err);
+      $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
+      $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
+    });
+  }).catch(err => {
+    // err
+    console.log(err);
+    $("#mailcow_update").removeClass("text-success text-warning").addClass("text-danger");
+    $("#mailcow_update").html("<b>"+ lang_debug.update_failed +"</b>");
+  });
+}
+// show version changelog modal
+function showVersionModal(title, version){
+  $.ajax({
+    type: 'GET',
+    url: 'https://api.github.com/repos/' + mailcow_info.project_owner + '/' + mailcow_info.project_repo + '/releases/tags/' + version,
+    dataType: 'json',
+    success: function (data) {
+      var md = window.markdownit();
+      var result = md.render(data.body);
+      result = parseGithubMarkdownLinks(result);
+
+      $('#showVersionModal').find(".modal-title").html(title);
+      $('#showVersionModal').find(".modal-body").html(`
+        <h3>` + data.name + `</h3>
+        <span class="mt-4">` + result + `</span>
+        <span><b>Github Link:</b>
+          <a target="_blank" href="https://github.com/` + mailcow_info.project_owner + `/` + mailcow_info.project_repo + `/releases/tag/` + version + `">` + version + `</a>
+        </span>
+      `);
+
+      new bootstrap.Modal(document.getElementById("showVersionModal"), {
+        backdrop: 'static',
+        keyboard: false
+      }).show();
+    }
+  });
+}
+function parseGithubMarkdownLinks(inputText) {
+  var replacedText, replacePattern1;
+
+  replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
+  replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
+    if (matched.includes('github.com')){
+      // return short link if it's github link
+      last_uri_path = matched.split('/');
+      last_uri_path = last_uri_path[last_uri_path.length - 1];
+
+      // adjust Full Changelog link to match last git version and new git version, if link is a compare link
+      if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
+        matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
+        last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
+      }
+
+      return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
+    };
+
+    // if it's not a github link, return complete link
+    return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
+  });
+
+  return replacedText;
+}
+
+function convertTimestampToLocalFormat(timestamp) {
+  var date = new Date(timestamp ? timestamp * 1000 : 0);
+  return date.toLocaleDateString(LOCALE, DATETIME_FORMAT);
+}
diff --git a/data/web/js/site/edit.js b/data/web/js/site/edit.js
index 55a8e6b4..4680bdfa 100644
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -1,210 +1,222 @@
-$(document).ready(function() {
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-  $(".goto_checkbox").click(function( event ) {
-   $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
-    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-      $('#textarea_alias_goto').prop('disabled', true);
-    }
-    else {
-      $("#textarea_alias_goto").removeAttr('disabled');
-    }
-  });
-  $("#disable_sender_check").click(function( event ) {
-    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
-      $('#editSelectSenderACL').prop('disabled', true);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-    else {
-      $('#editSelectSenderACL').prop('disabled', false);
-      $('#editSelectSenderACL').selectpicker('refresh');
-    }
-  });
-  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-    $('#textarea_alias_goto').prop('disabled', true);
-  }
-
-  $("#mailbox-password-warning-close").click(function( event ) {
-    $('#mailbox-passwd-hidden-info').addClass('hidden');
-    $('#mailbox-passwd-form-groups').removeClass('hidden');
-  });
-  // Sender ACL
-  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-    $("#sender_acl_disabled").show();
-  }
-  $('#editSelectSenderACL').change(function() {
-    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-      $("#sender_acl_disabled").show();
-    }
-    else {
-      $("#sender_acl_disabled").hide();
-    }
-  });
-  // Resources
-  if ($("#editSelectMultipleBookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  }
-  $("#editSelectMultipleBookings").change(function() {
-    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
-    if ($('input[name=multiple_bookings]').val() == "custom") {
-      $("#multiple_bookings_custom_div").show();
-    }
-    else {
-      $("#multiple_bookings_custom_div").hide();
-    }
-  });
-  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  });
-
-  // load tags
-  if ($('#tags').length){
-    var tagsEl = $('#tags').parent().find('.tag-values')[0];
-    console.log($(tagsEl).val())
-    var tags = JSON.parse($(tagsEl).val());
-    $(tagsEl).val("");
-    
-    for (var i = 0; i < tags.length; i++)
-      addTag($('#tags'), tags[i]);
-  }
-});
-
-jQuery(function($){
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function draw_wl_policy_domain_table() {
-    $('#wl_policy_domain_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-  function draw_bl_policy_domain_table() {
-    $('#bl_policy_domain_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (!validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'prefid',
-            defaultContent: ''
-          },
-          {
-            title: lang_user.spamfilter_table_rule,
-            data: 'value',
-            defaultContent: ''
-          },
-          {
-            title: 'Scope',
-            data: 'object',
-            defaultContent: ''
-          }
-      ]
-    });
-  }
-
-  
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-            observer.disconnect();
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-  // Draw Table if tab is active
-  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
-  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
-});
+$(document).ready(function() {
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+  $(".goto_checkbox").click(function( event ) {
+    $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
+    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+      $('#textarea_alias_goto').prop('disabled', true);
+    }
+    else {
+      $("#textarea_alias_goto").removeAttr('disabled');
+    }
+  });
+  $("#disable_sender_check").click(function( event ) {
+    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
+      $('#editSelectSenderACL').prop('disabled', true);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+    else {
+      $('#editSelectSenderACL').prop('disabled', false);
+      $('#editSelectSenderACL').selectpicker('refresh');
+    }
+  });
+  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+    $('#textarea_alias_goto').prop('disabled', true);
+  }
+
+  $("#mailbox-password-warning-close").click(function( event ) {
+    $('#mailbox-passwd-hidden-info').addClass('hidden');
+    $('#mailbox-passwd-form-groups').removeClass('hidden');
+  });
+  // Sender ACL
+  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+    $("#sender_acl_disabled").show();
+  }
+  $('#editSelectSenderACL').change(function() {
+    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+      $("#sender_acl_disabled").show();
+    }
+    else {
+      $("#sender_acl_disabled").hide();
+    }
+  });
+  // Resources
+  if ($("#editSelectMultipleBookings").val() == "custom") {
+    $("#multiple_bookings_custom_div").show();
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  }
+  $("#editSelectMultipleBookings").change(function() {
+    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
+    if ($('input[name=multiple_bookings]').val() == "custom") {
+      $("#multiple_bookings_custom_div").show();
+    }
+    else {
+      $("#multiple_bookings_custom_div").hide();
+    }
+  });
+  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+  });
+
+  // load tags
+  if ($('#tags').length){
+    var tagsEl = $('#tags').parent().find('.tag-values')[0];
+    console.log($(tagsEl).val())
+    var tags = JSON.parse($(tagsEl).val());
+    $(tagsEl).val("");
+
+    for (var i = 0; i < tags.length; i++)
+      addTag($('#tags'), tags[i]);
+  }
+});
+
+jQuery(function($){
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function draw_wl_policy_domain_table() {
+    $('#wl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_domain_table() {
+    $('#bl_policy_domain_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (!validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang_user.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title: 'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+            observer.disconnect();
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+  // Draw Table if tab is active
+  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
+  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
+});
diff --git a/data/web/js/site/index.js b/data/web/js/site/index.js
index cbbb1a44..4c812a37 100644
--- a/data/web/js/site/index.js
+++ b/data/web/js/site/index.js
@@ -1,5 +1,5 @@
 $(document).ready(function() {
-  var darkmode = localStorage.getItem("darkmode");
+  var theme = localStorage.getItem("theme");
   localStorage.clear();
-  localStorage.setItem("darkmode", darkmode);
+  localStorage.setItem("theme", theme);
 });
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 8c98e922..f4039268 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -77,7 +77,7 @@ $(document).ready(function() {
         $('.dns-modal-body').html(xhr.responseText);
       }
     });
-  }); 
+  });
   // @Open Domain add modal
   $('#addDomainModal').on('show.bs.modal', function(e) {
     $.ajax({
@@ -85,24 +85,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#domain_templates').find('option').remove(); 
+        $('#domain_templates').find('option').remove();
         $('#domain_templates').selectpicker('destroy');
         $('#domain_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#domain_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#domain_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setDomainTemplateData(data[i].attributes);
           } else {
-            $('#domain_templates').append($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#domain_templates').append($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -127,24 +127,24 @@ $(document).ready(function() {
       data: {},
       dataType: 'json',
       success: async function(data){
-        $('#mailbox_templates').find('option').remove(); 
+        $('#mailbox_templates').find('option').remove();
         $('#mailbox_templates').selectpicker('destroy');
         $('#mailbox_templates').selectpicker();
         for (var i = 0; i < data.length; i++){
           if (data[i].template === "Default"){
-            $('#mailbox_templates').prepend($('<option>', { 
-                'value': data[i].id,
-                'text': data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': true
+            $('#mailbox_templates').prepend($('<option>', {
+              'value': data[i].id,
+              'text': data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': true
             }));
             setMailboxTemplateData(data[i].attributes);
           } else {
-            $('#mailbox_templates').append($('<option>', { 
-                value: data[i].id,
-                text : data[i].template,
-                'data-attributes': JSON.stringify(data[i].attributes),
-                'selected': false
+            $('#mailbox_templates').append($('<option>', {
+              value: data[i].id,
+              text : data[i].template,
+              'data-attributes': JSON.stringify(data[i].attributes),
+              'selected': false
             }));
           }
         };
@@ -229,20 +229,20 @@ $(document).ready(function() {
     } else {
       $('#addDomain_gal').prop('checked', false);
     }
-    
+
     if (template.active == 1){
       $('#addDomain_active').prop('checked', true);
     } else {
       $('#addDomain_active').prop('checked', false);
     }
-    
+
     $("#addDomain_rl_value").val(template.rl_value);
     $('#addDomain_rl_frame').selectpicker('val', template.rl_frame);
     $("#dkim_selector").val(template.dkim_selector);
     if (!template.key_size)
       template.key_size = 2048;
     $('#key_size').selectpicker('val', template.key_size.toString());
-    
+
     if (template.backupmx == 1){
       $('#addDomain_relay_domain').prop('checked', true);
     } else {
@@ -259,7 +259,7 @@ $(document).ready(function() {
       $('#addDomain_relay_unknown_only').prop('checked', false);
     }
 
-    
+
     // load tags
     $('#addDomain_tags').val("");
     $($('#addDomain_tags').parent().find(".tag-values")[0]).val("");
@@ -404,7 +404,7 @@ $(document).ready(function() {
     } else {
       $('#sogo_access').prop('checked', false);
     }
-    
+
     // load tags
     $('#addMailbox_tags').val("");
     $($('#addMailbox_tags').parent().find(".tag-values")[0]).val("");
@@ -417,11 +417,11 @@ jQuery(function($){
   // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
   function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
   function unix_time_format(i){return""==i?'<i class="bi bi-x"></i>':new Date(i?1e3*i:0).toLocaleDateString(void 0,{year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit"})}
-  
+
   $(".refresh_table").on('click', function(e) {
     e.preventDefault();
     var table_name = $(this).data('table');
-    
+
     if ($.fn.DataTable.isDataTable('#' + table_name))
       $('#' + table_name).DataTable().ajax.reload();
   });
@@ -433,14 +433,25 @@ jQuery(function($){
     }
 
     var table = $('#domain_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/domain/all",
         dataSrc: function(json){
           $.each(json, function(i, item) {
+            item.domain_name = escapeHtml(item.domain_name);
+
             item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
             item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
             item.quota = item.quota_used_in_domain + "/" + item.max_quota_for_domain + "/" + item.bytes_total;
@@ -602,12 +613,16 @@ jQuery(function($){
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 5,
           defaultContent: ''
         },
       ]
-    });  
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
+    });
   }
   function draw_templates_domain_table() {
     // just recalc width if instance already exists
@@ -616,16 +631,24 @@ jQuery(function($){
       return;
     }
 
-    $('#templates_domain_table').DataTable({
-			responsive : true,
+    var table = $('#templates_domain_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/domain/template/all",
         dataSrc: function(json){
-          console.log(json);
           $.each(json, function (i, item) {
             item.chkbox = '<input type="checkbox" data-id="domain_template" name="multi_select" value="' + encodeURIComponent(item.id) + '" />';
 
@@ -645,10 +668,18 @@ jQuery(function($){
             }
             item.attributes.rl_value = escapeHtml(item.attributes.rl_value);
 
-            item.action = '<div class="btn-group">' +
+
+            if (item.template.toLowerCase() == "default"){
+              item.action = '<div class="btn-group">' +
+              '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+              '</div>';
+            }
+            else {
+              item.action = '<div class="btn-group">' +
               '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/domain/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '</div>';
+            }
 
             if (Array.isArray(item.attributes.tags)){
               var tags = '';
@@ -664,140 +695,144 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: "ID",
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: "Template",
-            data: 'template',
-            responsivePriority: 3,
-            defaultContent: ''
-          },              
-          {
-            title: lang.max_aliases,
-            data: 'attributes.max_num_aliases_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.max_mailboxes,
-            data: 'attributes.max_num_mboxes_for_domain',
-            defaultContent: '',
-          },             
-          {
-            title: lang.mailbox_defquota,
-            data: 'attributes.def_quota_for_mbox',
-            defaultContent: '',
-          },               
-          {
-            title: lang.max_quota,
-            data: 'attributes.max_quota_for_mbox',
-            defaultContent: '',
-          },            
-          {
-            title: lang.domain_quota_total,
-            data: 'attributes.max_quota_for_domain',
-            defaultContent: '',
-          },          
-          {
-            title: lang.gal,
-            data: 'attributes.gal',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.backup_mx,
-            data: 'attributes.backupmx',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_all,
-            data: 'attributes.relay_all_recipients',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.relay_unknown,
-            data: 'attributes.relay_unknown_only',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },           
-          {
-            title: lang.active,
-            data: 'attributes.active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
-            }
-          },               
-          {
-            title: 'rl_frame',
-            data: 'attributes.rl_frame',
-            defaultContent: '',
-            class: 'none',
-          },             
-          {
-            title: 'rl_value',
-            data: 'attributes.rl_value',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_domains_selector,
-            data: 'attributes.dkim_selector',
-            defaultContent: '',
-            class: 'none',
-          },            
-          {
-            title: lang.dkim_key_length,
-            data: 'attributes.key_size',
-            defaultContent: '',
-            class: 'none',
-          }, 
-          {
-            title: 'Tags',
-            data: 'attributes.tags',
-            defaultContent: '',
-            className: 'none'
-          },    
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: "ID",
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.template,
+          data: 'template',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.max_aliases,
+          data: 'attributes.max_num_aliases_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_mailboxes,
+          data: 'attributes.max_num_mboxes_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.mailbox_defquota,
+          data: 'attributes.def_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.max_quota,
+          data: 'attributes.max_quota_for_mbox',
+          defaultContent: '',
+        },
+        {
+          title: lang.domain_quota_total,
+          data: 'attributes.max_quota_for_domain',
+          defaultContent: '',
+        },
+        {
+          title: lang.gal,
+          data: 'attributes.gal',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.backup_mx,
+          data: 'attributes.backupmx',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_all,
+          data: 'attributes.relay_all_recipients',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.relay_unknown,
+          data: 'attributes.relay_unknown_only',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.active,
+          data: 'attributes.active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: 'rl_frame',
+          data: 'attributes.rl_frame',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'rl_value',
+          data: 'attributes.rl_value',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_domains_selector,
+          data: 'attributes.dkim_selector',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: lang.dkim_key_length,
+          data: 'attributes.key_size',
+          defaultContent: '',
+          class: 'none',
+        },
+        {
+          title: 'Tags',
+          data: 'attributes.tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-templates-domains', '#templates_domain_table');
+    });
   }
   function draw_mailbox_table() {
     // just recalc width if instance already exists
@@ -806,17 +841,31 @@ jQuery(function($){
       return;
     }
 
-    $('#mailbox_table').DataTable({
-			responsive : true,
+    var table = $('#mailbox_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/mailbox/reduced",
         dataSrc: function(json){
           $.each(json, function (i, item) {
-            item.quota = item.quota_used + "/" + item.quota;
+            item.quota = {
+              sortBy: item.quota_used,
+              value: item.quota
+            }
+            item.quota.value = (item.quota.value == 0 ? "∞" : humanFileSize(item.quota.value));
+            item.quota.value = humanFileSize(item.quota_used) + "/" + item.quota.value;
+
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
             item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login;
             /*
@@ -877,11 +926,14 @@ jQuery(function($){
               '<a href="#" data-action="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
               '</div>';
             }
-            item.in_use = '<div class="progress">' +
+            item.in_use = {
+              sortBy: item.percent_in_use,
+              value: '<div class="progress">' +
               '<div class="progress-bar-mailbox progress-bar progress-bar-' + item.percent_class + '" role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
-              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
+              'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>'
+            };
             item.username = escapeHtml(item.username);
-            
+
             if (Array.isArray(item.tags)){
               var tags = '';
               for (var i = 0; i < item.tags.length; i++)
@@ -896,166 +948,179 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.username,
-            data: 'username',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.domain_quota,
-            data: 'quota',
-            responsivePriority: 8,
-            defaultContent: '',
-            render: function (data, type) {
-              data = data.split("/");
-              var of_q = (data[1] == 0 ? "∞" : humanFileSize(data[1]));
-              return humanFileSize(data[0]) + " / " + of_q;
-            }
-          },
-          {
-            title: lang.last_mail_login,
-            data: 'last_mail_login',
-            defaultContent: '',
-            responsivePriority: 7,
-            render: function (data, type) {
-              res = data.split("/");
-              return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
-                '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
-                '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
-            }
-          },
-          {
-            title: lang.last_pw_change,
-            data: 'last_pw_change',
-            defaultContent: ''
-          },
-          {
-            title: lang.in_use,
-            data: 'in_use',
-            defaultContent: '',
-            responsivePriority: 9,
-            className: 'dt-data-w100'
-          },
-          {
-            title: lang.fname,
-            data: 'name',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_in,
-            data: 'tls_enforce_in',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.tls_enforce_out,
-            data: 'tls_enforce_out',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SMTP',
-            data: 'smtp_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'IMAP',
-            data: 'imap_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'POP3',
-            data: 'pop3_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'SIEVE',
-            data: 'sieve_access',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_notification,
-            data: 'quarantine_notification',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.quarantine_category,
-            data: 'quarantine_category',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.msg_num,
-            data: 'messages',
-            defaultContent: '',
-            responsivePriority: 5
-          },
-          {
-            title: lang.created_on,
-            data: 'created',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.last_modified,
-            data: 'modified',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: 'Tags',
-            data: 'tags',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 4,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
-            responsivePriority: 6,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.username,
+          data: 'username',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.domain_quota,
+          data: 'quota.value',
+          responsivePriority: 8,
+          defaultContent: '',
+          orderData: 23
+        },
+        {
+          title: lang.last_mail_login,
+          data: 'last_mail_login',
+          defaultContent: '',
+          responsivePriority: 7,
+          render: function (data, type) {
+            res = data.split("/");
+            return '<div class="badge bg-info mb-2">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
+              '<div class="badge bg-info mb-2">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
+              '<div class="badge bg-info">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
+          }
+        },
+        {
+          title: lang.last_pw_change,
+          data: 'last_pw_change',
+          defaultContent: ''
+        },
+        {
+          title: lang.in_use,
+          data: 'in_use.value',
+          defaultContent: '',
+          responsivePriority: 9,
+          className: 'dt-data-w100',
+          orderData: 24
+        },
+        {
+          title: lang.fname,
+          data: 'name',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_in,
+          data: 'tls_enforce_in',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.tls_enforce_out,
+          data: 'tls_enforce_out',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SMTP',
+          data: 'smtp_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'IMAP',
+          data: 'imap_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'POP3',
+          data: 'pop3_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'SIEVE',
+          data: 'sieve_access',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_notification,
+          data: 'quarantine_notification',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.quarantine_category,
+          data: 'quarantine_category',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.msg_num,
+          data: 'messages',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.last_modified,
+          data: 'modified',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: 'Tags',
+          data: 'tags',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 4,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 6,
+          defaultContent: ''
+        },
+        {
+          title: "",
+          data: 'quota.sortBy',
+          defaultContent: '',
+          className: "d-none"
+        },
+        {
+          title: "",
+          data: 'in_use.sortBy',
+          defaultContent: '',
+          className: "d-none"
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
+    });
   }
   function draw_templates_mbox_table() {
     // just recalc width if instance already exists
@@ -1064,11 +1129,20 @@ jQuery(function($){
       return;
     }
 
-    $('#templates_mbox_table').DataTable({
-			responsive : true,
+    var table = $('#templates_mbox_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/mailbox/template/all",
@@ -1114,12 +1188,18 @@ jQuery(function($){
               item.attributes.quarantine_category = lang.q_all;
             }
 
-            
 
-            item.action = '<div class="btn-group">' +
-              '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-              '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-              '</div>';
+            if (item.template.toLowerCase() == "default"){
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '</div>';
+            }
+            else {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-template" data-api-url="delete/mailbox/template" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+            }
 
             if (Array.isArray(item.attributes.tags)){
               var tags = '';
@@ -1159,16 +1239,16 @@ jQuery(function($){
           defaultContent: ''
         },
         {
-          title: "Template",
+          title: lang.template,
           data: 'template',
           responsivePriority: 3,
           defaultContent: ''
-        },              
+        },
         {
           title: lang.domain_quota,
           data: 'attributes.quota',
           defaultContent: '',
-        },             
+        },
         {
           title: lang.tls_enforce_in,
           data: 'attributes.tls_enforce_in',
@@ -1215,7 +1295,7 @@ jQuery(function($){
           data: 'attributes.quarantine_category',
           defaultContent: '',
           className: 'none'
-        },            
+        },
         {
           title: lang.force_pw_update,
           data: 'attributes.force_pw_update',
@@ -1224,25 +1304,25 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
           }
-        },            
+        },
         {
           title: "rl_frame",
           data: 'attributes.rl_frame',
           defaultContent: '',
           class: 'none',
-        },           
+        },
         {
           title: 'rl_value',
           data: 'attributes.rl_value',
           defaultContent: '',
           class: 'none',
-        }, 
+        },
         {
           title: 'Tags',
           data: 'attributes.tags',
           defaultContent: '',
           className: 'none'
-        },           
+        },
         {
           title: lang.active,
           data: 'attributes.active',
@@ -1251,16 +1331,20 @@ jQuery(function($){
           render: function (data, type) {
             return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
           }
-        },     
+        },
         {
           title: lang.action,
           data: 'action',
-          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
           responsivePriority: 6,
           defaultContent: ''
         },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-templates-mbox', '#templates_mbox_table');
+    });
   }
   function draw_resource_table() {
     // just recalc width if instance already exists
@@ -1269,10 +1353,19 @@ jQuery(function($){
       return;
     }
 
-    $('#resource_table').DataTable({
+    var table = $('#resource_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-resources', '#resource_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/resource/all",
@@ -1298,81 +1391,85 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.description,
-            data: 'description',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'name',
-            defaultContent: ''
-          },
-          {
-            title: lang.kind,
-            data: 'kind',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.multiple_bookings,
-            data: 'multiple_bookings',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            responsivePriority: 5,
-            defaultContent: '',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right'
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.description,
+          data: 'description',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.kind,
+          data: 'kind',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.multiple_bookings,
+          data: 'multiple_bookings',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          responsivePriority: 5,
+          defaultContent: '',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right'
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-resources', '#resource_table');
+    });
   }
   function draw_bcc_table() {
     $.get("/api/v1/get/bcc-destination-options", function(data){
       // Domains
       var optgroup = "<optgroup label='" + lang.domains + "'>";
       $.each(data.domains, function(index, domain){
-        optgroup += "<option value='" + domain + "'>" + domain + "</option>"
+        optgroup += "<option value='" + domain + "'>" + domain + "</option>";
       });
-      optgroup += "</optgroup>"
+      optgroup += "</optgroup>";
       $('#bcc-local-dest').append(optgroup);
       // Alias domains
       var optgroup = "<optgroup label='" + lang.domain_aliases + "'>";
       $.each(data.alias_domains, function(index, alias_domain){
-        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>"
+        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>";
       });
       optgroup += "</optgroup>"
       $('#bcc-local-dest').append(optgroup);
@@ -1380,9 +1477,9 @@ jQuery(function($){
       $.each(data.mailboxes, function(mailbox, aliases){
         var optgroup = "<optgroup label='" + mailbox + "'>";
         $.each(aliases, function(index, alias){
-          optgroup += "<option value='" + alias + "'>" + alias + "</option>"
+          optgroup += "<option value='" + alias + "'>" + alias + "</option>";
         });
-        optgroup += "</optgroup>"
+        optgroup += "</optgroup>";
         $('#bcc-local-dest').append(optgroup);
       });
       // Finish
@@ -1394,11 +1491,21 @@ jQuery(function($){
       $('#bcc_table').DataTable().columns.adjust().responsive.recalc();
       return;
     }
-    
-    $('#bcc_table').DataTable({
+
+    var table = $('#bcc_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/bcc/all",
@@ -1422,67 +1529,71 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_type,
-            data: 'type',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_local_dest,
-            data: 'local_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_type,
+          data: 'type',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_local_dest,
+          data: 'local_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#collapse-tab-bcc', '#bcc_table');
+    });
   }
   function draw_recipient_map_table() {
     // just recalc width if instance already exists
@@ -1491,16 +1602,26 @@ jQuery(function($){
       return;
     }
 
-    $('#recipient_map_table').DataTable({
+    var table = $('#recipient_map_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/recipient_map/all",
         dataSrc: function(json){
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.recipient_map_old = escapeHtml(item.recipient_map_old);
             item.recipient_map_new = escapeHtml(item.recipient_map_new);
@@ -1515,57 +1636,61 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_old,
-            data: 'recipient_map_old',
-            defaultContent: ''
-          },
-          {
-            title: lang.recipient_map_new,
-            data: 'recipient_map_new',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_old,
+          data: 'recipient_map_old',
+          defaultContent: ''
+        },
+        {
+          title: lang.recipient_map_new,
+          data: 'recipient_map_new',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#collapse-tab-bcc-filters', '#recipient_map_table');
+    });
   }
   function draw_tls_policy_table() {
     // just recalc width if instance already exists
@@ -1574,17 +1699,26 @@ jQuery(function($){
       return;
     }
 
-    $('#tls_policy_table').DataTable({
+    var table = $('#tls_policy_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/tls-policy-map/all",
         dataSrc: function(json){
-          console.log(json);
           if (role !== "admin") return null;
-          
+
           $.each(json, function (i, item) {
             item.dest = escapeHtml(item.dest);
             item.policy = '<b>' + escapeHtml(item.policy) + '</b>';
@@ -1604,62 +1738,66 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_dest,
-            data: 'dest',
-            defaultContent: '',
-            responsivePriority: 4
-          },
-          {
-            title: lang.tls_map_policy,
-            data: 'policy',
-            defaultContent: ''
-          },
-          {
-            title: lang.tls_map_parameters,
-            data: 'parameters',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_dest,
+          data: 'dest',
+          defaultContent: '',
+          responsivePriority: 4
+        },
+        {
+          title: lang.tls_map_policy,
+          data: 'policy',
+          defaultContent: ''
+        },
+        {
+          title: lang.tls_map_parameters,
+          data: 'parameters',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-tls-policy', '#tls_policy_table');
+    });
   }
   function draw_alias_table() {
     // just recalc width if instance already exists
@@ -1668,10 +1806,20 @@ jQuery(function($){
       return;
     }
 
-    $('#alias_table').DataTable({
+    var table = $('#alias_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/alias/all",
@@ -1719,87 +1867,91 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.alias,
-            data: 'address',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_address,
-            data: 'goto',
-            defaultContent: ''
-          },
-          {
-            title: lang.domain,
-            data: 'domain',
-            defaultContent: '',
-            responsivePriority: 5,
-          },
-          {
-            title: lang.bcc_destinations,
-            data: 'bcc_dest',
-            defaultContent: ''
-          },
-          {
-            title: lang.sogo_visible,
-            data: 'sogo_visible',
-            defaultContent: '',
-            render: function(data, type){
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.public_comment,
-            data: 'public_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.private_comment,
-            data: 'private_comment',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            responsivePriority: 6,
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_address,
+          data: 'goto',
+          defaultContent: ''
+        },
+        {
+          title: lang.domain,
+          data: 'domain',
+          defaultContent: '',
+          responsivePriority: 5,
+        },
+        {
+          title: lang.bcc_destinations,
+          data: 'bcc_dest',
+          defaultContent: ''
+        },
+        {
+          title: lang.sogo_visible,
+          data: 'sogo_visible',
+          defaultContent: '',
+          render: function(data, type){
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.public_comment,
+          data: 'public_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.private_comment,
+          data: 'private_comment',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          responsivePriority: 6,
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
+    });
   }
   function draw_aliasdomain_table() {
     // just recalc width if instance already exists
@@ -1808,15 +1960,26 @@ jQuery(function($){
       return;
     }
 
-    $('#aliasdomain_table').DataTable({
+    var table = $('#aliasdomain_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-domain-aliases', '#aliasdomain_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/alias-domain/all",
         dataSrc: function(json){
           $.each(json, function (i, item) {
+            item.alias_domain = escapeHtml(item.alias_domain);
+
             item.action = '<div class="btn-group">' +
               '<a href="/edit/aliasdomain/' + encodeURIComponent(item.alias_domain) + '" class="btn btn-sm btn-xs-third btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-alias-domain" data-api-url="delete/alias-domain" data-item="' + encodeURIComponent(item.alias_domain) + '" class="btn btn-sm btn-xs-third btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -1834,52 +1997,56 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: lang.alias,
-            data: 'alias_domain',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.target_domain,
-            data: 'target_domain',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: lang.alias,
+          data: 'alias_domain',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.target_domain,
+          data: 'target_domain',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-domain-aliases', '#aliasdomain_table');
+    });
   }
   function draw_sync_job_table() {
     // just recalc width if instance already exists
@@ -1888,10 +2055,20 @@ jQuery(function($){
       return;
     }
 
-    $('#sync_job_table').DataTable({
+    var table = $('#sync_job_table').DataTable({
+      responsive: true,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/syncjobs/all/no_log",
@@ -1904,7 +2081,7 @@ jQuery(function($){
             } else {
               item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
             }
-            item.server_w_port = escapeHtml(item.user1) + '@' + item.host1 + ':' + item.port1;
+            item.server_w_port = escapeHtml(item.user1) + '@' + escapeHtml(item.host1) + ':' + escapeHtml(item.port1);
             item.action = '<div class="btn-group">' +
               '<a href="/edit/syncjob/' + item.id + '" class="btn btn-sm btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
               '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-sm btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
@@ -1925,9 +2102,9 @@ jQuery(function($){
               item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
             }
             if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
+              item.exit_status = lang['syncjob_'+item.exit_status];
             } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
+              item.exit_status = lang.syncjob_check_log;
             }
             item.exit_status = item.success + ' ' + item.exit_status;
           });
@@ -1936,89 +2113,93 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'user2',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: 'Server',
-            data: 'server_w_port',
-            defaultContent: ''
-          },
-          {
-            title: lang.last_run,
-            data: 'last_run',
-            defaultContent: ''
-          },
-          {
-            title: lang.syncjob_last_run_result,
-            data: 'exit_status',
-            defaultContent: ''
-          },
-          {
-            title: 'Log',
-            data: 'log',
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            defaultContent: '',
-            render: function (data, type) {
-              return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
-            }
-          },
-          {
-            title: lang.status,
-            data: 'is_running',
-            defaultContent: ''
-          },
-          {
-            title: lang.excludes,
-            data: 'exclude',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.mins_interval,
-            data: 'mins_interval',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'user2',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.mins_interval,
+          data: 'mins_interval',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-syncjobs', '#sync_job_table');
+    });
   }
   function draw_filter_table() {
     // just recalc width if instance already exists
@@ -2028,10 +2209,20 @@ jQuery(function($){
     }
 
     var table = $('#filter_table').DataTable({
+      responsive: true,
       autoWidth: false,
       processing: true,
       serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
       language: lang_datatables,
+      order: [[2, 'desc']],
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
+      },
       ajax: {
         type: "GET",
         url: "/api/v1/get/filters/all",
@@ -2042,6 +2233,7 @@ jQuery(function($){
             } else {
               item.active = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.inactive + '</span>';
             }
+            item.script_desc = escapeHtml(item.script_desc);
             item.script_data = '<pre class="text-break" style="margin:0px">' + escapeHtml(item.script_data) + '</pre>'
             item.filter_type = '<div class="badge fs-6 bg-secondary">' + item.filter_type.charAt(0).toUpperCase() + item.filter_type.slice(1).toLowerCase() + '</div>'
             item.action = '<div class="btn-group">' +
@@ -2055,68 +2247,79 @@ jQuery(function($){
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 1
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: '',
-            responsivePriority: 2
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            responsivePriority: 2,
-            defaultContent: ''
-          },
-          {
-            title: lang.active,
-            data: 'active',
-            responsivePriority: 3,
-            defaultContent: ''
-          },
-          {
-            title: 'Type',
-            data: 'filter_type',
-            responsivePriority: 4,
-            defaultContent: ''
-          },
-          {
-            title: lang.owner,
-            data: 'username',
-            defaultContent: ''
-          },
-          {
-            title: lang.description,
-            data: 'script_desc',
-            defaultContent: ''
-          },
-          {
-            title: 'Script',
-            data: 'script_data',
-            defaultContent: '',
-            className: 'none'
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-body-right',
-            responsivePriority: 5,
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          responsivePriority: 2,
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          responsivePriority: 3,
+          defaultContent: ''
+        },
+        {
+          title: 'Type',
+          data: 'filter_type',
+          responsivePriority: 4,
+          defaultContent: ''
+        },
+        {
+          title: lang.owner,
+          data: 'username',
+          defaultContent: ''
+        },
+        {
+          title: lang.description,
+          data: 'script_desc',
+          defaultContent: ''
+        },
+        {
+          title: 'Script',
+          data: 'script_data',
+          defaultContent: '',
+          className: 'none'
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right',
+          responsivePriority: 5,
+          defaultContent: ''
+        },
       ]
     });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#tab-filters', '#filter_table');
+    });
   };
 
+  function hideTableExpandCollapseBtn(tab, table){
+    if ($(table).hasClass('collapsed'))
+      $(tab).find(".table_collapse_option").show();
+    else
+      $(tab).find(".table_collapse_option").hide();
+  }
+
   // detect element visibility changes
   function onVisible(element, callback) {
     $(document).ready(function() {
diff --git a/data/web/js/site/qhandler.js b/data/web/js/site/qhandler.js
index 4fcc9634..8a8471f2 100644
--- a/data/web/js/site/qhandler.js
+++ b/data/web/js/site/qhandler.js
@@ -1,71 +1,71 @@
-jQuery(function($){
-  var qitem = $('legend').data('hash');
-  var qError = $("#qid_error");
-  $.ajax({
-    url: '/inc/ajax/qitem_details.php',
-    data: { hash: qitem },
-    dataType: 'json',
-    success: function(data){
-      $('[data-id="qitems_single"]').each(function(index) {
-        $(this).attr("data-item", qitem);
-      });
-      $('#qid_detail_subj').text(data.subject);
-      $('#qid_detail_hfrom').text(data.header_from);
-      $('#qid_detail_efrom').text(data.env_from);
-      $('#qid_detail_score').html('');
-      $('#qid_detail_symbols').html('');
-      $('#qid_detail_recipients').html('');
-      $('#qid_detail_fuzzy').html('');
-      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-        $.each(data.fuzzy_hashes, function (index, value) {
-          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-        });
-      } else {
-        $('#qid_detail_fuzzy').append('-');
-      }
-      if (typeof data.symbols !== 'undefined') {
-        data.symbols.sort(function (a, b) {
-          if (a.score === 0) return 1
-          if (b.score === 0) return -1
-          if (b.score < 0 && a.score < 0) {
-            return a.score - b.score
-          }
-          if (b.score > 0 && a.score > 0) {
-            return b.score - a.score
-          }
-          return b.score - a.score
-        })
-        $.each(data.symbols, function (index, value) {
-          var highlightClass = ''
-          if (value.score > 0) highlightClass = 'negative'
-          else if (value.score < 0) highlightClass = 'positive'
-          else highlightClass = 'neutral'
-          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-        });
-        $('[data-bs-toggle="tooltip"]').tooltip()
-      }
-      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-        if (data.action === "add header") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-        } else if (data.action === "reject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-        } else if (data.action === "rewrite subject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-        }
-      }
-      if (typeof data.recipients !== 'undefined') {
-        $.each(data.recipients, function(index, value) {
-          var elem = $('<span class="mail-address-item"></span>');
-          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-          $('#qid_detail_recipients').append(elem);
-        });
-      }
-    },
-    error: function(data){
-      if (typeof data.error !== 'undefined') {
-        qError.text("Error loading quarantine item");
-        qError.show();
-      }
-    }
-  });
-});
+jQuery(function($){
+  var qitem = $('legend').data('hash');
+  var qError = $("#qid_error");
+  $.ajax({
+    url: '/inc/ajax/qitem_details.php',
+    data: { hash: qitem },
+    dataType: 'json',
+    success: function(data){
+      $('[data-id="qitems_single"]').each(function(index) {
+        $(this).attr("data-item", qitem);
+      });
+      $('#qid_detail_subj').text(data.subject);
+      $('#qid_detail_hfrom').text(data.header_from);
+      $('#qid_detail_efrom').text(data.env_from);
+      $('#qid_detail_score').html('');
+      $('#qid_detail_symbols').html('');
+      $('#qid_detail_recipients').html('');
+      $('#qid_detail_fuzzy').html('');
+      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+        $.each(data.fuzzy_hashes, function (index, value) {
+          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+        });
+      } else {
+        $('#qid_detail_fuzzy').append('-');
+      }
+      if (typeof data.symbols !== 'undefined') {
+        data.symbols.sort(function (a, b) {
+          if (a.score === 0) return 1;
+          if (b.score === 0) return -1;
+          if (b.score < 0 && a.score < 0) {
+            return a.score - b.score;
+          }
+          if (b.score > 0 && a.score > 0) {
+            return b.score - a.score;
+          }
+          return b.score - a.score;
+        })
+        $.each(data.symbols, function (index, value) {
+          var highlightClass = '';
+          if (value.score > 0) highlightClass = 'negative';
+          else if (value.score < 0) highlightClass = 'positive';
+          else highlightClass = 'neutral';
+          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+        });
+        $('[data-bs-toggle="tooltip"]').tooltip();
+      }
+      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+        if (data.action === "add header") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+        } else if (data.action === "reject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+        } else if (data.action === "rewrite subject") {
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+        }
+      }
+      if (typeof data.recipients !== 'undefined') {
+        $.each(data.recipients, function(index, value) {
+          var elem = $('<span class="mail-address-item"></span>');
+          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+          $('#qid_detail_recipients').append(elem);
+        });
+      }
+    },
+    error: function(data){
+      if (typeof data.error !== 'undefined') {
+        qError.text("Error loading quarantine item");
+        qError.show();
+      }
+    }
+  });
+});
diff --git a/data/web/js/site/quarantine.js b/data/web/js/site/quarantine.js
index d838b0fb..18d7a1d5 100644
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -1,260 +1,297 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-
-jQuery(function($){
-  acl_data = JSON.parse(acl);
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
-    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
-  });
-  function draw_quarantine_table() {
-    $('#quarantinetable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/quarantine/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            if (item.subject === null) {
-              item.subject = '';
-            } else {
-              item.subject = escapeHtml(item.subject);
-            }
-            if (item.score === null) {
-              item.score = '-';
-            }
-            if (item.virus_flag > 0) {
-              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
-            } else {
-              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
-            }
-            if (item.action === "reject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
-            } else if (item.action === "add header") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
-            } else if (item.action === "rewrite subject") {
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
-            }
-            if(item.notified > 0) {
-              item.notified = '&#10004;';
-            } else {
-              item.notified = '&#10006;';
-            }
-            if (acl_data.login_as === 1) {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
-              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-              '</div>';
-            }
-            else {
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
-              '</div>';
-            }
-            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
-          });
-
-          return data;
-        }
-      },
-      columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'ID',
-            data: 'id',
-            defaultContent: ''
-          },
-          {
-            title: lang.qid,
-            data: 'qid',
-            defaultContent: ''
-          },
-          {
-            title: lang.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang.subj,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang.rspamd_result,
-            data: 'rspamdaction',
-            defaultContent: ''
-          },
-          {
-            title: lang.rcpt,
-            data: 'rcpt',
-            defaultContent: ''
-          },
-          {
-            title: lang.danger,
-            data: 'virus',
-            defaultContent: ''
-          },
-          {
-            title: lang.spam_score,
-            data: 'score',
-            defaultContent: ''
-          },
-          {
-            title: lang.notified,
-            data: 'notified',
-            defaultContent: ''
-          },
-          {
-            title: lang.received,
-            data: 'created',
-            defaultContent: '',
-            render: function (data,type) {
-              var date = new Date(data ? data * 1000 : 0); 
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-            }
-          },
-          {
-            title: lang.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
-      ]
-    });
-  }
-
-  $('body').on('click', '.show_qid_info', function (e) {
-    e.preventDefault();
-    var qitem = $(this).attr('data-item');
-    var qError = $("#qid_error");
-
-    $('#qidDetailModal').modal('show');
-    qError.hide();
-
-    $.ajax({
-      url: '/inc/ajax/qitem_details.php',
-      data: { id: qitem },
-      dataType: 'json',
-      success: function(data){
-
-        $('[data-id="qitems_single"]').each(function(index) {
-          $(this).attr("data-item", qitem);
-        });
-
-        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
-        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
-        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
-
-        $('#qid_detail_subj').text(data.subject);
-        $('#qid_detail_hfrom').text(data.header_from);
-        $('#qid_detail_efrom').text(data.env_from);
-        $('#qid_detail_score').html('');
-        $('#qid_detail_recipients').html('');
-        $('#qid_detail_symbols').html('');
-        $('#qid_detail_fuzzy').html('');
-        if (typeof data.symbols !== 'undefined') {
-          data.symbols.sort(function (a, b) {
-            if (a.score === 0) return 1
-            if (b.score === 0) return -1
-            if (b.score < 0 && a.score < 0) {
-              return a.score - b.score
-            }
-            if (b.score > 0 && a.score > 0) {
-              return b.score - a.score
-            }
-            return b.score - a.score
-          })
-          $.each(data.symbols, function (index, value) {
-            var highlightClass = ''
-            if (value.score > 0) highlightClass = 'negative'
-            else if (value.score < 0) highlightClass = 'positive'
-            else highlightClass = 'neutral'
-            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-          });
-          $('[data-bs-toggle="tooltip"]').tooltip()
-        }
-        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-          $.each(data.fuzzy_hashes, function (index, value) {
-            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-          });
-        } else {
-          $('#qid_detail_fuzzy').append('-');
-        }
-        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-          if (data.action == "add header") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-          } else if (data.action == "reject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-          } else if (data.action == "rewrite subject") {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-          }
-        }
-        if (typeof data.recipients !== 'undefined') {
-          $.each(data.recipients, function(index, value) {
-            var elem = $('<span class="mail-address-item"></span>');
-            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-            $('#qid_detail_recipients').append(elem);
-          });
-        }
-        $('#qid_detail_text').text(data.text_plain);
-        $('#qid_detail_text_from_html').text(data.text_html);
-        var qAtts = $("#qid_detail_atts");
-        if (typeof data.attachments !== 'undefined') {
-          qAtts.text('');
-          $.each(data.attachments, function(index, value) {
-            qAtts.append(
-              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
-              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
-            );
-          });
-        }
-        else {
-          qAtts.text('-');
-        }
-      },
-      error: function(data){
-        if (typeof data.error !== 'undefined') {
-          $('#qid_detail_subj').text('-');
-          $('#qid_detail_hfrom').text('-');
-          $('#qid_detail_efrom').text('-');
-          $('#qid_detail_score').html('-');
-          $('#qid_detail_recipients').html('-');
-          $('#qid_detail_symbols').html('-');
-          $('#qid_detail_fuzzy').html('-');
-          $('#qid_detail_text').text('-');
-          $('#qid_detail_text_from_html').text('-');
-          qError.text("Error loading quarantine item");
-          qError.show();
-        }
-      }
-    });
-  });
-
-  $('body').on('click', 'span.footable-toggle', function () {
-    event.stopPropagation();
-  })
-
-  // Initial table drawings
-  draw_quarantine_table();
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+
+jQuery(function($){
+  acl_data = JSON.parse(acl);
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
+  function draw_quarantine_table() {
+    var table = $('#quarantinetable').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      order: [[2, 'desc']],
+      lengthMenu: [
+        [10, 25, 50, 100, -1],
+        [10, 25, 50, 100, 'all']
+      ],
+      pagingType: 'first_last_numbers',
+      aColumns: [
+        { sWidth: '8.25%' },
+        { sClass: 'classDataTable' }
+      ],
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      initComplete: function(){
+        hideTableExpandCollapseBtn('#quarantinetable');
+      },
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/quarantine/all",
+        dataSrc: function(data){
+          $.each(data, function (i, item) {
+            if (item.subject === null) {
+              item.subject = '';
+            } else {
+              item.subject = escapeHtml(item.subject);
+            }
+            if (item.score === null) {
+              item.score = '-';
+            }
+            if (item.virus_flag > 0) {
+              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
+            } else {
+              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
+            }
+            if (item.action === "reject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
+            } else if (item.action === "add header") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
+            } else if (item.action === "rewrite subject") {
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
+            }
+            if(item.notified > 0) {
+              item.notified = '&#10004;';
+            } else {
+              item.notified = '&#10006;';
+            }
+            if (acl_data.login_as === 1) {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
+              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+              '</div>';
+            }
+            else {
+            item.action = '<div class="btn-group">' +
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
+              '</div>';
+            }
+            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.qid,
+          data: 'qid',
+          defaultContent: ''
+        },
+        {
+          title: lang.sender,
+          data: 'sender',
+          className: 'senders-mw220',
+          defaultContent: ''
+        },
+        {
+          title: lang.subj,
+          data: 'subject',
+          defaultContent: ''
+        },
+        {
+          title: lang.rspamd_result,
+          data: 'rspamdaction',
+          defaultContent: ''
+        },
+        {
+          title: lang.rcpt,
+          data: 'rcpt',
+          defaultContent: ''
+        },
+        {
+          title: lang.danger,
+          data: 'virus',
+          defaultContent: ''
+        },
+        {
+          title: lang.spam_score,
+          data: 'score',
+          defaultContent: ''
+        },
+        {
+          title: lang.notified,
+          data: 'notified',
+          defaultContent: ''
+        },
+        {
+          title: lang.received,
+          data: 'created',
+          defaultContent: '',
+          createdCell: function(td, cellData) {
+            $(td).attr({
+              "data-order": cellData,
+              "data-sort": cellData
+            });
+
+            var date = new Date(cellData ? cellData * 1000 : 0);
+            var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+            $(td).html(dateString);
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-text-right dt-sm-head-hidden',
+          defaultContent: ''
+        },
+      ]
+    });
+
+    table.on('responsive-resize', function (e, datatable, columns){
+      hideTableExpandCollapseBtn('#quarantinetable');
+    });
+  }
+
+  $('body').on('click', '.show_qid_info', function (e) {
+    e.preventDefault();
+    var qitem = $(this).attr('data-item');
+    var qError = $("#qid_error");
+
+    $('#qidDetailModal').modal('show');
+    qError.hide();
+
+    $.ajax({
+      url: '/inc/ajax/qitem_details.php',
+      data: { id: qitem },
+      dataType: 'json',
+      success: function(data){
+
+        $('[data-id="qitems_single"]').each(function(index) {
+          $(this).attr("data-item", qitem);
+        });
+
+        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
+        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
+        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
+
+        $('#qid_detail_subj').text(data.subject);
+        $('#qid_detail_hfrom').text(data.header_from);
+        $('#qid_detail_efrom').text(data.env_from);
+        $('#qid_detail_score').html('');
+        $('#qid_detail_recipients').html('');
+        $('#qid_detail_symbols').html('');
+        $('#qid_detail_fuzzy').html('');
+        if (typeof data.symbols !== 'undefined') {
+          data.symbols.sort(function (a, b) {
+            if (a.score === 0) return 1;
+            if (b.score === 0) return -1;
+            if (b.score < 0 && a.score < 0) {
+              return a.score - b.score;
+            }
+            if (b.score > 0 && a.score > 0) {
+              return b.score - a.score;
+            }
+            return b.score - a.score;
+          })
+          $.each(data.symbols, function (index, value) {
+            var highlightClass = '';
+            if (value.score > 0) highlightClass = 'negative';
+            else if (value.score < 0) highlightClass = 'positive';
+            else highlightClass = 'neutral';
+            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+          });
+          $('[data-bs-toggle="tooltip"]').tooltip();
+        }
+        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+          $.each(data.fuzzy_hashes, function (index, value) {
+            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+          });
+        } else {
+          $('#qid_detail_fuzzy').append('-');
+        }
+        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+          if (data.action == "add header") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+          } else if (data.action == "reject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+          } else if (data.action == "rewrite subject") {
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+          }
+        }
+        if (typeof data.recipients !== 'undefined') {
+          $.each(data.recipients, function(index, value) {
+            var elem = $('<span class="mail-address-item"></span>');
+            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+            $('#qid_detail_recipients').append(elem);
+          });
+        }
+        $('#qid_detail_text').text(data.text_plain);
+        $('#qid_detail_text_from_html').text(data.text_html);
+        var qAtts = $("#qid_detail_atts");
+        if (typeof data.attachments !== 'undefined') {
+          qAtts.text('');
+          $.each(data.attachments, function(index, value) {
+            qAtts.append(
+              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
+              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
+            );
+          });
+        }
+        else {
+          qAtts.text('-');
+        }
+      },
+      error: function(data){
+        if (typeof data.error !== 'undefined') {
+          $('#qid_detail_subj').text('-');
+          $('#qid_detail_hfrom').text('-');
+          $('#qid_detail_efrom').text('-');
+          $('#qid_detail_score').html('-');
+          $('#qid_detail_recipients').html('-');
+          $('#qid_detail_symbols').html('-');
+          $('#qid_detail_fuzzy').html('-');
+          $('#qid_detail_text').text('-');
+          $('#qid_detail_text_from_html').text('-');
+          qError.text("Error loading quarantine item");
+          qError.show();
+        }
+      }
+    });
+  });
+
+  $('body').on('click', 'span.footable-toggle', function () {
+    event.stopPropagation();
+  })
+
+  // Initial table drawings
+  draw_quarantine_table();
+
+  function hideTableExpandCollapseBtn(table){
+    if ($(table).hasClass('collapsed'))
+      $(".table_collapse_option").show();
+    else
+      $(".table_collapse_option").hide();
+  }
+});
diff --git a/data/web/js/site/queue.js b/data/web/js/site/queue.js
index 057ad840..f37884a6 100644
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -1,123 +1,128 @@
 jQuery(function($){
 
-    $(".refresh_table").on('click', function(e) {
-      e.preventDefault();
-      var table_name = $(this).data('table');
-      $('#' + table_name).DataTable().ajax.reload();
-    });
+  $(".refresh_table").on('click', function(e) {
+    e.preventDefault();
+    var table_name = $(this).data('table');
+    $('#' + table_name).DataTable().ajax.reload();
+  });
 
 
-    function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
 
-    // Queue item
-    $('#showQueuedMsg').on('show.bs.modal', function (e) {
-      $('#queue_msg_content').text(lang.loading);
-      button = $(e.relatedTarget)
-      if (button != null) {
-        $('#queue_id').text(button.data('queue-id'));
-      }
-      $.ajax({
-          type: 'GET',
-          url: '/api/v1/get/postcat/' + button.data('queue-id'),
-          dataType: 'text',
-          complete: function (data) {
-            console.log(data);
-            $('#queue_msg_content').text(data.responseText);
-          }
-      });
-    })
-
-    function draw_queue() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#queuetable') ) {
-      $('#queuetable').DataTable().columns.adjust().responsive.recalc();
-      return;
+  // Queue item
+  $('#showQueuedMsg').on('show.bs.modal', function (e) {
+    $('#queue_msg_content').text(lang.loading);
+    button = $(e.relatedTarget)
+    if (button != null) {
+      $('#queue_id').text(button.data('queue-id'));
     }
+    $.ajax({
+      type: 'GET',
+      url: '/api/v1/get/postcat/' + button.data('queue-id'),
+      dataType: 'text',
+      complete: function (data) {
+        $('#queue_msg_content').text(data.responseText);
+      }
+    });
+  })
 
-    $('#queuetable').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/mailq/all",
-        dataSrc: function(data){
-          $.each(data, function (i, item) {
-            item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
-            rcpts = $.map(item.recipients, function(i) {
-              return escapeHtml(i);
-            });
-            item.recipients = rcpts.join('<hr style="margin:1px!important">');
-            item.action = '<div class="btn-group">' +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+  function draw_queue() {
+  // just recalc width if instance already exists
+  if ($.fn.DataTable.isDataTable('#queuetable') ) {
+    $('#queuetable').DataTable().columns.adjust().responsive.recalc();
+    return;
+  }
+
+  $('#queuetable').DataTable({
+    responsive: true,
+    processing: true,
+    serverSide: false,
+    stateSave: true,
+    pageLength: pagination_size,
+    dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+         "tr" +
+         "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+    language: lang_datatables,
+    ajax: {
+      type: "GET",
+      url: "/api/v1/get/mailq/all",
+      dataSrc: function(data){
+        $.each(data, function (i, item) {
+          item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+          rcpts = $.map(item.recipients, function(i) {
+            return escapeHtml(i);
+          });
+          item.recipients = rcpts.join('<hr style="margin:1px!important">');
+          item.action = '<div class="btn-group">' +
+            '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
             '</div>';
           });
           return data;
         }
       },
       columns: [
-          {
-            // placeholder, so checkbox will not block child row toggle
-            title: '',
-            data: null,
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: '',
-            data: 'chkbox',
-            searchable: false,
-            orderable: false,
-            defaultContent: ''
-          },
-          {
-            title: 'QID',
-            data: 'queue_id',
-            defaultContent: ''
-          },
-          {
-            title: 'Queue',
-            data: 'queue_name',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.arrival_time,
-            data: 'arrival_time',
-            defaultContent: '',
-            render: function (data, type){
-              var date = new Date(data ? data * 1000 : 0); 
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-            }
-          },
-          {
-            title: lang_admin.message_size,
-            data: 'message_size',
-            defaultContent: '',
-            render: function (data, type){
-              return humanFileSize(data);
-            }
-          },
-          {
-            title: lang_admin.sender,
-            data: 'sender',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.recipients,
-            data: 'recipients',
-            defaultContent: ''
-          },
-          {
-            title: lang_admin.action,
-            data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
-            defaultContent: ''
-          },
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'QID',
+          data: 'queue_id',
+          defaultContent: ''
+        },
+        {
+          title: 'Queue',
+          data: 'queue_name',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.arrival_time,
+          data: 'arrival_time',
+          defaultContent: '',
+          render: function (data, type){
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang_admin.message_size,
+          data: 'message_size',
+          defaultContent: '',
+          render: function (data, type){
+            return humanFileSize(data);
+          }
+        },
+        {
+          title: lang_admin.sender,
+          data: 'sender',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.recipients,
+          data: 'recipients',
+          defaultContent: ''
+        },
+        {
+          title: lang_admin.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        },
       ]
     });
   }
 
   draw_queue();
 
-})
\ No newline at end of file
+})
diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js
index 36bcfa63..b2139829 100644
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@@ -1,637 +1,667 @@
-// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-$(document).ready(function() {
-  // Spam score slider
-  var spam_slider = $('#spam_score')[0];
-  if (typeof spam_slider !== 'undefined') {
-    noUiSlider.create(spam_slider, {
-      start: user_spam_score,
-      connect: [true, true, true],
-      range: {
-        'min': [0], //stepsize is 50.000
-        '50%': [10],
-        '70%': [20, 5],
-        '80%': [50, 10],
-        '90%': [100, 100],
-        '95%': [1000, 1000],
-        'max': [5000]
-      },
-    });
-    var connect = spam_slider.querySelectorAll('.noUi-connect');
-    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
-    for (var i = 0; i < connect.length; i++) {
-      connect[i].classList.add(classes[i]);
-    }
-    spam_slider.noUiSlider.on('update', function (values, handle) {
-      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
-      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
-      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
-      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
-    });
-  }
-  // syncjobLogModal
-  $('#syncjobLogModal').on('show.bs.modal', function(e) {
-    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
-    $.ajax({
-      url: '/inc/ajax/syncjob_logs.php',
-      data: { id: syncjob_id },
-      dataType: 'text',
-      success: function(data){
-        $(e.currentTarget).find('#logText').text(data);
-      },
-      error: function(xhr, status, error) {
-        $(e.currentTarget).find('#logText').text(xhr.responseText);
-      }
-    });
-  });
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-
-});
-jQuery(function($){
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap = {
-  '&': '&amp;',
-  '<': '&lt;',
-  '>': '&gt;',
-  '"': '&quot;',
-  "'": '&#39;',
-  '/': '&#x2F;',
-  '`': '&#x60;',
-  '=': '&#x3D;'
-  };
-  function escapeHtml(string) {
-    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
-      return entityMap[s];
-    });
-  }
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
-  }
-  function unix_time_format(tm) {
-    var date = new Date(tm ? tm * 1000 : 0);
-    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-  }
-  acl_data = JSON.parse(acl);
-
-  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
-  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
-
-  function last_logins(action, days = 7) {
-    if (action == 'get') {
-      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
-        jsonp: false,
-        error: function () {
-          console.log('error reading last logins');
-        },
-        success: function (data) {
-          $('.last-login').html();
-          if (data.ui.time) {
-            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
-          } else {
-            $('.last-login').text(lang.no_last_login);
-          }
-          if (data.sasl) {
-            $('.last-login').append('<ul class="list-group">');
-            $.each(data.sasl, function (i, item) {
-              var datetime = new Date(item.datetime.replace(/-/g, "/"));
-              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
-              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
-              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
-              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
-              var ip_data = real_rip + ip_location + app_password;
-              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
-            })
-            $('.last-login').append('</ul>');
-          }
-        }
-      })
-    } else if (action == 'reset') {
-      $.ajax({
-        dataType: 'json',
-        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
-        jsonp: false,
-        error: function () {
-          console.log('cannot reset last logins');
-        },
-        success: function (data) {
-          last_logins('get');
-        }
-      })
-    }
-  }
-
-  function draw_tla_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#tla_table') ) {
-      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#tla_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: "/api/v1/get/time_limited_aliases",
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (acl_data.spam_alias === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
-              item.address = escapeHtml(item.address);
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled />';
-              item.action = '<span>-</span>';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: lang.alias,
-          data: 'address',
-          defaultContent: ''
-        },
-        {
-          title: lang.alias_valid_until,
-          data: 'validity',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data ? data * 1000 : 0); 
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.created_on,
-          data: 'created',
-          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data.replace(/-/g, "/"));
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_sync_job_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
-      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#sync_job_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.user1 = escapeHtml(item.user1);
-            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
-            if (!item.exclude > 0) {
-              item.exclude = '-';
-            } else {
-              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
-            }
-            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
-            if (acl_data.syncjobs === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-            if (item.is_running == 1) {
-              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
-            } else {
-              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
-            }
-            if (!item.last_run > 0) {
-              item.last_run = lang.waiting;
-            }
-            if (item.success == null) {
-              item.success = '-';
-              item.exit_status = '';
-            } else {
-              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            }
-            if (lang['syncjob_'+item.exit_status]) {
-	            item.exit_status = lang['syncjob_'+item.exit_status];
-            } else if (item.success != '-') {
-	            item.exit_status = lang.syncjob_check_log;
-            }
-            item.exit_status = item.success + ' ' + item.exit_status;
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 1
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: '',
-          responsivePriority: 2
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: 'Server',
-          data: 'server_w_port',
-          defaultContent: ''
-        },
-        {
-          title: lang.username,
-          data: 'user1',
-          defaultContent: '',
-          responsivePriority: 3
-        },
-        {
-          title: lang.last_run,
-          data: 'last_run',
-          defaultContent: ''
-        },
-        {
-          title: lang.syncjob_last_run_result,
-          data: 'exit_status',
-          defaultContent: ''
-        },
-        {
-          title: 'Log',
-          data: 'log',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.status,
-          data: 'is_running',
-          defaultContent: '',
-          responsivePriority: 5
-        },
-        {
-          title: lang.encryption,
-          data: 'enc1',
-          defaultContent: ''
-        },
-        {
-          title: lang.excludes,
-          data: 'exclude',
-          defaultContent: ''
-        },
-        {
-          title: lang.interval + " (min)",
-          data: 'mins_interval',
-          defaultContent: ''
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: '',
-          responsivePriority: 5
-        }
-      ]
-    });
-  }
-  function draw_app_passwd_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
-      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#app_passwd_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/app-passwd/all',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            item.name = escapeHtml(item.name)
-            item.protocols = []
-            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
-            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
-            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
-            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
-            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
-            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
-            item.protocols = item.protocols.join(" ")
-            if (acl_data.app_passwds === 1) {
-              item.action = '<div class="btn-group">' +
-                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
-                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-                '</div>';
-              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
-            }
-            else {
-              item.action = '<span>-</span>';
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'id',
-          defaultContent: ''
-        },
-        {
-          title: lang.app_name,
-          data: 'name',
-          defaultContent: ''
-        },
-        {
-          title: lang.allowed_protocols,
-          data: 'protocols',
-          defaultContent: ''
-        },
-        {
-          title: lang.active,
-          data: 'active',
-          defaultContent: '',
-          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
-          }
-        },
-        {
-          title: lang.action,
-          data: 'action',
-          className: 'text-md-end dt-sm-head-hidden dt-body-right',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_wl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
-      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#wl_policy_mailbox_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_wl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-  function draw_bl_policy_mailbox_table() {
-    // just recalc width if instance already exists
-    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
-      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
-      return;
-    }
-
-    $('#bl_policy_mailbox_table').DataTable({
-      processing: true,
-      serverSide: false,
-      language: lang_datatables,
-      ajax: {
-        type: "GET",
-        url: '/api/v1/get/policy_bl_mailbox',
-        dataSrc: function(data){
-          console.log(data);
-          $.each(data, function (i, item) {
-            if (validateEmail(item.object)) {
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
-            }
-            else {
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
-            }
-            if (acl_data.spam_policy === 0) {
-              item.chkbox = '<input type="checkbox" disabled />';
-            }
-          });
-
-          return data;
-        }
-      },
-      columns: [          
-        {
-          // placeholder, so checkbox will not block child row toggle
-          title: '',
-          data: null,
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: '',
-          data: 'chkbox',
-          searchable: false,
-          orderable: false,
-          defaultContent: ''
-        },
-        {
-          title: 'ID',
-          data: 'prefid',
-          defaultContent: ''
-        },
-        {
-          title: lang.spamfilter_table_rule,
-          data: 'value',
-          defaultContent: ''
-        },
-        {
-          title:'Scope',
-          data: 'object',
-          defaultContent: ''
-        }
-      ]
-    });
-  }
-
-  // FIDO2 friendly name modal
-  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
-    rename_link = $(e.relatedTarget)
-    if (rename_link != null) {
-      $('#fido2_cid').val(rename_link.data('cid'));
-      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
-    }
-  })
-
-  // Sieve data modal
-  $('#userFilterModal').on('show.bs.modal', function(e) {
-    $('#user_sieve_filter').text(lang.loading);
-    $.ajax({
-      dataType: 'json',
-      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
-      jsonp: false,
-      error: function () {
-        console.log('Cannot get active sieve script');
-      },
-      complete: function (data) {
-        if (data.responseText == '{}') {
-          $('#user_sieve_filter').text(lang.no_active_filter);
-        } else {
-          $('#user_sieve_filter').text(JSON.parse(data.responseText));
-        }
-      }
-    })
-  });
-  $('#userFilterModal').on('hidden.bs.modal', function () {
-    $('#user_sieve_filter').text(lang.loading);
-  });
-
-  // detect element visibility changes
-  function onVisible(element, callback) {
-    $(document).ready(function() {
-      element_object = document.querySelector(element);
-      if (element_object === null) return;
-
-      new IntersectionObserver((entries, observer) => {
-        entries.forEach(entry => {
-          if(entry.intersectionRatio > 0) {
-            callback(element_object);
-          }
-        });
-      }).observe(element_object);
-    });
-  }
-
-  // Load only if the tab is visible
-  onVisible("[id^=tla_table]", () => draw_tla_table());
-  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
-  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
-  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
-  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
-  last_logins('get');
-});
+// Base64 functions
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+$(document).ready(function() {
+  // Spam score slider
+  var spam_slider = $('#spam_score')[0];
+  if (typeof spam_slider !== 'undefined') {
+    noUiSlider.create(spam_slider, {
+      start: user_spam_score,
+      connect: [true, true, true],
+      range: {
+        'min': [0], //stepsize is 50.000
+        '50%': [10],
+        '70%': [20, 5],
+        '80%': [50, 10],
+        '90%': [100, 100],
+        '95%': [1000, 1000],
+        'max': [5000]
+      },
+    });
+    var connect = spam_slider.querySelectorAll('.noUi-connect');
+    var classes = ['c-1-color', 'c-2-color', 'c-3-color'];
+    for (var i = 0; i < connect.length; i++) {
+      connect[i].classList.add(classes[i]);
+    }
+    spam_slider.noUiSlider.on('update', function (values, handle) {
+      $('.spam-ham-score').text('< ' + Math.round(values[0] * 10) / 10);
+      $('.spam-spam-score').text(Math.round(values[0] * 10) / 10 + ' - ' + Math.round(values[1] * 10) / 10);
+      $('.spam-reject-score').text('> ' + Math.round(values[1] * 10) / 10);
+      $('#spam_score_value').val((Math.round(values[0] * 10) / 10) + ',' + (Math.round(values[1] * 10) / 10));
+    });
+  }
+  // syncjobLogModal
+  $('#syncjobLogModal').on('show.bs.modal', function(e) {
+    var syncjob_id = $(e.relatedTarget).data('syncjob-id');
+    $.ajax({
+      url: '/inc/ajax/syncjob_logs.php',
+      data: { id: syncjob_id },
+      dataType: 'text',
+      success: function(data){
+        $(e.currentTarget).find('#logText').text(data);
+      },
+      error: function(xhr, status, error) {
+        $(e.currentTarget).find('#logText').text(xhr.responseText);
+      }
+    });
+  });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+
+});
+jQuery(function($){
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  var entityMap = {
+  '&': '&amp;',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#39;',
+  '/': '&#x2F;',
+  '`': '&#x60;',
+  '=': '&#x3D;'
+  };
+  function escapeHtml(string) {
+    return String(string).replace(/[&<>"'`=\/]/g, function (s) {
+      return entityMap[s];
+    });
+  }
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  function validateEmail(email) {
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    return re.test(email);
+  }
+  function unix_time_format(tm) {
+    var date = new Date(tm ? tm * 1000 : 0);
+    return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+  }
+  acl_data = JSON.parse(acl);
+
+  $('.clear-last-logins').on('click', function () {if (confirm(lang.delete_ays)) {last_logins('reset');}})
+  $(".login-history").on('click', function(e) {e.preventDefault(); last_logins('get', $(this).data('days'));$(this).addClass('active').siblings().removeClass('active');});
+
+  function last_logins(action, days = 7) {
+    if (action == 'get') {
+      $('.last-login').html('<i class="bi bi-hourglass"></i>' +  lang.waiting);
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/last-login/' + encodeURIComponent(mailcow_cc_username) + '/' + days,
+        jsonp: false,
+        error: function () {
+          console.log('error reading last logins');
+        },
+        success: function (data) {
+          $('.last-login').html();
+          if (data.ui.time) {
+            $('.last-login').html('<i class="bi bi-person-fill"></i> ' + lang.last_ui_login + ': ' + unix_time_format(data.ui.time));
+          } else {
+            $('.last-login').text(lang.no_last_login);
+          }
+          if (data.sasl) {
+            $('.last-login').append('<ul class="list-group">');
+            $.each(data.sasl, function (i, item) {
+              var datetime = new Date(item.datetime.replace(/-/g, "/"));
+              var local_datetime = datetime.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+              var service = '<div class="badge fs-6 bg-secondary">' + item.service.toUpperCase() + '</div>';
+              var app_password = item.app_password ? ' <a href="/edit/app-passwd/' + item.app_password + '"><i class="bi bi-app-indicator"></i> ' + escapeHtml(item.app_password_name || "App") + '</a>' : '';
+              var real_rip = item.real_rip.startsWith("Web") ? item.real_rip : '<a href="https://bgp.he.net/ip/' + item.real_rip + '" target="_blank">' + item.real_rip + "</a>";
+              var ip_location = item.location ? ' <span class="flag-icon flag-icon-' + item.location.toLowerCase() + '"></span>' : '';
+              var ip_data = real_rip + ip_location + app_password;
+              $(".last-login").append('<li class="list-group-item">' + local_datetime + " " + service + " " + lang.from + " " + ip_data + "</li>");
+            })
+            $('.last-login').append('</ul>');
+          }
+        }
+      })
+    } else if (action == 'reset') {
+      $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/reset-last-login/' + encodeURIComponent(mailcow_cc_username),
+        jsonp: false,
+        error: function () {
+          console.log('cannot reset last logins');
+        },
+        success: function (data) {
+          last_logins('get');
+        }
+      })
+    }
+  }
+
+  function draw_tla_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#tla_table') ) {
+      $('#tla_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#tla_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: "/api/v1/get/time_limited_aliases",
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (acl_data.spam_alias === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="#" data-action="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
+              item.address = escapeHtml(item.address);
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled />';
+              item.action = '<span>-</span>';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: lang.alias,
+          data: 'address',
+          defaultContent: ''
+        },
+        {
+          title: lang.alias_valid_until,
+          data: 'validity',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data ? data * 1000 : 0);
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.created_on,
+          data: 'created',
+          defaultContent: '',
+          render: function (data, type) {
+            var date = new Date(data.replace(/-/g, "/"));
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_sync_job_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#sync_job_table') ) {
+      $('#sync_job_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#sync_job_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.user1 = escapeHtml(item.user1);
+            item.log = '<a href="#syncjobLogModal" data-bs-toggle="modal" data-syncjob-id="' + item.id + '">' + lang.open_logs + '</a>'
+            if (!item.exclude > 0) {
+              item.exclude = '-';
+            } else {
+              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
+            }
+            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
+            if (acl_data.syncjobs === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/syncjob/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+            if (item.is_running == 1) {
+              item.is_running = '<span id="active-script" class="badge fs-6 bg-success">' + lang.running + '</span>';
+            } else {
+              item.is_running = '<span id="inactive-script" class="badge fs-6 bg-warning">' + lang.waiting + '</span>';
+            }
+            if (!item.last_run > 0) {
+              item.last_run = lang.waiting;
+            }
+            if (item.success == null) {
+              item.success = '-';
+              item.exit_status = '';
+            } else {
+              item.success = '<i class="text-' + (item.success == 1 ? 'success' : 'danger') + ' bi bi-' + (item.success == 1 ? 'check-lg' : 'x-lg') + '"></i>';
+            }
+            if (lang['syncjob_'+item.exit_status]) {
+              item.exit_status = lang['syncjob_'+item.exit_status];
+            } else if (item.success != '-') {
+              item.exit_status = lang.syncjob_check_log;
+            }
+            item.exit_status = item.success + ' ' + item.exit_status;
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 1
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: '',
+          responsivePriority: 2
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: 'Server',
+          data: 'server_w_port',
+          defaultContent: ''
+        },
+        {
+          title: lang.username,
+          data: 'user1',
+          defaultContent: '',
+          responsivePriority: 3
+        },
+        {
+          title: lang.last_run,
+          data: 'last_run',
+          defaultContent: ''
+        },
+        {
+          title: lang.syncjob_last_run_result,
+          data: 'exit_status',
+          defaultContent: ''
+        },
+        {
+          title: 'Log',
+          data: 'log',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.status,
+          data: 'is_running',
+          defaultContent: '',
+          responsivePriority: 5
+        },
+        {
+          title: lang.encryption,
+          data: 'enc1',
+          defaultContent: ''
+        },
+        {
+          title: lang.excludes,
+          data: 'exclude',
+          defaultContent: ''
+        },
+        {
+          title: lang.interval + " (min)",
+          data: 'mins_interval',
+          defaultContent: ''
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: '',
+          responsivePriority: 5
+        }
+      ]
+    });
+  }
+  function draw_app_passwd_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#app_passwd_table') ) {
+      $('#app_passwd_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#app_passwd_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/app-passwd/all',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name)
+            item.protocols = []
+            if (item.imap_access == 1) { item.protocols.push("<code>IMAP</code>"); }
+            if (item.smtp_access == 1) { item.protocols.push("<code>SMTP</code>"); }
+            if (item.eas_access == 1) { item.protocols.push("<code>EAS/ActiveSync</code>"); }
+            if (item.dav_access == 1) { item.protocols.push("<code>DAV</code>"); }
+            if (item.pop3_access == 1) { item.protocols.push("<code>POP3</code>"); }
+            if (item.sieve_access == 1) { item.protocols.push("<code>Sieve</code>"); }
+            item.protocols = item.protocols.join(" ")
+            if (acl_data.app_passwds === 1) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
+                '<a href="#" data-action="delete_selected" data-id="single-apppasswd" data-api-url="delete/app-passwd" data-item="' + item.id + '" class="btn btn-xs btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="apppasswd" name="multi_select" value="' + item.id + '" />';
+            }
+            else {
+              item.action = '<span>-</span>';
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'id',
+          defaultContent: ''
+        },
+        {
+          title: lang.app_name,
+          data: 'name',
+          defaultContent: ''
+        },
+        {
+          title: lang.allowed_protocols,
+          data: 'protocols',
+          defaultContent: ''
+        },
+        {
+          title: lang.active,
+          data: 'active',
+          defaultContent: '',
+          render: function (data, type) {
+            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>'
+          }
+        },
+        {
+          title: lang.action,
+          data: 'action',
+          className: 'dt-sm-head-hidden dt-text-right',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_wl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#wl_policy_mailbox_table') ) {
+      $('#wl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#wl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_wl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled title="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+  function draw_bl_policy_mailbox_table() {
+    // just recalc width if instance already exists
+    if ($.fn.DataTable.isDataTable('#bl_policy_mailbox_table') ) {
+      $('#bl_policy_mailbox_table').DataTable().columns.adjust().responsive.recalc();
+      return;
+    }
+
+    $('#bl_policy_mailbox_table').DataTable({
+      responsive: true,
+      processing: true,
+      serverSide: false,
+      stateSave: true,
+      pageLength: pagination_size,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
+           "tr" +
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
+      language: lang_datatables,
+      ajax: {
+        type: "GET",
+        url: '/api/v1/get/policy_bl_mailbox',
+        dataSrc: function(data){
+          console.log(data);
+          $.each(data, function (i, item) {
+            if (validateEmail(item.object)) {
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_mailbox" name="multi_select" value="' + item.prefid + '" />';
+            }
+            else {
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang.spamfilter_table_domain_policy + '" />';
+            }
+            if (acl_data.spam_policy === 0) {
+              item.chkbox = '<input type="checkbox" disabled />';
+            }
+          });
+
+          return data;
+        }
+      },
+      columns: [
+        {
+          // placeholder, so checkbox will not block child row toggle
+          title: '',
+          data: null,
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: '',
+          data: 'chkbox',
+          searchable: false,
+          orderable: false,
+          defaultContent: ''
+        },
+        {
+          title: 'ID',
+          data: 'prefid',
+          defaultContent: ''
+        },
+        {
+          title: lang.spamfilter_table_rule,
+          data: 'value',
+          defaultContent: ''
+        },
+        {
+          title:'Scope',
+          data: 'object',
+          defaultContent: ''
+        }
+      ]
+    });
+  }
+
+  // FIDO2 friendly name modal
+  $('#fido2ChangeFn').on('show.bs.modal', function (e) {
+    rename_link = $(e.relatedTarget)
+    if (rename_link != null) {
+      $('#fido2_cid').val(rename_link.data('cid'));
+      $('#fido2_subject_desc').text(Base64.decode(rename_link.data('subject')));
+    }
+  })
+
+  // Sieve data modal
+  $('#userFilterModal').on('show.bs.modal', function(e) {
+    $('#user_sieve_filter').text(lang.loading);
+    $.ajax({
+      dataType: 'json',
+      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
+      jsonp: false,
+      error: function () {
+        console.log('Cannot get active sieve script');
+      },
+      complete: function (data) {
+        if (data.responseText == '{}') {
+          $('#user_sieve_filter').text(lang.no_active_filter);
+        } else {
+          $('#user_sieve_filter').text(JSON.parse(data.responseText));
+        }
+      }
+    })
+  });
+  $('#userFilterModal').on('hidden.bs.modal', function () {
+    $('#user_sieve_filter').text(lang.loading);
+  });
+
+  // detect element visibility changes
+  function onVisible(element, callback) {
+    $(document).ready(function() {
+      element_object = document.querySelector(element);
+      if (element_object === null) return;
+
+      new IntersectionObserver((entries, observer) => {
+        entries.forEach(entry => {
+          if(entry.intersectionRatio > 0) {
+            callback(element_object);
+          }
+        });
+      }).observe(element_object);
+    });
+  }
+
+  // Load only if the tab is visible
+  onVisible("[id^=tla_table]", () => draw_tla_table());
+  onVisible("[id^=bl_policy_mailbox_table]", () => draw_bl_policy_mailbox_table());
+  onVisible("[id^=wl_policy_mailbox_table]", () => draw_wl_policy_mailbox_table());
+  onVisible("[id^=sync_job_table]", () => draw_sync_job_table());
+  onVisible("[id^=app_passwd_table]", () => draw_app_passwd_table());
+  last_logins('get');
+});
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 79b6bfd5..ec028fe4 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -288,6 +288,18 @@ if (isset($_GET['query'])) {
         case "domain-admin":
           process_add_return(domain_admin('add', $attr));
         break;
+        case "sso":
+          switch ($object) {
+            case "domain-admin":
+              $data = domain_admin_sso('issue', $attr);
+              if($data) {
+                echo json_encode($data);
+                exit(0);
+              }
+              process_add_return($data);
+            break;
+          }
+        break;
         case "admin":
           process_add_return(admin('add', $attr));
         break;
@@ -561,6 +573,15 @@ if (isset($_GET['query'])) {
                   echo '{}';
                 }
               break;
+              default:
+                $password_complexity_rules = password_complexity('get');
+                if ($password_complexity_rules !== false) {
+                  process_get_return($password_complexity_rules);
+                }
+                else {
+                  echo '{}';
+                }
+              break;
             }
           break;
 
@@ -1544,14 +1565,15 @@ if (isset($_GET['query'])) {
                   } 
                   else if ($extra == "ip") {
                     // get public ips
+                    
                     $curl = curl_init();
-                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                     curl_setopt($curl, CURLOPT_POST, 0);
+                    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
+                    curl_setopt($curl, CURLOPT_TIMEOUT, 15);
+                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                     $ipv4 = curl_exec($curl);
                     curl_setopt($curl, CURLOPT_URL, 'http://ipv6.mailcow.email');
-                    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-                    curl_setopt($curl, CURLOPT_POST, 0);
                     $ipv6 = curl_exec($curl);
                     $ips = array(
                       "ipv4" => $ipv4,
@@ -1913,6 +1935,9 @@ if (isset($_GET['query'])) {
         case "ui_texts":
           process_edit_return(customize('edit', 'ui_texts', $attr));
         break;
+        case "ip_check":
+          process_edit_return(customize('edit', 'ip_check', $attr));
+        break;
         case "self":
           if ($_SESSION['mailcow_cc_role'] == "domainadmin") {
             process_edit_return(domain_admin('edit', $attr));
diff --git a/data/web/lang/lang.ca-es.json b/data/web/lang/lang.ca-es.json
index c2032da6..26a30afd 100644
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -393,16 +393,7 @@
         "toggle_all": "Marcar tots"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar panell d'ajuda",
diff --git a/data/web/lang/lang.cs-cz.json b/data/web/lang/lang.cs-cz.json
index f9c4fca5..5e119fbd 100644
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -650,7 +650,7 @@
     },
     "login": {
         "delayed": "Přihlášení zpožděno o %s sekund.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Přihlásit",
         "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
         "other_logins": "Přihlášení klíčem",
@@ -889,15 +889,7 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Smazat vše",
-        "flush_queue": "Vyprázdnit frontu (opětovně doručit)",
-        "queue_ays": "Potvrďte prosím, že chcete odstranit všechny položky z aktuální fronty.",
-        "queue_deliver_mail": "Doručit",
-        "queue_hold_mail": "Zadržet",
-        "queue_manager": "Správce fronty",
-        "queue_show_message": "Zobrazit zprávu",
-        "queue_unban": "odblokovat",
-        "queue_unhold_mail": "Propustit"
+        "queue_manager": "Správce fronty"
     },
     "ratelimit": {
         "disabled": "Vypnuto",
diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json
index 8b5ef0d5..18080080 100644
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -1,6 +1,6 @@
 {
     "acl": {
-        "alias_domains": "Tilføj kældenavn domæner",
+        "alias_domains": "Tilføj domænealias",
         "app_passwds": "Administrer app-adgangskoder",
         "bcc_maps": "BCC kort",
         "delimiter_action": "Afgrænsning handling",
@@ -22,9 +22,9 @@
         "spam_alias": "Midlertidige aliasser",
         "spam_policy": "Sortliste / hvidliste",
         "spam_score": "Spam-score",
-        "syncjobs": "Synkroniser job",
+        "syncjobs": "Synkroniserings job",
         "tls_policy": "TLS politik",
-        "unlimited_quota": "Ubegrænset quote for mailbokse",
+        "unlimited_quota": "Ubegrænset plads for mailbokse",
         "domain_desc": "Skift domæne beskrivelse"
     },
     "add": {
@@ -33,7 +33,7 @@
         "add": "Tilføj",
         "add_domain_only": "Tilføj kun domæne",
         "add_domain_restart": "Tilføj domæne og genstart SOGo",
-        "alias_address": "Alias adresse (r)",
+        "alias_address": "Alias adresse(r)",
         "alias_address_info": "<small>Fuld e-mail-adresse eller @ eksempel.com for at fange alle beskeder til et domæne (kommasepareret). <b> kun mailcow-domæner</b>.</small>",
         "alias_domain": "Alias-domæne",
         "alias_domain_info": "<small>Kun gyldige domænenavne (kommasepareret).</small>",
@@ -586,7 +586,7 @@
     },
     "login": {
         "delayed": "Login blev forsinket med% s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Log ind som postkassebruger for at downloade den anmodede Apple-forbindelsesprofil.",
         "other_logins": "Nøgle login",
@@ -640,7 +640,7 @@
         "deactivate": "Deaktiver",
         "description": "Beskrivelse",
         "disable_login": "Tillad ikke login (indgående mail accepteres stadig)",
-        "disable_x": "Deaktiver",        
+        "disable_x": "Deaktiver",
         "dkim_domains_selector": "Vælger",
         "dkim_key_length": "DKIM nøgle længde (bits)",
         "domain": "Domæne",
@@ -656,7 +656,7 @@
         "filter_table": "Filtertabel",
         "filters": "Filtre",
         "fname": "Fulde navn",
-        "force_pw_update": "Tving adgangskodeopdatering til næste login",   
+        "force_pw_update": "Tving adgangskodeopdatering til næste login",
         "gal": "Global adresseliste",
         "hourly": "Hver time",
         "in_use": "I brug (%)",
@@ -803,15 +803,7 @@
         "toggle_all": "Skift alt"
     },
     "queue": {
-        "delete_queue": "Slet alt",
-        "flush_queue": "Tøm kø",
-        "queue_ays": "Bekræft venligst, at du vil slette alle emner fra den aktuelle kø.",
-        "queue_deliver_mail": "Aflevere",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Køadministrator",
-        "queue_unban": "kø ikke udeluk",
-        "queue_unhold_mail": "Unhold",
-        "queue_show_message": "Vis besked"
+        "queue_manager": "Køadministrator"
     },
     "start": {
         "help": "Vis / skjul hjælpepanel",
diff --git a/data/web/lang/lang.de-de.json b/data/web/lang/lang.de-de.json
index 46e31c90..8ff1cf06 100644
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -204,6 +204,9 @@
         "include_exclude": "Ein- und Ausschlüsse",
         "include_exclude_info": "Ohne Auswahl werden <b>alle Mailboxen</b> adressiert.",
         "includes": "Diese Empfänger einschließen",
+        "ip_check": "IP Check",
+        "ip_check_disabled": "IP check ist deaktiviert. Unter dem angegebenen Pfad kann es aktiviert werden<br> <strong>System > Konfiguration > Einstellungen > UI-Anpassung</strong>",
+        "ip_check_opt_in": "Opt-In für die Nutzung der Drittanbieter-Dienste <strong>ipv4.mailcow.email</strong> und <strong>ipv6.mailcow.email</strong> zur Auflösung externer IP-Adressen.",
         "is_mx_based": "MX-basiert",
         "last_applied": "Zuletzt angewendet",
         "license_info": "Eine Lizenz ist nicht erforderlich, hilft jedoch der Entwicklung mailcows.<br><a href=\"https://www.servercow.de/mailcow#sal\" target=\"_blank\" alt=\"SAL Bestellung\">Hier kann die mailcow-GUID registriert werden.</a> Alternativ ist <a href=\"https://www.servercow.de/mailcow#support\" target=\"_blank\" alt=\"SAL Bestellung\">die Bestellung von Support-Paketen möglich</a>.",
@@ -228,6 +231,7 @@
         "oauth2_renew_secret": "Neues Client Secret generieren",
         "oauth2_revoke_tokens": "Alle Client Tokens entfernen",
         "optional": "Optional",
+        "options": "Einstellungen",
         "password": "Passwort",
         "password_length": "Passwortlänge",
         "password_policy": "Passwortrichtlinie",
@@ -256,8 +260,8 @@
         "quota_notification_html": "Benachrichtigungs-E-Mail Inhalt:<br><small>Leer lassen, um Standard-Template wiederherzustellen.</small>",
         "quota_notification_sender": "Benachrichtigungs-E-Mail Absender",
         "quota_notification_subject": "Benachrichtigungs-E-Mail Betreff",
-        "quota_notifications": "Quota Benachrichtigungen",
-        "quota_notifications_info": "Quota Benachrichtigungen werden an Mailboxen versendet, die 80 respektive 95 Prozent der zur Verfügung stehenden Quota überschreiten.",
+        "quota_notifications": "Quota-Benachrichtigungen",
+        "quota_notifications_info": "Quota-Benachrichtigungen werden an Mailboxen versendet, die 80 respektive 95 Prozent der zur Verfügung stehenden Quota überschreiten.",
         "quota_notifications_vars": "{{percent}} entspricht der aktuellen Quota in Prozent<br>{{username}} entspricht dem Mailbox-Namen",
         "r_active": "Aktive Restriktionen",
         "r_inactive": "Inaktive Restriktionen",
@@ -335,7 +339,8 @@
         "oauth2_add_client": "Füge OAuth2 Client hinzu",
         "api_read_only": "Schreibgeschützter Zugriff",
         "api_read_write": "Lese-Schreib-Zugriff",
-        "oauth2_apps": "OAuth2 Apps"
+        "oauth2_apps": "OAuth2 Apps",
+        "queue_unban": "entsperren"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -362,6 +367,7 @@
         "domain_not_empty": "Domain %s ist nicht leer",
         "domain_not_found": "Domain %s nicht gefunden",
         "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
+        "extended_sender_acl_denied": "Keine Rechte zum Setzen von externen Absenderadressen",
         "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
         "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
         "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",
@@ -449,49 +455,57 @@
         "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
         "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
         "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
+        "webauthn_authenticator_failed": "Der ausgewählte Authenticator wurde nicht gefunden",
+        "webauthn_publickey_failed": "Zu dem ausgewählten Authenticator wurde kein Publickey hinterlegt",
+        "webauthn_username_failed": "Der ausgewählte Authenticator gehört zu einem anderen Konto",
         "unknown": "Ein unbekannter Fehler trat auf",
         "unknown_tfa_method": "Unbekannte TFA-Methode",
         "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL",
         "username_invalid": "Benutzername %s kann nicht verwendet werden",
         "validity_missing": "Bitte geben Sie eine Gültigkeitsdauer an",
         "value_missing": "Bitte alle Felder ausfüllen",
-        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s"
+        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
+        "template_exists": "Vorlage %s existiert bereits",
+        "template_id_invalid": "Vorlagen-ID %s ungültig",
+        "template_name_invalid": "Name der Vorlage ungültig"
     },
     "datatables": {
-      "collapse_all": "Alle Einklappen",
-      "decimal": "",
-      "emptyTable": "Keine Daten in der Tabelle vorhanden",
-      "expand_all": "Alle Ausklappen",
-      "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
-      "infoEmpty": "0 bis 0 von 0 Einträgen",
-      "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
-      "infoPostFix": "",
-      "thousands": ".",
-      "lengthMenu": "_MENU_ Einträge anzeigen",
-      "loadingRecords": "Wird geladen...",
-      "processing": "Bitte warten...",
-      "search": "Suchen",
-      "zeroRecords": "Keine Einträge vorhanden.",
-      "paginate": {
-        "first": "Erste",
-        "previous": "Zurück",
-        "next": "Nächste",
-        "last": "Letzte"
-      },
-      "aria": {
-        "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
-        "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
-      }
+        "collapse_all": "Alle Einklappen",
+        "decimal": ",",
+        "emptyTable": "Keine Daten in der Tabelle vorhanden",
+        "expand_all": "Alle Ausklappen",
+        "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
+        "infoEmpty": "0 bis 0 von 0 Einträgen",
+        "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
+        "infoPostFix": "",
+        "thousands": ".",
+        "lengthMenu": "_MENU_ Einträge anzeigen",
+        "loadingRecords": "Wird geladen...",
+        "processing": "Bitte warten...",
+        "search": "Suchen",
+        "zeroRecords": "Keine Einträge vorhanden.",
+        "paginate": {
+            "first": "Erste",
+            "previous": "Zurück",
+            "next": "Nächste",
+            "last": "Letzte"
+        },
+        "aria": {
+            "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
+            "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
+        }
     },
     "debug": {
         "chart_this_server": "Chart (dieser Server)",
         "containers_info": "Container-Information",
         "container_running": "Läuft",
+        "container_disabled": "Container gestoppt oder deaktiviert",
         "container_stopped": "Angehalten",
         "cores": "Kerne",
         "current_time": "Systemzeit",
         "disk_usage": "Festplattennutzung",
         "docs": "Dokumente",
+        "error_show_ip": "Konnte die öffentlichen IP Adressen nicht auflösen",
         "external_logs": "Externe Logs",
         "history_all_servers": "History (alle Server)",
         "in_memory_logs": "In-memory Logs",
@@ -504,6 +518,7 @@
         "online_users": "Benutzer online",
         "restart_container": "Neustart",
         "service": "Dienst",
+        "show_ip": "Zeige öffentliche IP",
         "size": "Größe",
         "solr_dead": "Solr startet, ist deaktiviert oder temporär nicht erreichbar.",
         "solr_status": "Solr Status",
@@ -643,7 +658,8 @@
         "title": "Objekt bearbeiten",
         "unchanged_if_empty": "Unverändert, wenn leer",
         "username": "Benutzername",
-        "validate_save": "Validieren und speichern"
+        "validate_save": "Validieren und speichern",
+        "pushover_sound": "Ton"
     },
     "fido2": {
         "confirm": "Bestätigen",
@@ -684,7 +700,8 @@
         "quarantine": "Quarantäne",
         "restart_netfilter": "Netfilter neustarten",
         "restart_sogo": "SOGo neustarten",
-        "user_settings": "Benutzereinstellungen"
+        "user_settings": "Benutzereinstellungen",
+        "mailcow_system": "System"
     },
     "info": {
         "awaiting_tfa_confirmation": "Warte auf TFA-Verifizierung",
@@ -693,7 +710,7 @@
     },
     "login": {
         "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Anmelden",
         "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
         "other_logins": "Key Login",
@@ -714,6 +731,7 @@
         "add_filter": "Filter erstellen",
         "add_mailbox": "Mailbox hinzufügen",
         "add_recipient_map_entry": "Empfängerumschreibung hinzufügen",
+        "add_template": "Vorlage hinzufügen",
         "add_resource": "Ressource hinzufügen",
         "add_tls_policy_map": "TLS-Richtlinieneintrag hinzufügen",
         "address_rewriting": "Adressumschreibung",
@@ -755,6 +773,7 @@
         "domain": "Domain",
         "domain_admins": "Domain-Administratoren",
         "domain_aliases": "Domain-Aliasse",
+        "domain_templates": "Domainweite Vorlagen",
         "domain_quota": "Gesamtspeicher",
         "domain_quota_total": "Domain-Speicherplatz gesamt",
         "domains": "Domains",
@@ -781,6 +800,7 @@
         "mailbox_defaults": "Standardeinstellungen",
         "mailbox_defaults_info": "Steuert die Standardeinstellungen für neue Mailboxen.",
         "mailbox_defquota": "Standard-Quota",
+        "mailbox_templates": "Mailboxweite Vorlagen",
         "mailbox_quota": "Max. Größe einer Mailbox",
         "mailboxes": "Mailboxen",
         "max_aliases": "Max. mögliche Aliasse",
@@ -810,6 +830,7 @@
         "recipient_map_old_info": "Der originale Empfänger muss eine E-Mail-Adresse oder ein Domainname sein.",
         "recipient_maps": "Empfängerumschreibungen",
         "relay_all": "Alle Empfänger-Adressen relayen",
+        "relay_unknown": "Unbekannte Mailboxen relayen",
         "remove": "Entfernen",
         "resources": "Ressourcen",
         "running": "In Ausführung",
@@ -836,6 +857,8 @@
         "table_size_show_n": "Zeige %s Einträge",
         "target_address": "Ziel-Adresse",
         "target_domain": "Ziel-Domain",
+        "templates": "Vorlagen",
+        "template": "Vorlage",
         "tls_enforce_in": "TLS eingehend erzwingen",
         "tls_enforce_out": "TLS ausgehend erzwingen",
         "tls_map_dest": "Ziel",
@@ -932,16 +955,20 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Queue löschen",
-        "flush_queue": "Queue flushen",
-        "queue_ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
-        "queue_command_success": "Queue-Aufgabe erfolgreich ausgeführt",
-        "queue_deliver_mail": "Ausliefern",
-        "queue_hold_mail": "Zurückhalten",
+        "delete": "Queue löschen",
+        "flush": "Queue flushen",
+        "info": "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
+        "legend": "Funktionen der Mailqueue Aktionen:",
+        "ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
+        "deliver_mail": "Ausliefern",
+        "deliver_mail_legend": "Versucht eine erneute Zustellung der ausgwählten Mails.",
+        "hold_mail": "Zurückhalten",
+        "hold_mail_legend": "Hält die ausgewählten Mails zurück. (Verhindert weitere Zustellversuche)",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Nachricht anzeigen",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Freigeben"
+        "show_message": "Nachricht anzeigen",
+        "unban": "queue unban",
+        "unhold_mail": "Freigeben",
+        "unhold_mail_legend": "Gibt ausgewählte Mails zur Auslieferung frei. (Erfordert vorheriges Zurückhalten)"
     },
     "start": {
         "help": "Hilfe ein-/ausblenden",
@@ -989,6 +1016,7 @@
         "forwarding_host_removed": "Weiterleitungs-Host %s wurde entfernt",
         "global_filter_written": "Filterdatei wurde erfolgreich geschrieben",
         "hash_deleted": "Hash wurde gelöscht",
+        "ip_check_opt_in_modified": "IP Check wurde erfolgreich gespeichert",
         "item_deleted": "Objekt %s wurde entfernt",
         "item_released": "Objekt %s freigegeben",
         "items_deleted": "Objekt(e) %s wurde(n) erfolgreich entfernt",
@@ -1018,6 +1046,9 @@
         "saved_settings": "Regel wurde gespeichert",
         "settings_map_added": "Regel wurde gespeichert",
         "settings_map_removed": "Regeln wurden entfernt: %s",
+        "template_added": "Template %s hinzugefügt",
+        "template_modified": "Änderungen am Template %s wurden gespeichert",
+        "template_removed": "Template ID %s wurde gelöscht",
         "sogo_profile_reset": "ActiveSync-Gerät des Benutzers %s wurde zurückgesetzt",
         "tls_policy_map_entry_deleted": "TLS-Richtlinie mit der ID %s wurde gelöscht",
         "tls_policy_map_entry_saved": "TLS-Richtlinieneintrag \"%s\" wurde gespeichert",
@@ -1214,7 +1245,8 @@
         "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
         "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
         "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort"
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort",
+        "pushover_sound": "Ton"
     },
     "warning": {
         "cannot_delete_self": "Kann derzeit eingeloggten Benutzer nicht entfernen",
diff --git a/data/web/lang/lang.en-gb.json b/data/web/lang/lang.en-gb.json
index 08494e2d..bfac011e 100644
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -206,6 +206,9 @@
         "include_exclude": "Include/Exclude",
         "include_exclude_info": "By default - with no selection - <b>all mailboxes</b> are addressed",
         "includes": "Include these recipients",
+        "ip_check": "IP Check",
+        "ip_check_disabled": "IP check is disabled. You can enable it under<br> <strong>System > Configuration > Options > Customize</strong>",
+        "ip_check_opt_in": "Opt-In for using third party service <strong>ipv4.mailcow.email</strong> and <strong>ipv6.mailcow.email</strong> to resolve external IP addresses.",
         "is_mx_based": "MX based",
         "last_applied": "Last applied",
         "license_info": "A license is not required but helps further development.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Register your GUID here</a> or <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">buy support for your mailcow installation.</a>",
@@ -232,6 +235,7 @@
         "oauth2_renew_secret": "Generate new client secret",
         "oauth2_revoke_tokens": "Revoke all client tokens",
         "optional": "optional",
+        "options": "Options",
         "password": "Password",
         "password_length": "Password length",
         "password_policy": "Password policy",
@@ -263,6 +267,7 @@
         "quota_notifications": "Quota notifications",
         "quota_notifications_info": "Quota notifications are sent to users once when crossing 80% and once when crossing 95% usage.",
         "quota_notifications_vars": "{{percent}} equals the current quota of the user<br>{{username}} is the mailbox name",
+        "queue_unban": "unban",
         "r_active": "Active restrictions",
         "r_inactive": "Inactive restrictions",
         "r_info": "Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.",
@@ -362,6 +367,7 @@
         "domain_not_empty": "Cannot remove non-empty domain %s",
         "domain_not_found": "Domain %s not found",
         "domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB",
+        "extended_sender_acl_denied": "missing ACL to set external sender addresses",
         "extra_acl_invalid": "External sender address \"%s\" is invalid",
         "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
         "fido2_verification_failed": "FIDO2 verification failed: %s",
@@ -452,6 +458,9 @@
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
+        "webauthn_authenticator_failed": "The selected authenticator was not found",
+        "webauthn_publickey_failed": "No public key was stored for the selected authenticator",
+        "webauthn_username_failed": "The selected authenticator belongs to another account",
         "unknown": "An unknown error occurred",
         "unknown_tfa_method": "Unknown TFA method",
         "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
@@ -461,40 +470,42 @@
         "yotp_verification_failed": "Yubico OTP verification failed: %s"
     },
     "datatables": {
-      "collapse_all": "Collapse All",
-      "decimal": "",
-      "emptyTable": "No data available in table",
-      "expand_all": "Expand All",
-      "info": "Showing _START_ to _END_ of _TOTAL_ entries",
-      "infoEmpty": "Showing 0 to 0 of 0 entries",
-      "infoFiltered": "(filtered from _MAX_ total entries)",
-      "infoPostFix": "",
-      "thousands": ",",
-      "lengthMenu": "Show _MENU_ entries",
-      "loadingRecords": "Loading...",
-      "processing": "Please wait...",
-      "search": "Search:",
-      "zeroRecords": "No matching records found",
-      "paginate": {
-          "first": "First",
-          "last": "Last",
-          "next": "Next",
-          "previous": "Previous"
-      },
-      "aria": {
-          "sortAscending": ": activate to sort column ascending",
-          "sortDescending": ": activate to sort column descending"
-      }
+        "collapse_all": "Collapse All",
+        "decimal": ".",
+        "emptyTable": "No data available in table",
+        "expand_all": "Expand All",
+        "info": "Showing _START_ to _END_ of _TOTAL_ entries",
+        "infoEmpty": "Showing 0 to 0 of 0 entries",
+        "infoFiltered": "(filtered from _MAX_ total entries)",
+        "infoPostFix": "",
+        "thousands": ",",
+        "lengthMenu": "Show _MENU_ entries",
+        "loadingRecords": "Loading...",
+        "processing": "Please wait...",
+        "search": "Search:",
+        "zeroRecords": "No matching records found",
+        "paginate": {
+            "first": "First",
+            "last": "Last",
+            "next": "Next",
+            "previous": "Previous"
+        },
+        "aria": {
+            "sortAscending": ": activate to sort column ascending",
+            "sortDescending": ": activate to sort column descending"
+        }
     },
     "debug": {
         "chart_this_server": "Chart (this server)",
         "containers_info": "Container information",
         "container_running": "Running",
+        "container_disabled": "Container stopped or disabled",
         "container_stopped": "Stopped",
         "cores": "Cores",
         "current_time": "System Time",
         "disk_usage": "Disk usage",
         "docs": "Docs",
+        "error_show_ip": "Could not resolve the public IP addresses",
         "external_logs": "External logs",
         "history_all_servers": "History (all servers)",
         "in_memory_logs": "In-memory logs",
@@ -507,6 +518,7 @@
         "online_users": "Users online",
         "restart_container": "Restart",
         "service": "Service",
+        "show_ip": "Show public IP",
         "size": "Size",
         "solr_dead": "Solr is starting, disabled or died.",
         "solr_status": "Solr status",
@@ -606,6 +618,7 @@
         "pushover_sender_regex": "Consider the following sender regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "quota_mb": "Quota (MiB)",
@@ -697,7 +710,7 @@
     },
     "login": {
         "delayed": "Login was delayed by %s seconds.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
@@ -942,23 +955,27 @@
         "type": "Type"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
+        "delete": "Delete all",
+        "flush": "Flush queue",
+        "info": "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
+        "legend": "Mail queue actions functions:",
+        "ays": "Please confirm you want to delete all items from the current queue.",
+        "deliver_mail": "Deliver",
+        "deliver_mail_legend": "Attempts to redeliver selected mails.",
+        "hold_mail": "Hold",
+        "hold_mail_legend": "Holds the selected mails. (Prevents further delivery attempts)",
         "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "show_message": "Show message",
+        "unban": "queue unban",
+        "unhold_mail": "Unhold",
+        "unhold_mail_legend": "Releases selected mails for delivery. (Requires prior hold)"
     },
     "ratelimit": {
-      "disabled": "Disabled",
-      "second": "msgs / second",
-      "minute": "msgs / minute",
-      "hour": "msgs / hour",
-      "day": "msgs / day"
+        "disabled": "Disabled",
+        "second": "msgs / second",
+        "minute": "msgs / minute",
+        "hour": "msgs / hour",
+        "day": "msgs / day"
     },
     "start": {
         "help": "Show/Hide help panel",
@@ -1006,6 +1023,7 @@
         "forwarding_host_removed": "Forwarding host %s has been removed",
         "global_filter_written": "Filter was successfully written to file",
         "hash_deleted": "Hash deleted",
+        "ip_check_opt_in_modified": "IP check was saved successfully",
         "item_deleted": "Item %s successfully deleted",
         "item_released": "Item %s released",
         "items_deleted": "Item %s successfully deleted",
@@ -1021,6 +1039,7 @@
         "password_policy_saved": "Password policy was saved successfully",
         "pushover_settings_edited": "Pushover settings successfully set, please verify credentials.",
         "qlearn_spam": "Message ID %s was learned as spam and deleted",
+        "queue_command_success": "Queue command completed successfully",
         "recipient_map_entry_deleted": "Recipient map ID %s has been deleted",
         "recipient_map_entry_saved": "Recipient map entry \"%s\" has been saved",
         "relayhost_added": "Map entry %s has been added",
@@ -1037,6 +1056,7 @@
         "sogo_profile_reset": "SOGo profile for user %s was reset",
         "template_added": "Added template %s",
         "template_modified": "Changes to template %s have been saved",
+        "template_removed": "Template ID %s has been deleted",
         "tls_policy_map_entry_deleted": "TLS policy map ID %s has been deleted",
         "tls_policy_map_entry_saved": "TLS policy map entry \"%s\" has been saved",
         "ui_texts": "Saved changes to UI texts",
@@ -1160,6 +1180,7 @@
         "pushover_sender_regex": "Match senders by the following regex",
         "pushover_text": "Notification text",
         "pushover_title": "Notification title",
+        "pushover_sound": "Sound",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
         "pushover_verify": "Verify credentials",
         "q_add_header": "Junk folder",
diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index 2e54e00e..d9c3bfd3 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -602,14 +602,7 @@
         "toggle_all": "Seleccionar todos"
     },
     "queue": {
-        "delete_queue": "Eliminar todos",
-        "flush_queue": "Vaciar la cola",
-        "queue_ays": "Confirme que desea eliminar todos los elementos de la cola actual.",
-        "queue_deliver_mail": "Entregar",
-        "queue_hold_mail": "Retener",
-        "queue_manager": "Administrador de cola",
-        "queue_unban": "Encolar desbloqueo",
-        "queue_unhold_mail": "Liberar retención"
+        "queue_manager": "Administrador de cola"
     },
     "start": {
         "help": "Mostrar/Ocultar panel de ayuda",
diff --git a/data/web/lang/lang.fi-fi.json b/data/web/lang/lang.fi-fi.json
index 485555da..7305e19e 100644
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -559,7 +559,7 @@
         "daily": "Päivittäin",
         "deactivate": "Deaktivoi",
         "description": "Kuvaus",
-        "disable_x": "Poista käytöstä",        
+        "disable_x": "Poista käytöstä",
         "dkim_domains_selector": "Valitsin",
         "dkim_key_length": "DKIM avaimen pituus (bits)",
         "domain": "Verkkotunnukset",
@@ -686,14 +686,7 @@
         "toggle_all": "Valitse kaikki"
     },
     "queue": {
-        "delete_queue": "Poista kaikki",
-        "flush_queue": "Tyhjennä jono",
-        "queue_ays": "Vahvista, että haluat poistaa kaikki nykyisen jonon kohteet.",
-        "queue_deliver_mail": "Toimittaa",
-        "queue_hold_mail": "Pidossa",
-        "queue_manager": "Jonon hallinta",
-        "queue_unban": "jono unban",
-        "queue_unhold_mail": "Poista pidosta"
+        "queue_manager": "Jonon hallinta"
     },
     "start": {
         "help": "Näytä/Piilota help paneeli",
diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json
index 666d1bc8..4db773e0 100644
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -26,7 +26,9 @@
         "syncjobs": "Tâches de synchronisation",
         "tls_policy": "Police TLS",
         "unlimited_quota": "Quota illimité pour les boites de courriel",
-        "domain_desc": "Modifier la description du domaine"
+        "domain_desc": "Modifier la description du domaine",
+        "domain_relayhost": "Changer le relais pour un domaine",
+        "mailbox_relayhost": "Changer le relais d’une boîte de réception"
     },
     "add": {
         "activate_filter_warn": "Tous les autres filtres seront désactivés, quand activé est coché.",
@@ -103,7 +105,8 @@
         "username": "Nom d'utilisateur",
         "validate": "Valider",
         "validation_success": "Validation réussie",
-        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici."
+        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
+        "tags": "Etiquettes"
     },
     "admin": {
         "access": "Accès",
@@ -316,7 +319,9 @@
         "oauth2_add_client": "Ajouter un client OAuth2",
         "password_policy": "Politique de mots de passe",
         "admins": "Administrateurs",
-        "api_read_only": "Accès lecture-seule"
+        "api_read_only": "Accès lecture-seule",
+        "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules",
+        "password_policy_numbers": "Doit contenir au moins un chiffre"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -607,7 +612,7 @@
     },
     "login": {
         "delayed": "La connexion a été retardée de %s secondes.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Connexion",
         "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte pour télécharger le profil de connexion Apple demandé.",
         "other_logins": "Clé d'authentification",
@@ -675,10 +680,10 @@
         "enable_x": "Activer",
         "excludes": "Exclut",
         "filter_table": "Table de filtre",
-        "filters": "Filtres",   
+        "filters": "Filtres",
         "fname": "Nom complet",
         "force_pw_update": "Forcer la mise à jour du mot de passe à la prochaine ouverture de session",
-        "gal": "Carnet d'Adresses Global (GAL)",     
+        "gal": "Carnet d'Adresses Global (GAL)",
         "hourly": "Horaire",
         "in_use": "Utilisé (%)",
         "inactive": "Inactif",
@@ -827,15 +832,7 @@
         "toggle_all": "Tout basculer"
     },
     "queue": {
-        "delete_queue": "Tout supprimer",
-        "flush_queue": "Vider la file d'attente",
-        "queue_ays": "Veuillez confirmer que vous voulez supprimer tous les éléments de la file d’attente actuelle.",
-        "queue_deliver_mail": "Délivrer",
-        "queue_hold_mail": "Garder",
-        "queue_manager": "Gestion de la file d'attente",
-        "queue_unban": "file d’attente unban",
-        "queue_unhold_mail": "Ne pas garder",
-        "queue_show_message": "Montrer message"
+        "queue_manager": "Gestion de la file d'attente"
     },
     "start": {
         "help": "Afficher/masquer le panneau d’aide",
diff --git a/data/web/lang/lang.hu-hu.json b/data/web/lang/lang.hu-hu.json
index 4fa55a3b..f04cf9c5 100644
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -216,16 +216,7 @@
         "toggle_all": "Összes átkapcsolása"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Súgó panel megjelenítése/elrejtése",
diff --git a/data/web/lang/lang.it-it.json b/data/web/lang/lang.it-it.json
index b0508f5d..d8d6978c 100644
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -43,7 +43,7 @@
         "app_name": "Nome app",
         "app_password": "Aggiungi la password dell'app",
         "automap": "Prova a mappare automaticamente le cartelle (\"Sent items\", \"Sent\" => \"Posta inviata\" ecc.)",
-        "backup_mx_options": "Relay options",
+        "backup_mx_options": "Opzioni di inoltro",
         "comment_info": "Un commento privato non è visibile all'utente, mentre un commento pubblico viene mostrato come suggerimento quando si passa con il mouse nella panoramica di un utente",
         "custom_params": "Parametri personalizzati",
         "custom_params_hint": "Corretto: --param=xy, errato: --param xy",
@@ -303,7 +303,7 @@
         "spamfilter": "Filtri spam",
         "subject": "Oggetto",
         "success": "Successo",
-        "sys_mails": "System mails",
+        "sys_mails": "Mail di sistema",
         "text": "Testo",
         "time": "Orario",
         "title": "Titolo",
@@ -335,7 +335,8 @@
         "api_read_write": "Accesso in lettura-scrittura",
         "oauth2_apps": "App OAuth2",
         "oauth2_add_client": "Aggiungere il client OAuth2",
-        "rsettings_preset_4": "Disattivare Rspamd per un dominio"
+        "rsettings_preset_4": "Disattivare Rspamd per un dominio",
+        "options": "Opzioni"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",
@@ -364,7 +365,7 @@
         "extra_acl_invalid": "External sender address \"%s\" is invalid",
         "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
         "fido2_verification_failed": "FIDO2 verification failed: %s",
-        "file_open_error": "File cannot be opened for writing",
+        "file_open_error": "Il file non può essere aperto per la scrittura",
         "filter_type": "Wrong filter type",
         "from_invalid": "Il mittente non può essere vuoto",
         "global_filter_write_error": "Could not write filter file: %s",
@@ -397,7 +398,7 @@
         "mailbox_quota_exceeds_domain_quota": "Lo spazio massimo supera la spazio del dominio",
         "mailbox_quota_left_exceeded": "Non c'è abbastanza spazio libero (space left: %d MiB)",
         "mailboxes_in_use": "Lo spazio massimo della casella deve essere maggiore o uguale a %d",
-        "malformed_username": "Malformed username",
+        "malformed_username": "Nome utente non valido",
         "map_content_empty": "Map content cannot be empty",
         "max_alias_exceeded": "Numero massimo di alias superato",
         "max_mailbox_exceeded": "Numero massimo di caselle superato (%d of %d)",
@@ -429,18 +430,18 @@
         "resource_invalid": "Il nome della risorsa non è valido",
         "rl_timeframe": "Rate limit time frame is incorrect",
         "rspamd_ui_pw_length": "Rspamd UI password should be at least 6 chars long",
-        "script_empty": "Script cannot be empty",
+        "script_empty": "Lo script non può essere vuoto",
         "sender_acl_invalid": "Il valore di Sender ACL non è valido",
         "set_acl_failed": "Failed to set ACL",
         "settings_map_invalid": "Settings map ID %s invalid",
         "sieve_error": "Sieve parser error: %s",
         "spam_learn_error": "Spam learn error: %s",
-        "subject_empty": "Subject must not be empty",
+        "subject_empty": "L'oggetto non deve essere vuoto",
         "target_domain_invalid": "Goto domain non è valido",
         "targetd_not_found": "Il target del dominio non è stato trovato",
         "targetd_relay_domain": "Target domain %s is a relay domain",
-        "temp_error": "Temporary error",
-        "text_empty": "Text must not be empty",
+        "temp_error": "Errore temporaneo",
+        "text_empty": "Il testo non deve essere vuoto",
         "tfa_token_invalid": "TFA token invalid",
         "tls_policy_map_dest_invalid": "Policy destination is invalid",
         "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
@@ -448,40 +449,54 @@
         "totp_verification_failed": "TOTP verification failed",
         "transport_dest_exists": "Transport destination \"%s\" exists",
         "webauthn_verification_failed": "WebAuthn verification failed: %s",
-        "unknown": "An unknown error occurred",
+        "unknown": "Si è verificato un errore sconosciuto",
         "unknown_tfa_method": "Unknown TFA method",
         "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
-        "username_invalid": "Username %s non può essere utilizzato",
+        "username_invalid": "Il nome utente %s non può essere utilizzato",
         "validity_missing": "Assegnare un periodo di validità",
         "value_missing": "Si prega di fornire tutti i valori",
-        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s"
+        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s",
+        "demo_mode_enabled": "La modalità demo è abilitata",
+        "template_name_invalid": "Nome template non valido",
+        "template_exists": "Il template %s esiste già",
+        "template_id_invalid": "Il template con ID %s non è valido"
     },
     "debug": {
         "chart_this_server": "Grafico (questo server)",
-        "containers_info": "Container information",
+        "containers_info": "Informazioni sul container",
         "disk_usage": "Uso del disco",
         "docs": "Docs",
-        "external_logs": "External logs",
-        "history_all_servers": "History (all servers)",
+        "external_logs": "Log esterni",
+        "history_all_servers": "Cronologia (tutti i server)",
         "in_memory_logs": "In-memory logs",
         "jvm_memory_solr": "JVM memory usage",
         "last_modified": "Ultima modifica",
         "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
-        "login_time": "Time",
+        "login_time": "Orario",
         "logs": "Logs",
-        "online_users": "Users online",
+        "online_users": "Utenti online",
         "restart_container": "Riavvio",
         "service": "Servizio",
-        "size": "Size",
-        "solr_dead": "Solr is starting, disabled or died.",
+        "size": "Dimensione",
+        "solr_dead": "Solr sta partendo, è disabilitato o morto.",
         "solr_status": "Stato Solr",
-        "started_at": "Started at",
-        "started_on": "Started on",
-        "static_logs": "Static logs",
+        "started_at": "Iniziato alle",
+        "started_on": "Iniziato",
+        "static_logs": "Log statici",
         "success": "Successo",
-        "system_containers": "System & Containers",
+        "system_containers": "Sistema & Containers",
         "uptime": "Tempo di attività",
-        "username": "Username"
+        "username": "Nome utente",
+        "container_disabled": "Container arrestato o disattivato",
+        "update_available": "È disponibile un aggiornamento",
+        "container_running": "In esecuzione",
+        "container_stopped": "Arrestato",
+        "cores": "Cores",
+        "current_time": "Orario di sistema",
+        "memory": "Memoria",
+        "timezone": "Fuso orario",
+        "no_update_available": "Il sistema è aggiornato all'ultima versione",
+        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
     },
     "diagnostics": {
         "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -514,7 +529,7 @@
         "delete1": "Elimina dalla sorgente al termine",
         "delete2": "Delete messages on destination that are not on source",
         "delete2duplicates": "Elimina duplicati nella destinazione",
-        "delete_ays": "Please confirm the deletion process.",
+        "delete_ays": "Si prega di confermare il processo di eliminazione.",
         "description": "Descrizione",
         "disable_login": "Disabilita l'accesso (la posta in arrivo viene correttamente recapitata)",
         "domain": "Modifica dominio",
@@ -527,17 +542,16 @@
         "exclude": "Escludi oggetti (regex)",
         "extended_sender_acl": "External sender addresses",
         "extended_sender_acl_info": "A DKIM domain key should be imported, if available.<br>\r\n  Remember to add this server to the corresponding SPF TXT record.<br>\r\n  Whenever a domain or alias domain is added to this server, that overlaps with an external address, the external address is removed.<br>\r\n  Use @domain.tld to allow to send as *@domain.tld.",
-        "force_pw_update": "Force password update at next login",
+        "force_pw_update": "Forza l'aggiornamento della password al prossimo accesso",
         "force_pw_update_info": "Questo utente potrà accedere solo a %s.",
         "full_name": "Nome completo",
         "gal": "Global Address List",
         "gal_info": "The GAL contains all objects of a domain and cannot be edited by any user. Free/busy information in SOGo is missing, if disabled! <b>Restart SOGo to apply changes.</b>",
-        "generate": "generate",
+        "generate": "crea",
         "grant_types": "Grant types",
         "hostname": "Hostname",
         "inactive": "Inattivo",
         "kind": "Genere",
-        "last_mail_login": "Last mail login",
         "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
         "mailbox": "Modifica casella di posta",
         "mailbox_quota_def": "Default mailbox quota",
@@ -550,7 +564,7 @@
         "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
         "mins_interval": "Intervallo (min)",
         "multiple_bookings": "Prenotazioni multiple",
-        "nexthop": "Next hop",
+        "nexthop": "Prossimo hop",
         "password": "Password",
         "password_repeat": "Conferma password (riscrivi)",
         "previous": "Pagina precedente",
@@ -562,9 +576,9 @@
         "pushover_sender_array": "Only consider the following sender email addresses <small>(comma-separated)</small>",
         "pushover_sender_regex": "Consider the following sender regex",
         "pushover_text": "Notification text",
-        "pushover_title": "Notification title",
+        "pushover_title": "Titolo della notifica",
         "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
-        "pushover_verify": "Verify credentials",
+        "pushover_verify": "Verifica credenziali",
         "quota_mb": "Spazio (MiB)",
         "quota_warning_bcc": "Quota warning BCC",
         "quota_warning_bcc_info": "Warnings will be sent as separate copies to the following recipients. The subject will be suffixed by the corresponding username in brackets, for example: <code>Quota warning (user@example.com)</code>.",
@@ -583,42 +597,44 @@
         "sender_acl": "Consenti di inviare come",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sender check is disabled</span>",
         "sender_acl_info": "If mailbox user A is allowed to send as mailbox user B, the sender address is not automatically displayed as selectable \"from\" field in SOGo.<br>\r\n  Mailbox user B needs to create a delegation in SOGo to allow mailbox user A to select their address as sender. To delegate a mailbox in SOGo, use the menu (three dots) to the right of your mailbox name in the upper left while in mail view. This behaviour does not apply to alias addresses.",
-        "sieve_desc": "Short description",
+        "sieve_desc": "Breve descrizione",
         "sieve_type": "Filter type",
         "skipcrossduplicates": "Skip duplicate messages across folders (first come, first serve)",
-        "sogo_visible": "Alias is visible in SOGo",
+        "sogo_visible": "L'alias è visibile in SOGo",
         "sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
         "spam_alias": "Create or change time limited alias addresses",
         "spam_filter": "Spam filter",
-        "spam_policy": "Add or remove items to white-/blacklist",
-        "spam_score": "Set a custom spam score",
+        "spam_policy": "Aggiungi o rimuovi elementi dalla whitelist/blacklist",
+        "spam_score": "Imposta un punteggio spam personalizzato",
         "subfolder2": "Sincronizza in una sottocartella<br /><small>(vuoto = non sincronizzare in sottocartella)</small>",
         "syncjob": "Modifica sincronizzazione",
         "target_address": "Vai all'indirizzo/i <small>(separato da virgola)</small>",
         "target_domain": "Target dominio",
-        "timeout1": "Timeout for connection to remote host",
-        "timeout2": "Timeout for connection to local host",
+        "timeout1": "Timeout per la connessione all'host remoto",
+        "timeout2": "Timeout per la connessione all'host remoto",
         "title": "Modifica oggetto",
         "unchanged_if_empty": "Se immutato lasciare vuoto",
-        "username": "Username",
+        "username": "Nome utente",
         "validate_save": "Convalida e salva",
         "pushover": "Pushover",
         "sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
         "none_inherit": "Nessuno / Eredita",
         "sogo_access": "Concedere l'accesso diretto a SOGo",
         "acl": "ACL (autorizzazione)",
-        "app_passwd_protocols": "Protocolli consentiti per la password dell'app"
+        "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
+        "last_modified": "Ultima modifica",
+        "pushover_sound": "Suono"
     },
     "fido2": {
-        "confirm": "Confirm",
+        "confirm": "Conferma",
         "fido2_auth": "Login with FIDO2",
-        "fido2_success": "Device successfully registered",
-        "fido2_validation_failed": "Validation failed",
-        "fn": "Friendly name",
-        "known_ids": "Known IDs",
-        "none": "Disabled",
-        "register_status": "Registration status",
-        "rename": "Rename",
+        "fido2_success": "Dispositivo registrato con successo",
+        "fido2_validation_failed": "Validazione fallita",
+        "fn": "Nome descrittivo",
+        "known_ids": "ID conosciuti",
+        "none": "Disabilitato",
+        "register_status": "Stato di registrazione",
+        "rename": "Rinominare",
         "set_fido2": "Register FIDO2 device",
         "set_fn": "Set friendly name",
         "start_fido2_validation": "Start FIDO2 validation",
@@ -642,13 +658,14 @@
     "header": {
         "administration": "Amministrazione",
         "apps": "App",
-        "debug": "Informazioni di sistema",
+        "debug": "Informazioni",
         "email": "E-Mail",
         "mailcow_config": "Configurazione",
         "quarantine": "Quarantena",
         "restart_netfilter": "Riavvia netfilter",
         "restart_sogo": "Riavvia SOGo",
-        "user_settings": "Impostazioni utente"
+        "user_settings": "Impostazioni utente",
+        "mailcow_system": "Sistema"
     },
     "info": {
         "awaiting_tfa_confirmation": "In attesa di conferma TFA",
@@ -657,12 +674,12 @@
     },
     "login": {
         "delayed": "L'accesso è stato ritardato di %s secondi.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Login",
         "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
         "other_logins": "Key login",
         "password": "Password",
-        "username": "Username"
+        "username": "Nome utente"
     },
     "mailbox": {
         "action": "Azione",
@@ -734,7 +751,7 @@
         "inactive": "Inattivo",
         "insert_preset": "Insert example preset \"%s\"",
         "kind": "Tipo",
-        "last_mail_login": "Last mail login",
+        "last_mail_login": "Ultimo accesso alla posta",
         "last_modified": "Ultima modifica",
         "last_pw_change": "Ultima modifica della password",
         "last_run": "Ultima esecuzione",
@@ -829,7 +846,15 @@
         "sender": "Mittente",
         "all_domains": "Tutti i domini",
         "recipient": "Destinatario",
-        "syncjob_EX_OK": "Successo"
+        "syncjob_EX_OK": "Successo",
+        "add_template": "Aggiungi template",
+        "force_pw_update": "Forza il cambio della password al prossimo accesso",
+        "relay_unknown": "Inoltra a caselle di posta sconosciute",
+        "mailbox_templates": "Template della mailbox",
+        "domain_templates": "Template di dominio",
+        "gal": "Elenco indirizzi globale",
+        "templates": "Template",
+        "template": "Template"
     },
     "oauth2": {
         "access_denied": "Effettua il login alla casella di posta per garantire l'accesso tramite OAuth2.",
@@ -848,7 +873,7 @@
         "confirm_delete": "Conferma l'eliminazione di questo elemento.",
         "danger": "Pericolo",
         "deliver_inbox": "Consegna nella posta in arrivo",
-        "disabled_by_config": "The current system configuration disables the quarantine functionality. Please set \"retentions per mailbox\" and a \"maximum size\" for quarantine elements.",
+        "disabled_by_config": "L'attuale configurazione del sistema disabilita la funzionalità di quarantena. Imposta \"conservazioni per casella di posta\" e \"dimensione massima\" per gli elementi di quarantena.",
         "download_eml": "Download (.eml)",
         "empty": "Nessun risultato",
         "high_danger": "Alto",
@@ -894,15 +919,18 @@
         "type": "Tipologia"
     },
     "queue": {
-        "delete_queue": "Elimina tutto",
-        "flush_queue": "Svuota la coda",
-        "queue_ays": "Conferma di voler eliminare tutti gli elementi dalla coda corrente.",
-        "queue_deliver_mail": "Consegna",
-        "queue_hold_mail": "Trattieni",
         "queue_manager": "Gestore code",
-        "queue_show_message": "Visualizza messaggio",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Rilascia"
+        "delete": "Cancella tutto",
+        "ays": "Conferma che desideri eliminare tutti gli elementi dalla coda corrente.",
+        "info": "La coda di posta contiene tutte le e-mail in attesa di consegna. Se un'e-mail rimane a lungo nella coda di posta, viene automaticamente cancellata dal sistema.<br>Il messaggio di errore della rispettiva e-mail fornisce informazioni sul motivo per cui non è stato possibile consegnarla.",
+        "deliver_mail_legend": "Tenta di riconsegnare i messaggi selezionati.",
+        "hold_mail": "Blocca",
+        "flush": "Svuota la coda",
+        "deliver_mail": "Consegna",
+        "show_message": "Mostra messaggio",
+        "unhold_mail": "Sblocca",
+        "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
+        "legend": "Funzioni delle azioni della coda di posta:"
     },
     "start": {
         "help": "Mostra/Nascondi pannello di aiuto",
@@ -987,7 +1015,10 @@
         "verified_totp_login": "Verified TOTP login",
         "verified_webauthn_login": "Verified WebAuthn login",
         "verified_yotp_login": "Verified Yubico OTP login",
-        "domain_add_dkim_available": "Esisteva già una chiave DKIM"
+        "domain_add_dkim_available": "Esisteva già una chiave DKIM",
+        "template_added": "Aggiunto template %s",
+        "template_modified": "Le modifiche al template %s sono state salvate",
+        "template_removed": "Il template con ID %s è stato cancellato"
     },
     "tfa": {
         "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1151,7 +1182,7 @@
         "tls_enforce_in": "Imponi TLS in ingresso",
         "tls_enforce_out": "Imponi TLS in uscita",
         "tls_policy": "Politica di crittografia",
-        "tls_policy_warning": "<strong>Attenzione:</strong> If you decide to enforce encrypted mail transfer, you may lose emails.<br />Messages to not satisfy the policy will be bounced with a hard fail by the mail system.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
+        "tls_policy_warning": "<strong>Attenzione:</strong> Se decidi di applicare il trasferimento di posta crittografato, potresti perdere le email.<br />I messaggi che non soddisfano la politica verranno respinti con un hard fail dal sistema di posta.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
         "user_settings": "Impostazioni utente",
         "username": "Nome utente",
         "verify": "Verifica",
@@ -1175,7 +1206,8 @@
         "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
         "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
         "with_app_password": "con password dell'app",
-        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile."
+        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
+        "pushover_sound": "Suono"
     },
     "warning": {
         "cannot_delete_self": "Cannot delete logged in user",
@@ -1196,5 +1228,29 @@
         "second": "messaggi / secondo",
         "hour": "messaggi / ora",
         "day": "messaggi / giorno"
+    },
+    "datatables": {
+        "infoFiltered": "(filtrato da _MAX_ voci totali)",
+        "collapse_all": "Comprimi tutto",
+        "emptyTable": "Nessun dato disponibile nella tabella",
+        "expand_all": "Espandi tutto",
+        "info": "Visualizzazione da _START_ a _END_ di _TOTAL_ voci",
+        "infoEmpty": "Visualizzazione da 0 a 0 di 0 voci",
+        "thousands": ".",
+        "loadingRecords": "Caricamento...",
+        "processing": "Attendere prego...",
+        "search": "Ricerca:",
+        "zeroRecords": "Nessuna corrispondenza trovata",
+        "paginate": {
+            "first": "Prima",
+            "last": "Ultima",
+            "next": "Prossima",
+            "previous": "Precedente"
+        },
+        "lengthMenu": "Mostra _MENU_ voci",
+        "aria": {
+            "sortAscending": ": attivare l'ordinamento crescente delle colonne",
+            "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
+        }
     }
 }
diff --git a/data/web/lang/lang.ko-kr.json b/data/web/lang/lang.ko-kr.json
index 6111e99a..3f3cb153 100644
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -777,15 +777,7 @@
         "toggle_all": "선택 반전"
     },
     "queue": {
-        "delete_queue": "전부 삭제",
-        "flush_queue": "큐 비우기",
-        "queue_ays": "현재 대기열에서 모든 항목을 삭제할지 확인하십시오.",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "대기열 관리자",
-        "queue_unban": "대기열 밴 해제",
-        "queue_unhold_mail": "Unhold",
-        "queue_show_message": "메시지 표시"
+        "queue_manager": "대기열 관리자"
     },
     "start": {
         "help": "Show/Hide help panel",
diff --git a/data/web/lang/lang.lv-lv.json b/data/web/lang/lang.lv-lv.json
index d3b53ddf..962b9000 100644
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -3,7 +3,8 @@
         "bcc_maps": "BCC kartes",
         "filters": "Filtri",
         "recipient_maps": "Saņēmēja kartes",
-        "syncjobs": "Sinhronizācijas uzdevumi"
+        "syncjobs": "Sinhronizācijas uzdevumi",
+        "spam_score": "Mēstules novērtējums"
     },
     "add": {
         "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -104,10 +105,10 @@
         "host": "Hosts",
         "import": "Importēt",
         "import_private_key": "Importēt privātu atslēgu",
-        "in_use_by": "Tiek lietots ar",
+        "in_use_by": "Izmanto",
         "inactive": "Neaktīvs",
         "link": "Saite",
-        "loading": "Lūdzu uzgaidiet...",
+        "loading": "Lūgums uzgaidīt...",
         "logo_info": "Jūsu attēls augšējā navigācijas joslā tiks palielināts līdz 40 pikseļiem un maks. sākumlapas platums par 250 pikseļi. Ir ļoti ieteicama pielāgojama grafikaYour image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. Ir ļoti ieteicama pielāgojamā grafika",
         "main_name": "\"mailcow UI\" nosaukums",
         "merged_vars_hint": "Pelēkās rindas tika apvienotas <code>vars.(local.)inc.php</code> un nevar tikt modificētas.",
@@ -144,7 +145,10 @@
         "ui_texts": "UI etiķetes un teksti",
         "unchanged_if_empty": "Ja nav veiktas izmaiņas, atstājiet tukšu",
         "upload": "Augšupielādēt",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
+        "generate": "izveidot",
+        "message": "Ziņojums",
+        "last_applied": "Pēdējoreiz pielietots"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -170,7 +174,7 @@
         "is_alias": "%s jau ir zināms alias",
         "is_alias_or_mailbox": "%s jau ir zināms alias, pastkastes vai alias addrese izvērsta no alias domēna.",
         "is_spam_alias": "%s ir jau zināms spam alias",
-        "last_key": "Pēdējā atslēga nevar būt dzēsta",
+        "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
         "login_failed": "Ielogošanās neveiksmīga",
         "mailbox_invalid": "Pastkastes vārds ir nederīgs",
         "mailbox_quota_exceeded": "Kvota pārsniedz domēna limitu (max. %d MiB)",
@@ -262,7 +266,8 @@
         "title": "Labot priekšmetu",
         "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
         "username": "Lietotājvārds",
-        "validate_save": "Apstiprināt un saglabāt"
+        "validate_save": "Apstiprināt un saglabāt",
+        "last_modified": "Pēdējoreiz mainīts"
     },
     "footer": {
         "cancel": "Atcelt",
@@ -314,21 +319,21 @@
         "bcc_destinations": "BCC galamērķi/s",
         "bcc_info": "BCC kartes tiek izmantotas, lai klusu pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes tipa ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta adresāts. Sūtītāja kartes atbilst vienam un tam pašam principam. <br/>\r\n   Vietējais galamērķis netiks informēts par piegādes neveiksmi. ",
         "bcc_local_dest": "Vietējais galamērķis",
-        "bcc_map_type": "BCC tips",
+        "bcc_map_type": "BCC veids",
         "bcc_maps": "BCC kartes",
         "bcc_rcpt_map": "saņēmēja karte",
         "bcc_sender_map": "Sūtītāja karte",
         "bcc_to_rcpt": "Pārslēdzieties uz adresāta kartes tipu",
         "bcc_to_sender": "Pārslēgties uz sūtītāja kartes tipu",
         "bcc_type": "BCC tips",
-        "deactivate": "Deaktivizēt",
+        "deactivate": "Deaktivēt",
         "description": "Apraksts",
         "dkim_key_length": "DKIM atslēgas garums (bits)",
         "domain": "Domēns",
         "domain_admins": "Domēna administratori",
         "domain_aliases": "Domēna aliases",
         "domain_quota": "Kvota",
-        "domain_quota_total": "Kopējā  domēna kvota",
+        "domain_quota_total": "Kopējais domēna ierobežojums",
         "domains": "Domēns",
         "edit": "Labot",
         "empty": "Nav rezultātu",
@@ -341,7 +346,7 @@
         "inactive": "Neaktīvs",
         "kind": "Veids",
         "last_run": "Pēdējā norise",
-        "last_run_reset": "Nākamais grafiks",
+        "last_run_reset": "Ievietot sarakstā kā nākamo",
         "mailbox_quota": "Maks. pastkastes izmērs",
         "mailboxes": "Pastkaste",
         "max_aliases": "Maks. iespejamās aliases",
@@ -374,7 +379,13 @@
         "tls_enforce_out": "Piespiest TLS izejošajiem",
         "toggle_all": "Pārslēgt visu",
         "username": "Lietotājvārds",
-        "waiting": "Gaidīšana"
+        "waiting": "Gaidīšana",
+        "last_modified": "Pēdējoreiz mainīts",
+        "booking_0_short": "Vienmēŗ bezmaksas",
+        "daily": "Ik dienu",
+        "hourly": "Ik stundu",
+        "last_mail_login": "Pēdējā pieteikšanās pastkastē",
+        "mailbox": "Pastkaste"
     },
     "quarantine": {
         "action": "Darbības",
@@ -400,16 +411,7 @@
         "toggle_all": "Pārslēgt visu"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Rādīt/Paslēp palīdzības paneli",
@@ -556,5 +558,14 @@
         "waiting": "Waiting",
         "week": "Nedēļa",
         "weeks": "Nedēļas"
+    },
+    "datatables": {
+        "paginate": {
+            "first": "Pirmā",
+            "last": "Pēdējā"
+        }
+    },
+    "debug": {
+        "last_modified": "Pēdējoreiz mainīts"
     }
 }
diff --git a/data/web/lang/lang.nl-nl.json b/data/web/lang/lang.nl-nl.json
index ad005447..774627ca 100644
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -528,6 +528,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (neem het gegevensbeschermingsbeleid in acht)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "quota_mb": "Quota (MiB)",
@@ -597,7 +598,7 @@
     },
     "login": {
         "delayed": "Aanmelding vertraagd met %s seconden.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Aanmelden",
         "mobileconfig_info": "Log in als mailboxgebruiker om het Apple-verbindingsprofiel te downloaden.",
         "other_logins": "Meld aan met key",
@@ -658,7 +659,6 @@
         "domain_admins": "Domeinadministrators",
         "domain_aliases": "Domeinaliassen",
         "domain_quota": "Quota",
-        "domain_quota_m": "Totale domeinquota",
         "domains": "Domeinen",
         "edit": "Wijzig",
         "empty": "Geen resultaten",
@@ -815,15 +815,7 @@
         "toggle_all": "Selecteer alles"
     },
     "queue": {
-        "delete_queue": "Verwijder alles",
-        "flush_queue": "Leeg queue",
-        "queue_ays": "Bevestig het verwijderen van alle items uit de queue.",
-        "queue_deliver_mail": "Lever af",
-        "queue_hold_mail": "Houd vast",
-        "queue_manager": "Queue manager",
-        "queue_unban": "hef verbanning op",
-        "queue_unhold_mail": "Geef vrij",
-        "queue_show_message": "Toon item"
+        "queue_manager": "Queue manager"
     },
     "start": {
         "help": "Toon/verberg hulppaneel",
@@ -1015,6 +1007,7 @@
         "pushover_sender_regex": "Uitsluitend een afzender met de volgende regex",
         "pushover_text": "Meldingstekst ({SUBJECT} zal worden vervangen door het onderwerp)",
         "pushover_title": "Meldingstitel",
+        "pushover_sound": "Geluid",
         "pushover_vars": "Wanneer er geen afzenders zijn uitgesloten zullen alle mails doorkomen.<br>Regex-filters en afzendercontroles kunnen individueel worden ingesteld en zullen in volgorde worden verwerkt. Ze zijn niet afhankelijk van elkaar.<br>Bruikbare variabelen voor tekst en titel (let op het gegevensbeschermingsbeleid)",
         "pushover_verify": "Verifieer aanmeldingsgegevens",
         "q_add_header": "Spamfolder",
diff --git a/data/web/lang/lang.pl-pl.json b/data/web/lang/lang.pl-pl.json
index c2f2bd36..b2862d8e 100644
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -285,16 +285,7 @@
         "toggle_all": "Zaznacz wszystkie"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Pokaż/Ukryj panel pomocy",
diff --git a/data/web/lang/lang.pt-pt.json b/data/web/lang/lang.pt-pt.json
index 6eba0529..bfd640fd 100644
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -193,16 +193,7 @@
         "remove": "Remover"
     },
     "queue": {
-        "delete_queue": "Delete all",
-        "flush_queue": "Flush queue",
-        "queue_ays": "Please confirm you want to delete all items from the current queue.",
-        "queue_command_success": "Queue command completed successfully",
-        "queue_deliver_mail": "Deliver",
-        "queue_hold_mail": "Hold",
-        "queue_manager": "Queue Manager",
-        "queue_show_message": "Show message",
-        "queue_unban": "queue unban",
-        "queue_unhold_mail": "Unhold"
+        "queue_manager": "Queue Manager"
     },
     "start": {
         "help": "Mostrar/Ocultar painel de ajuda",
diff --git a/data/web/lang/lang.ro-ro.json b/data/web/lang/lang.ro-ro.json
index f99bcb87..8e6e1d45 100644
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -656,7 +656,7 @@
     },
     "login": {
         "delayed": "Conectarea a fost întârziată cu %s secunde.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Autentificare",
         "mobileconfig_info": "Autentificați-vă cu adresa de email pentru a descărca profilul de conexiune Apple.",
         "other_logins": "Autentificare cu cheie",
@@ -895,15 +895,7 @@
         "toggle_all": "Comută toate"
     },
     "queue": {
-        "delete_queue": "Șterge tot",
-        "flush_queue": "Elimină coadă",
-        "queue_ays": "Te rog confirmă că dorești să ștergi toate articolele din coada curentă.",
-        "queue_deliver_mail": "Livrează",
-        "queue_hold_mail": "Blochează",
-        "queue_manager": "Manager de coadă",
-        "queue_unban": "coadă pentru dezactivare interdicție",
-        "queue_unhold_mail": "Deblochează",
-        "queue_show_message": "Arată mesajul"
+        "queue_manager": "Manager de coadă"
     },
     "ratelimit": {
         "disabled": "Dezactivat",
diff --git a/data/web/lang/lang.ru-ru.json b/data/web/lang/lang.ru-ru.json
index bce3cd3a..65dd4bae 100644
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -37,7 +37,7 @@
         "add_domain_only": "Только добавить домен",
         "add_domain_restart": "Добавить домен и перезапустить SOGo",
         "alias_address": "Псевдоним/ы",
-        "alias_address_info": "<small>Укажите почтовые адреса разделенные запятыми или, если хотите пересылать все сообщения для домена владельцам псевдонима то: <code>@example.com</code>. <b>Только домены mailcow разрешены</b>.</small>",
+        "alias_address_info": "<small>Адрес(а) электронной почты (через запятую) или @example.com (для перехвата всех писем для домена). <b>только домены mailcow</b>.</small>",
         "alias_domain": "Псевдоним домена",
         "alias_domain_info": "<small>Действительные имена доменов, раздёленные запятыми.</small>",
         "app_name": "Название приложения",
@@ -335,7 +335,8 @@
         "username": "Имя пользователя",
         "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
         "verify": "Проверить",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "queue_unban": "разблокировать"
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -654,7 +655,7 @@
     },
     "login": {
         "delayed": "Вход был отложен на %s секунд.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Войти",
         "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
         "other_logins": "Вход с помощью ключа",
@@ -893,15 +894,7 @@
         "type": "Тип"
     },
     "queue": {
-        "delete_queue": "Удалить все сообщения",
-        "flush_queue": "Отправить все сообщения",
-        "queue_ays": "Пожалуйста, подтвердите, что вы хотите удалить все элементы из очереди.",
-        "queue_deliver_mail": "Доставить",
-        "queue_hold_mail": "Поставить на удержание",
-        "queue_manager": "Очередь на отправку",
-        "queue_show_message": "Показать сообщение",
-        "queue_unban": "разблокировать очередь",
-        "queue_unhold_mail": "Снять с удержания"
+        "queue_manager": "Очередь на отправку"
     },
     "ratelimit": {
         "disabled": "Отключен",
diff --git a/data/web/lang/lang.sk-sk.json b/data/web/lang/lang.sk-sk.json
index 7e52fa2f..2b93650f 100644
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -106,7 +106,8 @@
         "username": "Používateľské meno",
         "validate": "Overiť",
         "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie",
+        "tags": "Štítky"
     },
     "admin": {
         "access": "Prístup",
@@ -656,7 +657,7 @@
     },
     "login": {
         "delayed": "Prihlásenie bolo oneskorené o %s sekúnd.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Prihlásenie",
         "mobileconfig_info": "Prosím, prihláste sa ako mailový používateľ pre stiahnutie požadovaného Apple profilu.",
         "other_logins": "Prihlásenie kľúčom",
@@ -895,15 +896,7 @@
         "type": "Typ"
     },
     "queue": {
-        "delete_queue": "Vymazať všetko",
-        "flush_queue": "Vyprázdniť frontu",
-        "queue_ays": "Prosím potvrďte vymazanie všetkých položiek z aktuálnej fronty.",
-        "queue_deliver_mail": "Doručiť",
-        "queue_hold_mail": "Pozdržať",
-        "queue_manager": "Správca fronty",
-        "queue_show_message": "Zobraziť správu",
-        "queue_unban": "Odblokovať",
-        "queue_unhold_mail": "Uvoľniť"
+        "queue_manager": "Správca fronty"
     },
     "ratelimit": {
         "disabled": "Vypnuté",
diff --git a/data/web/lang/lang.sv-se.json b/data/web/lang/lang.sv-se.json
index 216aeae0..31bc0ab3 100644
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -2,51 +2,53 @@
     "acl": {
         "alias_domains": "Lägg till aliasdomäner",
         "app_passwds": "Hantera applikationslösenord",
-        "bcc_maps": "Dåld kopia-kopplingar",
+        "bcc_maps": "Dold kopia-kopplingar",
         "delimiter_action": "Avgränsningsåtgärder",
-        "eas_reset": "Återställ EAS-cache",
-        "extend_sender_acl": "Tillåt inmatning av externa avsändaradresser",
+        "eas_reset": "Återställ EAS enheter",
+        "extend_sender_acl": "Tillåt att utöka avsändarens ACL med externa adresser",
         "filters": "Filter",
-        "login_as": "Logga in som en brevlådeanvändare",
+        "login_as": "Logga in som mejlanvändare",
         "prohibited": "Inte tillåtet enligt en åtkomstlista",
-        "protocol_access": "Ändra tillåtna protokoll",
+        "protocol_access": "Ändra protokollåtkomst",
         "pushover": "Pushover",
         "quarantine": "Karantän åtgärder",
         "quarantine_attachments": "Karantänsbilagor",
         "quarantine_notification": "Ändra karantänsnotifieringar",
         "quarantine_category": "Ändra kategorin för karantänsnotifieringar",
         "ratelimit": "Hastighetsgräns",
-        "recipient_maps": "Om skrivning av mottagare",
-        "smtp_ip_access": "Hantera tillåtna värdar för SMTP",
+        "recipient_maps": "Kartor över mottagare",
+        "smtp_ip_access": "Ändra tillåtna värdar för SMTP",
         "sogo_access": "Tillåt hantering av SOGo-åtkomst",
         "sogo_profile_reset": "Återställ SOGo-profil",
         "spam_alias": "Tillfälliga e-postalias",
-        "spam_policy": "Svartlista/vitlista",
+        "spam_policy": "Svartlista/Vitlista",
         "spam_score": "Skräppost-betyg",
-        "syncjobs": "synkroniseringsjobb",
+        "syncjobs": "Synkroniseringsjobb",
         "tls_policy": "Krypteringspolicy",
         "unlimited_quota": "Obegränsad kvot för postlådor",
-        "domain_desc": "Ändra domänbeskrivningen"
+        "domain_desc": "Ändra domänbeskrivningen",
+        "domain_relayhost": "Ändra relävärd för domän",
+        "mailbox_relayhost": "Ändra relävärd för e-postlåda"
     },
     "add": {
-        "activate_filter_warn": "Alla andra filter av den här typen kommer inaktiveras om det här skriptet markeras som aktivt.",
+        "activate_filter_warn": "Alla andra filter kommer att inaktiveras när aktiva är markerade.",
         "active": "Aktiv",
         "add": "Lägg till",
-        "add_domain_only": "Lägg bara till domänen",
-        "add_domain_restart": "Lägg till domänen, och starta om SOGo",
-        "alias_address": "Alias-adress/adresser",
-        "alias_address_info": "<small>Fulständig e-postadress/adresser, eller @example.com för att fånga alla meddelanden på en domän (separerade med komma). <b>endast mailcow domäner</b>.</small>",
-        "alias_domain": "Aliasdomän",
-        "alias_domain_info": "<small>Endast giltiga domännamn (separerade med komma).</small>",
+        "add_domain_only": "Lägg enbart till domän",
+        "add_domain_restart": "Lägg till domän och starta om SOGo",
+        "alias_address": "Aliasadress/-er",
+        "alias_address_info": "<small>Fullständig e-postadress/er eller @example.com, för att fånga alla meddelanden för en domän (kommaseparerad).<b>Endast Mailcow-domäner</b>.</small>",
+        "alias_domain": "Alias domän",
+        "alias_domain_info": "<small>Endast giltiga domännamn (kommaavgränsade).</small>",
         "app_name": "Applikationsnamn",
         "app_password": "Lägg till applikationslösenord",
-        "automap": "Koppla automatiskt de vanliga e-post katalogerna (\"Skickade meddelanden\", \"Skickat\" => \"Skickat\" mm)",
-        "backup_mx_options": "Inställningar för vidarebefordran",
-        "comment_info": "En privat kommentar är inte synlig för användaren, medan en offentlig kommentar visas i användaröversikten",
+        "automap": "Försök att automatiskt mappa mappar (\"Skickade objekt\", \"Skickat\" => \"Skickat\" etc.)",
+        "backup_mx_options": "Reläalternativ",
+        "comment_info": "En privat kommentar är inte synlig för användaren, medan en offentlig kommentar visas som verktygstips när du hovrar den i en användares översikt",
         "custom_params": "Egna parametrar",
         "custom_params_hint": "Korrekt: --param=xy, Felaktigt: --param xy",
-        "delete1": "Ta bort meddelande från källservern när överföringen är slutförd.",
-        "delete2": "Ta bort meddelanden från destinationsservern som inte finns på källservern",
+        "delete1": "Ta bort från källan när du är klar",
+        "delete2": "Ta bort meddelanden på målet som inte finns på källan",
         "delete2duplicates": "Ta bort dubbletter på destinationsservern",
         "description": "Beskrivning",
         "destination": "Destination",
@@ -102,7 +104,9 @@
         "timeout2": "Timeout för anslutning till lokalserver",
         "username": "Användarnamn",
         "validate": "Validera",
-        "validation_success": "Korrekt validerad"
+        "validation_success": "Korrekt validerad",
+        "app_passwd_protocols": "Tillåtna protokoll för applösenord",
+        "bcc_dest_format": "BCC-destinationen måste vara en enda giltig e-postadress.<br>Om du behöver skicka en kopia till flera adresser skapar du ett alias och använder det här."
     },
     "admin": {
         "access": "Åtkomst",
@@ -614,7 +618,7 @@
     },
     "login": {
         "delayed": "Av säkerhetsskäl har inloggning inaktiverats i %s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Logga in",
         "mobileconfig_info": "Logga in som en användare av brevlåda för att ladda ner den begärda Apple-anslutningsprofilen.",
         "other_logins": "Loggain med nyckel",
@@ -836,15 +840,7 @@
         "toggle_all": "Markera alla"
     },
     "queue": {
-        "delete_queue": "Ta bort allt",
-        "flush_queue": "Kasta kön",
-        "queue_ays": "Bekräfta att du verkligen vill ta bort dessa objekt från den aktuella kön.",
-        "queue_deliver_mail": "Leverera",
-        "queue_hold_mail": "Håll kvar",
-        "queue_manager": "Kö-hanteraring",
-        "queue_unban": "schemalägg en borttagning från banlysning",
-        "queue_unhold_mail": "Släpp på",
-        "queue_show_message": "Visa meddelandet"
+        "queue_manager": "Kö-hanteraring"
     },
     "start": {
         "help": "Visa/dölj hjälppanel",
diff --git a/data/web/lang/lang.uk-ua.json b/data/web/lang/lang.uk-ua.json
index 957211de..0a5c71b8 100644
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -305,7 +305,6 @@
         "excludes": "Виключає цих отримувачів",
         "f2b_filter": "Правила фільтрування за допомогою регулярних виразів",
         "f2b_list_info": "Хости або підмережі, занесені до чорного списку, завжди переважатимуть об'єкти з білого списку. <b>Оновлення списку займе декілька секунд.</b>",
-        "flush_queue": "Відправити всі повідомлення",
         "forwarding_hosts_add_hint": "Можна вказувати: IPv4/IPv6 підмережі в нотації CIDR, імена хостів (які будуть дозволятися в IP-адреси) або доменні імена (які будуть вирішуватися з IP-адресами шляхом запиту SPF записів або, у разі їх відсутності, запитом MX записів).",
         "forwarding_hosts_hint": "Вхідні повідомлення приймаються від будь-яких хостів, перерахованих тут. Ці хости не проходять перевірку DNSBL і greylisting. Спам, отриманий від них, ніколи не відхиляється, але за бажання можна включити спам-фільтр і листи з поганим рейтингом потраплятимуть до спаму. Найбільш поширене використання – вказати поштові сервери, на яких ви встановили правило, яке перенаправляє вхідні електронні листи на ваш поштовий сервер mailcow.",
         "guid_and_license": "Ліцензія та GUID",
@@ -320,7 +319,6 @@
         "quarantine_notification_html": "Шаблон сповіщення:<br><small>Залиште порожнім, щоб відновити шаблон за промовчанням.</small>",
         "quarantine_notification_subject": "Тема листа",
         "quarantine_redirect": "<b>Перенаправити всі повідомлення</b> цьому одержувачу:<br><small><b>Одержувач повинен бути внутрішнім, оскільки пошта не підписана та не перевірена. </b></br>Вимкнено, якщо одержувач не вказано.</small>",
-        "queue_ays": "Будь ласка, підтвердіть, що ви хочете видалити всі елементи з черги.",
         "quota_notification_html": "Шаблон сповіщення:<br><small>Залиште порожнім, щоб відновити шаблон за замовчуванням.</small>",
         "quota_notifications_info": "Повідомлення про досягнення квоти надсилаються користувачам при досягненні 80% та 95% від встановленої квоти.",
         "r_info": "Затінені/вимкнені елементи в списку активних обмежень не відомі як дійсні обмеження для mailcow і не можуть бути переміщені. Невідомі обмеження все одно будуть встановлені в порядку появи. <br>Ви можете додати нові елементи в <code>inc/vars.local.inc.php</code>, щоб мати можливість перемикати їх.",
@@ -658,7 +656,7 @@
         "awaiting_tfa_confirmation": "В очікуванні підтвердження TFA"
     },
     "login": {
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "Увійти",
         "other_logins": "Вхід за допомогою ключа",
         "password": "Пароль",
@@ -898,14 +896,7 @@
         "table_size_show_n": "Відображати %s полів"
     },
     "queue": {
-        "delete_queue": "Видалити всі повідомлення",
-        "flush_queue": "Flush queue",
-        "queue_deliver_mail": "Доставити",
-        "queue_hold_mail": "Поставити на утримання",
-        "queue_manager": "Черга на відправлення",
-        "queue_show_message": "Показати повідомлення",
-        "queue_unban": "розблокувати чергу",
-        "queue_unhold_mail": "Зняти з утримання"
+        "queue_manager": "Черга на відправлення"
     },
     "ratelimit": {
         "disabled": "Вимкнено",
diff --git a/data/web/lang/lang.zh-cn.json b/data/web/lang/lang.zh-cn.json
index a2dee800..e57ea2a7 100644
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -2,100 +2,106 @@
     "acl": {
         "alias_domains": "添加域名别名",
         "app_passwds": "管理应用密码",
-        "bcc_maps": "BCC映射",
-        "delimiter_action": "邮件地址标签处理",
-        "eas_reset": "重置Exchange ActiveSync设备",
-        "extend_sender_acl": "允许用外部地址扩展访问控制表",
+        "bcc_maps": "BCC 映射",
+        "delimiter_action": "邮箱地址标签处理",
+        "domain_desc": "更改域名描述",
+        "domain_relayhost": "更改域名的中继主机",
+        "eas_reset": "重置 Exchange ActiveSync (EAS) 设备",
+        "extend_sender_acl": "允许通过外部地址扩展发件人的 ACL 设置",
         "filters": "过滤器",
-        "login_as": "以邮箱用户登录",
-        "prohibited": "禁止访问",
+        "login_as": "作为邮箱用户登录",
+        "mailbox_relayhost": "更改邮箱的中继主机",
+        "prohibited": "被 ACL 禁止访问",
         "protocol_access": "更改访问协议",
         "pushover": "Pushover",
         "quarantine": "隔离操作",
         "quarantine_attachments": "隔离附件",
+        "quarantine_category": "更改隔离通知类型",
         "quarantine_notification": "更改隔离通知",
         "ratelimit": "频率限制",
         "recipient_maps": "收件人映射",
-        "smtp_ip_access": "更改SMTP允许主机",
-        "sogo_access": "允许管理SOGo访问",
-        "sogo_profile_reset": "重置SOGo个人资料",
+        "smtp_ip_access": "更改 SMTP 允许主机",
+        "sogo_access": "允许管理 SOGo 访问权限",
+        "sogo_profile_reset": "重置 SOGo 个人资料",
         "spam_alias": "临时别名",
         "spam_policy": "黑名单/白名单",
         "spam_score": "垃圾邮件分数",
         "syncjobs": "同步任务",
-        "tls_policy": "TLS策略",
-        "unlimited_quota": "无限邮箱容量配额",
-        "domain_desc": "更改域名描述"
+        "tls_policy": "TLS 策略",
+        "unlimited_quota": "无限邮箱容量配额"
     },
     "add": {
-        "activate_filter_warn": "当\"启用\"被勾选，所有其他过滤器都会被禁用",
+        "activate_filter_warn": "当“启用”选项被勾选后，其它所有的过滤器都会被禁用。",
         "active": "启用",
         "add": "添加",
         "add_domain_only": "只添加域名",
         "add_domain_restart": "添加域名并重启",
         "alias_address": "地址别名",
-        "alias_address_info": "<small>完整邮件地址，或 @example.com 以捕获此域名下所有邮件地址的信息 (英文逗号分隔多个地址)。 <b>只允许此mailcow实例下的域名</b>。</small>",
+        "alias_address_info": "<small>使用完整的邮箱地址，或使用 @example.com 匹配此域名下所有的邮箱地址 (存在多个地址时使用英文逗号分隔)。 <b>只允许此 Mailcow 实例下的域名</b></small>",
         "alias_domain": "域名别名",
-        "alias_domain_info": "<small>只允许合法的域名 (英文逗号分隔多个地址)</small>",
+        "alias_domain_info": "<small>只允许合法的域名 (存在多个地址时使用英文逗号分隔)</small>",
         "app_name": "应用名称",
         "app_password": "添加应用密码",
-        "automap": "尝试自动映射文件夹 (如：\"已发送\", \"Sent\" => \"Sent\")",
+        "app_passwd_protocols": "应用密码允许的协议",
+        "automap": "将尝试自动映射文件夹 (例如将 \"已发送消息\" 和 \"已发送\" 均映射到 \"已发送\" 文件夹)",
         "backup_mx_options": "中继选项",
-        "comment_info": "私密评论对用户不可见，公开评论会给用户展示为鼠标悬停显示的提示",
+        "bcc_dest_format": "BCC 的目标地址必须是一个有效的电子邮箱地址。<br>如果你需要向多个地址发送副本，请创建一个别名并在此使用。",
+        "comment_info": "私密评论对用户不可见，公开评论将会在鼠标悬停时作为用户提示显示",
         "custom_params": "自定义参数",
-        "custom_params_hint": "正确的写法： --param=xy ，错误的写法： --param xy",
-        "delete1": "完成后将源邮件删除",
-        "delete2": "删除目的邮箱中存在但源邮箱中不存在的邮件",
-        "delete2duplicates": "删除目的邮箱中的重复邮件",
+        "custom_params_hint": "正确的格式： --param=xy ，错误的格式： --param xy",
+        "delete1": "在完成后删除源邮件",
+        "delete2": "删除在目标邮箱中存在但在源邮箱中不存在的邮件",
+        "delete2duplicates": "删除目标邮箱中的重复邮件",
         "description": "描述",
-        "destination": "目的邮箱",
-        "disable_login": "不允许登录 (仍然会接收邮件)",
+        "destination": "目标邮箱",
+        "disable_login": "不允许登录 (但仍然会接收邮件)",
         "domain": "域名",
-        "domain_matches_hostname": "域名 %s 与主机名匹配",
+        "domain_matches_hostname": "域名 %s 与主机名称匹配",
         "domain_quota_m": "域名总配额 (MiB)",
         "enc_method": "加密方法",
-        "exclude": "拒绝对象 (regex)",
-        "full_name": "全名",
+        "exclude": "拒绝对象 (Regex)",
+        "full_name": "全称",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 空闲/繁忙 信息将不能在SOGo中显示。 <b>重启SOGo以应用更改。</b>",
+        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的状态将无法在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
-        "goto_ham": "学习为 <span class=\"text-success\"><b>非垃圾邮件</b></span>",
+        "goto_ham": "学习为<span class=\"text-success\"><b>非垃圾邮件</b></span>",
         "goto_null": "静默丢弃邮件",
-        "goto_spam": "学习为 <span class=\"text-danger\"><b>垃圾邮件</b></span>",
+        "goto_spam": "学习为<span class=\"text-danger\"><b>垃圾邮件</b></span>",
         "hostname": "主机名",
         "inactive": "禁用",
         "kind": "类型",
         "mailbox_quota_def": "默认邮箱配额",
         "mailbox_quota_m": "每个邮箱的最大配额 (MiB)",
-        "mailbox_username": "用户名<br><small>(邮件地址的左侧部分)</small>",
-        "max_aliases": "最大允许地址别名数",
-        "max_mailboxes": "最大允许邮箱数",
+        "mailbox_username": "用户名 (邮箱地址左侧的部分)",
+        "max_aliases": "最大允许的地址别名数",
+        "max_mailboxes": "最大允许的邮箱数",
         "mins_interval": "轮询间隔 (分钟)",
         "multiple_bookings": "登记限制",
         "nexthop": "下一跳",
         "password": "密码",
-        "password_repeat": "确认密码<br><small>(重复输入)</small>",
+        "password_repeat": "确认密码 (重复)",
         "port": "端口",
-        "post_domain_add": "在添加新域名后SOGo的容器\"sogo-mailcow\"需要重新启动。<br><br>此外请检查并修改域名的DNS配置。一旦DNS配置生效, 重启\"acme-mailcow\"容器以自动地为你的新域名生成证书 (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;)。<br>重新启动容器是可选的，生成证书的操作会每24小时重试一次。",
+        "post_domain_add": "在添加新域名后，SOGo 服务的容器 \"sogo-mailcow\" 需要重新启动。<br><br>此外请检查并修改该域名的 DNS 配置。当 DNS 配置生效后，请重启 \"acme-mailcow\" 容器以便自动地为你的新域名生成证书 (包括 autoconfig.&lt;domain&gt; 和 autodiscover.&lt;domain&gt; 两个域名)。<br>重启该容器是可选的，因为生成证书的操作会每隔24小时重试一次。",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
         "quota_mb": "配额 (MiB)",
         "relay_all": "中继所有收件人",
-        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个应该中继的邮件添加一个 (\"盲\") 邮箱。",
+        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个需要中继的邮件添加一个(\"虚拟\")邮箱。",
         "relay_domain": "中继这个域名",
-        "relay_transport_info": "<div class=\"badge fs-6 bg-info\"></div> 你可以为此域名定义传输规则以自定义发件目标主机，否则遵照MX记录发送邮件。",
-        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址则在本地递送。",
-        "relayhost_wrapped_tls_info": "请 <b>不要</b> 使用\"嵌套TLS\"的端口 (大多为端口465).<br>\r\n使用其他\"非嵌套\"的端口发起STARTTLS. 你可以在\"TLS策略规则\"中添加强制使用TLS的策略。",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">注意</div> 你可以为此域名自定义传输规则来指定发件目标主机，否则将按照 MX 记录发送邮件。",
+        "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址将在本地发送。",
+        "relayhost_wrapped_tls_info": "请<b>不要</b>使用\"嵌套 TLS \"的端口 (大多数为端口 465)。<br>\r\n使用其他\"非嵌套\"的端口发起 STARTTLS。你可以在\"TLS 策略规则\"中添加强制使用 TLS 的策略。",
         "select": "请选择...",
         "select_domain": "请先选择一个域名",
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
-        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留先存在的邮件)",
+        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件 (保留已经存在的邮件)",
         "subscribeall": "订阅所有文件夹",
         "syncjob": "添加同步任务",
-        "syncjob_hint": "注意密码需要以明文存储！",
+        "syncjob_hint": "注意密码将以明文存储！",
+        "tags": "标签",
         "target_address": "目标地址",
-        "target_address_info": "<small>完整的邮箱地址 (英文逗号分隔多个地址)。</small>",
+        "target_address_info": "<small>完整的邮箱地址 (存在多个地址时使用英文逗号分隔)</small>",
         "target_domain": "目标域名",
         "timeout1": "远程主机连接超时时间",
         "timeout2": "本地主机连接超时时间",
@@ -104,12 +110,12 @@
         "validation_success": "验证成功"
     },
     "admin": {
-        "access": "访问",
+        "access": "权限管理",
         "action": "操作",
-        "activate_api": "启用API",
+        "activate_api": "启用 API",
         "activate_send": "启用发送按钮",
         "active": "启用",
-        "active_rspamd_settings_map": "启用的设置规则",
+        "active_rspamd_settings_map": "启用的规则",
         "add": "添加",
         "add_admin": "添加管理员",
         "add_domain_admin": "添加域名管理员",
@@ -124,35 +130,40 @@
         "admin": "管理员",
         "admin_details": "编辑管理员详情",
         "admin_domains": "分配域名",
+        "admins": "管理员",
+        "admins_ldap": "LDAP 管理员",
         "advanced_settings": "高级设置",
-        "api_allow_from": "允许来自这些IP/CIDR网络的API访问",
-        "api_info": "API功能仍在完善中。你可以在<a href=\"/api\">/api</a>找到API文档",
-        "api_key": "API密钥",
-        "api_skip_ip_check": "跳过API的IP检查",
+        "api_allow_from": "允许来自这些 IP/CIDR 网络的 API 访问",
+        "api_info": "API 功能仍在完善中。你可以在<a href=\"/api\">这里</a>找到 API 文档",
+        "api_key": "API 密钥",
+        "api_read_only": "只读权限",
+        "api_read_write": "可写权限",
+        "api_skip_ip_check": "跳过 API 的 IP 检查",
         "app_links": "应用链接",
         "app_name": "应用名称",
-        "apps_name": "\"mailcow Apps\" 名称",
-        "arrival_time": "到达时间(服务器)",
+        "apps_name": "Mailcow 应用的名称",
+        "arrival_time": "到达时间 (服务器时间)",
         "authed_user": "已认证用户",
         "ays": "确定继续操作?",
-        "ban_list_info": "下为封禁掉的IP列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />取消封禁的IP将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
-        "change_logo": "更改logo",
+        "ban_list_info": "以下为被封禁的 IP 列表: <b>网络 (剩余封禁时间) - [操作]</b>。<br />被取消封禁的 IP 将会在几秒之内从封禁列表中移除<br />红色标签表示因黑名单而导致的永久封禁",
+        "change_logo": "更改 Logo",
         "configuration": "配置",
-        "credentials_transport_warning": "<b>警告</b>: 添加新的传输规则会为所有\"下一跳\"列匹配的规则更新认证凭证。",
-        "customer_id": "客户ID",
-        "customize": "自定义",
+        "convert_html_to_text": "将 HTML 转换为纯文本内容",
+        "credentials_transport_warning": "<b>警告</b>: 添加新的传输规则将会为所有的\"下一跳\"列匹配的规则更新认证凭证。",
+        "customer_id": "客户 ID",
+        "customize": "页面自定义",
         "destination": "目标地址",
-        "dkim_add_key": "添加ARC/DKIM密钥",
+        "dkim_add_key": "添加 ARC/DKIM 密钥",
         "dkim_domains_selector": "选择器",
-        "dkim_domains_wo_keys": "选择没有密钥的域名",
+        "dkim_domains_wo_keys": "选择缺失密钥的域名",
         "dkim_from": "从",
         "dkim_from_title": "源域名 - 数据来源",
-        "dkim_key_length": "DKIM密钥长度 (bits)",
+        "dkim_key_length": "DKIM 密钥长度 (Bits)",
         "dkim_key_missing": "密钥缺失",
-        "dkim_key_unused": "密钥未被使用",
+        "dkim_key_unused": "密钥闲置",
         "dkim_key_valid": "密钥合法",
-        "dkim_keys": "ARC/DKIM密钥",
-        "dkim_overwrite_key": "覆盖已存在的DKIM密钥",
+        "dkim_keys": "ARC/DKIM 密钥",
+        "dkim_overwrite_key": "覆盖已存在的 DKIM 密钥",
         "dkim_private_key": "私钥",
         "dkim_to": "到",
         "dkim_to_title": "目标域名 - 数据将会被覆盖",
@@ -161,47 +172,50 @@
         "domain_admins": "域名管理员",
         "domain_s": "域名",
         "duplicate": "复制",
-        "duplicate_dkim": "复制DKIM记录",
+        "duplicate_dkim": "复制 DKIM 记录",
         "edit": "编辑",
         "empty": "结果为空",
         "excludes": "除了",
         "f2b_ban_time": "封禁时间 (秒)",
         "f2b_blacklist": "网络/主机黑名单",
         "f2b_filter": "正则表达式过滤器",
-        "f2b_list_info": "黑名单的优先级总是高于白名单。 <b>列表更新将会在几秒之后应用。</b>",
+        "f2b_list_info": "黑名单的优先级总是高于白名单。 <b>列表更新将会在几秒之后完成。</b>",
         "f2b_max_attempts": "最多尝试次数",
-        "f2b_netban_ipv4": "应用封禁的IPv4子网大小 (8-32)",
-        "f2b_netban_ipv6": "应用封禁的IPv6子网大小 (8-128)",
-        "f2b_parameters": "Fail2ban参数",
-        "f2b_regex_info": "会过滤这些应用的日志: SOGo、Postfix、Dovecot、PHP-FPM。",
+        "f2b_netban_ipv4": "应用封禁的 IPv4 子网大小 (8-32)",
+        "f2b_netban_ipv6": "应用封禁的 IPv6 子网大小 (8-128)",
+        "f2b_parameters": "Fail2ban 参数",
+        "f2b_regex_info": "将会过滤这些应用的日志: SOGo，Postfix，Dovecot 和 PHP-FPM。",
         "f2b_retry_window": "最多尝试次数重试窗口 (秒)",
         "f2b_whitelist": "网络/主机白名单",
         "filter_table": "筛选表格",
         "forwarding_hosts": "转发主机",
-        "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的网络、主机名 (解析为IP地址)，或者邮箱域名 (查询SPF记录或MX记录并解析为IP地址)。",
-        "forwarding_hosts_hint": "来自此处所列的主机的入站信息会被无条件接收。并且这些主机不会经过DNSBL检查或者被加入灰名单。 来自它们的垃圾邮件不会被拒绝，但可选的可以被移入垃圾文件夹。当你设置了转发规则将邮件转发到此mailcow服务器，通常你可以将来源主机加入此列表。",
+        "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的网络、主机名 (解析为 IP 地址)，或者邮箱域名 (查询 SPF 记录或 MX 记录并解析为 IP 地址)。",
+        "forwarding_hosts_hint": "来自此处所列的主机的入站信息将会被无条件接收。并且这些主机将不会经过 DNSBL 检查或者被加入灰名单。来自它们的垃圾邮件将不会被拒绝，但可以选择将其移入垃圾文件夹。当你设置了转发规则将邮件转发到此 Mailcow 服务器，你通常可以将来源主机加入此列表。",
         "from": "来自",
         "generate": "生成",
-        "guid": "GUID - 唯一实例ID",
+        "guid": "GUID - 唯一的安装实例 ID",
         "guid_and_license": "GUID和许可证",
-        "hash_remove_info": "移除一个频率限制特征 (如果还存在的话) 会完全移除它的计数器。<br>\r\n 每个特征将以不同颜色表示。",
-        "help_text": "覆盖登录面板下的帮助文字 (允许使用HTML)",
+        "hash_remove_info": "移除一个频率限制特征 (如果还存在的话) 将会完全移除它的计数器。<br>\r\n 每个特征将以不同颜色表示。",
+        "help_text": "覆盖登录面板下的帮助文字 (允许使用 HTML)",
         "host": "主机",
+        "html": "HTML",
         "import": "导入",
         "import_private_key": "导入私钥",
         "in_use_by": "使用者",
         "inactive": "禁用",
         "include_exclude": "包括/排除",
-        "include_exclude_info": "没有选择时默认包括所有邮箱",
+        "include_exclude_info": "默认 - 没有选择时默认包括所有邮箱",
         "includes": "包括这些收件人",
+        "is_mx_based": "基于 MX 记录",
         "last_applied": "最后应用的条目",
-        "license_info": "你不需要获取证书以使用此项目，但是获取证书可以帮助此项目进一步发展。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">在这里注册你的GUID</a> 或者 <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">为你的mailcow安装购买支持服务。</a>",
+        "license_info": "使用并不需要许可证，但获得许可证能够帮助此项目进一步发展。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"订购 SAL\">在这里注册你的 GUID </a>或者<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"订购支持服务\">为你的 Mailcow 安装购买支持服务。</a>",
         "link": "链接",
         "loading": "请等待...",
-        "logo_info": "你的图片会在顶部导航栏被缩放为40px高，在起始页被缩放为最大250px高度。强烈推荐使用能较好缩放的图片。",
-        "lookup_mx": "匹配MX记录 (如匹配.outlook.com MX记录以通过这一跳来路由所有指向*.outlook.com的邮件)",
-        "main_name": "\"mailcow UI\" 名称",
-        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 并且不能被更改。",
+        "login_time": "登录时间",
+        "logo_info": "你的图片将会在顶部导航栏被缩放为 40px 高，在起始页被缩放为最大 250px 高。强烈推荐使用能较好适应缩放的图片。",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "main_name": "Mailcow UI 的名称",
+        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 文件并且无法修改。",
         "message": "消息",
         "message_size": "消息大小",
         "nexthop": "下一跳",
@@ -209,51 +223,62 @@
         "no_active_bans": "没有启用的封禁",
         "no_new_rows": "已经到底了",
         "no_record": "没有记录",
-        "oauth2_client_id": "客户端ID",
-        "oauth2_client_secret": "客户端secret",
-        "oauth2_info": "此OAuth2实现支持\"Authorization Code\"和生成refresh token。<br>\r\n并且服务器会自动在refresh token被使用后重新生成refresh token。<br><br>\r\n→ 默认的scope是 <i>profile</i>。只有邮箱用户可以使用OAuth2来认证。如果scope参数被省略则会回退到 <i>profile</i>。<br>\r\n→ 客户端必须在认证请求中发送 <i>state</i> 参数。<br><br>\r\nOAuth2 API路径: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\n重新生成客户端secret不会使已存在的authorization code过期，但是会在它们刷新token时失败。<br><br>\r\n撤销客户端token会立即终止所有活动会话。 所有的客户端都需要重新认证。",
-        "oauth2_redirect_uri": "重定向URI",
-        "oauth2_renew_secret": "生成新的客户端secret",
-        "oauth2_revoke_tokens": "撤销所有客户端token",
+        "oauth2_apps": "OAuth2 应用",
+        "oauth2_add_client": "添加 OAuth2 客户端",
+        "oauth2_client_id": "客户端 ID",
+        "oauth2_client_secret": "客户端 secret",
+        "oauth2_info": "此 OAuth2 服务支持 \"Authorization Code\" 和生成 refresh token。<br>\r\n并且服务器会自动在 refresh token 被使用后重新生成新的 refresh token。<br><br>\r\n→ 默认的 scope 是 <i>profile</i>。只有邮箱用户可以使用 OAuth2 进行认证。如果 scope 参数被省略则会回退到 <i>profile</i>。<br>\r\n→ 客户端必须在认证请求中发送 <i>state</i> 参数。<br><br>\r\nOAuth2 API 路径: <br>\r\n<ul>\r\n  <li>Authorization endpoint: <code>/oauth/authorize</code></li>\r\n  <li>Token endpoint: <code>/oauth/token</code></li>\r\n  <li>Resource page:  <code>/oauth/profile</code></li>\r\n</ul>\r\n重新生成客户端 secret 不会使已存在的 authorization code 过期，但是会在使用它们刷新 token 时失败。<br><br>\r\n撤销客户端的 token 会立即终止所有的活动会话。 并且所有的客户端都需要重新认证。",
+        "oauth2_redirect_uri": "重定向 URI",
+        "oauth2_renew_secret": "生成新的客户端 secret",
+        "oauth2_revoke_tokens": "撤销所有的客户端 token",
+        "optional": "可选",
         "password": "密码",
+        "password_length": "密码长度",
+        "password_policy": "密码规则",
+        "password_policy_chars": "必须包含至少一个英文字母",
+        "password_policy_length": "密码最小长度为 %d",
+        "password_policy_lowerupper": "必须包含小写和大写的英文字母",
+        "password_policy_numbers": "必须包含至少一个数字",
+        "password_policy_special_chars": "必须包含特殊字符",
         "password_repeat": "确认密码 (重复)",
         "priority": "优先级",
         "private_key": "私钥",
         "quarantine": "隔离",
-        "quarantine_bcc": "发送所有通知邮件的副本(BCC)到这个收件人:<br><small>留空以关闭。 <b>发送的邮件未被签名也未被检查。 故只应在内部递送。</b></small>",
-        "quarantine_exclude_domains": "不启用隔离的域名和域名别名",
-        "quarantine_max_age": "最长保留日数<br><small>必须大于或等于1日</small>",
-        "quarantine_max_size": "最大文件大小，单位MiB (超出限制的元素会被丢弃):<br><small>0 <b>不</b> 表示不限大小。</small>",
-        "quarantine_max_score": "如果垃圾分数大于此值则不通知:<br><small>默认为 9999.0</small>",
-        "quarantine_notification_html": "通知邮件模板:<br><small>留空以恢复默认模板。</small>",
+        "quarantine_bcc": "发送所有通知邮件的副本 (BCC) 到这个收件人:<br><small>留空以禁用该操作。 <b>发送的邮件未被签名也未被检查。 因此只应在内部传递。</b></small>",
+        "quarantine_exclude_domains": "未启用隔离的域名和域名别名",
+        "quarantine_max_age": "最长保留天数<br><small>必须大于或等于1天</small>",
+        "quarantine_max_score": "如果垃圾邮件的分数大于此值则不通知:<br><small>默认为 9999.0</small>",
+        "quarantine_max_size": "文件的最大大小，单位 MiB (超出限制的部分会被丢弃):<br><small>0 表示<b>无限制</b>。</small>",
+        "quarantine_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quarantine_notification_sender": "通知邮件发件人",
         "quarantine_notification_subject": "通知邮件主题",
-        "quarantine_redirect": "<b>转发所有通知</b>到这个收件人:<br><small>留空以关闭。 <b>发送的邮件未被签名也未被检查。 故只应在内部递送。</b></small>",
-        "quarantine_release_format": "被释放的项目的格式",
+        "quarantine_redirect": "<b>转发所有的通知</b>到这个收件人:<br><small>留空以禁用该操作。 <b>发送的邮件未被签名也未被检查。 故只应在内部传递。</b></small>",
+        "quarantine_release_format": "被移除的项目的格式",
         "quarantine_release_format_att": "附件",
-        "quarantine_release_format_raw": "未修改原件",
+        "quarantine_release_format_raw": "原件 (未修改)",
         "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
-        "quota_notification_html": "通知邮件模板:<br><small>留空以恢复默认模板。</small>",
+        "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
         "quota_notification_sender": "通知邮件发件人",
         "quota_notification_subject": "通知邮件主题",
         "quota_notifications": "配額通知",
-        "quota_notifications_info": "配額通知会在用户配额超过80%和95%时各发送一次。",
-        "quota_notifications_vars": "{{percent}} 表示当前用户配额<br>{{username}} 未邮箱名称",
+        "quota_notifications_info": "配額通知会在用户配额超过 80% 和 95% 时各发送一次。",
+        "quota_notifications_vars": "{{percent}} 表示当前用户配额<br>{{username}} 为邮箱名称",
         "r_active": "启用的限制规则",
         "r_inactive": "禁用的限制规则",
-        "r_info": "启用的限制规则列表中灰色的/关闭的元素不能被mailcow识别为合法的限制规则，且不可移动。未知的限制规则将会按照原来的顺序被设置。<br>你可以在 <code>inc/vars.local.inc.php</code> 中添加新元素以勾选它们。",
+        "r_info": "启用的限制规则列表中灰色的和关闭的部分无法被 Mailcow 识别为合法的限制规则，并且不可移动。未知的限制规则将会按照原来的顺序被设置。<br>你可以在 <code>inc/vars.local.inc.php</code> 中添加新内容以勾选它们。",
         "rate_name": "频率名称",
         "recipients": "收件人",
         "refresh": "刷新",
-        "regen_api_key": "重新生成API密钥",
+        "regen_api_key": "重新生成 API 密钥",
         "regex_maps": "正则表达式规则",
         "relay_from": "\"来自:\" 地址",
+        "relay_rcpt": "\"到达:\" 地址",
         "relay_run": "运行测试",
         "relayhosts": "中继传输",
-        "relayhosts_hint": "定义的中继传输可以在域名配置弹出框中被选择。<br>\r\n 中继传输服务总是使用 \"smtp:\" 并且会在可能时使用STARTTLS。不支持SMTPS。用户的出站TLS策略会影响此行为。<br>\r\n 对选中的域名和域名别名生效。",
+        "relayhosts_hint": "自定义的中继传输可以在域名配置的弹出框中被选择。<br>\r\n 中继传输服务总是使用 \"smtp:\" 并且会在可能时使用 TLS，并且不支持 Wrapped TLS (SMTPS)。用户的出站 TLS 策略将会影响此行为。<br>\r\n 对选中的域名和域名别名生效。",
         "remove": "删除",
         "remove_row": "删除行",
-        "reset_default": "重置回默认值",
+        "reset_default": "重置为默认值",
         "reset_limit": "移除特征",
         "routing": "路由",
         "rsetting_add_rule": "添加规则",
@@ -262,221 +287,243 @@
         "rsetting_no_selection": "请选择一个规则",
         "rsetting_none": "没有可用的规则",
         "rsettings_insert_preset": "插入示例预设 \"%s\"",
-        "rsettings_preset_1": "为已认证用户关闭除DKIM和ratelimit规则外的所有规则",
-        "rsettings_preset_2": "管理员(postmaster)想要垃圾邮件",
-        "rsettings_preset_3": "只允许指定的发件人 (如只允许内部邮箱发送)",
-        "rspamd_com_settings": "自动生成设置名称，请看下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd docs</a>以了解更多细节。",
+        "rsettings_preset_1": "为已认证用户关闭除 DKIM 和频率限制规则外的所有规则",
+        "rsettings_preset_2": "允许管理员接收垃圾邮件",
+        "rsettings_preset_3": "只允许指定的发件人发信 (例如只允许内部邮箱发送)",
+        "rsettings_preset_4": "禁用域名的 Rspamd 服务",
+        "rspamd_com_settings": "设置名称将会自动生成，请看参考下方的示例预设。查看<a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd 文档</a>以了解更多的细节。",
         "rspamd_global_filters": "全局过滤规则",
         "rspamd_global_filters_agree": "我会小心谨慎的!",
         "rspamd_global_filters_info": "全局过滤规则包含了不同类型的全局黑名单和白名单。",
-        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式(如 <code>/.+@domain\\.tld/i</code>)。<br>\r\n 对正则表达式只执行了基本的检查，Rspamd功能仍可能因正则表达式表达式语法问题导致错误。<br>\r\n  Rspamd会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启Rspamd</a> 以强制重载规则。<br>黑名单中项目会被隔离系统排除。",
-        "rspamd_settings_map": "Rspamd设置规则",
-        "sal_level": "Moo等级",
+        "rspamd_global_filters_regex": "它们的名字解释了它们的用途。所有内容必须包含 \"/pattern/options\" 格式的合法表达式 (例如 <code>/.+@domain\\.tld/i</code>)。<br>\r\n 因为仅对正则表达式执行了基本的检查，Rspamd 的功能仍可能因正则表达式语法问题出现错误。<br>\r\n  Rspamd 会在规则更改后读取其内容。 如果你遇到了问题，<a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">重启 Rspamd</a> 以强制重载规则。<br>黑名单中的项目会被系统排除。",
+        "rspamd_settings_map": "Rspamd 设置",
+        "sal_level": "Moo 等级",
         "save": "保存更改",
         "search_domain_da": "搜索域名",
         "send": "发送",
         "sender": "发件人",
-        "service_id": "服务ID",
+        "service": "服务",
+        "service_id": "服务 ID",
         "source": "来源",
         "spamfilter": "垃圾邮件过滤器",
         "subject": "主题",
+        "success": "成功",
         "sys_mails": "系统邮件",
         "text": "文本",
         "time": "时间",
         "title": "标题",
-        "title_name": "\"mailcow UI\" 网站标题",
+        "title_name": "Mailcow UI 的网站标题",
         "to_top": "返回顶部",
-        "transport_dest_format": "格式: example.org, .example.org, *, box@example.org (英文逗号分隔多个值)",
+        "transport_dest_format": "正则表达式格式: example.org, .example.org, *, box@example.org (存在多个地址时使用英文逗号分隔)",
         "transport_maps": "传输规则",
-        "transports_hint": "→ 传输规则条目<b>优先于</b>中继传输</b>。<br>\r\n→ 用户的出站TLS策略设置会被忽略，只会执行域名的TLS策略规则。<br>\r\n→ 传输服务总是使用 \"smtp:\" 并且会在可能时使用STARTTLS。不支持SMTPS。\r\n→ 匹配 \"/localhost$/\" 的地址会通过 \"local:\" 传输，但是 \"*\" 不会匹配这些本地地址。<br>\r\n→ 为了确定下一跳 \"[host]:25\" 的认证凭证， Postfix <b>总会</b> 先查询 \"host\" 而不是 \"[host]:25\"。此行为使不能同时使用 \"host\" 和 \"[host]:25\"。",
-        "ui_footer": "页脚 (允许使用HTML)",
+        "transport_test_rcpt_info": "&#8226; 使用 null@hosted.mailcow.de 测试中继到国外目标的状况。",
+        "transports_hint": "&#8226; 传输规则条目会<b>覆盖</b>发件人的传输规则条目</b>.<br>\r\n&#8226; 建议使用基于 MX 记录的传输规则条目。<br>\r\n&#8226; 用户的出站 TLS 策略将会被忽略，并且只接受域名的 TLS 策略。<br>\r\n&#8226; 传输服务总是使用 \"smtp:\" 并且会在可能时使用 TLS，并且不支持 Wrapped TLS (SMTPS)。<br>\r\n&#8226; 匹配 \"/localhost$/\" 的地址将会通过 \"local:\" 传输，但是 \"*\" 不会匹配这些本地地址。<br>\r\n&#8226; 为了确定下一跳 \"[host]:25\" 的认证凭证，Postfix <b>总会</b> 先查询 \"host\" 而不是 \"[host]:25\"。此行为使得 \"host\" 和 \"[host]:25\" 不能同时被使用。",
+        "ui_footer": "页脚 (允许使用 HTML)",
         "ui_header_announcement": "公告",
         "ui_header_announcement_active": "启用公告",
-        "ui_header_announcement_content": "文本 (允许使用HTML)",
-        "ui_header_announcement_help": "公告会在UI登录屏幕和用户登录后页面显示。",
+        "ui_header_announcement_content": "文本 (允许使用 HTML)",
+        "ui_header_announcement_help": "公告会在登录页面以及用户登录后的页面显示。",
         "ui_header_announcement_select": "选择公告类型",
         "ui_header_announcement_type": "类型",
-        "ui_header_announcement_type_info": "信息",
-        "ui_header_announcement_type_warning": "重要",
-        "ui_header_announcement_type_danger": "非常重要",
-        "ui_texts": "UI标签和文本",
+        "ui_header_announcement_type_danger": "重要",
+        "ui_header_announcement_type_info": "通知",
+        "ui_header_announcement_type_warning": "注意",
+        "ui_texts": "UI 标签和文本",
         "unban_pending": "等待解除封禁",
         "unchanged_if_empty": "如果不更改则留空",
         "upload": "上传",
         "username": "用户名",
-        "validate_license_now": "通过证书服务器验证GUID",
+        "validate_license_now": "通过证书服务器验证 GUID",
         "verify": "验证",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "options": "选项"
     },
     "danger": {
-        "access_denied": "访问拒绝或表单数据非法",
-        "alias_domain_invalid": "域名别名 %s 非法",
+        "access_denied": "访问被拒绝或者表单数据无效",
+        "alias_domain_invalid": "域名别名 %s 无效",
         "alias_empty": "域名地址不能为空",
         "alias_goto_identical": "别名不能与目标地址相同",
-        "alias_invalid": "别名地址 %s 非法",
-        "aliasd_targetd_identical": "域名别名不能与目标域名不能与目标域名相同: %s",
+        "alias_invalid": "别名地址 %s 无效",
+        "aliasd_targetd_identical": "域名别名不能与目标域名 %s 相同",
         "aliases_in_use": "最大别名数必须大于等于 %d",
         "app_name_empty": "应用名称不能为空",
-        "app_passwd_id_invalid": "应用密码 ID %s 非法",
-        "bcc_empty": "BCC目标地址不能为空",
-        "bcc_exists": "%s类型的BCC映射%s已存在",
-        "bcc_must_be_email": "BCC目标地址 %s 不是合法的邮箱地址",
+        "app_passwd_id_invalid": "应用密码 ID %s 无效",
+        "bcc_empty": "BCC 目标地址不能为空",
+        "bcc_exists": "%s 类型的 BCC 映射 %s 已存在",
+        "bcc_must_be_email": "BCC 目标地址 %s 不是有效的邮箱地址",
         "comment_too_long": "评论太长，最多允许160个字符",
         "defquota_empty": "每个邮箱的默认配额必须不为0。",
-        "description_invalid": "%s 的资源描述非法",
-        "dkim_domain_or_sel_exists": "\"%s\"的DKIM密钥已存在，因此不会覆盖此密钥",
-        "dkim_domain_or_sel_invalid": "DKIM域名或选择器非法: %s",
-        "domain_cannot_match_hostname": "域名与主机名不匹配",
+        "description_invalid": "%s 的资源描述无效",
+        "dkim_domain_or_sel_exists": "\"%s\"的 DKIM 密钥已存在，因此不会被覆盖",
+        "dkim_domain_or_sel_invalid": "DKIM 域名或选择器无效: %s",
+        "domain_cannot_match_hostname": "域名与主机名称不匹配",
         "domain_exists": "域名 %s 已存在",
-        "domain_invalid": "域名地址为空或非法",
+        "domain_invalid": "域名地址为空或无效",
         "domain_not_empty": "不能删除非空域名 %s",
-        "domain_not_found": "不能找到域名 %s",
+        "domain_not_found": "无法找到域名 %s",
         "domain_quota_m_in_use": "域名配额必须大于等于 %s MiB",
-        "extra_acl_invalid": "外部发件人地址 \"%s\" 非法",
-        "extra_acl_invalid_domain": "外部发件人地址 \"%s\" 包含了非法的域名",
-        "file_open_error": "不能打开文件以写入",
+        "extra_acl_invalid": "外部发件人地址 \"%s\" 无效",
+        "extra_acl_invalid_domain": "外部发件人地址 \"%s\" 包含了无效的域名",
+        "fido2_verification_failed": "FIDO2 验证失败: %s",
+        "file_open_error": "无法打开文件以写入内容",
         "filter_type": "过滤器类型错误",
         "from_invalid": "发件人地址不能为空",
-        "global_filter_write_error": "不能写入过滤器文件: %s",
-        "global_map_invalid": "全局规则 ID %s 非法",
-        "global_map_write_error": "全局规则 ID %s: %s",
-        "goto_empty": "一个别名地址必须包含至少一个合法的目标地址",
-        "goto_invalid": "目标地址 %s 不合法",
-        "ham_learn_error": "学习非垃圾消息错误: %s",
-        "imagick_exception": "错误: 读取图片时Imagick发生了异常",
-        "img_invalid": "不能验证图片文件",
-        "img_tmp_missing": "不能验证图片文件: 找不到临时文件",
-        "invalid_bcc_map_type": "BCC映射类型非法",
-        "invalid_destination": "目的地址 \"%s\" 非法",
-        "invalid_filter_type": "过滤器类型非法",
-        "invalid_host": "非法主机: %s",
-        "invalid_mime_type": "mime类型非法",
-        "invalid_nexthop": "下一跳格式非法",
+        "global_filter_write_error": "无法写入过滤器文件: %s",
+        "global_map_invalid": "全局规则 ID %s 无效",
+        "global_map_write_error": "无法写入全局规则 ID %s: %s",
+        "goto_empty": "别名地址必须包含至少一个合法的目标地址",
+        "goto_invalid": "目标地址 %s 无效",
+        "ham_learn_error": "学习非垃圾邮件错误: %s",
+        "imagick_exception": "错误: 读取图片时发生了 Imagick 异常",
+        "img_invalid": "无法验证图片文件",
+        "img_tmp_missing": "无法验证图片文件: 找不到临时文件",
+        "invalid_bcc_map_type": "BCC 映射类型无效",
+        "invalid_destination": "目标地址 \"%s\" 无效",
+        "invalid_filter_type": "过滤器类型无效",
+        "invalid_host": "无效主机: %s",
+        "invalid_mime_type": "MIME 类型无效",
+        "invalid_nexthop": "下一跳格式无效",
         "invalid_nexthop_authenticated": "存在使用不同凭证的下一跳，请先更改这些下一跳的凭证。",
-        "invalid_recipient_map_new": "新收件人地址非法: %s",
-        "invalid_recipient_map_old": "原收件人地址非法: %s",
-        "ip_list_empty": "IP允许列表不能为空",
+        "invalid_recipient_map_new": "新收件人地址无效: %s",
+        "invalid_recipient_map_old": "原收件人地址无效: %s",
+        "ip_list_empty": "IP 允许列表不能为空",
         "is_alias": "%s 已经被作为别名地址使用",
         "is_alias_or_mailbox": "%s 已经被作为别名地址、邮箱地址或域名别名扩展出的别名地址使用。",
         "is_spam_alias": "%s 已经被作为临时别名地址使用 (垃圾邮件别名地址)",
-        "last_key": "最后一个密钥不能被删除，你应该先禁用两步验证。",
+        "last_key": "无法删除最后一个密钥，你应该先禁用两步验证。",
         "login_failed": "登录失败",
         "mailbox_defquota_exceeds_mailbox_maxquota": "默认配额超出配额限制",
-        "mailbox_invalid": "邮箱名称不合法",
+        "mailbox_invalid": "邮箱名称无效",
         "mailbox_quota_exceeded": "配额超出域名配额限制 (最大 %d MiB)",
         "mailbox_quota_exceeds_domain_quota": "最大配额超出域名配额限制",
         "mailbox_quota_left_exceeded": "空间不足 (剩余空间: %d MiB)",
         "mailboxes_in_use": "最大邮箱数必须大于等于 %d",
-        "malformed_username": "畸形用户名",
+        "malformed_username": "异常的用户名",
         "map_content_empty": "规则内容不能为空",
         "max_alias_exceeded": "超出最大别名数",
         "max_mailbox_exceeded": "超出最大邮箱数 (%d / %d)",
         "max_quota_in_use": "邮箱数必须大于等于 %d MiB",
-        "maxquota_empty": "每个邮箱最大配额必须不为0",
-        "mysql_error": "MySQL错误: %s",
-        "network_host_invalid": "网络或主机非法: %s",
+        "maxquota_empty": "每个邮箱的最大配额必须不为 0 。",
+        "mysql_error": "MySQL 错误: %s",
+        "network_host_invalid": "网络或主机无效: %s",
         "next_hop_interferes": "%s 与下一跳 %s 冲突",
         "next_hop_interferes_any": "一个已存在的下一跳与 %s 冲突",
-        "no_user_defined": "未定义用户",
+        "nginx_reload_failed": "重启 Nginx 失败: %s",
+        "no_user_defined": "用户未定义",
         "object_exists": "对象 %s 已存在",
-        "object_is_not_numeric": "不是数字值: %s",
+        "object_is_not_numeric": "%s 不是一个数字",
         "password_complexity": "密码不符合规则",
         "password_empty": "密码必须不为空",
         "password_mismatch": "确认密码不匹配",
         "policy_list_from_exists": "指定的名称已存在记录",
-        "policy_list_from_invalid": "记录格式非法",
+        "policy_list_from_invalid": "记录格式无效",
         "private_key_error": "私钥错误: %s",
-        "pushover_credentials_missing": "Pushover token或密钥缺失",
-        "pushover_key": "Pushover密钥格式错误",
-        "pushover_token": "Pushover token格式错误",
-        "quota_not_0_not_numeric": "配额必须为数值且 >= 0",
+        "pushover_credentials_missing": "Pushover token 或密钥缺失",
+        "pushover_key": "Pushover 密钥格式错误",
+        "pushover_token": "Pushover token 格式错误",
+        "quota_not_0_not_numeric": "配额必须为数字且 >= 0",
         "recipient_map_entry_exists": "收件人映射条目 \"%s\" 已存在",
         "redis_error": "Redis 错误: %s",
         "relayhost_invalid": "中继主机条目 %s 已存在",
         "release_send_failed": "消息不能被释放: %s",
-        "reset_f2b_regex": "暂时不能重置正则表达式过滤器，请重试或多等待几秒并重载网页。",
-        "resource_invalid": "资源名称 %s 非法",
-        "rl_timeframe": "频率限制时间数不正确",
-        "rspamd_ui_pw_length": "Rspamd UI密码需要为至少6字符长",
+        "reset_f2b_regex": "暂时不能重置正则表达式过滤器，请重试或在几秒后重载网页。",
+        "resource_invalid": "资源名称 %s 无效",
+        "rl_timeframe": "频率限制时间设置错误",
+        "rspamd_ui_pw_length": "Rspamd UI 密码至少为为6个字符",
         "script_empty": "脚本不能为空",
-        "sender_acl_invalid": "发件人ACL值 %s 非法",
-        "set_acl_failed": "设置ACL失败",
-        "settings_map_invalid": "设置规则非法，ID %s",
-        "sieve_error": "sieve解析器错误: %s",
-        "spam_learn_error": "垃圾邮件学习错误: %s",
+        "sender_acl_invalid": "发件人的 ACL 值 %s 无效",
+        "set_acl_failed": "设置 ACL 失败",
+        "settings_map_invalid": "设置规则 ID %s 无效",
+        "sieve_error": "Sieve 解析器错误: %s",
+        "spam_learn_error": "学习垃圾邮件错误: %s",
         "subject_empty": "主题必须不为空",
-        "target_domain_invalid": "目标域名 %s 非法",
+        "target_domain_invalid": "目标域名 %s 无效",
         "targetd_not_found": "未找到目标域名 %s",
         "targetd_relay_domain": "目标域名 %s 是中继域名",
         "temp_error": "临时错误",
         "text_empty": "文本必须不为空",
-        "tls_policy_map_dest_invalid": "策略目标非法",
-        "tls_policy_map_entry_exists": "TLS策略规则条目 \"%s\" 已存在",
-        "tls_policy_map_parameter_invalid": "策略参数非法",
-        "totp_verification_failed": "TOTP认证失败",
+        "tfa_token_invalid": "TFA token 无效",
+        "tls_policy_map_dest_invalid": "策略目标无效",
+        "tls_policy_map_entry_exists": "TLS 策略规则条目 \"%s\" 已存在",
+        "tls_policy_map_parameter_invalid": "策略参数无效",
+        "totp_verification_failed": "TOTP 认证失败",
         "transport_dest_exists": "传输目标 \"%s\" 已存在",
-        "webauthn_verification_failed": "WebAuthn认证失败: %s",
+        "webauthn_verification_failed": "WebAuthn 认证失败: %s",
         "unknown": "发生未知错误",
-        "unknown_tfa_method": "未知TFA方法",
-        "unlimited_quota_acl": "ACL设置禁止了无限配额",
-        "username_invalid": "不能使用用户名 %s",
+        "unknown_tfa_method": "未知的 TFA 方法",
+        "unlimited_quota_acl": "ACL 设置禁止了无限配额",
+        "username_invalid": "用户名 %s 无法使用",
         "validity_missing": "请设置有效期",
         "value_missing": "请填入所有值",
-        "yotp_verification_failed": "Yubico OTP认证失败: %s"
+        "yotp_verification_failed": "Yubico OTP 认证失败: %s",
+        "template_exists": "模板 %s 已存在"
     },
     "debug": {
         "chart_this_server": "图表 (此服务器)",
         "containers_info": "容器信息",
         "disk_usage": "磁盘使用",
+        "docs": "文档",
         "external_logs": "外部日志",
         "history_all_servers": "历史 (所有服务器)",
         "in_memory_logs": "内存日志",
-        "jvm_memory_solr": "JVM内存使用",
-        "log_info": "<p>mailcow <b>内存日志</b> 收集于Redis列表中并且每分钟自动缩减到 LOG_LINES (%d) 以减少错误(Rowhammer)。\r\n  <br>内存日志不是为了持久化，所有使用内存日志的应用同时也会写入日志到Docker守护程序的默认日志驱动中。\r\n  <br>内存日志应该用于debug容器中的不明显问题。</p>\r\n  <p><b>外部日志</b> 通过相应应用提供的API收集。</p>\r\n  <p><b>静态日志</b> 大多为不写入日志到Dockerd但仍然需要被持久化的活动日志(API日志外的)。</p>",
-        "logs": "日志",
-        "restart_container": "重启",
-        "solr_dead": "Solr在启动中、已关闭或已停止运行",
-        "docs": "文档",
+        "jvm_memory_solr": "JVM 内存使用",
         "last_modified": "最后修改",
+        "log_info": "<p>Mailcow 的<b>内存日志</b>储存于 Redis 列表中，并且每分钟自动降低到 LOG_LINES (%d) 以减少错误。\r\n  <br>内存日志不是为了持久化储存的，所有使用内存日志的应用同时也会写入日志到 Docker 的守护进程的默认日志驱动中。\r\n  <br>内存日志应该用于分析 (Debug) 容器中不明显的问题。</p>\r\n  <p><b>外部日志</b>通过相应应用提供的 API 收集。</p>\r\n  <p><b>静态日志</b>大多数为不写入日志到 Docker ，但仍然需要被持久化的活动日志 (API 日志外的)。</p>",
+        "login_time": "时间",
+        "logs": "日志",
+        "online_users": "在线用户",
+        "restart_container": "重启",
+        "service": "服务",
         "size": "大小",
+        "solr_dead": "Solr 在启动中、已关闭或已停止。",
+        "solr_status": "Solr 状态",
         "started_at": "开始于",
-        "solr_status": "Solr状态",
-        "uptime": "运行时间",
         "started_on": "启动于",
         "static_logs": "静态日志",
-        "system_containers": "系统和容器"
+        "success": "成功",
+        "system_containers": "系统和容器",
+        "uptime": "运行时间",
+        "username": "用户名",
+        "container_disabled": "容器已被停止或禁用",
+        "container_running": "运行中",
+        "cores": "核心数",
+        "memory": "内存"
     },
     "diagnostics": {
-        "cname_from_a": "虽然此值记录为 A/AAAA 类型，但只要此记录指向了正确的资源则该行为是被支持的",
-        "dns_records": "DNS记录",
-        "dns_records_24hours": "请注意DNS记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页为你提供了一个可以简单查看如何配置DNS记录和检查你的DNS记录是否正确的方式。",
+        "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
+        "dns_records": "DNS 记录",
+        "dns_records_24hours": "请注意 DNS 记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页面为你提供了一个可以便捷查询如何配置 DNS 记录以及检查你的 DNS 记录是否正确的方式。",
         "dns_records_data": "正确数据",
+        "dns_records_docs": "请同时也参考这个<a target=\"_blank\" href=\"https://mailcow.github.io/mailcow-dockerized-docs/prerequisite/prerequisite-dns/\">文档</a>.",
         "dns_records_name": "名称",
         "dns_records_status": "当前状态",
         "dns_records_type": "类型",
         "optional": "此记录是可选的。"
     },
     "edit": {
+        "acl": "ACL (许可)",
         "active": "启用",
+        "admin": "编辑管理员",
         "advanced_settings": "高级设置",
         "alias": "编辑别名",
-        "allow_from_smtp": "只允许这些IP使用<b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址和网络。",
         "allowed_protocols": "允许的协议",
         "app_name": "应用名称",
         "app_passwd": "应用密码",
-        "automap": "尝试自动映射文件夹 (如：\"已发送\", \"Sent\" => \"Sent\")",
+        "app_passwd_protocols": "应用密码允许的协议",
+        "automap": "将尝试自动映射文件夹 (例如将 \"已发送消息\" 和 \"已发送\" 均映射到 \"已发送\" 文件夹)",
         "backup_mx_options": "中继选项",
-        "bcc_dest_format": "BCC目标地址必须为合法的邮件地址",
-        "client_id": "客户端ID",
-        "client_secret": "客户端secret",
-        "comment_info": "私密评论对用户不可见，公开评论会给用户展示为鼠标悬停显示的提示",
-        "delete1": "完成后将源邮件删除",
-        "delete2": "删除目的邮箱中存在但源邮箱中不存在的邮件",
-        "delete2duplicates": "删除目的邮箱中的重复邮件",
+        "bcc_dest_format": "BCC 的目标必须是一个有效的电子邮箱地址。<br>如果你需要向多个地址发送副本，请创建一个别名并在此使用。",
+        "client_id": "客户端 ID",
+        "client_secret": "客户端 secret",
+        "comment_info": "私密评论对用户不可见，公开评论将会在鼠标悬停时作为用户提示显示",
+        "delete1": "在完成后删除源邮件",
+        "delete2": "删除在目标邮箱中存在但在源邮箱中不存在的邮件",
+        "delete2duplicates": "删除目标邮箱中的重复邮件",
         "delete_ays": "请确认删除。",
         "description": "描述",
-        "disable_login": "不允许登录 (仍然会接收邮件)",
+        "disable_login": "不允许登录 (但仍然会接收邮件)",
         "domain": "编辑域名",
         "domain_admin": "编辑域名管理员",
         "domain_quota": "域名配额",
@@ -484,71 +531,80 @@
         "dont_check_sender_acl": "为域名 %s (+ 域名别名) 关闭发件人检查",
         "edit_alias_domain": "编辑域名别名",
         "encryption": "加密",
-        "exclude": "排除对象 (正则表达式)",
+        "exclude": "排除对象 (Regex)",
         "extended_sender_acl": "外部发件人地址",
-        "extended_sender_acl_info": "如果可以的话请导入DKIM域名密钥。<br>\r\n  别忘记将此服务器添加到相应的SPF TXT中。<br>\r\n 当域名或域名别名被添加时，若其与此外部发件人地址交叠，则外部发件人地址会被移除。<br>\r\n  填入 @domain.tld 以允许作为 *@domain.tld 发送邮件。",
+        "extended_sender_acl_info": "当可用时请导入域名的 DKIM 密钥。<br>\r\n  请注意将此服务器添加到相应的 SPF TXT 记录中。<br>\r\n 当域名或域名别名被添加时，若其与此外部发件人地址交叠，则外部发件人地址将会被移除。<br>\r\n  填入 @domain.tld 以允许作为 *@domain.tld 发送邮件。",
         "force_pw_update": "在下一次登录时强制要求更新密码",
         "force_pw_update_info": "此用户只能登录到 %s。",
         "full_name": "全名",
         "gal": "全球地址簿",
-        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 空闲/繁忙 信息将不能在SOGo中显示。<b>重启SOGo以应用更改。</b>",
+        "gal_info": "<b>全球地址簿</b>包含了域名下的所有对象，并且此行为不能被用户更改。如果关闭，用户的 \"空闲/繁忙\" 的信息将不能在 SOGo 中显示。 <b>重启 SOGo 服务以应用更改。</b>",
         "generate": "生成",
         "grant_types": "授权类型",
         "hostname": "主机名",
         "inactive": "禁用",
         "kind": "类型",
-        "last_modified": "最后修改",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
         "mailbox": "编辑邮箱",
-        "mailbox_quota_def": "默认邮箱配额",
-        "max_aliases": "最大允许地址别名数",
-        "max_mailboxes": "最大允许邮箱数",
+        "mailbox_quota_def": "邮箱默认配额",
+        "mailbox_relayhost_info": "只适用于邮箱和邮箱别名，不会覆盖域名的中继主机。",
+        "max_aliases": "最大允许的地址别名数",
+        "max_mailboxes": "最大允许的邮箱数",
         "max_quota": "每个邮箱的最大配额 (MiB)",
-        "maxage": "从远程拉取消息的最大消息年龄限制<br><small>(0表示忽略)</small>",
-        "maxbytespersecond": "最大速率 (Bytes/s) <br><small>(0表示不限)</small>",
-        "mbox_rl_info": "此频率限制应用于SASL登录名，它会匹配邮件的\"来自\"地址。邮箱的频率限制设置会覆盖域名的频率限制值设置。",
+        "maxage": "从远程拉取消息的最大时间间隔限制<br><small>(0表示忽略)</small>",
+        "maxbytespersecond": "最大速率 (Bytes/s) <br><small>(0表示无限制)</small>",
+        "mbox_rl_info": "此频率限制应用于 SASL 登录名，它会匹配邮件的 \"from\" 地址。邮箱的频率限制设置会覆盖域名的频率限制值设置。",
         "mins_interval": "轮询间隔 (分钟)",
         "multiple_bookings": "登记限制",
+        "none_inherit": "无/继承",
         "nexthop": "下一跳",
         "password": "密码",
-        "password_repeat": "确认密码 (重复输入)",
+        "password_repeat": "确认密码 (重复)",
         "previous": "上一页",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
-        "pushover_evaluate_x_prio": "加速高优先级邮件 [<code>X-Priority: 1</code>]",
+        "pushover": "Pushover",
+        "pushover_evaluate_x_prio": "优先响应高优先级邮件 [<code>X-Priority: 1</code>]",
         "pushover_info": "推送通知设置会应用到所有递送到 <b>%s</b> (包括其别名) 的非垃圾邮件。",
         "pushover_only_x_prio": "只为高优先级邮件开启 [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(英文逗号分隔)</small>",
+        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "pushover_sender_regex": "也可以使用正则表达式过滤发件人",
         "pushover_text": "通知文本",
         "pushover_title": "通知标题",
-        "pushover_vars": "如果没有定义发件人过滤器则会为所有邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器分别被定义，并且会依序应用，而不是覆盖另一个。<br>在文本和标题中可用的变量 (请注意数据保护条例)",
+        "pushover_vars": "如果没有定义发件人过滤器则会为所有的邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器一同使用，并且会按顺序被使用，而不是被覆盖。<br>在文本和标题中可用的变量 (请注意数据保护)",
         "pushover_verify": "校验凭证",
         "quota_mb": "配额 (MiB)",
+        "quota_warning_bcc": "BCC 配额警告",
+        "quota_warning_bcc_info": "警告将作为单独的副本发送至以下的收件人。主题将以放置在括号内的用户名做为后缀结尾，例如，<code>Quota warning (user@example.com)</code>。",
+        "ratelimit": "频率限制",
         "redirect_uri": "重定向/回调 URL",
         "relay_all": "中继所有收件人",
-        "relay_all_info": "↪ 如果<b>不</b>选择中继所有，你将需要为每个应该中继的邮件添加一个 (\"盲\") 邮箱。",
+        "relay_all_info": "↪ 如果<b>不</b>选择中继所有收件人，你将需要为每个应该中继的邮件添加一个(\"虚拟\")邮箱。",
         "relay_domain": "中继这个域名",
-        "relay_transport_info": "<div class=\"badge fs-6 bg-info\"></div> 你可以为此域名定义传输规则以自定义发件目标主机，否则遵照MX记录发送邮件。",
+        "relay_transport_info": "<div class=\"label label-info\"></div> 你可以为此域名定义传输规则以自定义发件目标主机，否则遵照MX记录发送邮件。",
         "relay_unknown_only": "只为不存在的邮箱地址中继。已存在的邮箱地址则在本地递送。",
         "relayhost": "中继传输",
         "remove": "删除",
-        "resource": "日历资源",
+        "resource": "资源",
         "save": "保存更改",
         "scope": "范围",
         "sender_acl": "允许发送为",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">发件人检查已关闭</span>",
-        "sender_acl_info": "如果允许邮箱用户A作为邮箱用户B发送邮件，发件人的地址不会在SOGo中\"来自\"区域自动地作为下拉可选项显示。<br>\r\n 邮箱用户B需要添加授权以允许邮箱用户A选择B的地址作为发件人；授权方法为，在SOGo中点击左上方邮箱地址右边的菜单按钮(三个点)并授权。",
+        "sender_acl_info": "如果允许邮箱用户 A 作为邮箱用户 B 发送邮件，发件人的地址不会在 SOGo 中的 \"from\" 区域中作为下拉项显示。<br>\r\n 邮箱用户 B 需要添加授权以允许邮箱用户 A 选择 B 的地址作为发件人；授权方法为，在 SOGo 中点击左上方邮箱地址右边的菜单按钮 (三个点) 并授权。",
         "sieve_desc": "简短描述",
         "sieve_type": "过滤器类型",
-        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留先存在的邮件)",
-        "sogo_visible": "SOGo别名显示",
-        "sogo_visible_info": "此设置只影响SOGo上的可显示对象(指向本地邮箱的共享或非共享别名地址)。如果设为隐藏，别名地址不会作为下拉可选发件人项显示。",
+        "skipcrossduplicates": "跳过其他文件夹中已存在的邮件(保留已经存在的邮件)",
+        "sogo_access": "允许直接登录 SOGo",
+        "sogo_access_info": "在邮箱的用户界面内的单点登录仍然有效。这一设置既不影响对所有其他服务的访问，也不删除或改变用户现有的 SOGo 的配置文件。",
+        "sogo_visible": "SOGo 显示的别名",
+        "sogo_visible_info": "此设置只影响 SOGo 上可显示的对象 (指向本地邮箱的共享或非共享别名地址)。如果设置为隐藏，则别名地址不会作为可选发件人的下拉项显示。",
         "spam_alias": "添加或更改临时别名地址",
+        "spam_filter": "垃圾邮件过滤器",
         "spam_policy": "将项目添加到白/黑名单或从其中移除",
         "spam_score": "自定义垃圾邮件分数",
-        "subfolder2": "同步到目标邮箱子文件夹<br><small>(留空表示不使用子文件夹)</small>",
+        "subfolder2": "同步到目标邮箱的子文件夹<br><small>(留空表示不使用子文件夹)</small>",
         "syncjob": "编辑同步任务",
-        "target_address": "目标地址 <small>(英文逗号分隔多个地址)</small>",
+        "target_address": "目标地址 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "target_domain": "目标域名",
         "timeout1": "远程主机连接超时时间",
         "timeout2": "本地主机连接超时时间",
@@ -557,18 +613,35 @@
         "username": "用户名",
         "validate_save": "验证并保存"
     },
+    "fido2": {
+        "confirm": "确认",
+        "fido2_auth": "使用FIDO2登录",
+        "fido2_success": "已注册的设备",
+        "fido2_validation_failed": "验证失败",
+        "fn": "别名",
+        "known_ids": "已注册的 ID",
+        "none": "禁用",
+        "register_status": "注册状态",
+        "rename": "重命名",
+        "set_fido2": "重新注册 FIDO2 设备",
+        "set_fido2_touchid": "在 Apple M1 上使用 Touch ID 注册",
+        "set_fn": "设置别名",
+        "start_fido2_validation": "开始 FIDO2 验证"
+    },
     "footer": {
         "cancel": "取消",
         "confirm_delete": "确认删除",
         "delete_now": "立即删除",
-        "delete_these_items": "请确认对以下对象id的更改",
+        "delete_these_items": "请确认对以下对象 ID 的更改",
+        "hibp_check": "使用 haveibeenpwned.com 网站检查密码",
         "hibp_nok": "匹配到密码！存在潜在的使用危险！",
-        "hibp_ok": "未匹配到密码。",
+        "hibp_ok": "未找到匹配的记录。",
         "loading": "请等待...",
+        "nothing_selected": "未选择",
         "restart_container": "重启容器",
-        "restart_container_info": "<b>重要:</b> 可能需要一些时间以完整地重启容器，请等待重启完成。",
+        "restart_container_info": "<b>重要:</b> 完整的重启容器可能需要花费一些时间，请耐心等待重启完成。",
         "restart_now": "立即重启",
-        "restarting_container": "容器重启中，这可能需要一些时间"
+        "restarting_container": "容器重启中，这可能需要花费一些时间"
     },
     "header": {
         "administration": "配置和管理",
@@ -577,19 +650,21 @@
         "email": "E-Mail",
         "mailcow_config": "配置",
         "quarantine": "隔离",
-        "restart_netfilter": "重启netfilter",
-        "restart_sogo": "重启SOGo",
+        "restart_netfilter": "重启 netfilter",
+        "restart_sogo": "重启 SOGo",
         "user_settings": "用户设置"
     },
     "info": {
-        "awaiting_tfa_confirmation": "等待TFA确认",
+        "awaiting_tfa_confirmation": "等待 TFA 确认",
         "no_action": "没有可适用的操作",
-        "session_expires": "你的会话会在15秒后过期"
+        "session_expires": "你的会话将会在15秒之后过期"
     },
     "login": {
-        "delayed": "请在%s秒后重新登录。",
+        "delayed": "请在 %s 秒后重新登录。",
+        "fido2_webauthn": "使用 FIDO2/WebAuthn Login 登录",
         "login": "登录",
-        "mobileconfig_info": "请用邮箱用户登录以下载Apple连接描述文件。",
+        "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
+        "other_logins": "Key 登录",
         "password": "密码",
         "username": "用户名"
     },
@@ -599,7 +674,8 @@
         "active": "启用",
         "add": "添加",
         "add_alias": "添加别名",
-        "add_bcc_entry": "添加BCC映射",
+        "add_alias_expand": "在域名别名上拓展别名",
+        "add_bcc_entry": "添加 BCC 映射",
         "add_domain": "添加域名",
         "add_domain_alias": "添加域名别名",
         "add_domain_record_first": "请先添加一个域名",
@@ -607,35 +683,37 @@
         "add_mailbox": "添加邮箱",
         "add_recipient_map_entry": "添加收件人映射",
         "add_resource": "添加资源",
-        "add_tls_policy_map": "添加TLS策略规则",
+        "add_tls_policy_map": "添加 TLS 策略规则",
         "address_rewriting": "地址重写",
         "alias": "别名",
-        "alias_domain_alias_hint": "邮箱别名<b>不会</b>自动应用到域名别名。邮箱别名地址 <code>my-alias@domain</code> <b>不会</b> 应用到 <code>my-alias@alias-domain</code> (假设 \"alias-domain\" 是 \"domain\" 的域名别名)。<br>若需要将邮件转发到外部邮箱，请使用sieve过滤器 (查看标签页 \"过滤器\" 或者使用 SOGo -> 转发器) 。",
-        "alias_domain_backupmx": "域名别名在中继域名下不启用",
+        "alias_domain_alias_hint": "邮箱别名<b>不会</b>自动应用到域名别名。邮箱别名地址 <code>my-alias@domain</code> <b>不会</b> 应用到 <code>my-alias@alias-domain</code> (假设 \"alias-domain\" 是 \"domain\" 的域名别名)。<br>若需要将邮件转发到外部邮箱，请使用 sieve 过滤器 (查看标签页 \"过滤器\" 或者使用 SOGo -> 转发器) 。",
+        "alias_domain_backupmx": "域名别名在中继域名下不会启用",
         "aliases": "别名",
-        "allow_from_smtp": "只允许这些IP使用<b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者<br>IPv4/IPv6地址或网络",
-        "allowed_protocols": "允许的协议",
+        "all_domains": "全部域名",
+        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址或网络。",
+        "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
         "backup_mx": "中继域名",
         "bcc": "BCC",
-        "bcc_destination": "BCC目标地址",
-        "bcc_destinations": "BCC目标地址",
-        "bcc_info": "BCC映射用于静默地将邮件转发到另一个邮箱地址。当目标地址为本地地址时则会添加一个收件人映射条目，同发件人映射。<br/>\r\n 递送失败时不会通知本地目标地址。",
+        "bcc_destination": "BCC 目标地址",
+        "bcc_destinations": "BCC 目标地址",
+        "bcc_info": "BCC 映射用于静默地将邮件转发到另一个邮箱地址。当目标地址为本地地址时则会添加一个收件人映射条目，与发件人映射相同。<br/>\r\n 递送失败时不会通知本地目标地址。",
         "bcc_local_dest": "本地目标地址",
-        "bcc_map": "BCC映射",
-        "bcc_map_type": "BCC类型",
-        "bcc_maps": "BCC映射",
+        "bcc_map": "BCC 映射",
+        "bcc_map_type": "BCC 类型",
+        "bcc_maps": "BCC 映射",
         "bcc_rcpt_map": "收件人映射",
         "bcc_sender_map": "发件人映射",
         "bcc_to_rcpt": "切换到收件人映射",
         "bcc_to_sender": "切换到发件人映射",
-        "bcc_type": "BCC类型",
+        "bcc_type": "BCC 类型",
         "booking_null": "永远显示为空闲",
-        "booking_0_short": "永远空闲",
+        "booking_0_short": "空闲限制",
         "booking_custom": "严格限制登记数",
         "booking_custom_short": "严格限制",
-        "booking_ltnull": "不限制登记数，但会在被登记后显示为繁忙",
+        "booking_ltnull": "不会限制登记数，但会在被登记后显示为繁忙",
         "booking_lt0_short": "宽松限制",
+        "catch_all": "接收所有",
         "daily": "每天",
         "deactivate": "禁用",
         "description": "描述",
@@ -656,26 +734,21 @@
         "filter_table": "筛选表格",
         "filters": "过滤器",
         "fname": "全名",
-        "force_pw_update": "你<b>必须</b>设置一个新密码以继续使用群件相关服务。",
-        "gal": "全球地址簿",
         "hourly": "每小时",
         "in_use": "使用数 (%)",
         "inactive": "禁用",
         "insert_preset": "插入示例预设 \"%s\"",
         "kind": "类型",
-        "last_mail_login": "最后的邮箱登录",
-        "last_modified": "最后修改",
-        "last_run": "最后运行",
+        "last_mail_login": "最后一次邮箱登录",
+        "last_pw_change": "最后一次密码修改",
+        "last_run": "最后一次运行",
         "last_run_reset": "下一次运行",
         "mailbox": "邮箱",
+        "mailbox_defaults": "默认设置",
+        "mailbox_defaults_info": "配置新邮箱的默认设置。",
         "mailbox_defquota": "默认邮箱大小",
         "mailbox_quota": "最大邮箱大小",
         "mailboxes": "邮箱",
-        "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "配置新邮箱的默认设置",
-        "max_aliases": "最大允许地址别名数",
-        "max_mailboxes": "最大允许邮箱数",
-        "max_quota": "每个邮箱的最大配额",
         "mins_interval": "间隔 (分钟)",
         "msg_num": "消息 #",
         "multiple_bookings": "登记限制",
@@ -683,70 +756,91 @@
         "no": "&#10005;",
         "no_record": "没有找到对象 %s 的记录",
         "no_record_single": "没有记录",
+        "open_logs": "打开日志",
         "owner": "所有者",
         "private_comment": "私密评论",
         "public_comment": "公开评论",
+        "q_add_header": "当移动到垃圾邮件文件夹时",
+        "q_all": " 当移动到垃圾邮件文件夹并被拒绝接收时",
+        "q_reject": "拒绝接收时",
+        "quarantine_category": "隔离通知类型",
         "quarantine_notification": "隔离通知",
         "quick_actions": "操作",
+        "recipient": "收件人",
         "recipient_map": "收件人映射",
-        "recipient_map_info": "收件人映射用于在邮件被递送前替换收件人地址。",
+        "recipient_map_info": "收件人映射用于在邮件被发送前替换收件人的地址。",
         "recipient_map_new": "新收件人",
-        "recipient_map_new_info": "新收件人必须为合法的邮件地址",
+        "recipient_map_new_info": "新收件人必须为合法的邮箱地址",
         "recipient_map_old": "原收件人",
-        "recipient_map_old_info": "原收件人必须为合法的邮件地址",
+        "recipient_map_old_info": "原收件人必须为合法的邮箱地址",
         "recipient_maps": "收件人映射",
         "relay_all": "中继所有收件人",
         "remove": "删除",
-        "resources": "日历资源",
+        "resources": "资源",
         "running": "运行中",
-        "set_postfilter": "标记为postfilter",
-        "set_prefilter": "标记为prefilter",
-        "sieve_info": "你可以为每个用户存储多个过滤器，但只能同时启用一个prefilter和一个postfilter。<br>\r\n过滤器将按列表中的顺序依次执行，下一个脚本不会因为上一个脚本失败或\"keep;\"而停止运行。更改全局sieve脚本会重启Dovecot。<br><br>全局sieve prefilter → prefilter → 用户脚本 → postfilter → 全局sieve postfilter",
-        "sieve_preset_1": "丢弃含有潜在危险文件格式的邮箱",
+        "sender": "发件人",
+        "set_postfilter": "标记为 postfilter",
+        "set_prefilter": "标记为 prefilter",
+        "sieve_info": "你可以为每个用户存储多个过滤器，但只能同时启用一个 prefilter 和一个 postfilter 。<br>\r\n过滤器将按列表中的顺序依次执行，下一个脚本不会因为上一个脚本运行失败或保留运行而停止运行。更改全局 sieve 脚本会重启 Dovecot。<br><br>全局 sieve prefilter &#8226; prefilter &#8226; 用户脚本 &#8226; postfilter &#8226; 全局 sieve postfilter",
+        "sieve_preset_1": "丢弃包含有潜在危险文件格式的邮箱",
         "sieve_preset_2": "标记来至指定发件人的邮件为已读",
-        "sieve_preset_3": "静默删除，并停止继续运行sieve脚本",
-        "sieve_preset_4": "移动到收件箱，并停止继续运行sieve脚本",
+        "sieve_preset_3": "静默删除，并停止继续运行 sieve 脚本",
+        "sieve_preset_4": "移动到收件箱，并停止继续运行 sieve 脚本",
         "sieve_preset_5": "自动回复 (休假)",
-        "sieve_preset_6": "拒绝邮件并反馈",
-        "sieve_preset_7": "重定向邮件并保留/删除",
+        "sieve_preset_6": "拒绝接收邮件并通知",
+        "sieve_preset_7": "重定向邮件并保留或删除",
         "sieve_preset_8": "删除发件人发送给自己别名地址的邮件",
-        "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a> 以了解更多细节。",
-        "sogo_visible": "SOGo别名显示",
-        "sogo_visible_n": "在SOGo中隐藏别名",
-        "sogo_visible_y": "在SOGo中显示别名",
+        "sieve_preset_header": "请看下方的示例预设。 查看 <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Sieve Wikipedia 页面 (英文)</a>以了解更多细节。",
+        "sogo_visible": "SOGo 别名显示",
+        "sogo_visible_n": "在 SOGo 中隐藏别名",
+        "sogo_visible_y": "在 SOGo 中显示别名",
         "spam_aliases": "临时别名",
         "stats": "统计",
         "status": "状态",
         "sync_jobs": "同步任务",
+        "syncjob_check_log": "检查日志",
+        "syncjob_last_run_result": "最后一次运行结果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "连接问题",
+        "syncjob_EXIT_TLS_FAILURE": "加密连接问题",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "身份认证问题",
+        "syncjob_EXIT_OVERQUOTA": "目标邮箱配额已满",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "无法连接到远程服务器",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "用户名或密码错误",
         "table_size": "表格尺寸",
         "table_size_show_n": "显示 %s 个项目",
         "target_address": "目标地址",
         "target_domain": "目标域名",
-        "tls_enforce_in": "强制入站TLS",
-        "tls_enforce_out": "强制出站TLS",
+        "tls_enforce_in": "强制入站使用 TLS",
+        "tls_enforce_out": "强制出站使用 TLS",
         "tls_map_dest": "目标",
         "tls_map_dest_info": "示例: example.org, .example.org, [mail.example.org]:25",
         "tls_map_parameters": "参数",
-        "tls_map_parameters_info": "留空或填入参数，比如: protocols=!SSLv2 ciphers=medium exclude=3DES",
+        "tls_map_parameters_info": "留空或填入相关参数，例如: protocols=!SSLv2 ciphers=medium exclude=3DES",
         "tls_map_policy": "策略",
-        "tls_policy_maps": "TLS策略规则",
-        "tls_policy_maps_info": "此策略规则覆盖用户的出站TLS策略设置。<br>\r\n  查看 <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\"文档</a> 以了解更多细节。",
-        "tls_policy_maps_enforced_tls": "这些策略同时会影响邮箱用户的出站TLS连接行为。如果在下方没有任何策略，则用户会应用 <code>smtp_tls_mandatory_protocols</code> 和 <code>smtp_tls_mandatory_ciphers</code> 指定的默认值",
-        "tls_policy_maps_long": "出站TLS策略规则重写",
-        "toggle_all": "选择/取消所有",
+        "tls_policy_maps": "TLS 策略规则",
+        "tls_policy_maps_enforced_tls": "这些策略会同时影响邮箱用户的出站 TLS 连接行为。如果在下方没有任何策略，则用户会使用 <code>smtp_tls_mandatory_protocols</code> 和 <code>smtp_tls_mandatory_ciphers</code> 指定的默认值。",
+        "tls_policy_maps_info": "此策略规则会覆盖用户的出站 TLS 策略设置。<br>\r\n  查看 <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\">\"smtp_tls_policy_maps\" 文档</a>以了解更多细节。",
+        "tls_policy_maps_long": "重写出站 TLS 策略规则",
+        "toggle_all": "选择所有/取消所有",
         "username": "用户名",
         "waiting": "等待中",
         "weekly": "每周",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "domain_templates": "域名模板",
+        "mailbox_templates": "邮箱模板",
+        "gal": "全局地址列表",
+        "max_aliases": "最大别名数",
+        "max_mailboxes": "最大可能的邮箱数"
     },
     "oauth2": {
-        "access_denied": "请作为邮箱所有者登录以使用OAuth2授权",
+        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
         "authorize_app": "授权应用",
         "deny": "拒绝",
         "permit": "授权应用",
         "profile": "个人资料",
-        "profile_desc": "查看个人信息: 用户名，全面，创建时间，修改时间，启用状态",
-        "scope_ask_permission": "一个应用请求了以下权限"
+        "profile_desc": "查看个人信息: 用户名，全称，创建时间，修改时间，状态",
+        "scope_ask_permission": "应用请求了以下权限"
     },
     "quarantine": {
         "action": "操作",
@@ -754,72 +848,74 @@
         "check_hash": "搜索文件特征 @ VT",
         "confirm": "确认",
         "confirm_delete": "确认删除此元素。",
-        "danger": "危险性",
-        "deliver_inbox": "递送到收件箱",
-        "disabled_by_config": "当前系统设置关闭了隔离功能，请设置 \"每个邮箱保留隔离项目数\" 和 \"最大文件大小\" 以开启隔离。",
+        "danger": "危险等级",
+        "deliver_inbox": "发送到收件箱",
+        "disabled_by_config": "当前系统设置关闭了隔离功能，请通过设置 \"每个邮箱保留的隔离项目数\" 以及 \"最大文件大小\" 以开启隔离。",
         "download_eml": "下载 (.eml)",
         "empty": "结果为空",
-        "high_danger": "高危险",
+        "high_danger": "高危险等级",
         "info": "信息",
         "junk_folder": "垃圾箱",
-        "learn_spam_delete": "学习为垃圾并删除",
-        "low_danger": "低危险",
-        "medium_danger": "中危险",
-        "neutral_danger": "中性",
-        "notified": "已通知",
-        "qhandler_success": "成功向系统发送请求，现在你可以关闭窗口了。",
+        "learn_spam_delete": "学习为垃圾邮件并删除",
+        "low_danger": "低危险等级",
+        "medium_danger": "中危险等级",
+        "neutral_danger": "无危险等级",
+        "notified": "已发送通知",
+        "qhandler_success": "已成功向系统发送请求，现在你可以关闭这个窗口了。",
         "qid": "Rspamd QID",
-        "qinfo": "隔离系统会将被拒绝的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
+        "qinfo": "隔离系统会把已被拒绝接收的邮件以及作为拷贝发送到垃圾箱的邮件保存到数据库中 (发件人<em>不</em>会知道)。\r\n  <br>\"学习为垃圾并删除\" 会根据贝叶斯定理将消息作为垃圾学习并计算其模糊特征以拒绝未来收到相似消息。\r\n  <br>请注意，这取决于你的系统资源，学习多个消息可能会花费较长时间。<br>黑名单中项目会被隔离系统排除。",
         "qitem": "隔离项目",
         "quarantine": "隔离",
         "quick_actions": "操作",
-        "rcpt": "收件人",
-        "received": "已接收",
-        "rejected": "已拒绝",
-        "recipients": "收件人",
-        "refresh": "刷新",
-        "release": "释放",
-        "release_body": "我们已在此消息中将你的消息附为eml文件",
-        "release_subject": "存在潜在危险的隔离文件 %s",
-        "remove": "删除",
-        "rspamd_result": "Rspamd结果",
-        "sender": "发件人 (SMTP)",
-        "sender_header": "发件人 (\"From\" 头)",
-        "type": "类型",
-        "quick_release_link": "打开快速释放链接",
         "quick_delete_link": "打开快速删除链接",
         "quick_info_link": "打开详情链接",
+        "quick_release_link": "打开快速移除链接",
+        "rcpt": "收件人",
+        "received": "已接收",
+        "recipients": "收件人",
+        "refresh": "刷新",
+        "rejected": "已拒绝",
+        "release": "移除",
+        "release_body": "我们已将你的消息作为 eml 文件附在此消息中。",
+        "release_subject": "存在潜在危险的隔离文件 %s",
+        "remove": "删除",
+        "rewrite_subject": "重写主题",
+        "rspamd_result": "Rspamd 结果",
+        "sender": "发件人 (SMTP)",
+        "sender_header": "发件人 (\"From\" 头)",
+        "settings_info": "被隔离的元素的最大数目: %s<br>电子邮件的最大大小: %s MiB",
         "show_item": "显示项目",
-        "spam": "垃圾",
+        "spam": "垃邮件圾",
         "spam_score": "分数",
         "subj": "主题",
         "table_size": "表格尺寸",
         "table_size_show_n": "显示 %s 个项目",
-        "text_from_html_content": "内容 (已转换 html)",
+        "text_from_html_content": "内容 (已转换为 html)",
         "text_plain_content": "内容 (text/plain)",
-        "toggle_all": "选择/取消所有"
+        "toggle_all": "选择所有/取消所有",
+        "type": "类型"
     },
     "queue": {
-        "delete_queue": "删除所有",
-        "flush_queue": "清空队列",
-        "queue_ays": "请确认你真的想要删除当前队列中的所有项目。",
-        "queue_deliver_mail": "递送",
-        "queue_hold_mail": "暂停",
         "queue_manager": "队列管理器",
-        "queue_unban": "队列取消封禁",
-        "queue_unhold_mail": "继续",
-        "queue_show_message": "显示消息"
+        "delete": "全部删除"
+    },
+    "ratelimit": {
+        "disabled": "禁用",
+        "second": "msgs / 秒",
+        "minute": "msgs / 分钟",
+        "hour": "msgs / 小说",
+        "day": "msgs / 天"
     },
     "start": {
         "help": "显示/隐藏 帮助面板",
-        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用PLAIN(明文)认证方法。<br>\r\n你的登录数据会被服务端强制加密。",
-        "mailcow_apps_detail": "使用mailcow应用访问你的邮件、日历、联系人和更多。",
-        "mailcow_panel_detail": "<b>域名管理员</b> 可以创建、修改或删除邮箱胡别名，更改分配给其的域名并读取更多域名相关信息。<br>\r\n<b>邮箱用户</b> 可以创建临时别名 (垃圾邮件别名)，更改他们的密码和垃圾过滤器设置。"
+        "imap_smtp_server_auth_info": "请使用你的完整邮箱地址并使用 PLAIN (明文) 认证方法。<br>\r\n你的登录数据会被服务端强制加密。",
+        "mailcow_apps_detail": "使用 Mailcow 应用访问你的邮件、日历、联系人以及更多内容。",
+        "mailcow_panel_detail": "<b>域名管理员</b>可以创建、修改或删除邮箱的别名，更改分配给用户的域名并读取更多域名相关信息。<br>\r\n<b>邮箱用户</b>可以创建临时别名 (垃圾邮件别名)，更改密码以及设置垃圾邮件过滤器。"
     },
     "success": {
-        "acl_saved": "已保存对象 %s 的ACL",
+        "acl_saved": "已保存对象 %s 的 ACL 设置",
         "admin_added": "已添加管理员 %s",
-        "admin_api_modified": "已保存API更改",
+        "admin_api_modified": "已保存 API 的更改",
         "admin_modified": "已保存管理员更改",
         "admin_removed": "已删除管理员 %s",
         "alias_added": "已添加别名地址 %s (%d)",
@@ -830,95 +926,102 @@
         "aliasd_modified": "已保存域名别名 %s 更改",
         "app_links": "已保存应用链接更改",
         "app_passwd_added": "已添加新的应用密码",
-        "app_passwd_removed": "已删除应用密码，ID %s",
-        "bcc_deleted": "已删除BCC映射条目: %s",
-        "bcc_edited": "已编辑BCC映射条目 %s",
-        "bcc_saved": "已保存BCC映射条目",
+        "app_passwd_removed": "已删除应用密码 ID %s",
+        "bcc_deleted": "已删除 BCC 映射条目: %s",
+        "bcc_edited": "已编辑 BCC 映射条目 %s",
+        "bcc_saved": "已保存 BCC 映射条目",
         "db_init_complete": "数据库初始化完成",
-        "delete_filter": "已删除过滤器，ID %s",
+        "delete_filter": "已删除过滤器 ID %s",
         "delete_filters": "已删除过滤器: %s",
-        "deleted_syncjob": "已删除同步任务，ID %s",
+        "deleted_syncjob": "已删除同步任务 ID %s",
         "deleted_syncjobs": "已删除同步任务: %s",
-        "dkim_added": "已保存DKIM密钥 %s",
-        "dkim_duplicated": "已复制域名 %s 的DKIM密钥到 %s",
-        "dkim_removed": "已删除DKIM密钥 %s",
+        "dkim_added": "已保存 DKIM 密钥 %s",
+        "domain_add_dkim_available": "DKIM 密钥已经存在",
+        "dkim_duplicated": "已复制域名 %s 的 DKIM 密钥到 %s",
+        "dkim_removed": "已删除 DKIM 密钥 %s",
         "domain_added": "已添加域名 %s",
         "domain_admin_added": "已添加域名管理员 %s",
         "domain_admin_modified": "已保存域名管理员 %s 更改",
         "domain_admin_removed": "已删除域名管理员 %s",
-        "domain_modified": "已保存域名 %s 更改",
+        "domain_modified": "已保存域名 %s 的更改",
         "domain_removed": "已删除域名 %s",
-        "dovecot_restart_success": "Dovecot重启成功",
-        "eas_reset": "已重置用户 %s 的ActiveSync设备",
-        "f2b_modified": "已保存Fail2ban参数更改",
+        "dovecot_restart_success": "Dovecot 重新启动成功",
+        "eas_reset": "已重置用户 %s 的 ActiveSync 设备",
+        "f2b_modified": "已保存 Fail2ban 参数的更改",
         "forwarding_host_added": "已添加转发主机 %s",
         "forwarding_host_removed": "已删除转发主机 %s",
         "global_filter_written": "成功将过滤器写入到文件",
         "hash_deleted": "已删除特征",
         "item_deleted": "成功删除项目 %s",
-        "item_released": "已释放项目 %s",
+        "item_released": "已移除项目 %s",
         "items_deleted": "成功删除项目 %s",
-        "items_released": "已释放选中的项目",
-        "learned_ham": "成功学习ID %s为非垃圾",
+        "items_released": "已移除选中的项目",
+        "learned_ham": "成功学习 ID %s 为非垃圾邮件",
         "license_modified": "已保存许可证更改",
         "logged_in_as": "登录为 %s",
         "mailbox_added": "已添加邮箱 %s",
-        "mailbox_modified": "已保存邮箱 %s 更改",
+        "mailbox_modified": "已保存邮箱 %s 的更改",
         "mailbox_removed": "已删除邮箱 %s",
+        "nginx_reloaded": "Nginx 已重新启动",
         "object_modified": "已保存对象 %s 更改",
-        "pushover_settings_edited": "成功设置Pushover设置，请校验凭证",
-        "qlearn_spam": "消息 ID %s 已被学习为垃圾并被删除",
+        "password_policy_saved": "已成功保存密码规则",
+        "pushover_settings_edited": "已成功设置 Pushover，请重新校验凭证",
+        "qlearn_spam": "消息 ID %s 已被学习为垃圾邮件并被删除",
         "queue_command_success": "成功执行配额命令",
-        "recipient_map_entry_deleted": "已删除接收人映射，ID %s",
+        "recipient_map_entry_deleted": "已删除接收人映射 ID %s",
         "recipient_map_entry_saved": "已保存接收人映射条目 \"%s\"",
         "relayhost_added": "已添加中继主机 %s",
         "relayhost_removed": "已删除中继主机 %s",
-        "reset_main_logo": "重置为默认logo",
+        "reset_main_logo": "重置为默认 Logo",
         "resource_added": "已添加资源 %s",
-        "resource_modified": "已保存资源 %s 更改",
+        "resource_modified": "已保存资源 %s 的更改",
         "resource_removed": "已删除资源 %s",
         "rl_saved": "已保存 %s",
-        "rspamd_ui_pw_set": "成功设置Rspamd UI密码",
+        "rspamd_ui_pw_set": "成功设置 Rspamd UI 的密码",
         "saved_settings": "已保存设置",
         "settings_map_added": "已添加设置规则",
-        "settings_map_removed": "已删除设置规则，ID %s",
-        "sogo_profile_reset": "已重置用户 %s 的SOGo个人资料",
-        "tls_policy_map_entry_deleted": "已删除TLS策略规则，ID %s",
-        "tls_policy_map_entry_saved": "已保存TLS策略规则 \"%s\"",
-        "ui_texts": "已保存UI文本更改",
-        "upload_success": "成功上传文件",
-        "verified_totp_login": "TOTP登录验证成功",
-        "verified_webauthn_login": "WebAuthn登录验证成功",
-        "verified_yotp_login": "Yubico OTP登录验证成功"
+        "settings_map_removed": "已删除设置规则 ID %s",
+        "sogo_profile_reset": "已重置用户 %s 的 SOGo 个人资料",
+        "tls_policy_map_entry_deleted": "已删除 TLS 策略规则 ID %s",
+        "tls_policy_map_entry_saved": "已保存 TLS 策略规则 \"%s\"",
+        "ui_texts": "已保存 UI 文本更改",
+        "upload_success": "文件上传成功",
+        "verified_fido2_login": "FIDO2 登录验证成功",
+        "verified_totp_login": "TOTP 登录验证成功",
+        "verified_webauthn_login": "WebAuthn 登录验证成功",
+        "verified_yotp_login": "Yubico OTP 登录验证成功"
     },
     "tfa": {
-        "api_register": "%s 使用 Yubico Cloud API，请 <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a> 为你的密钥获取API密钥",
+        "api_register": "%s 使用了 Yubico Cloud API，请<a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">在此</a>为你的密钥获取 API 密钥",
         "confirm": "确认",
-        "confirm_totp_token": "请输入生成的token以确认更改",
+        "confirm_totp_token": "请输入生成的验证码以确认更改",
         "delete_tfa": "关闭两步验证",
         "disable_tfa": "在下一次成功登录前关闭两步验证",
-        "enter_qr_code": "如果你的设备不能扫描QR码，输入此TOTP码",
-        "error_code": "错误码",
+        "enter_qr_code": "如果你的设备无法扫描 QR 码，请输入此 TOTP 码",
+        "error_code": "故障代码",
         "init_webauthn": "初始化中，请等待...",
-        "key_id": "你的YubiKey的标识",
-        "key_id_totp": "你的密钥的标识",
+        "key_id": "你的设备的标识符",
+        "key_id_totp": "你的密钥的名称",
         "none": "禁用",
-        "reload_retry": "- (如果一直出现错误，重启浏览器)",
-        "scan_qr_code": "请用你认证应用扫描或手动输入此码。",
+        "reload_retry": "- (如果一直出现错误，请尝试重启浏览器)",
+        "scan_qr_code": "请用你的认证应用扫描或手动输入 TOTP 码。",
         "select": "请选择",
-        "set_tfa": "设置两步验证方法",
+        "set_tfa": "启用两步验证方法",
         "start_webauthn_validation": "开始认证",
-        "tfa": "两步验证(2FA)",
-        "totp": "TOTP认证 (Google Authenticator、Authy等)",
-        "webauthn": "WebAuthn认证",
-        "waiting_usb_auth": "<i>等待USB设备...</i><br><br>现在请触碰你的WebAuthn USB设备上的按钮。",
-        "waiting_usb_register": "<i>等待USB设备...</i><br><br>请在上方输入你的密码并请触碰你的WebAuthn USB设备上的按钮以确认注册WebAuthn设备。",
-        "yubi_otp": "Yubico OTP认证"
+        "tfa": "两步验证 (2FA)",
+        "tfa_token_invalid": "TFA token 无效",
+        "totp": "TOTP 认证 (Google Authenticator、Authy 等)",
+        "u2f_deprecated": "似乎你的密钥是使用废弃的 U2F 方法获得的。我们将为停用你的两步验证并删除该密钥。",
+        "u2f_deprecated_important": "请在管理面板上使用新的 WebAuthn 方法获得你的密钥。",
+        "webauthn": "WebAuthn 认证",
+        "waiting_usb_auth": "<i>等待 USB 设备中...</i><br><br>现在请触碰你的 WebAuthn USB 设备上的按钮。",
+        "waiting_usb_register": "<i>等待 USB 设备中...</i><br><br>请在上方输入你的密码并请触碰你的 WebAuthn USB 设备上的按钮以确认注册该 WebAuthn 设备。",
+        "yubi_otp": "Yubico OTP 认证"
     },
     "user": {
         "action": "操作",
         "active": "启用",
-        "active_sieve": "启用的过滤器",
+        "active_sieve": "已启用的过滤器",
         "advanced_settings": "高级设置",
         "alias": "别名",
         "alias_create_random": "生成随机别名",
@@ -929,85 +1032,110 @@
         "alias_time_left": "剩余时间",
         "alias_valid_until": "有效至",
         "aliases_also_send_as": "同时允许发送为",
-        "aliases_send_as_all": "关闭发件人可访性检查的域名(别名)",
-        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名保持不变。<br>应用密码不作用于SOGo (包括 ActiveSync) ",
+        "aliases_send_as_all": "已关闭发件人可访性检查的域名和域名别名",
+        "app_hint": "应用密码是你登录 <b>IMAP 和 SMTP</b> 时的可选替代密码，用户名仍然保持不变。<br>应用密码不适用于 SOGo (包括 ActiveSync) ",
+        "allowed_protocols": "允许使用的协议",
         "app_name": "应用名称",
         "app_passwds": "应用密码",
-        "apple_connection_profile": "Apple连接描述文件",
-        "apple_connection_profile_complete": "此连接描述文件包括提供给Apple设备的IMAP和SMTP配置参数并包括CalDAV (日历) 和 CardDAV (联系人) 访问路径。",
-        "apple_connection_profile_mailonly": "此连接描述文件包括提供给Apple设备的IMAP和SMTP配置参数。",
+        "apple_connection_profile": "Apple 连接描述文件",
+        "apple_connection_profile_complete": "此连接描述文件包括提供给 Apple 设备的 IMAP 和 SMTP 配置参数，并会包括 CalDAV (日历) 和 CardDAV (联系人) 的访问路径。",
+        "apple_connection_profile_mailonly": "此连接描述文件包括提供给 Apple 设备的 IMAP 和 SMTP 配置参数。",
+        "apple_connection_profile_with_app_password": "一个新的应用程序密码将会被生成并添加到该配置文件中，因此在设备设置时不需要输入密码。请不要随意分享该文件，因为它包含你的邮箱的完全访问权限。",
         "change_password": "更改密码",
-        "client_configuration": "显示邮箱客户端和智能手机配置指南",
+        "change_password_hint_app_passwords": "你的账户有 {{number_of_app_passwords}} 个应用密码，这些密码将不会被更改。如果需要管理这些密码，请访问应用密码标签。",
+        "clear_recent_successful_connections": "清除成功匹配的连接",
+        "client_configuration": "显示邮箱客户端和智能手机的配置指南",
         "create_app_passwd": "添加应用密码",
         "create_syncjob": "添加同步任务",
+        "created_on": "添加于",
         "daily": "每日",
         "day": "日",
         "delete_ays": "请确认删除。",
         "direct_aliases": "直接别名",
-        "direct_aliases_desc": "垃圾邮件过滤和TLS策略会作用于直接别名。",
-        "eas_reset": "重置ActiveSync设备缓存",
-        "eas_reset_help": "在许多情况下，重置设备缓存可以帮助恢复错误的ActiveSync资料。<br><b>注意:</b> 所有元素会被重新下载！",
+        "direct_aliases_desc": "垃圾邮件过滤和 TLS 策略会作用于直接别名。",
+        "direct_protocol_access": "该邮箱用户可以<b>直接</b>从<b>外部</b>访问以下的协议和应用程序。该选项由你的管理员进行设置。并可以创建应用密码，以授予对个别协议和应用的访问权限。<br>\"登录到 Webmail\" 按钮提供到 SOGo 的单点登录方式，并且始终可用。",
+        "eas_reset": "重置 ActiveSync 设备缓存",
+        "eas_reset_help": "在许多情况下，重置设备缓存可以帮助恢复错误的 ActiveSync 资料。<br><b>注意:</b> 所有元素将会被重新下载！",
         "eas_reset_now": "立即重置",
         "edit": "编辑",
         "email": "邮件",
         "email_and_dav": "邮件、日历和联系人",
+        "empty": "结果为空",
         "encryption": "加密",
         "excludes": "排除",
         "expire_in": "过期于",
-        "force_pw_update": "你<b>必须</b>设置一个新密码以继续使用群件相关服务。",
+        "fido2_webauthn": "FIDO2/WebAuthn",
+        "force_pw_update": "你<b>必须</b>设置一个新密码才能继续使用群组的相关服务。",
+        "from": "从",
         "generate": "生成",
         "hour": "小时",
         "hourly": "每小时",
         "hours": "小时",
         "in_use": "已使用",
         "interval": "间隔",
-        "is_catch_all": "收取域名下所有邮件",
-        "last_mail_login": "最后邮箱登录",
-        "last_run": "最后运行",
+        "is_catch_all": "接收该域名下的所有邮件",
+        "last_mail_login": "最后一次邮箱登录",
+        "last_pw_change": "最后一次密码修改",
+        "last_run": "最后一次运行",
+        "last_ui_login": "最后一次 UI 登录信息",
         "loading": "加载中...",
+        "login_history": "登录历史",
+        "mailbox": "Mailbox",
         "mailbox_details": "邮箱详情",
+        "mailbox_general": "通用设置",
+        "mailbox_settings": "邮箱设置",
         "messages": "消息",
+        "month": "月",
+        "months": "月",
         "never": "从不",
         "new_password": "新密码",
         "new_password_repeat": "确认密码 (重复)",
-        "no_active_filter": "没有启用的过滤器",
-        "no_last_login": "没有最后UI登录信息",
+        "no_active_filter": "没有已启用的过滤器",
+        "no_last_login": "没有最后一次 UI 登录信息",
         "no_record": "没有记录",
+        "open_logs": "打开日志",
+        "open_webmail_sso": "登录到 Webmail",
         "password": "密码",
         "password_now": "当前密码 (确认更改)",
-        "password_repeat": "密码 (重复)",
-        "pushover_evaluate_x_prio": "加速高优先级邮件 [<code>X-Priority: 1</code>]",
+        "password_repeat": "确认密码 (重复)",
+        "pushover_evaluate_x_prio": "优先响应高优先级邮件 [<code>X-Priority: 1</code>]",
         "pushover_info": "推送通知设置会应用到所有递送到 <b>%s</b> (包括其别名) 的非垃圾邮件。",
         "pushover_only_x_prio": "只为高优先级邮件开启 [<code>X-Priority: 1</code>]",
-        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(英文逗号分隔)</small>",
+        "pushover_sender_array": "只为以下发件人邮箱地址开启 <small>(存在多个地址时使用英文逗号分隔)</small>",
         "pushover_sender_regex": "也可以使用正则表达式过滤发件人",
         "pushover_text": "通知文本",
         "pushover_title": "通知标题",
-        "pushover_vars": "如果没有定义发件人过滤器则会为所有邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器分别被定义，并且会依序应用，而不是覆盖另一个。<br>在文本和标题中可用的变量 (请注意数据保护条例)",
+        "pushover_vars": "如果没有定义发件人过滤器则会为所有的邮件开启通知推送。<br>正则表达式过滤器可以和普通过滤器一同使用，并且会按顺序被使用，而不是被覆盖。<br>在文本和标题中可用的变量 (请注意数据保护)",
         "pushover_verify": "验证凭证",
+        "q_add_header": "垃圾邮件文件夹",
+        "q_all": "全部类别",
+        "q_reject": "拒绝接收",
+        "quarantine_category": "隔离通知类别",
+        "quarantine_category_info": "隔离通知类别\"拒绝接收\"包括所有被拒绝的邮件，而\"垃圾邮件文件夹\"将通知用户被放入垃圾邮件文件夹的邮件。",
         "quarantine_notification": "隔离通知",
-        "quarantine_notification_info": "一旦某通知已被发送，其会被标记为\"已通知\"且不会被再次发送。",
+        "quarantine_notification_info": "一但通知被发送，其会被标记为\"已通知\"且不会被再次发送。",
+        "recent_successful_connections": "成功匹配的连接",
         "remove": "删除",
         "running": "运行中",
         "save": "保存更改",
         "save_changes": "保存更改",
         "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">发件人检查已关闭</span>",
         "shared_aliases": "共享别名地址",
-        "shared_aliases_desc": "用户设置如垃圾过滤器和加密策略等不会应用到共享别名地址。共享别名地址只能应用域名级别的垃圾过滤器且只能被管理员修改。",
-        "show_sieve_filters": "显示启用的用户sieve过滤器",
-        "sogo_profile_reset": "重置SOGo个人资料",
-        "sogo_profile_reset_help": "此操作会不可恢复地删除用户SOGo个人资料并<b>删除所有联系人和日历数据</b>。",
+        "shared_aliases_desc": "用户设置的垃圾邮件过滤器和加密策略等不会应用到共享别名地址。共享别名地址只能应用域名级别的垃圾邮件过滤器，并且只能被管理员修改。",
+        "show_sieve_filters": "显示用户启用的 sieve 过滤器",
+        "sogo_profile_reset": "重置 SOGo 个人资料",
+        "sogo_profile_reset_help": "此操作会不可恢复地删除用户的 SOGo 个人资料并<b>删除所有联系人和日历数据</b>。",
         "sogo_profile_reset_now": "立即重置个人资料",
         "spam_aliases": "临时邮箱别名",
         "spam_score_reset": "重置为服务器默认值",
-        "spamfilter": "垃圾过滤器",
-        "spamfilter_behavior": "评分",
+        "spamfilter": "垃圾邮件过滤器",
+        "spamfilter_behavior": "分数",
         "spamfilter_bl": "黑名单",
-        "spamfilter_bl_desc": "黑名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离。此处可以使用通配符\"*\"。此过滤器也会应用到直接别名(只指向一个目标邮箱)，但不会应用到\"捕获所有\"别名和邮箱地址本身。",
+        "spamfilter_bl_desc": "黑名单中地址<b>总是会</b>被标记为垃圾邮件。被拒绝的邮件<b>不会</b>进入隔离区。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
         "spamfilter_default_score": "默认值",
-        "spamfilter_green": "绿色: 此消息不是垃圾",
-        "spamfilter_hint": "第一个值表示\"低垃圾分数\"，第二个值表示\"高垃圾分数\"。",
-        "spamfilter_red": "红色: 此消息是垃圾并且会被服务器拒绝",
+        "spamfilter_green": "绿色: 此消息不是垃圾邮件",
+        "spamfilter_hint": "第一个值表示\"低垃圾邮件分数\"，第二个值表示\"高垃圾邮件分数\"。",
+        "spamfilter_red": "红色: 此消息是垃圾邮件并且会被服务器拒收",
         "spamfilter_table_action": "操作",
         "spamfilter_table_add": "添加项目",
         "spamfilter_table_domain_policy": "n/a (域名策略)",
@@ -1015,40 +1143,66 @@
         "spamfilter_table_remove": "删除",
         "spamfilter_table_rule": "规则",
         "spamfilter_wl": "白名单",
-        "spamfilter_wl_desc": "白名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符\"*\"。此过滤器也会应用到直接别名(只指向一个目标邮箱)，但不会应用到\"捕获所有\"别名和邮箱地址本身。",
-        "spamfilter_yellow": "黄色: 此为垃圾消息，会被标记为垃圾并且移入垃圾文件夹",
+        "spamfilter_wl_desc": "白名单中地址<b>永远不会</b>被标记为垃圾邮件。此处可以使用通配符 \"*\"。此过滤器也会应用到直接别名 (只指向一个目标邮箱)，但不会应用到\"接收所有\"别名和邮箱地址本身。",
+        "spamfilter_yellow": "黄色: 此为垃圾邮件，会被标记为垃圾邮件并且移入垃圾邮件文件夹",
         "status": "状态",
         "sync_jobs": "同步任务",
-        "tag_handling": "处理有标签的邮件",
-        "tag_help_example": "有标签的邮箱地址示例: me<b>+Facebook</b>@example.org",
-        "tag_help_explain": "置于子文件夹: 在INBOX(收件箱)下创建一个以标签名命名的子文件夹 (\"INBOX/Facebook\")。<br>\r\n置于主题: 标签名会被前置到邮件主题, 如: \"[Facebook] 我的新闻\"。",
+        "syncjob_check_log": "检查日志",
+        "syncjob_last_run_result": "最后一次运行结果",
+        "syncjob_EX_OK": "成功",
+        "syncjob_EXIT_CONNECTION_FAILURE": "连接问题",
+        "syncjob_EXIT_TLS_FAILURE": "加密连接问题",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE": "身份认证问题",
+        "syncjob_EXIT_OVERQUOTA": "目标邮箱配额已满",
+        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "无法连接到远程服务器",
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "用户名或密码错误",
+        "tag_handling": "处理带有标签的邮件",
+        "tag_help_example": "带有标签的邮箱地址示例: me<b>+Facebook</b>@example.org",
+        "tag_help_explain": "置于子文件夹: 在 INBOX (收件箱) 下创建一个以标签名命名的子文件夹 (\"INBOX/Facebook\")。<br>\r\n置于主题: 标签名会被前置到邮件主题, 例如: \"[Facebook] My News\"。",
         "tag_in_none": "不处理",
         "tag_in_subfolder": "置于子文件夹",
         "tag_in_subject": "置于主题",
         "text": "文本",
         "title": "标题",
-        "tls_enforce_in": "强制入站TLS",
-        "tls_enforce_out": "强制出站TLS",
+        "tls_enforce_in": "强制入站使用 TLS",
+        "tls_enforce_out": "强制出站使用 TLS",
         "tls_policy": "加密策略",
-        "tls_policy_warning": "<strong>警告:</strong> 如果你决定强制加密邮箱传输，你有可能丢失邮件。<br>不支持加密的邮件系统将不能与此服务器交换邮件。<br>此选项会应用到你的主邮件地址(登录名)、域名别名对应的地址和<b>只指向此一个邮箱</b>(非共享)的别名地址。",
+        "tls_policy_warning": "<strong>警告:</strong> 如果你决定强制使用加密邮箱传输，你有可能丢失邮件。<br>不支持加密的邮件系统将无法与此服务器交换邮件。<br>此选项会应用到你的主邮箱地址 (登录名)、域名别名对应的地址和<b>只指向此一个邮箱</b> (非共享) 的别名地址。",
         "user_settings": "用户设置",
         "username": "用户名",
         "verify": "验证",
         "waiting": "等待中",
         "week": "周",
         "weekly": "每周",
-        "weeks": "周"
+        "weeks": "周",
+        "with_app_password": "包含应用密码",
+        "year": "年",
+        "years": "年"
     },
     "warning": {
-        "cannot_delete_self": "不能删除已登录用户",
-        "domain_added_sogo_failed": "域名已添加但是重启Dovecot失败，请检查日志。",
-        "dovecot_restart_failed": "Dovecot重启失败，请检查日志",
+        "cannot_delete_self": "不能删除已登录的用户",
+        "domain_added_sogo_failed": "域名已添加但是重启 Dovecot 失败，请检查相关日志。",
+        "dovecot_restart_failed": "Dovecot 重启失败，请检查相关日志",
         "fuzzy_learn_error": "模糊特征学习失败: %s",
         "hash_not_found": "找不到特征或已被删除",
-        "ip_invalid": "跳过的非法IP: %s",
-        "no_active_admin": "不能禁用最后一个启用的管理员",
-        "quota_exceeded_scope": "域名配额超出: 此域名下现在只能创建无限容量的邮箱。",
-        "session_token": "表单字段非法: 字段不匹配",
-        "session_ua": "表单字段非法: User-Agent校验错误"
+        "ip_invalid": "跳过的无效 IP: %s",
+        "is_not_primary_alias": "跳过的非主要别名 %s",
+        "no_active_admin": "不能禁用最后一个被启用的管理员",
+        "quota_exceeded_scope": "域名配额超标: 此域名下现在只能创建无限容量的邮箱。",
+        "session_token": "表单字段无效: Token 不匹配",
+        "session_ua": "表单字段无效: User-Agent 校验错误"
+    },
+    "datatables": {
+        "info": "正从 _TOTAL_ 个条目中显示 _START_ 到 _END_ 条目",
+        "collapse_all": "全部折叠",
+        "expand_all": "全部展开",
+        "infoEmpty": "正从共 0 个条目中显示从 0 到 0 条目",
+        "processing": "请稍等...",
+        "search": "搜索：",
+        "paginate": {
+            "first": "第一页",
+            "last": "最后一页",
+            "previous": "上一页"
+        }
     }
 }
diff --git a/data/web/lang/lang.zh-tw.json b/data/web/lang/lang.zh-tw.json
index 7b34172f..916188db 100644
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -152,7 +152,6 @@
         "credentials_transport_warning": "<b>警告</b>: 新增新的傳輸規則會同時更新所有\"下一跳\"欄中符合項目的認證憑證。",
         "customer_id": "客戶 ID",
         "customize": "自訂",
-        "delete_queue": "刪除全部",
         "destination": "目標地址",
         "dkim_add_key": "新增 ARC/DKIM 金鑰",
         "dkim_domains_selector": "選擇器",
@@ -189,7 +188,6 @@
         "f2b_retry_window": "重試次數的時間區間大小 (秒)",
         "f2b_whitelist": "網路/主機白名單",
         "filter_table": "篩選表格",
-        "flush_queue": "清空佇列",
         "forwarding_hosts": "轉發主機",
         "forwarding_hosts_add_hint": "你可以指定 IPv4/IPv6 地址、CIDR 表示的網路、主機名稱 (會被自動解析為 IP 地址)，或者信箱域名 (會自動查詢 SPF 紀錄或 MX 紀錄並解析為 IP 地址)。",
         "forwarding_hosts_hint": "來自此處所列的主機的郵件會被無條件接收。而且這些主機不會經過 DNSBL 或灰名單的檢查。來自它們的垃圾郵件不會被拒絕，但可以設定被歸入垃圾郵件資料夾。這個欄位經常用於設定轉寄信件至 mailcow 伺服器的郵件伺服器。",
@@ -259,13 +257,6 @@
         "quarantine_release_format_att": "如附件",
         "quarantine_release_format_raw": "未修改的原始信件",
         "quarantine_retention_size": "每個信箱的隔離保留上限：<br><small>0 表示 <b>停用</b>。</small>",
-        "queue_ays": "請確定是否要刪除目前佇列中的所有項目。",
-        "queue_deliver_mail": "遞送",
-        "queue_hold_mail": "暫停",
-        "queue_manager": "佇列管理",
-        "queue_show_message": "顯示訊息",
-        "queue_unban": "佇列解除封鎖",
-        "queue_unhold_mail": "繼續",
         "quota_notification_html": "通知信模版：<br><small>留空來重設為預設模版。</small>",
         "quota_notification_sender": "通知信寄件人",
         "quota_notification_subject": "通知信主旨",
@@ -652,8 +643,6 @@
         "administration": "設定和管理",
         "apps": "應用程式",
         "debug": "系統訊息",
-        "mailboxes": "信箱設定",
-        "mailcow_settings": "設定",
         "quarantine": "隔離",
         "restart_netfilter": "重新啟動 netfilter",
         "restart_sogo": "重新啟動 SOGo",
@@ -666,7 +655,7 @@
     },
     "login": {
         "delayed": "請在 %s 秒後重新登入。",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
         "login": "登入",
         "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
         "other_logins": "金鑰登入",
@@ -905,11 +894,11 @@
         "type": "類型"
     },
     "ratelimit": {
-      "disabled": "停用",
-      "second": "訊息 / 秒",
-      "minute": "訊息 / 分鐘",
-      "hour": "訊息 / 小時",
-      "day": "訊息 / 天"
+        "disabled": "停用",
+        "second": "訊息 / 秒",
+        "minute": "訊息 / 分鐘",
+        "hour": "訊息 / 小時",
+        "day": "訊息 / 天"
     },
     "start": {
         "help": "顯示/隱藏 幫助面板",
diff --git a/data/web/templates/admin.twig b/data/web/templates/admin.twig
index f3408928..33f2422b 100644
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -14,7 +14,7 @@
     </li>
 
     <li class="nav-item dropdown">
-      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.configuration }}</a>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-expanded="false">{{ lang.admin.options }}</a>
       <ul class="dropdown-menu">
         <li><button class="dropdown-item" data-bs-target="#tab-config-dkim" aria-selected="false" aria-controls="tab-config-dkim" role="tab" data-bs-toggle="tab">{{ lang.admin.dkim_keys }}</button></li>
         <li><button class="dropdown-item" data-bs-target="#tab-config-fwdhosts" aria-selected="false" aria-controls="tab-config-fwdhosts" role="tab" data-bs-toggle="tab">{{ lang.admin.forwarding_hosts }}</button></li>
@@ -57,7 +57,7 @@
       </div>
     </div> <!-- /col-md-12 -->
   </div> <!-- /row -->
-</div> 
+</div>
 
 {% include 'modals/admin.twig' %}
 
@@ -66,7 +66,7 @@ var lang = {{ lang_admin|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var admin_username = '{{ mailcow_cc_username }}';
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
-var log_pagination_size = '{{ log_pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
+var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/admin/tab-config-customize.twig b/data/web/templates/admin/tab-config-customize.twig
index 4ec6aecb..766c0b6a 100644
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -33,6 +33,20 @@
           </div>
         </div>
       {% endif %}
+      <legend style="padding-top:20px" unselectable="on">{{ lang.admin.ip_check }}</legend><hr />
+      <div id="ip_check">
+        <form class="form" data-id="ip_check" role="form" method="post">
+          <div class="mb-4">
+            <input class="form-check-input" type="checkbox" value="1" name="ip_check_opt_in" id="ip_check_opt_in" {% if ip_check == 1 %}checked{% endif %}>
+            <label class="form-check-label" for="ip_check_opt_in">
+              {{ lang.admin.ip_check_opt_in|raw }}
+            </label>
+          </div>
+          <p><div class="btn-group">
+            <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-success" data-action="edit_selected" data-item="admin" data-id="ip_check" data-reload="no" data-api-url='edit/ip_check' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+          </div></p>
+        </form>
+      </div>
       <legend>{{ lang.admin.app_links }}</legend><hr />
       <p class="text-muted">{{ lang.admin.merged_vars_hint|raw }}</p>
       <form class="form-inline" data-id="app_links" role="form" method="post">
diff --git a/data/web/templates/admin/tab-routing.twig b/data/web/templates/admin/tab-routing.twig
index 8caeec8a..9b584289 100644
--- a/data/web/templates/admin/tab-routing.twig
+++ b/data/web/templates/admin/tab-routing.twig
@@ -36,7 +36,7 @@
             </div>
             <div class="mb-4">
               <label for="rlyhost_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="rlyhost_password" name="password">
+              <input class="form-control" id="rlyhost_password" name="password" type="password">
             </div>
             <button class="btn btn-sm d-block d-sm-inline btn-success" data-action="add_item" data-id="rlyhost" data-api-url='add/relayhost' data-api-attr='{}' href="#"><i class="bi bi-plus-lg"></i> {{ lang.admin.add }}</button>
           </form>
@@ -86,7 +86,7 @@
             </div>
             <div class="mb-4">
               <label for="transport_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="transport_password" name="password">
+              <input class="form-control" id="transport_password" name="password" type="password">
             </div>
             <div class="mb-2">
               <label>
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index 83860ad0..06c47bd2 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -11,8 +11,8 @@
   <link rel="stylesheet" href="{{ css_path }}">
   <script>
     // check if darkmode is preferred by OS or set by localStorage
-    if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ||
-        JSON.parse(localStorage.getItem("darkmode")) === true) {
+    if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("theme") !== "light" ||
+        localStorage.getItem("theme") === "dark") {
       var head  = document.getElementsByTagName('head')[0];
       var link  = document.createElement('link');
       link.id   = 'dark-mode-theme';
@@ -80,7 +80,9 @@
             {% if mailcow_cc_role == 'admin' %}
             <li><a href="/queue" class="dropdown-item {% if is_uri('queue') %}active{% endif %}">{{ lang.queue.queue_manager }}</a></li>
             {% endif %}
+            {% if mailcow_cc_role == 'admin' %}
             <li><a href="#" class="dropdown-item" data-bs-toggle="modal" data-container="sogo-mailcow" data-bs-target="#RestartContainer">{{ lang.header.restart_sogo }}</a></li>
+            {% endif %}
           </ul>
         </li>
         {% endif %}
diff --git a/data/web/templates/debug.twig b/data/web/templates/debug.twig
index 42bd8a62..006703fb 100644
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -41,7 +41,7 @@
               </div>
               <div class="col-sm-12 col-md-8">
                 <div class="table-responsive" style="margin-top: 10px;">
-                  <table class="table table-striped table-condensed">
+                  <table class="table table-striped table-condensed w-100">
                     <tbody>
                       <tr>
                         <td>Hostname</td>
@@ -52,8 +52,18 @@
                       <tr>
                         <td>IPs</td>
                         <td class="text-break">
-                          <span class="d-block" id="host_ipv4">-</span>
-                          <span class="d-block" id="host_ipv6">-</span>
+                          {% if ip_check == 1 %}
+                            <span class="d-none" id="host_ipv4">-</span>
+                            <span class="d-none mb-2" id="host_ipv6">-</span>
+                            <button class="d-block btn btn-primary btn-sm" id="host_show_ip">
+                              <span class="text">{{ lang.debug.show_ip }}</span>
+                              <div class="spinner-border spinner-border-sm d-none" role="status">
+                                <span class="visually-hidden">Loading...</span>
+                              </div>
+                            </button>
+                          {% else %}
+                            <span class="d-block">{{ lang.admin.ip_check_disabled|raw }}</span>
+                          {% endif %}
                         </td>
                       </tr>
                       <tr>
@@ -61,7 +71,7 @@
                         <td class="text-break">
                           <div class="fw-bolder">
                             <p ><a href="#" id="maiclow_version">{{ mailcow_info.version_tag }}</a></p>
-                            <p id="mailcow_update"></p> 
+                            <p id="mailcow_update"></p>
                           </div>
                         </td>
                       </tr>
@@ -154,6 +164,102 @@
           </div>
           <div class="card-body p-0">
             <div class="row mx-0">
+              <!-- solr info -->
+              <div class="col-md-6 col-sm-12 p-2">
+                <div class="list-group-item p-0">
+                  <div class="d-flex p-2 list-group-header">
+                    <div>
+                      <span class="fw-bold">solr-mailcow</span>
+                      {% if containers["solr-mailcow"].State.Running == 1 %}
+                      <span class="d-block d-md-inline">({{ containers["solr-mailcow"].Config.Image }})</span>
+                      {% endif %}
+                      {% if containers["solr-mailcow"].State.Running == 1 %}
+                      <small class="d-block">({{ lang.debug.started_on }} <span class="parse_date">{{ containers["solr-mailcow"].State.StartedAtHR }}</span>)</small>
+                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
+                      <small class="d-block">{{ lang.debug.container_disabled }}</small>
+                      {% endif %}
+                      {% if containers["solr-mailcow"].State.Running == 1 %}
+                        <span class="badge fs-7 bg-success loader" style="min-width:100px">
+                          {{ lang.debug.container_running }}
+                          <span class="loader-dot">.</span>
+                          <span class="loader-dot">.</span>
+                          <span class="loader-dot">.</span>
+                        </span>
+                      {% elseif containers["solr-mailcow"].State.Running != 1 %}
+                        <span class="badge fs-7 bg-danger" style="min-width:100px">
+                          {{ lang.debug.container_stopped }}
+                          <i class="bi-x ms-1"></i>
+                        </span>
+                      {% endif %}
+                    </div>
+                  {% if containers["solr-mailcow"].State.Running == 1 %}
+                    <div class="mt-auto ms-auto">
+                      <button class="btn btn-light" type="button" data-bs-toggle="collapse" data-bs-target="#solr-mailcowCollapse" aria-expanded="false" aria-controls="solr-mailcowCollapse">
+                        <i class="bi bi-caret-down-fill caret"></i>
+                      </button>
+                    </div>
+                  {% endif %}
+                  </div>
+                  {% if containers["solr-mailcow"].State.Running == 1 %}
+                  <div class="collapse p-0 list-group-details container-details-collapse" id="solr-mailcowCollapse" data-id="{{ containers["solr-mailcow"].Id }}">
+                    <div class="row p-2 pt-4">
+                      <div class="col-sm-3">
+                        <p><img class="img-responsive" alt="Solr Logo" width="128px" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABlCAYAAAAI2qyuAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAXEUAAFxFAbktYiwAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAABv7SURBVHhe7V0JuBxVlX4JMy6jM4qOC4rp6qWq+jW+ruoXkIjoS1d3EhYXRvNkFHFBYECUAXGAASEOyiLIrigOEpDoACIqwogLiwMSkIghYF4viSFhiUGWCAQIyXuZ/9w+3V3VdXtfee/+33e+16/uqXtv1T2n7j33nnvukIJCP7BjbOzvsgt0O5cyjsymzG9mU8YvcylzIucYT2Ydczt+7xDkGFuR/hf8XplxzHG6d20qauSSkfCSJUOzRWYKCtMBE3uZ/5hxjE9A4K+FEmwuKUFj9Nd1Y9brdwwNzco6xr10DXk8DAX77kTaXEQKx8UoKLz8AGE+D73BcxVC3zBl09HPUz6ZpOHI0kEboXhnrU3H5ogCFRQGHSvmzv17+stf/ZaVA71EppgXFO0Xcp4CYai2LZeKLs2m9BDxKygMHEg4Mynz+kzK2IP+X52KvlEmzI1SPml+kPLB8CyOXmJKxuMnYyvoG7l9Iv9E9yoo9B3Xjg/thC/8cegtnsffFyGcr6TrBWNcJsQNkGPeIjIHkO8yKU9teiSXiryfs1BQ6A8eWhTdBV/3W4qCid/3c9IQ9QAugW2YoGSTeSc6Snn8KTkcKAyf5Ly1iHudi9eNBV4lKqSg0Evk0tF5EN7HPILpmN/l5CEMdY71pDVKjnkFZ0HDqwulPE1QJmneM5E238ZZKih0H3ln+AB8oV/wC6TxOWYhBfmGP702offYknX0t9P9Dy6MvaE9I99Fjrk+50RiomIKCt0EBO7jENzyop6LVqNXYTbiu6YyvR5NpMz/4tuH8PvLMp6WyTFO5awVFLoDfIkXQ9CkygHatuL9c/+BWYfQwyyX8FQlKN1jGxfEX0P3blg879XoTTbJ+JolskUySeNEUae0PkxEvxUUOgoMfd4rZqkkQkgEAV/FrALgfVzGV41gb3yWbx3KYKgm42mWqKfLpqKHU54Fg9/cgHqtp8kFUZCCQidAK9UQrpoCD2H8HrMPUU9SbRhWhVZeOz6+E927A39h/K+R8DRHjrGVejzKM7dP5E3IM1NMQ92WF6ejFRTawoPjsVdA0O72CJ+E0AMcxbcMkVOhjEdGYgiUNlJ861DeMcdlfM2R8SyM8gWUHy0aQllWSPguFgUqKLSDfMrYRyJcPppImnvxLSTkSRmPlBzjRr5NAMr4eylfo+QYT2A4+C7Ki9ZAsk70NhmfUEw8myhUQaFV0PBKJmBuwvDlpXVjY6UFOVw7pJKnCm3LObHS9Cv1JBKeZuiRfHJ4N8qLPH2hbD+V8JTJMdY/OBZ7rShcQaEV7FgyNBtj9iekAsaE9AeYXSDjRJfI+CoJBvO3+BYBKNrNMr5GCHXIToyZGuVDjpIZx7xCxucjxzhbFK6g0CogSP/rEywXQThLBjoBw5fLZHxugnJsJuOZbxnKLtQtGvbIeOsRyr9vrfPOt1A+pBzoOc6V8ckIivRiUbEUFFoCBPcsmXAVKTvfPJpZBSCgv5bxecgxjmd2gXzKvErKV4egHLevTYdex9lQXZteYMykyi4yCgp1UXT3KAJC9JFKoXJTZoHxHmYVgPBnZXxFwlDqIbcTYatOidmkccNd83Z9NWczlEubR0BBpLy1iNZ31NqIQsOgIRL/FPgzBFgmWET4gm9fySvgBLFRSuqnVSYo4L8yuwAUqmmnxIxjXFncUEWgPFHupIy3EZpwzNM4KwWF6kBvEKRZqdtc+70L43q5oQ6h/BOzCZAtIOMrEgR7OeXH7IWNVU06JaJ+F7jzyM83F1GdZbyNEnqRh4uLlQoKVTGRLIzhK/d5QwApAolfuBzzSmYRoB2FUj4QlGkqM987HAP/KTJeGdH9EOST+VaBNRjeNatg1YjWbzhbBQU5MGQS0UMyaWNvviQAwTyzUqCIILReA72GvQJl+BGzCWyA/YB8G3JKLAyfyu70hDUpcwQK+pSMvxWinomzVlDwY82C0JsLgigE5iC+LABBXOwWpiKREyOzCOTmG8fL+cwXK4MqgLdBp0Rjaz41fCDfJiDcWRzjUTl/a4Q65jl7BQU/3EpQdBEvYt0iU3MLExG+uNsedbm4E6oZ3Og9zmEWAbJxoIx1nRIhtFvI3YVvE1i9KLpLxjHXyvjbIRrCqdkshapAb1BaYIOCeJz5eEX9abdAQaFWc3IJuH69h6dAIgAcswhAYQ6U8HkICviU28eLsGr/kZ0hyPfL+Nsmx9iu7BCFqoDg/colMDfx5RIgQN4FwLTXQCdgOOTznEW+HjuFAOWq45RoPDYBG4PZBWg6GUp6l5y/daLVdDzbpVBGk4tSUPAjk6RwOQWhwdf7Qb5cAoTobLdg5dLGMZwkUFgDqexlygHgiqgRKVEQ8siTjcHsAsLtPlnb5aVZwvANBr5x+rqx2Fu5mKHMmPHP/FNBoYyCa3h5oQ2/N7vXGgj5tPFRj4Alh9/HSQIUh9edhyDH/AAnl4BeoJZT4v3r9isLLKEwvDOvlvC2RJmU+TCGeF/c5PLkLYQwMi6nHoovKSiUwTv5HigKEQRyigSekwUecG2EQvp2t4ARMguNaDFd8KSMWyuVjALKkTHs5ivxO+Ydq/Ye2ZlZBUSv5JiXyPibJsdYlU1FP7XD1aPRPviC97HxLPFAQR7iJAUFL/BV9WyOyiZ1i5ME+EsuIrRDkLJ8uYTcgujC0r2pcgA4N6A0PyjyeMgxbnIHfSgCw7ivSvmbINTldjzLfm5lpWeBjXMInsMzVYz/NzOLgoIfEJDS8CefDIv4uG5gyPQbTv8hXyoBaUcU7804RikAXBHVnBJJacjGYLYSYKu0FnwOhOfYDrpudTpSCkVURGa+kULafbL7yGBnNgUFPwqr04WACxh6lPaZF4Gv8ddFGsbwfKkECPTXhKA5xnOVHsEEKMIFRUEsEuyBi+lrziwl4Iv/yWpDsVqEe15AOd9ekx7WOasSKOQP6nYjeKT3EikFeZkgEom8skixmP/r2k3Q/ggWljP4UgklQz0dHeNLJaAHuZLSMAzzecZWOiWSkIJKgeLcgPJ9CDxNub+jR3gyl4qevsoJio1TbhSimujfRHl184RyPcu3KQwq5u0679VG0NpWJF2z/8JJPYHwyHWMZyDwV/OlEvILYxHqYSoNeAKE9DbQY7J93rjn1LIQmpMQ2C9wkgf5VHg+0mu6y7sJ5a3HcO4YWZk0M4e0E4p2UyOEsh/m29vB+E6RyGjYDCY+YASsYwzN+oYRtJfi73X4eyPoZ3rQvhZ/L0cDnwOeY00t8UG6Z2hoiTpjrg4KCmLvKBIU5AlO6hkgVCeDlvO/JYjZLsdYwf96AIVam0uah/C/JRQiJRocV8t4CcryCU7yYCIZnYsy/1YptDJCfqvy6eGDZcew0TmGtFIPnnWye2tRNmn+gbNpDqY2YhqB+IkQ/JuhCJvdDdgMobGfMjT7el2zDo9G93gjZ6/gwiAoCPlY5R3DpyAECHgpCmIRPMP1e5k9AWE9UggfnSEyX9+fL3uQGTOiULCanr34uk9hCHQreoV9K6ePiyAvZFJs2f0N0vWcVX0EAmOvigTjn4Uwr3A3WKcIDb8VtAzkmU6c6RgEBSFMpMyDZLNLlQ6KBDLKi8Ha3Cg6JUJoN1d6/hbxwMLd3gHlWS8RVkFI2w7F+NFaPr1KBvIURjnXgqR5NEpQ5tM5y+oYw0OZocQR+NI/4m6oLtIkhOCqUCj+Zq7CjMagKAgNVXYc7nUTqYZqoTzFUCdl/qVyTaWI3N6RN6HnWC0TVtHjpMxLyO5hdh/W7z2yM5TvXFDVuMHNUDYZ/RhnLcdw2NpND1p/cDdQJWGYtR22xWr8vUYPJk6LBOJHmEF7cVSzFpphK4nr6TBsDj1gfRrDsRNwz6XohX6HfLdU5uUhzd5EeXBVZiwGRUHahVgFx5c/vzAsFXAy9KEcPqdFKMaTGMZ9dc2C6h9MWg0nQx+8NWN2NUu05ZiL8ANCPg7BlwoxhP5p/P0uGeaRyLtaOiSRpiuFAmn2+aQMlWUI0mjmxj6Ub5mRmC4KQj5VsvUQgvD9gj3hFk78/xB6jKNrRTskpYMNcgAUo2bklFYo45gbqtk2QwZsDTTGlLthBIlhlnXU3F384852QMoiytSsh31loh5kxDPrjMN0UZBqoJkwCGRp3wiU4n6yd9yBImQQs1wp8/bifR0nx7yUi/IirI18sDBscgupNUlTtPF4OaRLNxB/S/w1EIBzC+V5hGJ7JBj3eYLOBExnBSnMdhnfg6BTAIZbaLdg1a82Iw8jHsL7ffC3HNanESJ/LS6yDGNOPOiftrWep3ULZukJxJpK0H7OXQ8IxjM0vcwsMwbTWUHyKf0sCPo1E2Pm7nypKoSNkjK+Rsa6TKA7SajT47IZu1lQjl9VNMbWfhnKEc0eI+V01wdDvPt67WrRb0xXBaHTZnPJ3TwboWSgoVY+qR8GxdgoE+ZuEG035uLLMEKJlLshiCCk/87JfYEZtD/uqZNm5aPh0bmcPCMw3W2QWshgyAXFKO1L6RTxkG4T8qYtwT/OOcY55KKC3x9ZkzZ3l7nawzC3r/c2hEW7qfruCoJeYyno50bI3hf/zjjXlJmoIGsWRN8JO+MXbqFujjAMc8y1UIDb8HspeoTToACH0h4V2sjljgXcEDBseS2E8EV3Q0QGZw2iptE23TGTFOTBsdhbs0nzvyHYVc80LHz9yVvXXJlNGTeA//y8ox8HA//A1anou8m5kmbGOMumUHWCgBbz3I0AZSEvxhktmIOCmaAghYM+zZMg+M9guLMVtB49wB15x1iWSRtnkP8WzSpRz1I8HrpdkBLRPpGsE6VA17Sv5TcoV36ADnoLWuEuK0jQvpyTFPqMmaAgFPCBfLNoIXFFg+4szYCUgcL4YJj1CSjiebQoib+VnsJ/rRrFBC/+Ik8jBOPHcZJCnzGTjfRWQLNeHDDioGxKPx/KcHsxCEMtQg9V3e/KCFpXeBohYNd20poBGMdXJxqMG7QGZGr20REtfooesL5Cbv6RgPUZXUu8zzDmdj1uklKQ6qAYW3TwJ3qDT2N4dCGGSndimNZ0dHcM4f6Hs5QDNscyTyMEEh/mpBkFWsk3g9ZBeB8/9i+YSmkK9tsEhPZcnn7uuN3WDQWJBO3FyOvuIpG3NifVw6xhLRGIzME7ClrnmIWNcLdRHnrQuh3pXZtlJGWg6IprUvqncmnjIgj2negdOrFouJrOT+di5MADXgoqN7yWOJiTZgTItR7PfTaInDDL76FZ0ux7IsEEucR0TFG6oSAQ5s+788THoOa+B+opjVD8RJS9ynOfi5Dn80uWdGaHKLnLk0t8Nq0flqP94465HNT5FXTHeGJ1KmpwsdUBm+Msz8Nq9pc4aVpjLr5KRsg6XtesZ9zP3wG6VQ/sNszFtIV+Kkhh+t86A71F7a0JoHYURNgNwitXBIW7G387sp+jJlGk+Ipg2FUBAfm3igdeyknTFhhGDuM5a+11mYIwrscQ6ic0nMA7+rIRsk/EfafBLrkM/9+L9K2S+5isF0DHoqi2epN+KYgZsOaD7yEPXw3qQA8yi06yyiajH86n9K9AiG/CEGoj7Aq5gLdBUMAtFBOYy60PjEF39zysZq3H5Wm7DmIErAMg+M+6n7lEmrUBdsjJ4XCCNvbUfAf8hf0o7rsZ5N8eANJD9nXtbA/oh4IYwcQX/R7dLtJs2pawVOQTju+jByw7FprrOaatE6CFO/LZghH9IQyHTsVX/0YIeFs+WVC4pzNj3hOz6oK21eKBPeNvchbk5GmFQm/pdacnguD9FX8/R8MuZm0K4fDIKITql5X5EuH68tiu897ArE2hxwoyC/mf50ljwvWt+LBcYYZtGpb09eO5Hkoz4ZgfEEqTMn4GwX+EVtgrlcFHjpGjgHGcTXPAV2FpxQu5BZenVS8C5TgMz+b70uP6dZGI/SZmawez0GN8DArhM/YhlPe2svuylwqC3zRRUb5eTr+OtkKImwcTs2hLbjYV3R/Dp5PR0/wUfze4lQP//3T9/t5g2E1B10b3lLycabPdVQ/Y+0G4vMMGzdrWDY9lfc7uISjd/Z6yCnQz9dbM1hB6pSAUS8BzTVy3/6aHEp5zzF9OEEqT1PeDwizGv+1/7PFCbqh4SS/Qghgnv2yh67uH8CyerzoE+CU9EO/aeg/1FhjK3e4uU5QbtM9ilobQIwX5Fb0P9zXwPBoMjnpOdeoGyM7IJaMLs46xDMOkSzBkOoW23NKRzrR7sPLAnb6CDC28LM8CGRrkWSOQ8Byc+HICrYgbWvx3Fc9EW3g/wixdAxnxELzfu8sGTVKwCmapi54oSCVRRJlgvP76QAfB8XovhIJs9Q6NyLPXeAi/f5tPmVdRzN1M0jgy4xj75pxIjBb5KCQRZ9N90FcVL6linG5NRoLWOdTgzPaygVQYQtYJnNx1vDO451t41qdUPuqUp0B8zFITvVYQ6knYEO8LaOEOCnF9o9O7ZJzDvtgMRbor6+j/wtl0FzTNh5clmba0NqKHOb4XPkidQGzX2BtQ76fczwAB+AWSejr5wNuHPTNn5EHNyTXRawUxNevLzNZX5NKRMfQo98qUokjkdwXl+Dl+H7I2HXod39ob4GUdWjkuLRIaaSsU5SY0+rG0hjKoPYseTJxZUe9nIpGRXTm5p0AvcrG7LqCnGpnV6qmCaPYDzU4idBMU9YRc1KEo69BTPJ6lU3Md88pMKvrFtWljb1lghZ4iHEi8Gw2Slb5ML01BYTCMsH4LI/RqNMAluHY2rp2O31+BDXAKudCbgfghwjsWSsWhRbs2dhRGsmb9zVPPBr/a3UAgYL2ehNtdH12L13Xp6aWC4Lo0mHS/US8UUF9Bh7agUb6E3oQW0nwvtS0iAdbse4xg/DvkQt7JrzuU9ShvWfYm8tbl5L6AFNRTp6C1BpdrfiR6qCB/RNK0WvfqKchdAkpyGBr1LrxM30p0h4iiKN5LaxNkP3DRLQH5eGaPIBTSE4x6Ce5FPPG+jFC8pttDDxVkRod47SjMdyTeRsGoIYTfxstegb+d9oYFkQepdVEssIfnnOxGQHsWKvKa7IavUCvQtcRl7rrh3fljMLnQCwXB/1tM039KlELnMDsOm2JYi+8Z1uwPmSHr0xDKo0wtfjSdKBWhma+QvQSNcRFslGvQyHdiuLGBBNfdUDIC/7NmSKx2N2yvwNbxrApDAAbmQHg8jydABuo2wUlS9KQH0ezGD4pR6B12LTT+HjSkgsLcBPKEHvIQ0kOhuQ1N5UEIv+++Vw+OnMRJfUcsFnsFhNztSTxZa9q8Nwoi3w+iMGAYmTOys67FvwAh+LOnAYsUsFY2clQbeB903zdo7jIQyF+768dB8aRQCqLgg9jpR7NQ0n3h1l21VqHFvZ4geNakae41UONrPBcddFp+poB1DCf5oBREoSpEtPmgfZ+nMQv0HWbxgfeXl3ghUD09NrkRROhIO3cdQ/Z5nOSDUhCFmqCvv65Zd3gaNGhPVdvQJU7g9fBaKzlpYKCHhL9buY6avYyTfFAKolAXBdvEyrsbFYJyJyd7EAnEEx6+oJyvnzC1+CJ3HSl8Dif5oBREoSGE59h7oTErHCgTcU4uga55eDS7tcPguwgjYO/rrqNSEIWOAML+c3fDoqF9q+O6PkKbo8o8mvUoJw0MaFuuu46gqlFklIIoNAxDix/oadig9VtOKqGwk6/c00AYttN6CycPBMTCqes5UMczOckHpSAKDYPcTtwNC/viKU5yYzZdd/OR9zCnDQRQp8vd9cOQ60hO8kEpiEIzmI0hk3ttZErmQ0Q9i4sHZB3FSQMBDBU9C5kUpI2TfFAKotAUIOye2SxynOSkEiBEnthO6FF+wkl9R3TO6C6oU3kIqFkv1dpwphREoSlAQf7kblzy3OWkEiAA+7t5IFTPDYodEtWsw911A93NSVIoBVFoCmjcR92NKwv4Vti74t13Yc6xDuLkvgIK7gkFhN7tPzlJCqUgCg2DegE07rZy41ovVdtDjbQfuIUAgnUHJ/UNw2FrN9TFvZYzxTGAq0IpiELDoN137obF1zfDST4YoVHHzUsUDSfezcl9AQSzwg1fhHetCaUgAwLybepFJL12gF7hQk/D1j5slGa8POE/9WD8Vlzvy75rCLaF+ns2iOkhez9OrgqlIAOAsJY4WLiIa/amMIYBfHmgQF66EHjP1t560REjQXvczU+kB+I9jzUrojsW9vK760LGeV1lVQrSZ0ApTsVLKo+LNetx/N2DkwcFs1CvH5XqKMjaSLvzOL0aZlUKJglYr2NjkSHurgNoSg+OvpeTa0IpSJ8BBaG94uWXJcjaMkhRvSmmVmUdaZsuJ9cEHe4CgfAGZobBTuGMmKWrQC+2AALomlggsq7g5LpQCjIAwAs72fPCCkQnuH47Hu9vLCnagkt1cdcN9V3RTARA2UcAz3b1+ND4TszSFaCcPSB8nuB1KHcdhf9hlrpQCjIgwIv6LK3qel6ceHn2WjYme2rc0rZalF0ZrpME7MlIZDTMbA2BbAAI1m8q84po1g8bGKa1BD048l6UUXmQzgsQzncxS0PwKYjc/6wpKAVpETSNipfnWYgrkhCwOkHOOgU6bgGCMOGvh7Wl1TrQEWh4Nn+emvV/MneVNjArEkgcgfdVccCnNUneyMzTMArH49GBoKW8JqNvqx+4ohaUgrQBsae7Yt+Fl6zlaPxPxmJjHQ1YLcLhhOIfhmLcKS1XszbXcuprBBQ8Dvn7I6Zo1uN6wP4YWNrqJUX+/kOIQNakGUwcwmxNA3n80Z0fnuE4TmoJSkHaxyxDSxyMF1k1Hi/StuDFXodh2WF8fl3TwhWNju5iBu1x5EHHKlcvS7MfMAJzo3xbW9B16+0Q2JXScqCctB0WbE0F1aYeCHmeA3rel69mvdju1DIJsDtPvI9nYnPsGCdLEQvEqkakVArSIVBXjsb4ptQ2qaTC9PAvhd2gWSfga/8ZCP9iI2wdEC4clXwoBPAkPWR9C79vBs9jpXurEMreijy+3mlHQ3KRp22usjIFafYaPRj/uqmNLiqEPvUY87PI10vsfZ8jQhNRwDvpkcl4b+t1Lb4n39cywuHd34E6eYLq4V0+jWunGKFEKkrnj9BmMjFlb/0Q6WtBNLEhna5XCtJh0HFceKnfx8uvmK7sDqGsbaZmX9XtY8AovjDK82yukpP1PIT9cSjsJiGY9YN3k3AupWATXFTbQLmVaymNkDSkqFKQLoGGUpGgfTZe8EbPC+4UafFHIIhn9vLIYfIGpl6toV6yAcK7+Z0Rst7D2XcSs2nWTVZmdbIm9UDCdy64UpAug2ZWCt164gx06/fgBbtnWRomNNQTuPfXES1+SiQwOm9oaEnvDmOsQOEA08QZqJN0Fq8OPY8v/LUYVjZ8OGdrWDLbLCya+s5h95Nok7vRC7+fby5BKUiPQeE+zeDICPlGURhN9DJfZVvjcijQMnydL6PogRjSnGwER8gWSfPUal8cB2tjyWzy+kUdT4Lg3ADKg9zj/yk80yYMt+7E81xAdlavQ5vSDkTU6aOgM+g4BROE+pyH9/wfZO+R9wC1CbP7QDOVtE+/SDRxwUkKHgwN/T/fvy7K4dvMgwAAAABJRU5ErkJggg==" /></p>
+                      </div>
+                      <div class="col-sm-9">
+                        {% if solr_status != false %}
+                        <div class="progress">
+                          <div class="progress-bar bg-info" role="progressbar" style="width:{{ solr_status.jvm.memory.raw['used%']|round }}%"></div>
+                        </div>
+                        <p>{{ lang.debug.jvm_memory_solr }}: {{ (solr_status.jvm.memory.total - solr_status.jvm.memory.free) }} / {{ solr_status.jvm.memory.total }}
+                          ({{ solr_status.jvm.memory.raw['used%']|round }}%)</p>
+                        <hr>
+                        <span class="d-block">{{ lang.debug.uptime }}: {{ solr_uptime }}h</span>
+                        <span class="d-block">{{ lang.debug.started_at }}: <span class="parse_date">{{ solr_status.status['dovecot-fts'].startTime }}</span></span>
+                        <span class="d-block">{{ lang.debug.last_modified }}: <span class="parse_date">{{ solr_status.status['dovecot-fts'].index.lastModified }}</span></span>
+                        <span class="d-block">{{ lang.debug.size }}: {{ solr_status.status['dovecot-fts'].index.size }}</span>
+                        <span class="d-block"><i class="bi bi-file-text"></i> {{ lang.debug.docs }}: {{ solr_status.status['dovecot-fts'].index.numDocs }}</span>
+                        {% else %}
+                        <span class="d-block">{{ lang.debug.solr_dead }}</span>
+                        {% endif %}
+                      </div>
+                      <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
+                        <h6>Disk I/O</h6>
+                        <div class="spinner-border my-4 mx-auto" role="status">
+                          <span class="visually-hidden">Loading...</span>
+                        </div>
+                        <canvas class="d-none" id="solr-mailcow_DiskIOChart" width="400" height="200"></canvas>
+                      </div>
+                      <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
+                        <h6>Net I/O</h6>
+                        <div class="spinner-border my-4 mx-auto" role="status">
+                          <span class="visually-hidden">Loading...</span>
+                        </div>
+                        <canvas class="d-none" id="solr-mailcow_NetIOChart" width="400" height="200"></canvas>
+                      </div>
+                      <div class="col-sm-12 d-flex" style="height: 40px">
+                        <a href data-bs-toggle="modal"
+                          data-container="solr-mailcow"
+                          data-bs-target="#RestartContainer"
+                          class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
+                          style="height: 30px;">{{ lang.debug.restart_container }}
+                            <i class="ms-1 bi
+                            {% if containers["solr-mailcow"].State.Running == 1 %}
+                            bi-record-fill text-success
+                            {% elseif containers["solr-mailcow"].State %}
+                            bi-record-fill text-danger
+                            {% else %}
+                            default
+                            {% endif %}
+                            "
+                          ></i>
+                        </a>
+                      </div>
+                    </div>
+                  </div>
+                  {% endif %}
+                </div>
+              </div>
 
               <!-- rest of the containers -->
               {% for container, container_info in containers %}
@@ -185,8 +291,8 @@
                           </button>
                         </div>
                       </div>
-                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">   
-                        <div class="row p-2 pt-4">   
+                      <div class="collapse p-0 list-group-details container-details-collapse" id="{{ container }}Collapse" data-id="{{ container_info.Id }}">
+                        <div class="row p-2 pt-4">
                           <div class="mt-4 col-sm-12 col-md-6 d-flex flex-column">
                             <h6>Disk I/O</h6>
                             <div class="spinner-border my-4 mx-auto" role="status">
@@ -200,12 +306,12 @@
                               <span class="visually-hidden">Loading...</span>
                             </div>
                             <canvas class="d-none" id="{{ container }}_NetIOChart" width="400" height="200"></canvas>
-                          </div>   
-                          <div class="col-12 d-flex" style="height: 40px">             
-                            <a href data-bs-toggle="modal" 
-                              data-container="{{ container }}" 
-                              data-bs-target="#RestartContainer" 
-                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto" 
+                          </div>
+                          <div class="col-12 d-flex" style="height: 40px">
+                            <a href data-bs-toggle="modal"
+                              data-container="{{ container }}"
+                              data-bs-target="#RestartContainer"
+                              class="btn btn-sm btn-secondary d-flex align-items-center justify-content-center mb-2 ms-auto"
                               style="height: 30px;">{{ lang.debug.restart_container }}
                                 <i class="ms-1 bi
                                 {% if container_info.State.Running == 1 %}
@@ -234,7 +340,7 @@
         <div class="debug-log-info">{{ lang.debug.log_info|format(log_lines+1)|raw }}</div>
         <div class="card">
           <div class="card-header d-flex align-items-center fs-5">
-            <span class="mt-2 ms-2">Postfix</span>      
+            <span class="mt-2 ms-2">Postfix</span>
             <div class="btn-group ms-auto">
               <button class="btn btn-sm btn-secondary refresh_table" data-draw="draw_postfix_logs" data-table="postfix_log">{{ lang.admin.refresh }}</button>
             </div>
@@ -244,9 +350,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="postfix_log" data-log-url="postfix" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="postfix_log" data-log-url="postfix" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="postfix_log" data-table="postfix_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="postfix_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -267,9 +373,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="mailcow_ui" data-table="ui_logs" data-log-url="ui" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="mailcow_ui" data-table="ui_logs" data-log-url="ui" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="ui_logs" data-table="ui_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="ui_logs" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -290,9 +396,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="sasl_log_table" data-table="sasl_logs" data-log-url="ui" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="sasl_log_table" data-table="sasl_logs" data-log-url="ui" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sasl_logs" data-table="sasl_logs" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="sasl_logs" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -313,9 +419,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="dovecot_log" data-log-url="dovecot" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="dovecot_log" data-log-url="dovecot" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="dovecot_log" data-table="dovecot_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="dovecot_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -336,9 +442,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="sogo_log" data-log-url="sogo" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="sogo_log" data-log-url="sogo" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sogo_log" data-table="sogo_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="sogo_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -359,9 +465,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="netfilter_log" data-table="netfilter_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="netfilter_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -387,9 +493,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="rspamd_history" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -410,9 +516,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="autodiscover_log" data-table="autodiscover_log" data-log-url="autodiscover" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="autodiscover_log" data-table="autodiscover_log" data-log-url="autodiscover" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="autodiscover_log" data-table="autodiscover_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="autodiscover_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -433,9 +539,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="watchdog" data-table="watchdog_log" data-log-url="watchdog" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="watchdog" data-table="watchdog_log" data-log-url="watchdog" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="watchdog_log" data-table="watchdog_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="watchdog_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -456,9 +562,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="acme_log" data-log-url="acme" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="general_syslog" data-table="acme_log" data-log-url="acme" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="acme_log" data-table="acme_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="acme_log" data-table="acme_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="acme_log" data-table="acme_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="acme_log" data-table="acme_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="acme_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -479,9 +585,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="apilog" data-table="api_log" data-log-url="api" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="apilog" data-table="api_log" data-log-url="api" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="api_log" data-table="api_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="api_log" data-table="api_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="api_log" data-table="api_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="api_log" data-table="api_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <table id="api_log" class="table table-striped dt-responsive w-100"></table>
           </div>
@@ -502,9 +608,9 @@
             <ul class="dropdown-menu">
               <li><a class="dropdown-item add_log_lines" data-post-process="rllog" data-table="rl_log" data-log-url="ratelimited" data-nrows="100" href="#">+ 100</a></li>
               <li><a class="dropdown-item add_log_lines" data-post-process="rllog" data-table="rl_log" data-log-url="ratelimited" data-nrows="1000" href="#">+ 1000</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
             <p class="text-muted">{{ lang.admin.hash_remove_info }}</p>
             <table id="rl_log" class="table table-striped dt-responsive w-100"></table>
@@ -521,6 +627,6 @@
   var lang_debug = {{ lang_debug|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var log_pagination_size = '{{ log_pagination_size }}';
+  var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
diff --git a/data/web/templates/domainadmin.twig b/data/web/templates/domainadmin.twig
index 56f5e75f..070bf00c 100644
--- a/data/web/templates/domainadmin.twig
+++ b/data/web/templates/domainadmin.twig
@@ -46,7 +46,7 @@
       <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
       <div class="col-sm-9 col-7">
         <div class="table-responsive">
-          <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+          <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
             <tr>
               <th>ID</th>
               <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
diff --git a/data/web/templates/edit.twig b/data/web/templates/edit.twig
index 29f36435..af83a31d 100644
--- a/data/web/templates/edit.twig
+++ b/data/web/templates/edit.twig
@@ -26,7 +26,7 @@
   var lang_user = {{ lang_user|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/edit/mailbox.twig b/data/web/templates/edit/mailbox.twig
index 49f852a8..36fe053b 100644
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@@ -200,8 +200,10 @@
           {% if sender_acl_handles.external_sender_aliases %}
             {% set ext_sender_acl = sender_acl_handles.external_sender_aliases|join(', ') %}
           {% endif %}
-          <input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ...">
-          <small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small>
+          {% if acl.extend_sender_acl and acl.extend_sender_acl == 1 %}
+            <input type="text" class="form-control" name="extended_sender_acl" value="{{ ext_sender_acl }}" placeholder="user1@example.com, user2@example.org, @example.com, ...">
+            <small class="text-muted">{{ lang.edit.extended_sender_acl_info|raw }}</small>
+          {% endif %}
         </div>
       </div>
       <div class="row">
@@ -274,7 +276,7 @@
         </div>
         <div class="col-sm-10">
           <p class="text-muted">{{ lang.user.pushover_info|format(mailbox)|raw }}</p>
-          <p class="text-muted">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code></p>
+          <p class="text-muted">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code>, <code>{MSG_ID}</code></p>
           <div class="row">
             <div class="col-sm-6 mb-2">
               <label for="token">API Token/Key (Application)</label>
@@ -297,6 +299,36 @@
               <input type="text" class="form-control" name="senders" value="{{ pushover_data.senders }}" placeholder="sender1@example.com, sender2@example.com">
             </div>
             <div class="col-sm-12 mb-2">
+                <div class="form-group">
+                  <label for="sound">{{ lang.edit.pushover_sound }}</label><br>
+                  <select name="sound" class="form-control">
+                    <option value="pushover"{% if pushover_data.attributes.sound == 'pushover' %} selected{% endif %}>Pushover (default)</option>
+                    <option value="bike"{% if pushover_data.attributes.sound == 'bike' %} selected{% endif %}>Bike</option>
+                    <option value="bugle"{% if pushover_data.attributes.sound == 'bugle' %} selected{% endif %}>Bugle</option>
+                    <option value="cashregister"{% if pushover_data.attributes.sound == 'cashregister' %} selected{% endif %}>Cash Register</option>
+                    <option value="classical"{% if pushover_data.attributes.sound == 'classical' %} selected{% endif %}>Classical</option>
+                    <option value="cosmic"{% if pushover_data.attributes.sound == 'cosmic' %} selected{% endif %}>Cosmic</option>
+                    <option value="falling"{% if pushover_data.attributes.sound == 'falling' %} selected{% endif %}>Falling</option>
+                    <option value="gamelan"{% if pushover_data.attributes.sound == 'gamelan' %} selected{% endif %}>Gamelan</option>
+                    <option value="incoming"{% if pushover_data.attributes.sound == 'incoming' %} selected{% endif %}>Incoming</option>
+                    <option value="intermission"{% if pushover_data.attributes.sound == 'intermission' %} selected{% endif %}>Intermission</option>
+                    <option value="magic"{% if pushover_data.attributes.sound == 'magic' %} selected{% endif %}>Magic</option>
+                    <option value="mechanical"{% if pushover_data.attributes.sound == 'mechanical' %} selected{% endif %}>Mechanical</option>
+                    <option value="pianobar"{% if pushover_data.attributes.sound == 'pianobar' %} selected{% endif %}>Piano Bar</option>
+                    <option value="siren"{% if pushover_data.attributes.sound == 'siren' %} selected{% endif %}>Siren</option>
+                    <option value="spacealarm"{% if pushover_data.attributes.sound == 'spacealarm' %} selected{% endif %}>Space Alarm</option>
+                    <option value="tugboat"{% if pushover_data.attributes.sound == 'tugboat' %} selected{% endif %}>Tug Boat</option>
+                    <option value="alien"{% if pushover_data.attributes.sound == 'alien' %} selected{% endif %}>Alien Alarm (long)</option>
+                    <option value="climb"{% if pushover_data.attributes.sound == 'climb' %} selected{% endif %}>Climb (long)</option>
+                    <option value="persistent"{% if pushover_data.attributes.sound == 'persistent' %} selected{% endif %}>Persistent (long)</option>
+                    <option value="echo"{% if pushover_data.attributes.sound == 'echo' %} selected{% endif %}>Pushover Echo (long)</option>
+                    <option value="updown"{% if pushover_data.attributes.sound == 'updown' %} selected{% endif %}>Up Down (long)</option>
+                    <option value="vibrate"{% if pushover_data.attributes.sound == 'vibrate' %} selected{% endif %}>Vibrate Only</option>
+                    <option value="none"{% if pushover_data.attributes.sound == 'none' %} selected{% endif %}> None (silent) </option>
+                  </select>
+                </div>
+              </div>
+              <div class="col-sm-12">
               <div class="checkbox">
                 <label><input type="checkbox" value="1" name="active"{% if pushover_data.active == '1' %} checked{% endif %}> {{ lang.edit.active }}</label>
               </div>
diff --git a/data/web/templates/index.twig b/data/web/templates/index.twig
index e90a720a..45054b5f 100644
--- a/data/web/templates/index.twig
+++ b/data/web/templates/index.twig
@@ -38,15 +38,8 @@
             </div>
           </div>
           <div class="d-flex mt-4" style="position: relative">
-            <div class="btn-group">
-              <div class="btn-group">
-                <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
-                <button type="button" class="btn btn-xs-lg btn-success dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
-                <ul class="dropdown-menu">
-                  <li><a class="dropdown-item" href="#" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</a></li>
-                </ul>
-              </div>
-            </div>
+            <button type="submit" class="btn btn-xs-lg btn-success" value="Login">{{ lang.login.login }}</button>
+            <button type="button" class="btn btn-xs-lg btn-success ms-2" id="fido2-login"><i class="bi bi-shield-fill-check"></i> {{ lang.login.fido2_webauthn }}</button>
             {% if not oauth2_request %}
             <button type="button" {% if available_languages|length == 1 %}disabled="true"{% endif %} class="btn btn-xs-lg btn-secondary ms-auto dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
               <span class="flag-icon flag-icon-{{ mailcow_locale[-2:] }}"></span>
diff --git a/data/web/templates/mailbox.twig b/data/web/templates/mailbox.twig
index fa89b001..1312441c 100644
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -4,20 +4,18 @@
 <div id="mail-content" class="responsive-tabs">
   <ul class="nav nav-tabs" role="tablist">
     <li class="nav-item dropdown" role="presentation">
-    <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.domains }}</a>
-    <ul class="dropdown-menu">
-      <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li>
-      <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-domains">{{ lang.mailbox.templates }}</button></li>
-    </ul>
+      <a class="nav-link dropdown-toggle active" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.domains }}</a>
+      <ul class="dropdown-menu">
+        <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li>
+        <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-domains">{{ lang.mailbox.templates }}</button></li>
+      </ul>
     </li>
-    {# <li class="nav-item" role="presentation"><button class="nav-link active" aria-selected="false" aria-controls="tab-domains" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domains">{{ lang.mailbox.domains }}</button></li> #}
-    {# <li class="nav-item" role="presentation"><button class="nav-link" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li> #}
     <li class="nav-item dropdown" role="presentation">
-    <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailboxes }}</a>
-    <ul class="dropdown-menu">
-      <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li>
-      <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-mbox" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-mbox">{{ lang.mailbox.templates }}</button></li>
-    </ul>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailboxes }}</a>
+      <ul class="dropdown-menu">
+        <li><button class="dropdown-item" aria-selected="false" aria-controls="tab-mailboxes" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mailboxes">{{ lang.mailbox.mailboxes }}</button></li>
+        <li><button class="dropdown-item {% if mailcow_cc_role != 'admin' %} d-none{% endif %}" aria-selected="false" aria-controls="tab-templates-mbox" role="tab" data-bs-toggle="tab" data-bs-target="#tab-templates-mbox">{{ lang.mailbox.templates }}</button></li>
+      </ul>
     </li>
     <li class="nav-item" role="presentation"><button class="nav-link" aria-controls="tab-resources" role="tab" data-bs-toggle="tab" data-bs-target="#tab-resources">{{ lang.mailbox.resources }}</button></li>
     <li class="nav-item dropdown">
@@ -37,7 +35,6 @@
     <div class="col-md-12">
       <div class="tab-content" style="padding-top:20px">
         {% include 'mailbox/tab-domains.twig' %}
-        {# {% include 'mailbox/tab-mailbox-defaults.twig' %} #}
         {% include 'mailbox/tab-templates-domains.twig' %}
         {% include 'mailbox/tab-mailboxes.twig' %}
         {% include 'mailbox/tab-templates-mbox.twig' %}
@@ -61,7 +58,7 @@
   var lang_rl = {{ lang_rl|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var role = '{{ role }}';
   var is_dual = {{ is_dual }};
   var ALLOW_ADMIN_EMAIL_LOGIN = {{ allow_admin_email_login }};
diff --git a/data/web/templates/mailbox/tab-bcc.twig b/data/web/templates/mailbox/tab-bcc.twig
index 7f8319e7..76845c3d 100644
--- a/data/web/templates/mailbox/tab-bcc.twig
+++ b/data/web/templates/mailbox/tab-bcc.twig
@@ -23,9 +23,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="bcc" data-api-url='edit/bcc' data-api-attr='{"type":"rcpt"}' href="#">{{ lang.mailbox.bcc_to_rcpt }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="bcc" data-api-url='delete/bcc' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addBCCModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_bcc_entry }}</a>
         </div>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="bcc" data-api-url='edit/bcc' data-api-attr='{"type":"rcpt"}' href="#">{{ lang.mailbox.bcc_to_rcpt }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="bcc" data-api-url='delete/bcc' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="bcc_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="bcc_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addBCCModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_bcc_entry }}</a>
         </div>
@@ -74,9 +74,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="recipient_map" data-api-url='delete/recipient_map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addRecipientMapModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_recipient_map_entry }}</a>
         </div>
@@ -92,9 +92,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="recipient_map" data-api-url='delete/recipient_map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="recipient_map_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="recipient_map_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addRecipientMapModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_recipient_map_entry }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-domain-aliases.twig b/data/web/templates/mailbox/tab-domain-aliases.twig
index f2037766..579520b5 100644
--- a/data/web/templates/mailbox/tab-domain-aliases.twig
+++ b/data/web/templates/mailbox/tab-domain-aliases.twig
@@ -1,7 +1,7 @@
 <div role="tabpanel" class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="ollapse-tab-domain-aliases">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-domain-aliases">
         {{ lang.mailbox.domain_aliases }} <span class="badge bg-info table-lines"></span>
       </button>
       <span class="d-none d-md-block">{{ lang.mailbox.domain_aliases }} <span class="badge bg-info table-lines"></span></span>
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias-domain" data-api-url='edit/alias-domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias-domain" data-api-url='delete/alias-domain' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-acl="{{ acl.alias_domains }}" data-bs-toggle="modal" data-bs-target="#addAliasDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain_alias }}</a>
         </div>
@@ -37,9 +37,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias-domain" data-api-url='edit/alias-domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias-domain" data-api-url='delete/alias-domain' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="aliasdomain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="aliasdomain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-acl="{{ acl.alias_domains }}" data-bs-toggle="modal" data-bs-target="#addAliasDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain_alias }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-domains.twig b/data/web/templates/mailbox/tab-domains.twig
index d3d88246..1d63a7d8 100644
--- a/data/web/templates/mailbox/tab-domains.twig
+++ b/data/web/templates/mailbox/tab-domains.twig
@@ -22,10 +22,10 @@
               <li><a class="dropdown-item" data-action="edit_selected" data-id="domain" data-api-url='edit/domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain" data-api-url='delete/domain' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             {% endif %}
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           {% if mailcow_cc_role == 'admin' %}
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain }}</a>
@@ -43,10 +43,10 @@
               <li><a class="dropdown-item" data-action="edit_selected" data-id="domain" data-api-url='edit/domain' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain" data-api-url='delete/domain' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             {% endif %}
-            <li><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="domain_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="domain_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           {% if mailcow_cc_role == 'admin' %}
             <button class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addDomainModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_domain }}</button>
diff --git a/data/web/templates/mailbox/tab-filters.twig b/data/web/templates/mailbox/tab-filters.twig
index 942f784f..02a86f27 100644
--- a/data/web/templates/mailbox/tab-filters.twig
+++ b/data/web/templates/mailbox/tab-filters.twig
@@ -23,9 +23,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="filter_item" data-api-url='edit/filter' data-api-attr='{"filter_type":"postfilter"}' href="#">{{ lang.mailbox.set_postfilter }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-text="{{ lang.user.eas_reset }}?" data-id="filter_item" data-api-url='delete/filter' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addFilterModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_filter }}</a>
         </div>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="filter_item" data-api-url='edit/filter' data-api-attr='{"filter_type":"postfilter"}' href="#">{{ lang.mailbox.set_postfilter }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-text="{{ lang.user.eas_reset }}?" data-id="filter_item" data-api-url='delete/filter' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="filter_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="filter_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addFilterModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_filter }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-mailbox-defaults.twig b/data/web/templates/mailbox/tab-mailbox-defaults.twig
deleted file mode 100644
index 20f1b229..00000000
--- a/data/web/templates/mailbox/tab-mailbox-defaults.twig
+++ /dev/null
@@ -1,13 +0,0 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mailbox-defaults" role="tabpanel" aria-labelledby="tab-mailbox-defaults">
-  <div class="card mb-4">
-    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mailbox-defaults" data-bs-toggle="collapse" aria-controls="collapse-tab-mailbox-defaults">
-        {{ lang.mailbox.mailbox_defaults }} <span class="badge bg-info table-lines"></span>
-      </button>
-      <span class="d-none d-md-block">{{ lang.mailbox.mailbox_defaults }} <span class="badge bg-info table-lines"></span></span>
-    </div>
-    <div id="collapse-tab-mailbox-defaults" class="card-body collapse text-muted" data-bs-parent="#mail-content">
-      {{ lang.mailbox.mailbox_defaults_info }}
-    </div>
-  </div>
-</div>
diff --git a/data/web/templates/mailbox/tab-mailboxes.twig b/data/web/templates/mailbox/tab-mailboxes.twig
index d04cf0d8..573d8ae8 100644
--- a/data/web/templates/mailbox/tab-mailboxes.twig
+++ b/data/web/templates/mailbox/tab-mailboxes.twig
@@ -16,9 +16,9 @@
           <a class="btn btn-sm btn-xs-half btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
-            <li><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             <li class="dropdown-header">{{ lang.mailbox.mailbox }}</li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"1"}' href="#">{{ lang.mailbox.activate }}</a></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
@@ -64,8 +64,8 @@
           <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>          
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <div class="btn-group">
             <a class="btn btn-sm btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailbox }}</a>
@@ -130,9 +130,9 @@
           <a class="btn btn-sm btn-xs-half btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
-            <li><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
             <li class="dropdown-header">{{ lang.mailbox.mailbox }}</li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"1"}' href="#">{{ lang.mailbox.activate }}</a></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
@@ -178,8 +178,8 @@
           <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
           <ul class="dropdown-menu">
-            <li><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="mailbox_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <div class="btn-group">
             <a class="btn btn-sm btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.mailbox }}</a>
diff --git a/data/web/templates/mailbox/tab-mbox-aliases.twig b/data/web/templates/mailbox/tab-mbox-aliases.twig
index 6b8fcaf7..e186dc64 100644
--- a/data/web/templates/mailbox/tab-mbox-aliases.twig
+++ b/data/web/templates/mailbox/tab-mbox-aliases.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias" data-api-url='delete/alias' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
             {% if not skip_sogo %}
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"sogo_visible":"1"}' href="#">{{ lang.mailbox.sogo_visible_y }}</a></li>
@@ -44,9 +44,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="alias" data-api-url='delete/alias' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="alias_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="alias_table">{{ lang.datatables.collapse_all }}</a></li>
             {% if not skip_sogo %}
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="edit_selected" data-id="alias" data-api-url='edit/alias' data-api-attr='{"sogo_visible":"1"}' href="#">{{ lang.mailbox.sogo_visible_y }}</a></li>
diff --git a/data/web/templates/mailbox/tab-resources.twig b/data/web/templates/mailbox/tab-resources.twig
index 26d5d0f6..f0576b47 100644
--- a/data/web/templates/mailbox/tab-resources.twig
+++ b/data/web/templates/mailbox/tab-resources.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="resource" data-api-url='edit/resource' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="resource" data-api-url='delete/resource' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addResourceModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_resource }}</a>
         </div>
@@ -41,9 +41,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="resource" data-api-url='edit/resource' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="resource" data-api-url='delete/resource' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="resource_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="resource_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addResourceModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_resource }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-syncjobs.twig b/data/web/templates/mailbox/tab-syncjobs.twig
index 8ecfda5f..da692e7f 100644
--- a/data/web/templates/mailbox/tab-syncjobs.twig
+++ b/data/web/templates/mailbox/tab-syncjobs.twig
@@ -22,9 +22,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="syncjob" data-api-url='edit/syncjob' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="syncjob" data-api-url='delete/syncjob' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addSyncJobModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.user.create_syncjob }}</a>
         </div>
@@ -41,9 +41,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="syncjob" data-api-url='edit/syncjob' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="syncjob" data-api-url='delete/syncjob' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="sync_job_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="sync_job_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addSyncJobModalAdmin"><i class="bi bi-plus-lg"></i> {{ lang.user.create_syncjob }}</a>
         </div>
diff --git a/data/web/templates/mailbox/tab-templates-domains.twig b/data/web/templates/mailbox/tab-templates-domains.twig
index 95bd2d7a..e5858b22 100644
--- a/data/web/templates/mailbox/tab-templates-domains.twig
+++ b/data/web/templates/mailbox/tab-templates-domains.twig
@@ -18,9 +18,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain_template" data-api-url='delete/domain/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
@@ -36,9 +36,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="domain_template" data-api-url='delete/domain/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_domain_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_domain_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
diff --git a/data/web/templates/mailbox/tab-templates-mbox.twig b/data/web/templates/mailbox/tab-templates-mbox.twig
index a43ec914..529fad38 100644
--- a/data/web/templates/mailbox/tab-templates-mbox.twig
+++ b/data/web/templates/mailbox/tab-templates-mbox.twig
@@ -18,9 +18,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="mailbox_template" data-api-url='delete/mailbox/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
@@ -36,9 +36,9 @@
           <ul class="dropdown-menu">
             {% if mailcow_cc_role == 'admin' %}
               <li><a class="dropdown-item" data-action="delete_selected" data-id="mailbox_template" data-api-url='delete/mailbox/template' href="#">{{ lang.mailbox.remove }}</a></li>
-              <li><hr class="dropdown-divider"></li>
-              <li><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="templates_mbox_table">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="templates_mbox_table">{{ lang.datatables.collapse_all }}</a></li>
             {% endif %}
           </ul>
           {% if mailcow_cc_role == 'admin' %}
diff --git a/data/web/templates/mailbox/tab-tls-policy.twig b/data/web/templates/mailbox/tab-tls-policy.twig
index efefcf21..2a6548a2 100644
--- a/data/web/templates/mailbox/tab-tls-policy.twig
+++ b/data/web/templates/mailbox/tab-tls-policy.twig
@@ -20,9 +20,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="tls-policy-map" data-api-url='edit/tls-policy-map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="tls-policy-map" data-api-url='delete/tls-policy-map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addTLSPolicyMapAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_tls_policy_map }}</a>
         </div>
@@ -38,9 +38,9 @@
             <li><a class="dropdown-item" data-action="edit_selected" data-id="tls-policy-map" data-api-url='edit/tls-policy-map' data-api-attr='{"active":"0"}' href="#">{{ lang.mailbox.deactivate }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-action="delete_selected" data-id="tls-policy-map" data-api-url='delete/tls-policy-map' href="#">{{ lang.mailbox.remove }}</a></li>
-            <li><hr class="dropdown-divider"></li>
-            <li><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
-            <li><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
+            <li class="table_collapse_option"><hr class="dropdown-divider"></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="tls_policy_table">{{ lang.datatables.expand_all }}</a></li>
+            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="tls_policy_table">{{ lang.datatables.collapse_all }}</a></li>
           </ul>
           <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addTLSPolicyMapAdmin"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_tls_policy_map }}</a>
         </div>
diff --git a/data/web/templates/quarantine.twig b/data/web/templates/quarantine.twig
index c0b3737f..79b5ea16 100644
--- a/data/web/templates/quarantine.twig
+++ b/data/web/templates/quarantine.twig
@@ -16,9 +16,9 @@
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.quarantine.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#">{{ lang.quarantine.deliver_inbox }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"learnspam"}' href="#">{{ lang.quarantine.learn_spam_delete }}</a></li>
@@ -37,15 +37,15 @@
           </p>
           {% endif %}
         </p>
-        <table id="quarantinetable" class="table table-striped"></table>
+        <table id="quarantinetable" class="table table-striped w-100"></table>
         <div class="mass-actions-quarantine mt-4">
           <div class="btn-group" data-acl="{{ acl.quarantine }}">
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="qitems" href="#"><i class="bi bi-check-all"></i> {{ lang.quarantine.toggle_all }}</a>
             <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.quarantine.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
-              <li><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
-              <li><hr class="dropdown-divider"></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.expand_all }}</a></li>
+              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="quarantinetable" data-table="quarantinetable" href="#">{{ lang.datatables.collapse_all }}</a></li>
+              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#">{{ lang.quarantine.deliver_inbox }}</a></li>
               <li><hr class="dropdown-divider"></li>
               <li><a class="dropdown-item" data-action="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"learnspam"}' href="#">{{ lang.quarantine.learn_spam_delete }}</a></li>
@@ -66,7 +66,7 @@ var acl = '{{ acl_json|raw }}';
 var lang = {{ lang_quarantine|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
 var role = '{{ role }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/queue.twig b/data/web/templates/queue.twig
index 22c36a27..e843c18e 100644
--- a/data/web/templates/queue.twig
+++ b/data/web/templates/queue.twig
@@ -9,15 +9,22 @@
       </div>
     </div>
     <div class="card-body">
+      <p class="text-muted">{{ lang.queue.info|raw }}</p>
+      <p class="text-muted"><b>{{ lang.queue.legend|raw }}</b></p>
+      <ul class="text-muted">
+      <li>{{ lang.queue.deliver_mail }} | {{ lang.queue.deliver_mail_legend }}</li>
+      <li>{{ lang.queue.unhold_mail }} | {{ lang.queue.unhold_mail_legend }}</li>
+      <li>{{ lang.queue.hold_mail }} | {{ lang.queue.hold_mail_legend }}</li>
+      </ul>
       <table id="queuetable" class="table table-striped dt-responsive w-100"></table>
       <div class="mass-actions-admin">
         <div class="btn-group">
           <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" id="toggle_multi_select_all" data-id="mailqitems" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
           <a class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
-          <ul class="dropdown-menu top33">
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postqueue -i" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"deliver"}' href="#">{{ lang.queue.queue_deliver_mail }}</a></li>
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -H" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"unhold"}' href="#">{{ lang.queue.queue_unhold_mail }}</a></li>
-            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -h" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"hold"}' href="#">{{ lang.queue.queue_hold_mail }}</a></li>
+          <ul class="dropdown-menu">
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postqueue -i" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"deliver"}' href="#">{{ lang.queue.deliver_mail }}</a></li>
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -H" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"unhold"}' href="#">{{ lang.queue.unhold_mail }}</a></li>
+            <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -h" data-action="edit_selected" data-id="mailqitems" data-api-url='edit/mailq' data-api-attr='{"action":"hold"}' href="#">{{ lang.queue.hold_mail }}</a></li>
             <li><hr class="dropdown-divider"></li>
             <li><a class="dropdown-item" data-bs-toggle="tooltip" title="postsuper -d" data-action="delete_selected" data-id="mailqitems" data-api-url='delete/mailq' href="#">{{ lang.mailbox.remove }}</a></li>
           </ul>
@@ -27,7 +34,7 @@
              data-api-url='edit/mailq'
              data-api-attr='{"action":"flush"}'
              data-bs-toggle="tooltip" title="postqueue -f"
-             href="#"><i class="bi bi-check-all"></i> {{ lang.queue.flush_queue }}</a>
+             href="#"><i class="bi bi-check-all"></i> {{ lang.queue.flush }}</a>
           <a class="btn btn-sm d-block d-sm-inline btn-danger"
              id="super_delete"
              data-action="edit_selected"
@@ -35,7 +42,7 @@
              data-api-url='edit/mailq'
              data-api-attr='{"action":"super_delete"}'
              data-bs-toggle="tooltip" title="postsuper -d ALL"
-             href="#"><i class="bi bi-trash"></i> {{ lang.queue.delete_queue }}</a>
+             href="#"><i class="bi bi-trash"></i> {{ lang.queue.delete }}</a>
         </div>
       </div>
     </div>
@@ -48,7 +55,7 @@
   var lang = {{ lang_queue|raw }};
   var lang_datatables = {{ lang_datatables|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
diff --git a/data/web/templates/user/Pushover.twig b/data/web/templates/user/Pushover.twig
index 7a46401a..d3304dbe 100644
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@@ -17,7 +17,7 @@
           </div>
           <div class="col-sm-10">
             <p class="text-muted">{{ lang.user.pushover_info|format(mailcow_cc_username)|raw }}</p>
-            <p class="text-muted">{{ lang.user.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code></p>
+            <p class="text-muted">{{ lang.edit.pushover_vars|raw }}: <code>{SUBJECT}</code>, <code>{SENDER}</code>, <code>{SENDER_ADDRESS}</code>, <code>{SENDER_NAME}</code>, <code>{TO_NAME}</code>, <code>{TO_ADDRESS}</code>, <code>{MSG_ID}</code></p>
             <div class="row">
               <div class="col-sm-6 mb-2">
                 <div class="form-group">
@@ -50,6 +50,36 @@
                 </div>
               </div>
               <div class="col-sm-12 mb-2">
+              <div class="form-group">
+                <label for="sound">{{ lang.edit.pushover_sound }}</label><br>
+                <select name="sound" class="form-control">
+                  <option value="pushover"{% if pushover_data.attributes.sound == 'pushover' %} selected{% endif %}>Pushover (default)</option>
+                  <option value="bike"{% if pushover_data.attributes.sound == 'bike' %} selected{% endif %}>Bike</option>
+                  <option value="bugle"{% if pushover_data.attributes.sound == 'bugle' %} selected{% endif %}>Bugle</option>
+                  <option value="cashregister"{% if pushover_data.attributes.sound == 'cashregister' %} selected{% endif %}>Cash Register</option>
+                  <option value="classical"{% if pushover_data.attributes.sound == 'classical' %} selected{% endif %}>Classical</option>
+                  <option value="cosmic"{% if pushover_data.attributes.sound == 'cosmic' %} selected{% endif %}>Cosmic</option>
+                  <option value="falling"{% if pushover_data.attributes.sound == 'falling' %} selected{% endif %}>Falling</option>
+                  <option value="gamelan"{% if pushover_data.attributes.sound == 'gamelan' %} selected{% endif %}>Gamelan</option>
+                  <option value="incoming"{% if pushover_data.attributes.sound == 'incoming' %} selected{% endif %}>Incoming</option>
+                  <option value="intermission"{% if pushover_data.attributes.sound == 'intermission' %} selected{% endif %}>Intermission</option>
+                  <option value="magic"{% if pushover_data.attributes.sound == 'magic' %} selected{% endif %}>Magic</option>
+                  <option value="mechanical"{% if pushover_data.attributes.sound == 'mechanical' %} selected{% endif %}>Mechanical</option>
+                  <option value="pianobar"{% if pushover_data.attributes.sound == 'pianobar' %} selected{% endif %}>Piano Bar</option>
+                  <option value="siren"{% if pushover_data.attributes.sound == 'siren' %} selected{% endif %}>Siren</option>
+                  <option value="spacealarm"{% if pushover_data.attributes.sound == 'spacealarm' %} selected{% endif %}>Space Alarm</option>
+                  <option value="tugboat"{% if pushover_data.attributes.sound == 'tugboat' %} selected{% endif %}>Tug Boat</option>
+                  <option value="alien"{% if pushover_data.attributes.sound == 'alien' %} selected{% endif %}>Alien Alarm (long)</option>
+                  <option value="climb"{% if pushover_data.attributes.sound == 'climb' %} selected{% endif %}>Climb (long)</option>
+                  <option value="persistent"{% if pushover_data.attributes.sound == 'persistent' %} selected{% endif %}>Persistent (long)</option>
+                  <option value="echo"{% if pushover_data.attributes.sound == 'echo' %} selected{% endif %}>Pushover Echo (long)</option>
+                  <option value="updown"{% if pushover_data.attributes.sound == 'updown' %} selected{% endif %}>Up Down (long)</option>
+                  <option value="vibrate"{% if pushover_data.attributes.sound == 'vibrate' %} selected{% endif %}>Vibrate Only</option>
+                  <option value="none"{% if pushover_data.attributes.sound == 'none' %} selected{% endif %}> None (silent) </option>
+                </select>
+              </div>
+            </div>
+            <div class="col-sm-12">
                 <div class="checkbox">
                   <label><input type="checkbox" value="1" name="active"{% if pushover_data.active == '1' %} checked{% endif %}> {{ lang.user.active }}</label>
                 </div>
diff --git a/data/web/templates/user_domainadmin_common.twig b/data/web/templates/user_domainadmin_common.twig
index 8a7ace39..64a2205d 100644
--- a/data/web/templates/user_domainadmin_common.twig
+++ b/data/web/templates/user_domainadmin_common.twig
@@ -4,7 +4,7 @@
   var acl = '{{ acl_json|raw }}';
   var lang = {{ lang_user|raw }};
   var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
   var mailcow_cc_username = '{{ mailcow_cc_username }}';
   var user_spam_score = [{{ user_spam_score }}];
   var lang_datatables = {{ lang_datatables|raw }};
diff --git a/data/web/user.php b/data/web/user.php
index b92e87a7..5fddff6e 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -20,6 +20,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'doma
     'tfa_data' => $tfa_data,
     'fido2_data' => $fido2_data,
     'lang_user' => json_encode($lang['user']),
+    'lang_datatables' => json_encode($lang['datatables']),
   ];
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
diff --git a/docker-compose.yml b/docker-compose.yml
index b0080442..b110533c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.16
+      image: mailcow/unbound:1.17
       environment:
         - TZ=${TZ}
       volumes:
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.54
+      image: mailcow/clamd:1.61
       restart: always
       depends_on:
         - unbound-mailcow
@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.90
+      image: mailcow/rspamd:1.92
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.79
+      image: mailcow/phpfpm:1.82
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.111
+      image: mailcow/sogo:1.115
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -390,7 +390,7 @@ services:
     acme-mailcow:
       depends_on:
         - nginx-mailcow
-      image: mailcow/acme:1.82
+      image: mailcow/acme:1.84
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -426,7 +426,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.49
+      image: mailcow/netfilter:1.51
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -449,7 +449,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:1.96
+      image: mailcow/watchdog:1.97
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -511,11 +511,10 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.44
+      image: mailcow/dockerapi:2.01
       security_opt:
         - label=disable
       restart: always
-      oom_kill_disable: true
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -531,7 +530,7 @@ services:
             - dockerapi
 
     olefy-mailcow:
-      image: mailcow/olefy:1.10
+      image: mailcow/olefy:1.11
       restart: always
       environment:
         - TZ=${TZ}
diff --git a/generate_config.sh b/generate_config.sh
index 8d6a383a..04511108 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -57,7 +57,13 @@ else
   echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
   exit 1
 fi
-    
+
+### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
+if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
+  SKIP_BRANCH=y
+else
+  SKIP_BRANCH=n
+fi
 
 if [ -f mailcow.conf ]; then
   read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
@@ -135,32 +141,44 @@ else
   SKIP_XAPIAN=n
 fi
 
-echo "Which branch of mailcow do you want to use?"
-echo ""
-echo "Available Branches:"
-echo "- master branch (stable updates) | default, recommended [1]"
-echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
-sleep 1
+if [[ ${SKIP_BRANCH} != y ]]; then
+  echo "Which branch of mailcow do you want to use?"
+  echo ""
+  echo "Available Branches:"
+  echo "- master branch (stable updates) | default, recommended [1]"
+  echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
+  sleep 1
 
-while [ -z "${MAILCOW_BRANCH}" ]; do
-  read -r -p  "Choose the Branch with it´s number [1/2] " branch
-  case $branch in
-    [2])
-      MAILCOW_BRANCH="nightly"
+  while [ -z "${MAILCOW_BRANCH}" ]; do
+    read -r -p  "Choose the Branch with it´s number [1/2] " branch
+    case $branch in
+      [2])
+        MAILCOW_BRANCH="nightly"
+        ;;
+      *)
+        MAILCOW_BRANCH="master"
       ;;
-    *)
-      MAILCOW_BRANCH="master"
-    ;;
-  esac
-done
+    esac
+  done
+
+  git fetch --all
+  git checkout -f $git_branch
+
+elif [[ ${SKIP_BRANCH} == y ]]; then
+  echo -e "\033[33mEnabled Dev Mode.\033[0m"
+  echo -e "\033[33mNot checking out a different branch!\033[0m"
+  MAILCOW_BRANCH=$(git rev-parse --short $(git rev-parse @{upstream}))
+
+else
+  echo -e "\033[31mCould not determine branch input..."
+  echo -e "\033[31mExiting."
+  exit 1
+fi  
 
 if [ ! -z "${MAILCOW_BRANCH}" ]; then
   git_branch=${MAILCOW_BRANCH}
 fi
 
-git fetch --all
-git checkout -f $git_branch
-
 [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
 
 cat << EOF > mailcow.conf
@@ -426,18 +444,37 @@ echo "Copying snake-oil certificate..."
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 
 # Set app_info.inc.php
-if [ ${git_branch} == "master" ]; then
-  mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
-elif [ ${git_branch} == "nightly" ]; then
-  mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
-  mailcow_last_git_version=""
-else
-  mailcow_git_version=$(git rev-parse --short HEAD)
-  mailcow_last_git_version=""
-fi
+case ${git_branch} in
+  master)
+    mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+    ;;
+  nightly)
+    mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+    mailcow_last_git_version=""
+    ;;
+  *)
+    mailcow_git_version=$(git rev-parse --short HEAD)
+    mailcow_last_git_version=""
+    ;;
+esac
+# if [ ${git_branch} == "master" ]; then
+#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+# elif [ ${git_branch} == "nightly" ]; then
+#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+#   mailcow_last_git_version=""
+# else
+#   mailcow_git_version=$(git rev-parse --short HEAD)
+#   mailcow_last_git_version=""
+# fi
 
+if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})
 mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+else
+mailcow_git_commit=$(git rev-parse ${git_branch})
+mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+git_branch=$(git rev-parse --abbrev-ref HEAD)
+fi
 
 if [ $? -eq 0 ]; then
   echo '<?php' > data/web/inc/app_info.inc.php
diff --git a/helper-scripts/backup_and_restore.sh b/helper-scripts/backup_and_restore.sh
index 1853f501..ee9f0202 100755
--- a/helper-scripts/backup_and_restore.sh
+++ b/helper-scripts/backup_and_restore.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-DEBIAN_DOCKER_IMAGE="mailcow/backup:1.0"
+DEBIAN_DOCKER_IMAGE="mailcow/backup:latest"
 
 if [[ ! -z ${MAILCOW_BACKUP_LOCATION} ]]; then
   BACKUP_LOCATION="${MAILCOW_BACKUP_LOCATION}"
@@ -58,7 +58,7 @@ if ! [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
   echo "Thread input is not a number!"
   exit 1
 elif [[ "${THREADS}" =~ ^[1-9]+$ ]] ; then
-  echo "Using ${THREADS} Thread(s) for this run." 
+  echo "Using ${THREADS} Thread(s) for this run."
   echo "Notice: You can set the Thread count with the THREADS Variable before you run this script."
 fi
 
@@ -181,7 +181,7 @@ function restore() {
 
   elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
     COMPOSE_COMMAND="docker-compose"
-  
+
   else
     echo -e "\e[31mCan not read DOCKER_COMPOSE_VERSION variable from mailcow.conf! Is your mailcow up to date? Exiting...\e[0m"
     exit 1
@@ -380,4 +380,4 @@ elif [[ ${1} == "restore" ]]; then
   done
   echo "Restoring ${FILE_SELECTION[${input_sel}]} from ${RESTORE_POINT}..."
   restore "${RESTORE_POINT}" ${FILE_SELECTION[${input_sel}]}
-fi
\ No newline at end of file
+fi
diff --git a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
index 7d4424e3..8fcc6fff 100644
--- a/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/EXTERNAL_MYSQL_SOCKET/docker-compose.override.yml
@@ -26,6 +26,6 @@ services:
         - /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
 
     mysql-mailcow:
-      image: alpine:3.10
+      image: alpine:3.17
       command: /bin/true
       restart: "no"
diff --git a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
index 21d391b8..5009f4c9 100644
--- a/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
+++ b/helper-scripts/docker-compose.override.yml.d/HAPROXY/docker-compose.override.yml
@@ -1,6 +1,6 @@
 ##
 ## Set haproxy_trusted_networks in Dovecots extra.conf!
-#ä
+##
 
 version: '2.1'
 services:
diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index 94bc997a..50fcbab3 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,15 +1,25 @@
 #!/usr/bin/env bash
+# renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
+NEXTCLOUD_VERSION=25.0.3
 
-for bin in curl dirmngr; do
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+echo -ne "Checking prerequisites..."
+sleep 1
+for bin in curl dirmngr tar bzip2; do
+  if [[ -z $(which ${bin}) ]]; then echo -ne "\r\033[31mCannot find ${bin}, exiting...\033[0m\n"; exit 1; fi
 done
+echo -ne "\r\033[32mFound all prerequisites! Continuing...\033[0m\n"
 
 [[ -z ${1} ]] && NC_HELP=y
 
 while [ "$1" != '' ]; do
+  if [[ $# -ne 1 ]]; then
+      echo -e "\033[31mPlease use only one parameter at the same time!\033[0m" >&2
+      exit 2
+  fi
   case "${1}" in
     -p|--purge) NC_PURGE=y && shift;;
     -i|--install) NC_INSTALL=y && shift;;
+    -u|--update)  NC_UPDATE=y && shift;;
     -r|--resetpw) NC_RESETPW=y && shift;;
     -h|--help) NC_HELP=y && shift;;
     *) echo "Unknown parameter: ${1}" && shift;;
@@ -20,13 +30,11 @@ if [[ ${NC_HELP} == "y" ]]; then
   printf 'Usage:\n\n'
   printf '  -p|--purge\n    Purge Nextcloud\n'
   printf '  -i|--install\n    Install Nextcloud\n'
+  printf '  -u|--update\n    Update Nextcloud\n'
   printf '  -r|--resetpw\n    Reset password\n\n'
   exit 0
 fi
 
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_INSTALL} == "y" ]] && { echo "Cannot use -p and -i at the same time!"; exit 1; }
-[[ ${NC_PURGE} == "y" ]] && [[ ${NC_RESETPW} == "y" ]] && { echo "Cannot use -p and -r at the same time!"; exit 1; }
-
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd ${SCRIPT_DIR}/../
 source mailcow.conf
@@ -39,8 +47,27 @@ if [[ ${NC_PURGE} == "y" ]]; then
     exit 1
   fi
 
-  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
-    "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
+  echo -e "\033[33mDetecting Database information...\033[0m"
+  if [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "Show databases" | grep "nextcloud") ]]; then
+    echo -e "\033[32mFound seperate Nextcloud database (newer scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP DATABASE nextcloud;" > /dev/null
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "DROP USER 'nextcloud'@'%';" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'oc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound Nextcloud (oc) tables inside of mailcow database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'oc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  elif [[ $(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} mailcow -e "SHOW TABLES LIKE 'nc_%'") && $? -eq 0 ]]; then
+    echo -e "\033[32mFound Nextcloud (nc) tables inside of mailcow database (old scheme)!\033[0m"
+    echo -e "\033[31mPurging...\033[0m"
+    docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+     "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT IFNULL(GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';'),'SELECT NULL;') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)" > /dev/null
+  else
+    echo -e "\033[31mError: No Nextcloud databases/tables found!"
+    echo -e "\033[33mNot purging anything...\033[0m"
+    exit 1
+  fi
   docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
 SELECT 10
 FLUSHDB
@@ -56,9 +83,10 @@ EOF
 
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
+  echo -e "\033[32mNextcloud has been uninstalled sucessfully!\033[0m"
+
 elif [[ ${NC_UPDATE} == "y" ]]; then
-  exit;
-  read -r -p "Are you sure you want to update Nextcloud? [y/N] " response
+  read -r -p "Are you sure you want to update Nextcloud (with Nextclouds own updater)? [y/N] " response
   response=${response,,}
   if [[ ! "$response" =~ ^(yes|y)$ ]]; then
     echo "OK, aborting."
@@ -66,23 +94,14 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
   fi
 
   if [ ! -f data/web/nextcloud/occ ]; then
-    echo "Nextcloud occ not found. Is Nextcloud installed?"
+    echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
     exit 1
   fi
   if ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
     echo "Nextcloud seems not to be installed."
     exit 1
-  elif ! grep -q 'version: 20\.' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo "Cannot upgrade to new major version, please update manually."
-    exit 1
   else
-    curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-22.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
-      && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
-      && rm nextcloud.tar.bz2 \
-      && mkdir -p ./data/web/nextcloud/data \
-      && chmod +x ./data/web/nextcloud/occ \
-       docker exec -it $(docker ps -f name=php-fpm-mailcow -q) bash -c "chown www-data:www-data -R /web/nextcloud" \
-       docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings upgrade"
+    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
   fi
 
 elif [[ ${NC_INSTALL} == "y" ]]; then
@@ -95,25 +114,48 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     [[ ! ${NC_CONT_FAIL,,} =~ ^(yes|y)$ ]] && { echo "Ok, exiting..."; exit 1; }
   fi
 
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
-
-  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-22.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+  echo -e "\033[33mDownloading \033[34mNextcloud ${NEXTCLOUD_VERSION}\033[33m...\033[0m"
+  curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
     && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
     && rm nextcloud.tar.bz2 \
     && mkdir -p ./data/web/nextcloud/data \
     && chmod +x ./data/web/nextcloud/occ
 
+  echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
+  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+  NC_DBUSER=nextcloud
+  NC_DBNAME=nextcloud
+
+  echo -ne "[1/3] Creating 'nextcloud' database"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE ${NC_DBNAME};"
+  sleep 2
+  echo -ne "\r[2/3] Creating 'nextcloud' database user"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER '${NC_DBUSER}'@'%' IDENTIFIED BY '${NC_DBPASS}';"
+  sleep 2
+  echo -ne "\r[3/3] Granting 'nextcloud' user all permissions on database 'nextcloud'"
+  docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON ${NC_DBNAME}.* TO '${NC_DBUSER}'@'%';"
+  sleep 2
+
+  echo ""
+  echo -e "\033[33mInstalling Nextcloud...\033[0m"
+  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+
+  echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
+  sleep 2
+  echo -ne "\r[2/4] Running occ maintenance:install to install Nextcloud"
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ --no-warnings maintenance:install \
     --database mysql \
     --database-host mysql \
-    --database-name ${DBNAME} \
-    --database-user ${DBUSER} \
-    --database-pass ${DBPASS} \
+    --database-name ${NC_DBNAME} \
+    --database-user ${NC_DBUSER} \
+    --database-pass ${NC_DBPASS} \
     --admin-user admin \
     --admin-pass ${ADMIN_NC_PASS} \
-      --data-dir /web/nextcloud/data
+    --data-dir /web/nextcloud/data > /dev/null 2>&1
 
+  echo -ne "\r[3/4] Setting custom parameters inside the Nextcloud config file"
+  echo ""
   docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings config:system:set redis host --value=redis --type=string; \
     /web/nextcloud/occ --no-warnings config:system:set redis port --value=6379 --type=integer; \
     /web/nextcloud/occ --no-warnings config:system:set redis timeout --value=0.0 --type=integer; \
@@ -139,13 +181,28 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}; \
     #/web/nextcloud/occ --no-warnings config:system:set user_backends 0 class --value=OC_User_IMAP; \
 
+    echo -e "\r[4/4] Enabling Nginx Configuration"
     cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
     sed -i "s/NC_SUBD/${NC_SUBD}/g" ./data/conf/nginx/nextcloud.conf
+    sleep 2
 
-  echo "Restarting Nginx..."
+  echo ""
+  echo -e "\033[33mFinalizing installation...\033[0m"
   docker restart $(docker ps -aqf name=nginx-mailcow)
 
-  echo "Login as admin with password: ${ADMIN_NC_PASS}"
+  echo ""
+  echo "******************************************"
+  echo "*        SAVE THESE CREDENTIALS          *"
+  echo "*    INSTALL DATE: $(date +%Y-%m-%d_%H-%M-%S)   *"
+  echo "******************************************"
+  echo ""
+  echo -e "\033[36mDatabase name:      ${NC_DBNAME}\033[0m"
+  echo -e "\033[36mDatabase user:      ${NC_DBUSER}\033[0m"
+  echo -e "\033[36mDatabase password:  ${NC_DBPASS}\033[0m"
+  echo ""
+  echo -e "\033[31mUI admin password:  ${ADMIN_NC_PASS}\033[0m"
+  echo ""
+
 
 elif [[ ${NC_RESETPW} == "y" ]]; then
     printf 'You are about to set a new password for a Nextcloud user.\n\nDo not use this option if your Nextcloud is configured to use mailcow for authentication.\nSet a new password for the corresponding mailbox in mailcow, instead.\n\n'
@@ -161,5 +218,4 @@ elif [[ ${NC_RESETPW} == "y" ]]; then
       read -p "Enter the username: " NC_USER
     done
     docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ user:resetpassword ${NC_USER}
-
 fi
diff --git a/helper-scripts/update_compose.sh b/helper-scripts/update_compose.sh
index c58eabea..ae2d6ab1 100755
--- a/helper-scripts/update_compose.sh
+++ b/helper-scripts/update_compose.sh
@@ -4,7 +4,8 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source ${SCRIPT_DIR}/../mailcow.conf
 
 if [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
+LATEST_COMPOSE=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) # redirect to latest release
+LATEST_COMPOSE=${LATEST_COMPOSE##*/v} #get the latest version from the redirect, excluding the "v" prefix
 COMPOSE_VERSION=$(docker-compose version --short)
 if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
   echo -e "\e[33mA new docker-compose Version is available: $LATEST_COMPOSE\e[0m"
@@ -33,24 +34,25 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
     sleep 1
     if [[ $(command -v pip 2>&1) && $(pip list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 || $(command -v pip3 2>&1) && $(pip3 list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 ]]; then
         echo -e "\e[33mFound a docker-compose Version installed with pip!\e[0m"
-        echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn´t support Versions higher than 1.29.2.\e[0m"
+        echo -e "\e[31mPlease uninstall the pip Version of docker-compose since it doesn't support Versions higher than 1.29.2.\e[0m"
         sleep 2
         echo -e "\e[33mExiting...\e[0m"
         exit 1
         #prevent breaking a working docker-compose installed with pip
-    elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php?vers=${DC_DL_SUFFIX} -o /dev/null) == "200" ]]; then
-        LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
+    elif [[ $(curl -sL -w "%{http_code}" https://github.com/docker/compose/releases/latest -o /dev/null) == "200" ]]; then
+        LATEST_COMPOSE=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) # redirect to latest release
+        LATEST_COMPOSE=${LATEST_COMPOSE##*/} #get the latest version from the redirect, inlcuding the "v" prefix
         COMPOSE_VERSION=$(docker-compose version --short)
         if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
         COMPOSE_PATH=$(command -v docker-compose)
         if [[ -w ${COMPOSE_PATH} ]]; then
-            curl -#L https://github.com/docker/compose/releases/download/v${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH
+            curl -#L https://github.com/docker/compose/releases/download/${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH
             chmod +x $COMPOSE_PATH
             echo -e "\e[32mYour Docker Compose (standalone) has been updated to: $LATEST_COMPOSE\e[0m"
             exit 0
         else
             echo -e "\e[33mWARNING: $COMPOSE_PATH is not writable, but new version $LATEST_COMPOSE is available (installed: $COMPOSE_VERSION)\e[0m"
-            return 1
+            exit 1
         fi
         fi
     else
@@ -61,7 +63,7 @@ echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
 elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
     echo -e "\e[31mYou are using the native Docker Compose Plugin. This Script is for the standalone Docker Compose Version only.\e[0m"
     sleep 2
-    echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
+    echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
     exit 1
 
 else
diff --git a/update.sh b/update.sh
index bdc4b333..1c391d1b 100755
--- a/update.sh
+++ b/update.sh
@@ -3,9 +3,9 @@
 ############## Begin Function Section ##############
 
 check_online_status() {
-  CHECK_ONLINE_IPS=(1.1.1.1 9.9.9.9 8.8.8.8)
-  for ip in "${CHECK_ONLINE_IPS[@]}"; do
-    if timeout 3 ping -c 1 ${ip} > /dev/null; then
+  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
+  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
+    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
       return 0
     fi
   done