Customize SOGo theme from Web UI

Old link returns 404.

.drone.yml

@@ -1,120 +0,0 @@
----
-kind: pipeline
-name: integration-testing
-
-platform:
-  os: linux
-  arch: amd64
-
-clone:
-  disable: true
-
-steps:
-- name: prepare-tests
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
-  - chmod +x ci.sh
-  - chmod +x ci-ssh.sh
-  - chmod +x ci-piprequierments.sh
-  - ./ci.sh
-  - wget -O group_vars/all/secrets.yml $SECRETS_DOWNLOAD_URL --quiet
-  environment:
-    SECRETS_DOWNLOAD_URL:
-      from_secret: SECRETS_DOWNLOAD_URL
-    VAULT_PW:
-      from_secret: VAULT_PW
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-
-- name: lint
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - ansible-lint ./
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-
-- name: create-server
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - ./ci-piprequierments.sh
-  - ansible-playbook mailcow-start-server.yml --diff
-  - ./ci-ssh.sh
-  environment:
-    ANSIBLE_HOST_KEY_CHECKING: false
-    ANSIBLE_FORCE_COLOR: true
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-
-- name: setup-server
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - sleep 120
-  - ./ci-piprequierments.sh
-  - ansible-playbook mailcow-setup-server.yml --private-key /drone/src/id_ssh_rsa --diff
-  environment:
-    ANSIBLE_HOST_KEY_CHECKING: false
-    ANSIBLE_FORCE_COLOR: true
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-
-- name: run-tests
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - ./ci-piprequierments.sh
-  - ansible-playbook mailcow-integration-tests.yml --private-key /drone/src/id_ssh_rsa --diff
-  environment:
-    ANSIBLE_HOST_KEY_CHECKING: false
-    ANSIBLE_FORCE_COLOR: true
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-
-- name: delete-server
-  pull: default
-  image: timovibritannia/ansible
-  commands:
-  - ./ci-piprequierments.sh
-  - ansible-playbook mailcow-delete-server.yml --diff
-  environment:
-    ANSIBLE_HOST_KEY_CHECKING: false
-    ANSIBLE_FORCE_COLOR: true
-  when:
-    branch:
-    - master
-    - staging
-    event:
-    - push
-    status:
-    - failure
-    - success
-
----
-kind: signature
-hmac: f6619243fe2a27563291c9f2a46d93ffbc3b6dced9a05f23e64b555ce03a31e5
-
-...

.github/FUNDING.yml

@@ -1 +1 @@
-custom: https://mailcow.github.io/mailcow-dockerized-docs/#help-mailcow
+custom: ["https://www.servercow.de/mailcow?lang=en#sal"]

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,94 +0,0 @@
-name: 🐞 Bug Report
-description: Report a reproducible bug for mailcow. (NOT to be used for support questions.)
-labels: ["bug"]
-body:
-  - type: checkboxes
-    attributes:
-      label: Contribution guidelines
-      description: Please read the contribution guidelines before proceeding.
-      options:
-        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
-          required: true
-  - type: checkboxes
-    attributes:
-      label: I've found a bug and checked that ...
-      description: Prior to placing the issue, please check following:** *(fill out each checkbox with an `X` once done)*
-      options:
-      - label: ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
-        required: true
-      - label: ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
-        required: true
-      - label: ... I have understood that answers are voluntary and community-driven, and not commercial support.
-        required: true
-      - label: ... I have verified that my issue has not been already answered in the past. I also checked previous [issues](https://github.com/mailcow/mailcow-dockerized/issues).
-        required: true
-  - type: textarea
-    attributes:
-      label: Description
-      description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Logs
-      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
-      render: bash
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Steps to reproduce
-      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
-      placeholder: |-
-        1. ...
-        2. ...
-        3. ...
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: System information
-      description: In this stage we would kindly ask you to attach general system information about your setup.
-      value: |-
-             | Question | Answer |
-             | --- | --- |
-             | My operating system | I_DO_REPLY_HERE |
-             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-             | Virtualization technlogy (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-             | Docker Version (`docker version`) | I_DO_REPLY_HERE |
-             | Docker-Compose Version (`docker-compose version`) | I_DO_REPLY_HERE |
-             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
-             iptables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             iptables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             ip6tables -L -vn -t nat:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-
-             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
-             ```
-             YOUR OUTPUT GOES HERE
-             ```
-    validations:
-      required: true

.github/ISSUE_TEMPLATE/Bug_report.yml

@@ -0,0 +1,157 @@
+name: 🐞 Bug Report
+description: Report a reproducible bug for mailcow. (NOT to be used for support questions.)
+labels: ["bug"]
+body:
+  - type: checkboxes
+    attributes:
+      label: Contribution guidelines
+      description: Please read the contribution guidelines before proceeding.
+      options:
+      - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+        required: true
+  - type: checkboxes
+    attributes:
+      label: I've found a bug and checked that ...
+      description: Prior to placing the issue, please check following:** *(fill out each checkbox with an `X` once done)*
+      options:
+      - label: ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
+        required: true
+      - label: ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
+        required: true
+      - label: ... I have understood that answers are voluntary and community-driven, and not commercial support.
+        required: true
+      - label: ... I have verified that my issue has not been already answered in the past. I also checked previous [issues](https://github.com/mailcow/mailcow-dockerized/issues).
+        required: true
+  - type: textarea
+    attributes:
+      label: Description
+      description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs:"
+      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Steps to reproduce:"
+      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
+      render: plain text
+      placeholder: |-
+        1. ...
+        2. ...
+        3. ...
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        ## System information
+        ### In this stage we would kindly ask you to attach general system information about your setup.
+  - type: dropdown
+    attributes:
+      label: "Which branch are you using?"
+      description: "#### `git rev-parse --abbrev-ref HEAD`"
+      multiple: false
+      options:
+        - master
+        - nightly
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Operating System:"
+      placeholder: "e.g. Ubuntu 22.04 LTS"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Server/VM specifications:"
+      placeholder: "Memory, CPU Cores"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Is Apparmor, SELinux or similar active?"
+      placeholder: "yes/no"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Virtualization technology:"
+      placeholder: "KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported**"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Docker version:"
+      description: "#### `docker version`"
+      placeholder: "20.10.21"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "docker-compose version or docker compose version:"
+      description: "#### `docker-compose version` or `docker compose version`"
+      placeholder: "v2.12.2"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "mailcow version:"
+      description: "#### ```git describe --tags `git rev-list --tags --max-count=1` ```"
+      placeholder: "2022-08"
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: "Reverse proxy:"
+      placeholder: "e.g. Nginx/Traefik"
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of git diff:"
+      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn:"
+      description: "#### Output of `iptables -L -vn`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn:"
+      description: "#### Output of `ip6tables -L -vn`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of iptables -L -vn -t nat:"
+      description: "#### Output of `iptables -L -vn -t nat`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "Logs of ip6tables -L -vn -t nat:"
+      description: "#### Output of `ip6tables -L -vn -t nat`"
+      render: plain text
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: "DNS check:"
+      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
+      render: plain text
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/pr_to_nighty_template.yml

@@ -0,0 +1,13 @@
+## :memo:  Brief description
+<!-- Diff summary - START -->
+<!-- Diff summary - END -->
+
+
+## :computer:  Commits
+<!-- Diff commits - START -->
+<!-- Diff commits - END -->
+
+
+## :file_folder:  Modified files
+<!-- Diff files - START -->
+<!-- Diff files - END -->

.github/renovate.json

@@ -0,0 +1,31 @@
+{
+  "enabled": true,
+  "timezone": "Europe/Berlin",
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard",
+  "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
+  "rebaseWhen": "auto",
+  "labels": ["renovate"],
+  "assignees": [
+    "@magiccc"
+  ],
+  "baseBranches": ["staging"],
+  "enabledManagers": ["github-actions", "regex", "docker-compose"],
+  "ignorePaths": [
+    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
+       ]
+    },
+    {
+      "fileMatch": ["(^|/)Dockerfile[^/]*$"],
+      "matchStrings": [
+        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s"
+       ]
+    }
+  ]
+}

.github/workflows/check_prs_if_on_staging.yml

@@ -0,0 +1,33 @@
+name: Check PRs if on staging
+on:
+    pull_request_target:
+      types: [opened, edited]
+permissions: {}
+
+jobs:
+  is_not_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
+    steps:
+      - name: Send message
+        uses: thollander/actions-comment-pull-request@v2.3.1
+        with:
+          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          message: |
+                   Thanks for contributing!
+
+                   I noticed that you didn't select `staging` as your base branch. Please change the base branch to `staging`.
+                   See the attached picture on how to change the base branch to `staging`:
+
+                   ![check_prs_if_on_staging.png](https://raw.githubusercontent.com/mailcow/mailcow-dockerized/master/.github/workflows/assets/check_prs_if_on_staging.png)
+
+      - name: Fail #we want to see failed checks in the PR
+        if: ${{ success() }} #set exit code to 1 even if commenting somehow failed
+        run: exit 1
+
+  is_staging:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.base.ref == 'staging' #check if the target branch is staging
+    steps:
+      - name: Success
+        run: exit 0

.github/workflows/close_old_issues_and_prs.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v4
+        uses: actions/stale@v8.0.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60
@@ -30,6 +30,7 @@ jobs:
           stale-issue-label: "stale"
           stale-pr-label: "stale"
           exempt-draft-pr: "true"
+          close-issue-reason: "not_planned"
           operations-per-run: "250"
           ascending: "true"
           #DRY-RUN

.github/workflows/image_builds.yml

@@ -0,0 +1,43 @@
+name: Build mailcow Docker Images
+
+on:
+  push:
+    branches: [ "master", "staging" ]
+  workflow_dispatch:
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  docker_image_builds:
+    strategy:
+      matrix:
+        images:
+          - "acme-mailcow"
+          - "clamd-mailcow"
+          - "dockerapi-mailcow"
+          - "dovecot-mailcow"
+          - "netfilter-mailcow"
+          - "olefy-mailcow"
+          - "php-fpm-mailcow"
+          - "postfix-mailcow"
+          - "rspamd-mailcow"
+          - "sogo-mailcow"
+          - "solr-mailcow"
+          - "unbound-mailcow"
+          - "watchdog-mailcow"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup Docker
+        run: |
+          curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
+          sudo service docker start
+      - name: Prepair Image Builds
+        run: |
+          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+      - name: Build Docker Images
+        run: |
+          docker compose build ${image}
+        env:
+          image: ${{ matrix.images }}

.github/workflows/pr_to_nightly.yml

@@ -0,0 +1,25 @@
+name: Create PR to merge to nightly from staging
+on:
+  push:
+    branches:
+      - staging
+jobs:
+  action-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Run the Action
+        uses: devops-infra/action-pull-request@v0.5.5
+        with:
+          github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
+          title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
+          assignee: DerLinkman
+          source_branch: staging
+          target_branch: nightly
+          reviewer: DerLinkman
+          label: upstream
+          template: .github/ISSUE_TEMPLATE/pr_to_nighty_template.yml
+          get_diff: true

.github/workflows/rebuild_backup_image.yml

@@ -0,0 +1,34 @@
+name: Build mailcow backup image
+
+on:
+  schedule:
+    # At 00:00 on Sunday
+    - cron: "0 0 * * 0"
+  workflow_dispatch: # Allow to run workflow manually
+
+jobs:
+  docker_image_build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: data/Dockerfiles/backup/Dockerfile
+          push: true
+          tags: mailcow/backup:latest

.travis.yml

@@ -1,16 +0,0 @@
-sudo: required
-services:
-- docker
-script:
-- echo 'Europe/Berlin' | MAILCOW_HOSTNAME=build.mailcow ./generate_config.sh
-- docker-compose pull --ignore-pull-failures --parallel
-- docker-compose build
-- docker login --username=$DOCKER_HUB_USERNAME --password=$DOCKER_HUB_PASSWORD
-- docker-compose push
-branches:
-  only:
-  - master_disabled
-env:
-  global:
-  - secure: MpxpTwD7f0CNEVLitSpVmocK7O9r+BwFE1deEHK4AlQo/oc9cOlhGe1EL3mx9zbglPmjlDg/8kMUGv6vSirIabfBo9Szjps76bHckFr9lr2Ykkg0e29oC8pgPpSXD1eY/1ZIN/FvIkxpUFLETo1okS/j9q/A0DCGFmti0n3EoMORsgRz9CpNAiEh0zpSd6+euPAGHuczuCrDuO84my9bIOCjA/+aPunHNeXiuM8yIM2SxCSyGtIKT0+jvquIvLF58VxivysXBlRfhDn8fhB09nXA2Ru/derYQACfcmNSn9Pd4bDpebPJW5B9H/XA8xjb58uKinUlncbAMB/QnxoT75j9YRWJZRSQ+34XNYP6ZgK9soZ2TC6djQyEKTUu45Kp/1s+poSn42m9jytJJTmmK0KxsZTRcC8JD5nrjIMZWPUNNTwC5L4+I7ZRWg2WooK3LNyq1Ng8Hn6W77wSgsvAJw2HD3Lx58AprGUhHuBeaIZRuSN9aKwZrl9vKQJLqPnOp/nF2EC6kot5HYYtcotGtETXPUDih21gWD5ZM2BqVqYfQQnJnNMgeYmMdj6QQuTFqhuNJf7hXRIRkTnD3j1gDOLKQZazW0+N2JE8XWDFwi6fKScDsxT85lJti9HmzHa7+k4RVHmUYuDgRoPuzUgjWHvPsiz3/Z8WQ9JYpH84S8w=
-  - secure: fWzZisT6nGDNL4lf6tXB07eFG2drgBakHxzdF/NFVvzuP861RFR6omuL+ED0PgXrEHDJBxaBLv52je8irmUXrAH1CNr7T8DWiZo/h5h609Uzr+38T1NnIu4krL0Wo6/CDwlLKnzqTq9yBIZLQSHVJmo8AOpo1JPIi2ajodqj9ZfmAxDQTQl+G6zvQjtqIkYHsHY7A44Rto0f14ykn7w2S82Jn6Ry89VNI5V1WEO3sMpM/XekNP/HokNcRIuntL/0+kuLvTJ5akGoTjBQxSnSW95opzPeGky74HRU2obExJYqKvF0VfVJRNAqejwjIiFIbbjqV0Sk5391kFuhuBErQQDM1bOHGdxZ41HsJH29qNWIl7C33Yl10qERoqecgsJ1N/bS2ZEmWqm/zQh5GClCXPvYmzEqMYsMGM3vjbKdjDlc1Wh2w/eFclsXN9LSXh1mc35rtj46frcT6e5Kof87AIfC9hTgDvk9kAsyjaHMkSHSZthbZXCIcsD8qriNm5UqfFBYD79mPIP1S2YMQ2jscCsjHOZgYVrcm0kzDF21J1w6H0Lo7d1jw37LYlegBdtLQ9gYgqY2D5m+nxWuVoD5FZmpR+5JGtK+ootyLFF8aiFoHXd4op1JCxRLjgkmnZKXzw3kTQSpE7oa7CgzchtQmK2nqcqla1b5Qk7ilVcjooo=

README.md

@@ -1,8 +1,6 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-## We stand with 🇺🇦
-
-[![master build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/master?label=master%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![staging build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/staging?label=staging%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
+[![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
 
 ## Want to support mailcow?
@@ -35,3 +33,9 @@ Telegram desktop clients are available for [multiple platforms](https://desktop.
 
 **Important**: mailcow makes use of various open-source software. Please assure you agree with their license before using mailcow.
 Any part of mailcow itself is released under **GNU General Public License, Version 3**.
+
+mailcow is a registered word mark of The Infrastructure Company GmbH, Parkstr. 42, 47877 Willich, Germany.
+
+The project is managed and maintained by The Infrastructure Company GmbH.
+
+Originated from @andryyy (André)

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized).
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Disclosure Policy](#disclosure-policy)
+  * [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Vulnerability 
+
+The mailcow team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source 
+software. We appreciate your efforts and responsible disclosure and will
+make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the mailcow team at:
+    
+    info at servercow.de
+
+mailcow team will acknowledge your email as soon as possible, and will
+send a more detailed response afterwards indicating the next steps in 
+handling your report. After the initial reply to your report, the mailcow
+team will endeavor to keep you informed of the progress towards a fix and
+full announcement, and may ask for additional information or guidance.
+
+Report security vulnerabilities in third-party modules to the person or 
+team maintaining the module.
+
+## Disclosure Policy
+
+When the mailcow team receives a security bug report, they will assign it
+to a primary handler. This person will coordinate the fix and release
+process, involving the following steps:
+
+  * Confirm the problem and determine the affected versions.
+  * Audit code to find any potential similar problems.
+  * Prepare fixes for all releases still under maintenance.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+pull request.

data/Dockerfiles/acme/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 

data/Dockerfiles/acme/acme.sh

@@ -213,11 +213,13 @@ while true; do
   done
   ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
 
+  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
   # Start IP detection
   log_f "Detecting IP addresses..."
   IPV4=$(get_ipv4)
   IPV6=$(get_ipv6)
   log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
+  fi
 
   #########################################
   # IP and webroot challenge verification #

data/Dockerfiles/backup/Dockerfile

@@ -0,0 +1,3 @@
+FROM debian:bullseye-slim
+
+RUN apt update && apt install pigz

data/Dockerfiles/clamd/Dockerfile

@@ -1,76 +1,21 @@
-FROM debian:bullseye-slim
+FROM clamav/clamav:1.0.1-1_base
 
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
-ARG CLAMAV=0.104.2
-ARG TINI_VERSION=v0.19.0
-
-RUN apt-get update && apt-get install -y --no-install-recommends \
-  ca-certificates \
-  build-essential \
-  pkg-config \
-  python3 \
-  python3-pip \
-  valgrind \
-  check \
-  libbz2-dev \
-  libcurl4-openssl-dev \
-  libjson-c-dev \
-  libmilter-dev \
-  libncurses5-dev \
-  libpcre2-dev \
-  libssl-dev \
-  libxml2-dev \
-  zlib1g-dev \
-  curl \
-  bash \
-  wget \
-  tzdata \
-  dnsutils \
+RUN apk upgrade --no-cache \
+  && apk add --update --no-cache \
   rsync \
-  dos2unix \
-  netcat \
-  && python3 -m pip install cmake \
-  && rm -rf /var/lib/apt/lists/* \
-  && wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
-  && cd clamav-${CLAMAV} \
-  && cmake . \
-      -D CMAKE_INSTALL_PREFIX=/usr \
-      -D CMAKE_INSTALL_LIBDIR=/usr/lib \
-      -D APP_CONFIG_DIRECTORY=/etc/clamav \
-      -D CMAKE_INSTALL_MANDIR=/usr/share/man \
-      -D CMAKE_INSTALL_INFODIR=/usr/share/info \
-      -D CLAMAV_USER=clamav \
-      -D CLAMAV_GROUP=clamav \
-      -D DATABASE_DIRECTORY=/var/lib/clamav \
-      -D ENABLE_APP=ON \
-      -D ENABLE_JSON_SHARED=OFF \
-      -D CMAKE_BUILD_TYPE=MinSizeRel \
-  && cmake --build . -j4 \
-  && cmake --build . --target install \
-  && cd .. && rm -rf clamav-${CLAMAV} \
-  && apt-get -y --auto-remove purge build-essential \
-  && apt-get -y purge pkg-config \
-  python3 \
-  python3-pip \
-  valgrind \
-  check \
-  libbz2-dev \
-  libcurl4-openssl-dev \
-  libjson-c-dev \
-  libmilter-dev \
-  libncurses5-dev \
-  libpcre2-dev \
-  libssl-dev \
-  libxml2-dev \
-  zlib1g-dev \
+  bind-tools \
+  bash 
 
-  && addgroup --system --gid 700 clamav \
-  && adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
-  && rm -rf /tmp/* /var/tmp/*
-
-COPY clamd.sh ./
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+# init
+COPY clamd.sh /clamd.sh
 RUN chmod +x /sbin/tini
 
-CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]
+# healthcheck
+COPY healthcheck.sh /healthcheck.sh
+RUN chmod +x /healthcheck.sh
+HEALTHCHECK --start-period=6m CMD "/healthcheck.sh"
+
+ENTRYPOINT []
+CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]

data/Dockerfiles/clamd/healthcheck.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  echo "SKIP_CLAMD=y, skipping ClamAV..."
+  exit 0
+fi
+
+# run clamd healthcheck
+/usr/local/bin/clamdcheck.sh

data/Dockerfiles/dockerapi/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
@@ -8,11 +8,15 @@ RUN apk add --update --no-cache python3 \
   py3-pip \
   openssl \
   tzdata \
+  py3-psutil \
 && pip3 install --upgrade pip \
+  fastapi \
+  uvicorn \
+  aiodocker \
   docker \
-  flask \
-  flask-restful
+  redis 
 
+COPY docker-entrypoint.sh /app/
 COPY dockerapi.py /app/
 
-CMD ["python3", "-u", "/app/dockerapi.py"]
+ENTRYPOINT ["/bin/sh", "/app/docker-entrypoint.sh"]

data/Dockerfiles/dockerapi/docker-entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+`openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
+  -keyout /app/dockerapi_key.pem \
+  -out /app/dockerapi_cert.pem \
+  -subj /CN=dockerapi/O=mailcow \
+  -addext subjectAltName=DNS:dockerapi`
+
+`uvicorn --host 0.0.0.0 --port 443 --ssl-certfile=/app/dockerapi_cert.pem --ssl-keyfile=/app/dockerapi_key.pem dockerapi:app`

data/Dockerfiles/dockerapi/dockerapi.py

@@ -1,233 +1,369 @@
-#!/usr/bin/env python3
-
-from flask import Flask
-from flask_restful import Resource, Api
-from flask import jsonify
-from flask import Response
-from flask import request
-from threading import Thread
+from fastapi import FastAPI, Response, Request
+import aiodocker
 import docker
-import uuid
-import signal
+import psutil
+import sys
+import re
 import time
 import os
-import re
-import sys
-import ssl
-import socket
-import subprocess
-import traceback
+import json
+import asyncio
+import redis
+from datetime import datetime
+import logging
+from logging.config import dictConfig
 
-docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
-app = Flask(__name__)
-api = Api(app)
 
-class containers_get(Resource):
-  def get(self):
-    containers = {}
+log_config = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "default": {
+            "()": "uvicorn.logging.DefaultFormatter",
+            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
+            "datefmt": "%Y-%m-%d %H:%M:%S",
+
+        },
+    },
+    "handlers": {
+        "default": {
+            "formatter": "default",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stderr",
+        },
+    },
+    "loggers": {
+        "api-logger": {"handlers": ["default"], "level": "INFO"},
+    },
+}
+dictConfig(log_config)
+
+containerIds_to_update = []
+host_stats_isUpdating = False
+app = FastAPI()
+logger = logging.getLogger('api-logger')
+
+
+@app.get("/host/stats")
+async def get_host_update_stats():
+  global host_stats_isUpdating
+
+  if host_stats_isUpdating == False:
+    asyncio.create_task(get_host_stats())
+    host_stats_isUpdating = True
+
+  while True:
+    if redis_client.exists('host_stats'):
+      break
+    await asyncio.sleep(1.5)
+
+
+  stats = json.loads(redis_client.get('host_stats'))
+  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
+
+@app.get("/containers/{container_id}/json")
+async def get_container(container_id : str):
+  if container_id and container_id.isalnum():
     try:
-      for container in docker_client.containers.list(all=True):
-        containers.update({container.attrs['Id']: container.attrs})
-      return containers
+      for container in (await async_docker_client.containers.list()):
+        if container._id == container_id:
+          container_info = await container.show()
+          return Response(content=json.dumps(container_info, indent=4), media_type="application/json")
+     
+      res = {
+        "type": "danger",
+        "msg": "no container found"
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
     except Exception as e:
-      return jsonify(type='danger', msg=str(e))
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  else:
+    res = {
+      "type": "danger",
+      "msg": "no or invalid id defined"
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
-class container_get(Resource):
-  def get(self, container_id):
-    if container_id and container_id.isalnum():
-      try:
-        for container in docker_client.containers.list(all=True, filters={"id": container_id}):
-          return container.attrs
-      except Exception as e:
-          return jsonify(type='danger', msg=str(e))
-    else:
-      return jsonify(type='danger', msg='no or invalid id defined')
+@app.get("/containers/json")
+async def get_containers():
+  containers = {}
+  try:
+    for container in (await async_docker_client.containers.list()):
+      container_info = await container.show()
+      containers.update({container_info['Id']: container_info})
+    return Response(content=json.dumps(containers, indent=4), media_type="application/json")
+  except Exception as e:
+    res = {
+      "type": "danger",
+      "msg": str(e)
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
-class container_post(Resource):
-  def post(self, container_id, post_action):
-    if container_id and container_id.isalnum() and post_action:
-      try:
-        """Dispatch container_post api call"""
-        if post_action == 'exec':
-          if not request.json or not 'cmd' in request.json:
-            return jsonify(type='danger', msg='cmd is missing')
-          if not request.json or not 'task' in request.json:
-            return jsonify(type='danger', msg='task is missing')
+@app.post("/containers/{container_id}/{post_action}")
+async def post_containers(container_id : str, post_action : str, request: Request):
+  try : 
+    request_json = await request.json()
+  except Exception as err:
+    request_json = {}
 
-          api_call_method_name = '__'.join(['container_post', str(post_action), str(request.json['cmd']), str(request.json['task']) ])
-        else:
-          api_call_method_name = '__'.join(['container_post', str(post_action) ])
+  if container_id and container_id.isalnum() and post_action:
+    try:
+      """Dispatch container_post api call"""
+      if post_action == 'exec':
+        if not request_json or not 'cmd' in request_json:
+          res = {
+            "type": "danger",
+            "msg": "cmd is missing"
+          }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        if not request_json or not 'task' in request_json:
+          res = {
+            "type": "danger",
+            "msg": "task is missing"
+          }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
-        api_call_method = getattr(self, api_call_method_name, lambda container_id: jsonify(type='danger', msg='container_post - unknown api call'))
+        api_call_method_name = '__'.join(['container_post', str(post_action), str(request_json['cmd']), str(request_json['task']) ])
+      else:
+        api_call_method_name = '__'.join(['container_post', str(post_action) ])
+
+      docker_utils = DockerUtils(sync_docker_client)
+      api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
 
 
-        print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-        return api_call_method(container_id)
-      except Exception as e:
-        print("error - container_post: %s" % str(e))
-        return jsonify(type='danger', msg=str(e))
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      return api_call_method(container_id, request_json)
+    except Exception as e:
+      logger.error("error - container_post: %s" % str(e))
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
-    else:
-      return jsonify(type='danger', msg='invalid container id or missing action')
+  else:
+    res = {
+      "type": "danger",
+      "msg": "invalid container id or missing action"
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
+@app.post("/container/{container_id}/stats/update")
+async def post_container_update_stats(container_id : str):
+  global containerIds_to_update
+
+  # start update task for container if no task is running
+  if container_id not in containerIds_to_update:
+    asyncio.create_task(get_container_stats(container_id))
+    containerIds_to_update.append(container_id)
+
+  while True:
+    if redis_client.exists(container_id + '_stats'):
+      break
+    await asyncio.sleep(1.5)
+
+  stats = json.loads(redis_client.get(container_id + '_stats'))
+  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
+
+
+
+
+class DockerUtils:
+  def __init__(self, docker_client):
+    self.docker_client = docker_client
 
   # api call: container_post - post_action: stop
-  def container_post__stop(self, container_id):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+  def container_post__stop(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
       container.stop()
-    return jsonify(type='success', msg='command completed successfully')
-
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: start
-  def container_post__start(self, container_id):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+  def container_post__start(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
       container.start()
-    return jsonify(type='success', msg='command completed successfully')
-
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: restart
-  def container_post__restart(self, container_id):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+  def container_post__restart(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
       container.restart()
-    return jsonify(type='success', msg='command completed successfully')
-
 
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: top
-  def container_post__top(self, container_id):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
-      return jsonify(type='success', msg=container.top())
-
-
+  def container_post__top(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
+      res = { 'type': 'success', 'msg': container.top()}
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: stats
-  def container_post__stats(self, container_id):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+  def container_post__stats(self, container_id, request_json):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
       for stat in container.stats(decode=True, stream=True):
-        return jsonify(type='success', msg=stat )
-
+        res = { 'type': 'success', 'msg': stat}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
   # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  def container_post__exec__mailq__delete(self, container_id):
-    if 'items' in request.json:
+  def container_post__exec__mailq__delete(self, container_id, request_json):
+    if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-d %s' % i for i in filtered_qids]
         sanitized_string = str(' '.join(flagged_qids));
-
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
           postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
           return exec_run_handler('generic', postsuper_r)
 
+
   # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  def container_post__exec__mailq__hold(self, container_id):
-    if 'items' in request.json:
+  def container_post__exec__mailq__hold(self, container_id, request_json):
+    if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-h %s' % i for i in filtered_qids]
         sanitized_string = str(' '.join(flagged_qids));
-
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
           postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
           return exec_run_handler('generic', postsuper_r)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  def container_post__exec__mailq__cat(self, container_id):
-    if 'items' in request.json:
+  def container_post__exec__mailq__cat(self, container_id, request_json):
+    if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         sanitized_string = str(' '.join(filtered_qids));
 
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
           postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
         if not postcat_return:
           postcat_return = 'err: invalid'
         return exec_run_handler('utf8_text_only', postcat_return)
 
    # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  def container_post__exec__mailq__unhold(self, container_id):
-    if 'items' in request.json:
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
+    if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-H %s' % i for i in filtered_qids]
         sanitized_string = str(' '.join(flagged_qids));
-
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
           postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
           return exec_run_handler('generic', postsuper_r)
 
-
   # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  def container_post__exec__mailq__deliver(self, container_id):
-    if 'items' in request.json:
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
+    if 'items' in request_json:
       r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
       if filtered_qids:
         flagged_qids = ['-i %s' % i for i in filtered_qids]
-
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
           for i in flagged_qids:
             postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
             # todo: check each exit code
-          return jsonify(type='success', msg=str("Scheduled immediate delivery"))
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 
+  # api call: container_post - post_action: exec - cmd: sogo - task: customize_enable
+  def container_post__exec__sogo__customize_enable(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "/customize.sh enable"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)
+  # api call: container_post - post_action: exec - cmd: sogo - task: customize_disable
+  def container_post__exec__sogo__customize_disable(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "/customize.sh disable"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)
+  # api call: container_post - post_action: exec - cmd: sogo - task: set_logo
+  def container_post__exec__sogo__set_logo(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "/customize.sh set_logo"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)
+  # api call: container_post - post_action: exec - cmd: sogo - task: remove_logo
+  def container_post__exec__sogo__remove_logo(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "rm -f /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return) 
+  # api call: container_post - post_action: exec - cmd: sogo - task: set_favicon
+  def container_post__exec__sogo__set_favicon(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "/customize.sh set_favicon"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)
+  # api call: container_post - post_action: exec - cmd: sogo - task: remove_favicon
+  def container_post__exec__sogo__remove_favicon(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "cp /sogo.ico /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)  
+  # api call: container_post - post_action: exec - cmd: sogo - task: set_theme
+  def container_post__exec__sogo__set_theme(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
+      cmd = ["/bin/bash", "-c", "/customize.sh set_theme"]  
+      sogo_return = container.exec_run(cmd)
+      return exec_run_handler('utf8_text_only', sogo_return)
 
   # api call: container_post - post_action: exec - cmd: mailq - task: list
-  def container_post__exec__mailq__list(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__mailq__list(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
       return exec_run_handler('utf8_text_only', mailq_return)
-
-
   # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  def container_post__exec__mailq__flush(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__mailq__flush(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
       return exec_run_handler('generic', postqueue_r)
-
-
   # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  def container_post__exec__mailq__super_delete(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__mailq__super_delete(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
       return exec_run_handler('generic', postsuper_r)
-
-
   # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  def container_post__exec__system__fts_rescan(self, container_id):
-    if 'username' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
+  def container_post__exec__system__fts_rescan(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
         if rescan_return.exit_code == 0:
-          return jsonify(type='success', msg='fts_rescan: rescan triggered')
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
         else:
-          return jsonify(type='warning', msg='fts_rescan error')
-
-    if 'all' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if 'all' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
         rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
         if rescan_return.exit_code == 0:
-          return jsonify(type='success', msg='fts_rescan: rescan triggered')
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
         else:
-          return jsonify(type='warning', msg='fts_rescan error')
-
-
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: exec - cmd: system - task: df
-  def container_post__exec__system__df(self, container_id):
-    if 'dir' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request.json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+  def container_post__exec__system__df(self, container_id, request_json):
+    if 'dir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
         if df_return.exit_code == 0:
           return df_return.output.decode('utf-8').rstrip()
         else:
           return "0,0,0,0,0,0"
-
-
   # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  def container_post__exec__system__mysql_upgrade(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
       if sql_return.exit_code == 0:
         matched = False
@@ -235,103 +371,104 @@ class container_post(Resource):
           if 'is already upgraded to' in line:
             matched = True
         if matched:
-          return jsonify(type='success', msg='mysql_upgrade: already upgraded', text=sql_return.output.decode('utf-8'))
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
         else:
           container.restart()
-          return jsonify(type='warning', msg='mysql_upgrade: upgrade was applied', text=sql_return.output.decode('utf-8'))
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
       else:
-        return jsonify(type='error', msg='mysql_upgrade: error running command', text=sql_return.output.decode('utf-8'))
-
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
       if sql_return.exit_code == 0:
-        return jsonify(type='info', msg='mysql_tzinfo_to_sql: command completed successfully', text=sql_return.output.decode('utf-8'))
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
       else:
-        return jsonify(type='error', msg='mysql_tzinfo_to_sql: error running command', text=sql_return.output.decode('utf-8'))
-
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
   # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  def container_post__exec__reload__dovecot(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__reload__dovecot(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
       return exec_run_handler('generic', reload_return)
-
-
   # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  def container_post__exec__reload__postfix(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__reload__postfix(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
       return exec_run_handler('generic', reload_return)
-
-
   # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  def container_post__exec__reload__nginx(self, container_id):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+  def container_post__exec__reload__nginx(self, container_id, request_json):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
       reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
       return exec_run_handler('generic', reload_return)
-
-
   # api call: container_post - post_action: exec - cmd: sieve - task: list
-  def container_post__exec__sieve__list(self, container_id):
-    if 'username' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"])
+  def container_post__exec__sieve__list(self, container_id, request_json):
+    if 'username' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
         return exec_run_handler('utf8_text_only', sieve_return)
-
-
   # api call: container_post - post_action: exec - cmd: sieve - task: print
-  def container_post__exec__sieve__print(self, container_id):
-    if 'username' in request.json and 'script_name' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"]  
+  def container_post__exec__sieve__print(self, container_id, request_json):
+    if 'username' in request.json and 'script_name' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
         sieve_return = container.exec_run(cmd)
         return exec_run_handler('utf8_text_only', sieve_return)
-
-
   # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  def container_post__exec__maildir__cleanup(self, container_id):
-    if 'maildir' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        sane_name = re.sub(r'\W+', '', request.json['maildir'])
-        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
+  def container_post__exec__maildir__cleanup(self, container_id, request_json):
+    if 'maildir' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
+        vmail_name = request_json['maildir'].replace("'", "'\\''")
+        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
+        index_name = request_json['maildir'].split("/")
+        if len(index_name) > 1:
+          index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
+          cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
+          cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
+        else:
+          cmd = ["/bin/bash", "-c", cmd_vmail]
         maildir_cleanup = container.exec_run(cmd, user='vmail')
         return exec_run_handler('generic', maildir_cleanup)
-
-
-
   # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  def container_post__exec__rspamd__worker_password(self, container_id):
-    if 'raw' in request.json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
-        cmd = "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
+    if 'raw' in request_json:
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
         cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
+
         matched = False
         for line in cmd_response.split("\n"):
           if '$2$' in line:
             hash = line.strip()
             hash_out = re.search('\$2\$.+$', hash).group(0)
             rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
-
             rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
             cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
             cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
-
             if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
               container.restart()
               matched = True
-
         if matched:
-            return jsonify(type='success', msg='command completed successfully')
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
+          logger.info('success changing Rspamd password')
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
         else:
-            return jsonify(type='danger', msg='command did not complete')
+          logger.error('failed changing Rspamd password')
+          res = { 'type': 'danger', 'msg': 'command did not complete' }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
 
 def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
 
   def recv_socket_data(c_socket, timeout):
     c_socket.setblocking(0)
-    total_data=[];
-    data='';
+    total_data=[]
+    data=''
     begin=time.time()
     while True:
       if total_data and time.time()-begin > timeout:
@@ -351,6 +488,7 @@ def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
       except:
         pass
     return ''.join(total_data)
+    
 
   try :
     socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
@@ -360,60 +498,93 @@ def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
     data = recv_socket_data(socket, timeout)
     socket.close()
     return data
-
   except Exception as e:
-    print("error - exec_cmd_container: %s" % str(e))
+    logger.error("error - exec_cmd_container: %s" % str(e))
     traceback.print_exc(file=sys.stdout)
-
 def exec_run_handler(type, output):
   if type == 'generic':
     if output.exit_code == 0:
-      return jsonify(type='success', msg='command completed successfully')
+      res = { 'type': 'success', 'msg': 'command completed successfully' }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
     else:
-      return jsonify(type='danger', msg='command failed: ' + output.output.decode('utf-8'))
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
   if type == 'utf8_text_only':
-    r = Response(response=output.output.decode('utf-8'), status=200, mimetype="text/plain")
-    r.headers["Content-Type"] = "text/plain; charset=utf-8"
-    return r
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
 
-class GracefulKiller:
-  kill_now = False
-  def __init__(self):
-    signal.signal(signal.SIGINT, self.exit_gracefully)
-    signal.signal(signal.SIGTERM, self.exit_gracefully)
+async def get_host_stats(wait=5):
+  global host_stats_isUpdating
 
-  def exit_gracefully(self, signum, frame):
-    self.kill_now = True
-
-def create_self_signed_cert():
-    process = subprocess.Popen(
-      "openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /app/dockerapi_key.pem -out /app/dockerapi_cert.pem -subj /CN=dockerapi/O=mailcow -addext subjectAltName=DNS:dockerapi".split(),
-      stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell=False
-    )
-    process.wait()
-
-def startFlaskAPI():
-  create_self_signed_cert()
   try:
-    ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-    ctx.check_hostname = False
-    ctx.load_cert_chain(certfile='/app/dockerapi_cert.pem', keyfile='/app/dockerapi_key.pem')
-  except:
-    print ("Cannot initialize TLS, retrying in 5s...")
-    time.sleep(5)
-  app.run(debug=False, host='0.0.0.0', port=443, threaded=True, ssl_context=ctx)
+    system_time = datetime.now()
+    host_stats = {
+      "cpu": {
+        "cores": psutil.cpu_count(),
+        "usage": psutil.cpu_percent()
+      },
+      "memory": {
+        "total": psutil.virtual_memory().total,
+        "usage": psutil.virtual_memory().percent,
+        "swap": psutil.swap_memory()
+      },
+      "uptime": time.time() - psutil.boot_time(),
+      "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S")
+    }
 
-api.add_resource(containers_get, '/containers/json')
-api.add_resource(container_get,  '/containers/<string:container_id>/json')
-api.add_resource(container_post, '/containers/<string:container_id>/<string:post_action>')
+    redis_client.set('host_stats', json.dumps(host_stats), ex=10)
+  except Exception as e:
+    res = {
+      "type": "danger",
+      "msg": str(e)
+    }
 
-if __name__ == '__main__':
-  api_thread = Thread(target=startFlaskAPI)
-  api_thread.daemon = True
-  api_thread.start()
-  killer = GracefulKiller()
-  while True:
-    time.sleep(1)
-    if killer.kill_now:
-      break
-  print ("Stopping dockerapi-mailcow")
+  await asyncio.sleep(wait)
+  host_stats_isUpdating = False
+  
+async def get_container_stats(container_id, wait=5, stop=False):
+  global containerIds_to_update
+
+  if container_id and container_id.isalnum():
+    try:
+      for container in (await async_docker_client.containers.list()):
+        if container._id == container_id:
+          res = await container.stats(stream=False)
+
+          if redis_client.exists(container_id + '_stats'):
+            stats = json.loads(redis_client.get(container_id + '_stats'))
+          else:
+            stats = []
+          stats.append(res[0])
+          if len(stats) > 3:
+            del stats[0]
+          redis_client.set(container_id + '_stats', json.dumps(stats), ex=60)
+    except Exception as e:
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+  else:
+    res = {
+      "type": "danger",
+      "msg": "no or invalid id defined"
+    }
+
+  await asyncio.sleep(wait)
+  if stop == True:
+    # update task was called second time, stop
+    containerIds_to_update.remove(container_id)
+  else:
+    # call update task a second time
+    await get_container_stats(container_id, wait=0, stop=True)
+
+
+
+if os.environ['REDIS_SLAVEOF_IP'] != "":
+  redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
+else:
+  redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
+
+sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
+async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
+
+logger.info('DockerApi started')

data/Dockerfiles/dovecot/Dockerfile

@@ -2,9 +2,12 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.18
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
+ARG DOVECOT=2.3.20
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
+
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN groupadd -g 5000 vmail \
@@ -18,6 +21,7 @@ RUN groupadd -g 5000 vmail \
   && touch /etc/default/locale \
   && apt-get update \
   && apt-get -y --no-install-recommends install \
+  build-essential \
   apt-transport-https \
   ca-certificates \
   cpanminus \
@@ -58,6 +62,7 @@ RUN groupadd -g 5000 vmail \
   libproc-processtable-perl \
   libreadonly-perl \
   libregexp-common-perl \
+  libssl-dev \
   libsys-meminfo-perl \
   libterm-readkey-perl \
   libtest-deep-perl \
@@ -107,6 +112,8 @@ RUN groupadd -g 5000 vmail \
   && apt-get autoclean \
   && rm -rf /var/lib/apt/lists/* \
   && rm -rf /tmp/* /var/tmp/* /root/.cache/
+# imapsync dependencies
+RUN cpan Crypt::OpenSSL::PKCS12
 
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -307,6 +307,7 @@ namespace {
 }
 EOF
 
+
 cat <<EOF > /etc/dovecot/sogo_trusted_ip.conf
 # Autogenerated by mailcow
 remote ${IPV4_NETWORK}.248 {
@@ -349,6 +350,14 @@ sievec /var/vmail/sieve/global_sieve_after.sieve
 sievec /usr/lib/dovecot/sieve/report-spam.sieve
 sievec /usr/lib/dovecot/sieve/report-ham.sieve
 
+for file in /var/vmail/*/*/sieve/*.sieve ; do
+  if [[ "$file" == "/var/vmail/*/*/sieve/*.sieve" ]]; then
+    continue
+  fi
+  sievec "$file" "$(dirname "$file")/../.dovecot.svbin"
+  chown vmail:vmail "$(dirname "$file")/../.dovecot.svbin"
+done
+
 # Fix permissions
 chown root:root /etc/dovecot/sql/*.conf
 chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/passwd-verify.lua

data/Dockerfiles/dovecot/imapsync

@@ -8492,6 +8492,7 @@ sub xoauth2
         require HTML::Entities ;
         require JSON ;
         require JSON::WebToken::Crypt::RSA ;
+        require Crypt::OpenSSL::PKCS12;
         require Crypt::OpenSSL::RSA ;
         require Encode::Byte ;
         require IO::Socket::SSL ;
@@ -8532,8 +8533,9 @@ sub xoauth2
 
             $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");
 
-            # Get private key from p12 file (would be better in perl...)
-            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;
+            # Get private key from p12 file
+            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
+            $key = $pkcs12->private_key($keypass);
 
             $sync->{ debug } and myprint( "Private key:\n$key\n");
         }

data/Dockerfiles/dovecot/quarantine_notify.py

@@ -50,7 +50,7 @@ try:
   def query_mysql(query, headers = True, update = False):
     while True:
       try:
-        cnx = mysql.connector.connect(unix_socket = '/var/run/mysqld/mysqld.sock', user=os.environ.get('DBUSER'), passwd=os.environ.get('DBPASS'), database=os.environ.get('DBNAME'), charset="utf8")
+        cnx = mysql.connector.connect(unix_socket = '/var/run/mysqld/mysqld.sock', user=os.environ.get('DBUSER'), passwd=os.environ.get('DBPASS'), database=os.environ.get('DBNAME'), charset="utf8mb4", collation="utf8mb4_general_ci")
       except Exception as ex:
         print('%s - trying again...'  % (ex))
         time.sleep(3)
@@ -166,4 +166,4 @@ try:
       notify_rcpt(record['rcpt'], record['counter'], record['quarantine_acl'], attrs['quarantine_category'])
 
 finally:
-  os.unlink(pidfile)
+  os.unlink(pidfile)

data/Dockerfiles/netfilter/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ENV XTABLES_LIBDIR /usr/lib/xtables

data/Dockerfiles/netfilter/server.py

@@ -64,28 +64,40 @@ def refreshF2boptions():
   global f2boptions
   global quit_now
   global exit_code
+
+  f2boptions = {}
+
   if not r.get('F2B_OPTIONS'):
-    f2boptions = {}
-    f2boptions['ban_time'] = int
-    f2boptions['max_attempts'] = int
-    f2boptions['retry_window'] = int
-    f2boptions['netban_ipv4'] = int
-    f2boptions['netban_ipv6'] = int
-    f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
-    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
-    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
-    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 32
-    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 128
-    r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
+    f2boptions['ban_time'] = r.get('F2B_BAN_TIME')
+    f2boptions['max_ban_time'] = r.get('F2B_MAX_BAN_TIME')
+    f2boptions['ban_time_increment'] = r.get('F2B_BAN_TIME_INCREMENT')
+    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS')
+    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW')
+    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4')
+    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6')
   else:
     try:
-      f2boptions = {}
       f2boptions = json.loads(r.get('F2B_OPTIONS'))
     except ValueError:
       print('Error loading F2B options: F2B_OPTIONS is not json')
       quit_now = True
       exit_code = 2
 
+  verifyF2boptions(f2boptions)
+  r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
+
+def verifyF2boptions(f2boptions):
+  verifyF2boption(f2boptions,'ban_time', 1800)
+  verifyF2boption(f2boptions,'max_ban_time', 10000)
+  verifyF2boption(f2boptions,'ban_time_increment', True)
+  verifyF2boption(f2boptions,'max_attempts', 10)
+  verifyF2boption(f2boptions,'retry_window', 600)
+  verifyF2boption(f2boptions,'netban_ipv4', 32)
+  verifyF2boption(f2boptions,'netban_ipv6', 128)
+
+def verifyF2boption(f2boptions, f2boption, f2bdefault):
+  f2boptions[f2boption] = f2boptions[f2boption] if f2boption in f2boptions and f2boptions[f2boption] is not None else f2bdefault
+
 def refreshF2bregex():
   global f2bregex
   global quit_now
@@ -94,12 +106,12 @@ def refreshF2bregex():
     f2bregex = {}
     f2bregex[1] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
     f2bregex[2] = 'Rspamd UI: Invalid password by ([0-9a-f\.:]+)'
-    f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
+    f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = '-login: Aborted login \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+    f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
     f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
     f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
@@ -147,6 +159,7 @@ def ban(address):
   global lock
   refreshF2boptions()
   BAN_TIME = int(f2boptions['ban_time'])
+  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
   MAX_ATTEMPTS = int(f2boptions['max_attempts'])
   RETRY_WINDOW = int(f2boptions['retry_window'])
   NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
@@ -174,20 +187,16 @@ def ban(address):
   net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
   net = str(net)
 
-  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
-    bans[net] = { 'attempts': 0 }
-    active_window = RETRY_WINDOW
-  else:
-    active_window = time.time() - bans[net]['last_attempt']
+  if not net in bans:
+    bans[net] = {'attempts': 0, 'last_attempt': 0, 'ban_counter': 0}
 
   bans[net]['attempts'] += 1
   bans[net]['last_attempt'] = time.time()
 
-  active_window = time.time() - bans[net]['last_attempt']
-
   if bans[net]['attempts'] >= MAX_ATTEMPTS:
     cur_time = int(round(time.time()))
-    logCrit('Banning %s for %d minutes' % (net, BAN_TIME / 60))
+    NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
+    logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
     if type(ip) is ipaddress.IPv4Address:
       with lock:
         chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW')
@@ -206,7 +215,7 @@ def ban(address):
         rule.target = target
         if rule not in chain.rules:
           chain.insert_rule(rule)
-    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + BAN_TIME)
+    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + NET_BAN_TIME)
   else:
     logWarn('%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))
 
@@ -238,7 +247,8 @@ def unban(net):
   r.hdel('F2B_ACTIVE_BANS', '%s' % net)
   r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
   if net in bans:
-    del bans[net]
+    bans[net]['attempts'] = 0
+    bans[net]['ban_counter'] += 1
 
 def permBan(net, unban=False):
   global lock
@@ -252,7 +262,7 @@ def permBan(net, unban=False):
       if rule not in chain.rules and not unban:
         logCrit('Add host/network %s to blacklist' % net)
         chain.insert_rule(rule)
-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 
+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))
       elif rule in chain.rules and unban:
         logCrit('Remove host/network %s from blacklist' % net)
         chain.delete_rule(rule)
@@ -267,7 +277,7 @@ def permBan(net, unban=False):
       if rule not in chain.rules and not unban:
         logCrit('Add host/network %s to blacklist' % net)
         chain.insert_rule(rule)
-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 
+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))
       elif rule in chain.rules and unban:
         logCrit('Remove host/network %s from blacklist' % net)
         chain.delete_rule(rule)
@@ -332,7 +342,7 @@ def watch():
               logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
               ban(addr)
     except Exception as ex:
-      logWarn('Error reading log line from pubsub')
+      logWarn('Error reading log line from pubsub: %s' % ex)
       quit_now = True
       exit_code = 2
 
@@ -346,6 +356,8 @@ def snat4(snat_target):
     rule.dst = '!' + rule.src
     target = rule.create_target("SNAT")
     target.to_source = snat_target
+    match = rule.create_match("comment")
+    match.comment = f'{int(round(time.time()))}'
     return rule
 
   while not quit_now:
@@ -356,19 +368,35 @@ def snat4(snat_target):
         table.refresh()
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
-        if get_snat4_rule() not in chain.rules:
-          logCrit('Added POSTROUTING rule for source network %s to SNAT target %s' % (get_snat4_rule().src, snat_target))
-          chain.insert_rule(get_snat4_rule())
-          table.commit()
+        new_rule = get_snat4_rule()
+
+        if not chain.rules:
+          # if there are no rules in the chain, insert the new rule directly
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+          chain.insert_rule(new_rule)
         else:
-          for position, item in enumerate(chain.rules):
-            if item == get_snat4_rule():
-              if position != 0:
-                chain.delete_rule(get_snat4_rule())
-          table.commit()
+          for position, rule in enumerate(chain.rules):
+            if not hasattr(rule.target, 'parameter'):
+                continue
+            match = all((
+              new_rule.get_src() == rule.get_src(),
+              new_rule.get_dst() == rule.get_dst(),
+              new_rule.target.parameters == rule.target.parameters,
+              new_rule.target.name == rule.target.name
+            ))
+            if position == 0:
+              if not match:
+                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+                chain.insert_rule(new_rule)
+            else:
+              if match:
+                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+                chain.delete_rule(rule)
+
+        table.commit()
         table.autocommit = True
       except:
-        print('Error running SNAT4, retrying...') 
+        print('Error running SNAT4, retrying...')
 
 def snat6(snat_target):
   global lock
@@ -402,13 +430,15 @@ def snat6(snat_target):
           table.commit()
         table.autocommit = True
       except:
-        print('Error running SNAT6, retrying...') 
+        print('Error running SNAT6, retrying...')
 
 def autopurge():
   while not quit_now:
     time.sleep(10)
     refreshF2boptions()
     BAN_TIME = int(f2boptions['ban_time'])
+    MAX_BAN_TIME = int(f2boptions['max_ban_time'])
+    BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
     MAX_ATTEMPTS = int(f2boptions['max_attempts'])
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
     if QUEUE_UNBAN:
@@ -416,7 +446,9 @@ def autopurge():
         unban(str(net))
     for net in bans.copy():
       if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
+        NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
+        TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
+        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME or TIME_SINCE_LAST_ATTEMPT > MAX_BAN_TIME:
           unban(net)
 
 def isIpNetwork(address):
@@ -468,7 +500,7 @@ def whitelistUpdate():
       if Counter(new_whitelist) != Counter(WHITELIST):
         WHITELIST = new_whitelist
         logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST))
-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 
+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
 def blacklistUpdate():
   global quit_now
@@ -479,7 +511,7 @@ def blacklistUpdate():
     new_blacklist = []
     if list:
       new_blacklist = genNetworkList(list)
-    if Counter(new_blacklist) != Counter(BLACKLIST): 
+    if Counter(new_blacklist) != Counter(BLACKLIST):
       addban = set(new_blacklist).difference(BLACKLIST)
       delban = set(BLACKLIST).difference(new_blacklist)
       BLACKLIST = new_blacklist
@@ -490,7 +522,7 @@ def blacklistUpdate():
       if delban:
         for net in delban:
           permBan(net=net, unban=True)
-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 
+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))
 
 def initChain():
   # Is called before threads start, no locking

data/Dockerfiles/olefy/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 WORKDIR /app

data/Dockerfiles/phpfpm/Dockerfile

@@ -1,12 +1,18 @@
-FROM php:8.0-fpm-alpine3.14
+FROM php:8.2-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV APCU_PECL 5.1.20
-ENV IMAGICK_PECL 3.5.1
-# Mailparse is pulled from master branch
-#ENV MAILPARSE_PECL 3.0.2
-ENV MEMCACHED_PECL 3.1.5
-ENV REDIS_PECL 5.3.4
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
+ARG APCU_PECL_VERSION=5.1.22
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
+ARG IMAGICK_PECL_VERSION=3.7.0
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
+ARG MAILPARSE_PECL_VERSION=3.1.4
+# renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
+ARG MEMCACHED_PECL_VERSION=3.2.0
+# renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
+ARG REDIS_PECL_VERSION=5.3.7
+# renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
+ARG COMPOSER_VERSION=2.5.5
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -18,6 +24,7 @@ RUN apk add -U --no-cache autoconf \
   freetype-dev \
   g++ \
   git \
+  gettext \
   gettext-dev \
   gmp-dev \
   gnupg \
@@ -27,8 +34,11 @@ RUN apk add -U --no-cache autoconf \
   imagemagick-dev \
   imap-dev \
   jq \
+  libavif \
+  libavif-dev \
   libjpeg-turbo \
   libjpeg-turbo-dev \
+  libmemcached \
   libmemcached-dev \
   libpng \
   libpng-dev \
@@ -38,8 +48,11 @@ RUN apk add -U --no-cache autoconf \
   libtool \
   libwebp-dev \
   libxml2-dev \
+  libxpm \
   libxpm-dev \
+  libzip \
   libzip-dev \
+  linux-headers \
   make \
   mysql-client \
   openldap-dev \
@@ -49,22 +62,24 @@ RUN apk add -U --no-cache autoconf \
   samba-client \
   zlib-dev \
   tzdata \
-  && git clone https://github.com/php/pecl-mail-mailparse \
-  && cd pecl-mail-mailparse \
-  && pecl install package.xml \
-  && cd .. \
-  && rm -r pecl-mail-mailparse \
-  && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
   && docker-php-ext-enable apcu imagick memcached mailparse redis \
   && pecl clear-cache \
   && docker-php-ext-configure intl \
   && docker-php-ext-configure exif \
   && docker-php-ext-configure gd --with-freetype=/usr/include/ \  
     --with-jpeg=/usr/include/ \
-  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
+    --with-webp \
+    --with-xpm \
+    --with-avif \
+  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
   && mv composer.phar /usr/local/bin/composer \
   && chmod +x /usr/local/bin/composer \
   && apk del --purge autoconf \
@@ -72,15 +87,22 @@ RUN apk add -U --no-cache autoconf \
     cyrus-sasl-dev \
     freetype-dev \
     g++ \
+    gettext-dev \
     icu-dev \
     imagemagick-dev \
     imap-dev \
+    libavif-dev \
     libjpeg-turbo-dev \
+    libmemcached-dev \
     libpng-dev \
     libressl-dev \
     libwebp-dev \
     libxml2-dev \
+    libxpm-dev \
+    libzip-dev \
+    linux-headers \
     make \
+    openldap-dev \
     pcre-dev \
     zlib-dev
 
@@ -88,4 +110,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["php-fpm"]
+CMD ["php-fpm"]

data/Dockerfiles/postfix/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive

data/Dockerfiles/postfix/postfix.sh

@@ -323,7 +323,19 @@ hosts = unix:/var/run/mysqld/mysqld.sock
 dbname = ${DBNAME}
 # First select queries domain and alias_domain to determine if domains are active.
 query = SELECT goto FROM alias
-  WHERE address='%s'
+  WHERE id IN (
+      SELECT COALESCE (
+        (
+          SELECT id FROM alias
+            WHERE address='%s'
+            AND (active='1' OR active='2')
+        ), (
+          SELECT id FROM alias
+            WHERE address='@%d'
+            AND (active='1' OR active='2')
+        )
+      )
+    )
     AND active='1'
     AND (domain IN
       (SELECT domain FROM domain
@@ -354,7 +366,7 @@ query = SELECT goto FROM alias
     WHERE alias_domain.alias_domain = '%d'
       AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain)
       AND (mailbox.active = '1' OR mailbox.active ='2')
-      AND alias_domain.active='1'
+      AND alias_domain.active='1';
 EOF
 
 # MX based routing

data/Dockerfiles/postfix/syslog-ng-redis_slave.conf

@@ -1,4 +1,4 @@
-@version: 3.19
+@version: 3.28
 @include "scl.conf"
 options {
   chain_hostnames(off);

data/Dockerfiles/postfix/syslog-ng.conf

@@ -1,4 +1,4 @@
-@version: 3.19
+@version: 3.28
 @include "scl.conf"
 options {
   chain_hostnames(off);

data/Dockerfiles/rspamd/Dockerfile

@@ -26,6 +26,7 @@ RUN apt-get update && apt-get install -y \
 
 COPY settings.conf /etc/rspamd/settings.conf
 COPY metadata_exporter.lua /usr/share/rspamd/plugins/metadata_exporter.lua
+COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

data/Dockerfiles/rspamd/set_worker_password.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+password_file='/etc/rspamd/override.d/worker-controller-password.inc'
+password_hash=`/usr/bin/rspamadm pw -e -p $1`
+
+echo 'enable_password = "'$password_hash'";' > $password_file
+
+if grep -q "$password_hash" "$password_file"; then
+    echo "OK"
+else
+    echo "ERROR"
+fi

data/Dockerfiles/sogo/Dockerfile

@@ -2,9 +2,10 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG SOGO_DEBIAN_REPOSITORY=http://packages.inverse.ca/SOGo/nightly/5/debian/
+ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
 
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
@@ -24,13 +25,14 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   psmisc \
   wget \
   patch \
+  redis-tools \
   && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
   && chmod +x /usr/local/bin/gosu \
   && gosu nobody true \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
-  && apt-key adv --keyserver keyserver.ubuntu.com --recv-key 0x810273C4 \
+  && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \
   && echo "deb ${SOGO_DEBIAN_REPOSITORY} bullseye bullseye" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
@@ -45,11 +47,15 @@ COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 COPY acl.diff /acl.diff
 COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+COPY customize.sh /
 COPY docker-entrypoint.sh /
 
+RUN rm -rf /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
+RUN mv /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico /sogo.ico
 RUN chmod +x /bootstrap-sogo.sh \
-  /usr/local/sbin/stop-supervisor.sh
+  /usr/local/sbin/stop-supervisor.sh \
+  /customize.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

data/Dockerfiles/sogo/bootstrap-sogo.sh

@@ -142,6 +142,10 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
     <key>SOGoIMAPServer</key>
     <string>imap://${IPV4_NETWORK}.250:143/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSieveServer</key>
+    <string>sieve://${IPV4_NETWORK}.250:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSMTPServer</key>
+    <string>smtp://${IPV4_NETWORK}.253:588/?TLS=YES&amp;tlsVerifyMode=none</string>
     <key>SOGoTrustProxyAuthentication</key>
     <string>YES</string>
     <key>SOGoEncryptionKey</key>
@@ -236,6 +240,8 @@ chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
 
 # Copy logo, if any
 [[ -f /etc/sogo/sogo-full.svg ]] && cp /etc/sogo/sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
+# Use the mailcow logo if no sogo-full.svg file does exist
+! [[ -f /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg ]] && cp /etc/sogo/cow_mailcow.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
 
 # Rsync web content
 echo "Syncing web content with named volume"

data/Dockerfiles/sogo/customize.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+
+if [[ "$1" == "enable" ]]; then
+  # enable debug mode
+  if grep -q "SOGoUIxDebugEnabled = YES;" "/etc/sogo/sogo.conf"; then
+    sed -i "s|//SOGoUIxDebugEnabled = YES;|SOGoUIxDebugEnabled = YES;|" "/etc/sogo/sogo.conf"
+  else
+    echo "SOGoUIxDebugEnabled = YES;" >> "/etc/sogo/sogo.conf"
+  fi
+  
+  echo "Success: SOGoUIxDebugEnabled has been enabled"
+elif [[ "$1" == "disable" ]]; then
+  # disable debug mode
+  if grep -q "SOGoUIxDebugEnabled = YES;" "/etc/sogo/sogo.conf"; then
+    if ! grep -q "//SOGoUIxDebugEnabled = YES;" "/etc/sogo/sogo.conf"; then
+      sed -i "s|SOGoUIxDebugEnabled = YES;|//SOGoUIxDebugEnabled = YES;|" "/etc/sogo/sogo.conf"
+    fi
+  fi
+
+  echo "Success: SOGoUIxDebugEnabled has been disabled"
+elif [[ "$1" == "set_theme" ]]; then
+  # Get the sogo palettes from Redis
+  PRIMARY=$(redis-cli -h redis HGET SOGO_THEME primary)
+  if [ $? -ne 0 ]; then
+    PRIMARY="green"
+  fi
+  ACCENT=$(redis-cli -h redis HGET SOGO_THEME accent)
+  if [ $? -ne 0 ]; then
+    ACCENT="green"
+  fi
+  BACKGROUND=$(redis-cli -h redis HGET SOGO_THEME background)
+  if [ $? -ne 0 ]; then
+    BACKGROUND="grey"
+  fi
+
+  # Read custom palettes
+  if [ -f /etc/sogo/custom-palettes.js ]; then
+    COLORS=$(cat /etc/sogo/custom-palettes.js)
+  else
+    COLORS=""
+  fi
+
+  # Write theme to /usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js
+  cat > /usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js <<EOL
+(function() {
+  'use strict';
+
+  angular.module('SOGo.Common')
+    .config(configure)
+
+  configure.\$inject = ['\$mdThemingProvider'];
+  function configure(\$mdThemingProvider) {
+
+$COLORS
+
+    var primary = \$mdThemingProvider.extendPalette('$PRIMARY', {});
+    var accent = \$mdThemingProvider.extendPalette('$ACCENT', {
+      'A100': 'ffffff'
+    });
+    var background = \$mdThemingProvider.extendPalette('$BACKGROUND', {});
+
+    \$mdThemingProvider.definePalette('primary-cow', primary);
+    \$mdThemingProvider.definePalette('accent-cow', accent);
+    \$mdThemingProvider.definePalette('background-cow', background);
+
+    \$mdThemingProvider.theme('default')
+      .primaryPalette('primary-cow', primarySettings)
+      .accentPalette('accent-cow', accentSettings)
+      .backgroundPalette('background-cow', backgroundSettings);
+    \$mdThemingProvider.generateThemesOnDemand(false);
+  }
+})();
+EOL
+
+  echo "Success: Theme configuration written"
+elif [[ "$1" == "set_logo" ]]; then
+  # Get the image data from Redis and save it to a tmp file
+  redis-cli -h redis GET MAIN_LOGO > /tmp/logo_base64.txt
+
+  # Check if mime type is svg+xml
+  mime_type=$(awk -F'[:;]' '{print $2}' /tmp/logo_base64.txt | sed 's/.*\///')
+  if [ "$mime_type" != "svg+xml" ]; then
+    echo "Error: Image format must be of type svg"
+    exit 1
+  fi
+
+  # Decode base64 and save to file
+  payload=$(cat /tmp/logo_base64.txt | sed 's/^data:[^;]*;//' | awk '{ sub(/^base64,/, ""); print $0 }')
+  echo $payload | base64 -d | tee /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg > /dev/null
+
+  # Remove temp file
+  rm /tmp/logo_base64.txt
+  echo "Success: Image has been set"
+elif [[ "$1" == "set_favicon" ]]; then
+  # Get the image data from Redis and save it to a tmp file
+  redis-cli -h redis GET FAVICON > /tmp/favicon_base64.txt
+
+  # Check if mime type is png or ico
+  mime_type=$(awk -F'[:;]' '{print $2}' /tmp/favicon_base64.txt | sed 's/.*\///')
+  if [[ "$mime_type" != "png" && "$mime_type" != "ico" ]]; then
+    echo "Error: Image format must be of type png or ico"
+    exit 1
+  fi
+
+  # Decode base64 and save to file
+  payload=$(cat /tmp/favicon_base64.txt | sed 's/^data:[^;]*;//' | awk '{ sub(/^base64,/, ""); print $0 }')
+  echo $payload | base64 -d | tee /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico > /dev/null
+
+  # Remove temp file
+  rm /tmp/favicon_base64.txt
+  echo "Success: Image has been set"
+fi

data/Dockerfiles/solr/Dockerfile

@@ -2,7 +2,8 @@ FROM solr:7.7-slim
 
 USER root
 
-ENV GOSU_VERSION 1.11
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 
 COPY solr.sh /
 COPY solr-config-7.7.0.xml /

data/Dockerfiles/unbound/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 

data/Dockerfiles/watchdog/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.17
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
 # Installation

data/assets/nextcloud/nextcloud.conf

@@ -24,7 +24,7 @@ server {
   add_header X-Download-Options "noopen" always;
   add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-Permitted-Cross-Domain-Policies "none" always;
-  add_header X-Robots-Tag "none" always;
+  add_header X-Robots-Tag "noindex, nofollow" always;
   add_header X-XSS-Protection "1; mode=block" always;
 
   fastcgi_hide_header X-Powered-By;

data/conf/nginx/includes/site-defaults.conf

@@ -65,7 +65,7 @@
   }
 
   location ~ ^/api/v1/(.*)$ {
-    try_files $uri $uri/ /json_api.php?query=$1;
+    try_files $uri $uri/ /json_api.php?query=$1&$args;
   }
 
   location ^~ /.well-known/acme-challenge/ {
@@ -163,7 +163,9 @@
     proxy_connect_timeout 75;
     proxy_send_timeout 3600;
     proxy_read_timeout 3600;
-    proxy_buffers 64 256k;
+    proxy_buffer_size 128k;
+    proxy_buffers 64 512k;
+    proxy_busy_buffers_size 512k;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;
@@ -197,6 +199,9 @@
     proxy_set_header x-webobjects-server-name $server_name;
     proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
     proxy_set_header x-webobjects-server-port $server_port;
+    proxy_buffer_size 128k;
+    proxy_buffers 64 512k;
+    proxy_busy_buffers_size 512k;
     proxy_send_timeout 3600;
     proxy_read_timeout 3600;
     client_body_buffer_size 128k;

data/conf/postfix/postscreen_access.cidr

@@ -1,53 +1,63 @@
-# Whitelist generated by Postwhite v3.4 on Sun Dec 15 21:16:19 CET 2019
+# Whitelist generated by Postwhite v3.4 on Mon 21 Mar 2022 06:50:26 PM CET
 # https://github.com/stevejenkins/postwhite/
-# 1928 total rules
+# 1898 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403::/48	permit
+2a01:4180:4050:0400::/64	permit
+2a01:4180:4050:0800::/64	permit
+2a01:4180:4051:0400::/64	permit
+2a01:4180:4051:0800::/64	permit
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
-3.93.157.0/24	permit
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
 8.39.54.0/23	permit
 8.40.222.0/23	permit
-8.45.169.0/24	permit
 12.130.86.238	permit
+13.70.32.43	permit
+13.72.50.45	permit
+13.74.143.28	permit
 13.77.161.179	permit
+13.78.233.182	permit
+13.92.31.129	permit
+13.110.208.0/21	permit
+13.110.216.0/22	permit
+13.110.224.0/20	permit
 13.111.0.0/16	permit
-13.111.0.0/22	permit
-13.111.52.0/22	permit
-13.111.63.0/24	permit
-13.111.68.0/24	permit
-13.111.72.0/22	permit
-13.111.92.0/24	permit
-13.111.111.0/24	permit
-17.36.0.0/16	permit
 17.41.0.0/16	permit
+17.57.155.0/24	permit
+17.57.156.0/24	permit
 17.58.0.0/16	permit
 17.110.0.0/15	permit
-17.111.110.0/23	permit
-17.120.0.0/16	permit
-17.133.0.0/16	permit
-17.139.0.0/16	permit
 17.142.0.0/15	permit
-17.151.1.0/24	permit
-17.158.0.0/15	permit
 17.162.0.0/15	permit
 17.164.0.0/16	permit
 17.171.37.0/24	permit
 17.172.0.0/16	permit
 17.179.168.0/23	permit
 18.194.95.56	permit
-18.208.124.128/25	permit
+18.198.96.88	permit
+20.47.149.138	permit
+20.48.0.0/12	permit
+20.52.52.2	permit
+20.52.128.133	permit
+20.63.210.192/28	permit
+20.64.0.0/10	permit
+20.94.180.64/28	permit
+20.185.213.160/27	permit
+20.185.213.224/27	permit
 20.185.214.0/27	permit
 20.185.214.2	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
-23.23.237.213	permit
-23.103.131.7	permit
+20.192.0.0/10	permit
+23.100.85.1	permit
 23.103.224.0/19	permit
+23.249.208.0/20	permit
+23.251.224.0/19	permit
+23.253.141.0/24	permit
 23.253.182.0/23	permit
 23.253.182.103	permit
 23.253.183.145	permit
@@ -68,11 +78,11 @@
 27.123.206.56/29	permit
 27.123.206.76/30	permit
 27.123.206.80/28	permit
-27.126.146.0/24	permit
-34.200.123.20	permit
+34.194.25.167	permit
+34.194.144.120	permit
 34.212.163.75	permit
-34.213.104.127	permit
 34.225.212.172	permit
+34.247.168.44	permit
 35.176.132.251	permit
 35.190.247.0/24	permit
 35.191.0.0/16	permit
@@ -80,7 +90,10 @@
 37.218.248.47	permit
 37.218.249.47	permit
 37.218.251.62	permit
+39.156.163.64/29	permit
+40.71.187.0/24	permit
 40.76.4.15	permit
+40.77.102.222	permit
 40.92.0.0/15	permit
 40.97.116.82	permit
 40.97.128.194	permit
@@ -91,18 +104,20 @@
 40.97.161.50	permit
 40.97.164.146	permit
 40.107.0.0/16	permit
+40.112.65.63	permit
 40.112.72.205	permit
 40.113.200.201	permit
+40.117.80.0/24	permit
+40.121.71.46	permit
 41.74.192.0/22	permit
 41.74.196.0/22	permit
 41.74.200.0/23	permit
-41.74.201.0/24	permit
 41.74.204.0/23	permit
-41.74.205.0/24	permit
+41.74.206.0/24	permit
 42.159.163.81	permit
 42.159.163.82	permit
 42.159.163.83	permit
-46.19.168.0/23	permit
+43.228.184.0/22	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
 46.228.36.38/31	permit
@@ -160,26 +175,19 @@
 50.18.125.97	permit
 50.18.125.237	permit
 50.18.126.162	permit
-50.23.218.192/27	permit
 50.31.32.0/19	permit
-50.31.36.197	permit
-50.31.36.199	permit
-50.31.36.205	permit
-50.31.36.208	permit
-50.31.36.213	permit
-50.31.44.111	permit
-50.31.57.54/31	permit
-50.31.57.60	permit
-50.31.57.61	permit
-50.31.57.62	permit
-50.31.60.1	permit
 50.31.156.96/27	permit
 50.31.205.0/24	permit
-50.207.218.237	permit
 51.4.71.62	permit
+51.4.72.0/24	permit
+51.4.80.0/27	permit
+51.5.72.0/24	permit
+51.5.80.0/27	permit
+51.137.58.21	permit
+51.140.75.55	permit
+51.144.100.179	permit
 51.163.158.0/24	permit
-51.163.159.0/24	permit
-52.0.20.102	permit
+51.163.159.21	permit
 52.5.230.59	permit
 52.27.5.72	permit
 52.27.28.47	permit
@@ -190,10 +198,15 @@
 52.41.64.145	permit
 52.60.41.5	permit
 52.60.115.116	permit
+52.82.172.0/22	permit
+52.94.124.0/28	permit
 52.95.48.152/29	permit
 52.95.49.88/29	permit
 52.100.0.0/14	permit
-52.128.40.0/21	permit
+52.119.213.144/28	permit
+52.160.39.140	permit
+52.165.175.144	permit
+52.185.106.240/28	permit
 52.200.59.0/24	permit
 52.205.61.79	permit
 52.207.191.216	permit
@@ -201,26 +214,30 @@
 52.222.73.83	permit
 52.222.73.120	permit
 52.222.75.85	permit
+52.234.172.96/28	permit
+52.236.28.240/28	permit
+52.237.141.173	permit
+52.244.206.214	permit
+52.247.53.144	permit
+52.250.107.196	permit
+52.250.126.174	permit
+52.251.55.143	permit
 54.90.148.255	permit
 54.156.255.69	permit
 54.172.97.247	permit
-54.173.229.38	permit
-54.174.52.0/24	permit
-54.174.53.128/30	permit
-54.174.57.0/24	permit
-54.174.59.0/24	permit
-54.174.60.0/23	permit
-54.174.63.0/24	permit
 54.186.193.102	permit
+54.191.223.5	permit
+54.194.61.95	permit
+54.195.113.45	permit
 54.214.39.184	permit
+54.216.77.168	permit
 54.240.0.0/18	permit
-54.240.40.0/25	permit
-54.240.56.128/26	permit
-54.240.63.0/25	permit
+54.240.64.0/19	permit
+54.240.96.0/19	permit
 54.241.16.209	permit
-54.243.205.80	permit
 54.244.54.130	permit
 54.244.242.0/24	permit
+54.246.232.180	permit
 62.13.128.0/24	permit
 62.13.129.128/25	permit
 62.13.136.0/22	permit
@@ -231,9 +248,9 @@
 62.13.152.0/23	permit
 62.17.146.128/26	permit
 62.140.7.0/24	permit
-62.140.10.0/24	permit
+62.140.10.21	permit
+63.32.13.159	permit
 63.80.14.0/23	permit
-63.111.28.137	permit
 63.128.21.0/24	permit
 63.143.57.128/25	permit
 63.143.59.128/25	permit
@@ -241,9 +258,11 @@
 64.20.241.45	permit
 64.34.47.128/27	permit
 64.34.57.192/26	permit
+64.71.149.160/28	permit
 64.79.155.0/24	permit
-64.79.155.192	permit
-64.89.45.192/30	permit
+64.89.44.85	permit
+64.89.45.80	permit
+64.89.45.194	permit
 64.89.45.196	permit
 64.95.144.196	permit
 64.127.115.252	permit
@@ -265,21 +284,21 @@
 64.207.219.7	permit
 64.207.219.8	permit
 64.207.219.9	permit
-64.207.219.10	permit
-64.207.219.11	permit
-64.207.219.12	permit
+64.207.219.13	permit
+64.207.219.14	permit
+64.207.219.15	permit
 64.207.219.71	permit
 64.207.219.72	permit
 64.207.219.73	permit
-64.207.219.74	permit
-64.207.219.75	permit
-64.207.219.76	permit
+64.207.219.77	permit
+64.207.219.78	permit
+64.207.219.79	permit
 64.207.219.135	permit
 64.207.219.136	permit
 64.207.219.137	permit
-64.207.219.138	permit
-64.207.219.139	permit
-64.207.219.140	permit
+64.207.219.141	permit
+64.207.219.142	permit
+64.207.219.143	permit
 64.233.160.0/19	permit
 65.38.115.76	permit
 65.38.115.84	permit
@@ -288,7 +307,6 @@
 65.54.51.64/26	permit
 65.54.61.64/26	permit
 65.54.121.120/29	permit
-65.54.121.124/31	permit
 65.54.190.0/24	permit
 65.54.241.0/24	permit
 65.55.29.77	permit
@@ -298,7 +316,6 @@
 65.55.52.224/27	permit
 65.55.78.128/25	permit
 65.55.81.48/28	permit
-65.55.81.54/31	permit
 65.55.90.0/24	permit
 65.55.94.0/25	permit
 65.55.111.0/24	permit
@@ -325,9 +342,6 @@
 66.111.4.225	permit
 66.111.4.229	permit
 66.111.4.230	permit
-66.135.202.0/27	permit
-66.135.215.0/24	permit
-66.135.222.1	permit
 66.162.193.226/31	permit
 66.163.184.0/21	permit
 66.163.184.0/24	permit
@@ -358,7 +372,8 @@
 66.196.81.232/31	permit
 66.196.81.234	permit
 66.211.168.230/31	permit
-66.211.184.0/23	permit
+66.211.170.86/31	permit
+66.211.170.88/30	permit
 66.218.74.64/30	permit
 66.218.74.68/31	permit
 66.218.75.112/30	permit
@@ -420,9 +435,7 @@
 67.221.168.65	permit
 67.228.2.24/30	permit
 67.228.21.184/29	permit
-67.228.34.32/27	permit
 67.228.37.4/30	permit
-67.228.50.54/31	permit
 67.231.145.42	permit
 67.231.153.30	permit
 68.142.230.0/24	permit
@@ -432,17 +445,6 @@
 68.142.230.72/30	permit
 68.142.230.76/31	permit
 68.142.230.78	permit
-68.232.131.164	permit
-68.232.131.172	permit
-68.232.131.183	permit
-68.232.131.185	permit
-68.232.143.44	permit
-68.232.145.216	permit
-68.232.148.56	permit
-68.232.148.128	permit
-68.232.148.138	permit
-68.232.157.60	permit
-68.232.157.143	permit
 68.232.192.0/20	permit
 69.63.178.128/25	permit
 69.63.181.0/24	permit
@@ -456,9 +458,9 @@
 69.171.232.0/24	permit
 69.171.244.0/23	permit
 70.37.151.128/25	permit
+70.42.149.0/24	permit
 70.42.149.35	permit
 72.3.185.0/24	permit
-72.3.237.64/28	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
 72.21.217.142	permit
@@ -523,8 +525,10 @@
 72.32.154.0/24	permit
 72.32.217.0/24	permit
 72.32.243.0/24	permit
-72.34.168.75	permit
 72.34.168.76	permit
+72.34.168.80	permit
+72.34.168.85	permit
+72.34.168.86	permit
 72.52.72.32/28	permit
 72.52.72.36	permit
 74.6.128.0/21	permit
@@ -536,9 +540,6 @@
 74.6.133.0/24	permit
 74.6.134.0/24	permit
 74.6.135.0/24	permit
-74.63.63.115	permit
-74.63.63.121	permit
-74.63.194.126	permit
 74.63.212.0/24	permit
 74.63.234.75	permit
 74.63.236.0/24	permit
@@ -557,17 +558,9 @@
 74.112.67.243	permit
 74.125.0.0/16	permit
 74.202.227.40	permit
-74.208.4.192/26	permit
-74.208.5.64/26	permit
-74.208.122.0/26	permit
 74.209.250.0/24	permit
 74.209.250.12	permit
-75.126.253.48	permit
-76.223.176.0/24	permit
-76.223.180.0/23	permit
-76.223.188.0/24	permit
-76.223.189.0/24	permit
-76.223.190.0/24	permit
+76.223.176.0/20	permit
 77.238.176.0/22	permit
 77.238.176.0/24	permit
 77.238.177.0/24	permit
@@ -590,13 +583,11 @@
 77.238.189.146/31	permit
 77.238.189.148/30	permit
 81.223.46.0/27	permit
-82.165.159.0/24	permit
-82.165.159.0/26	permit
-82.165.229.130	permit
-82.165.230.22	permit
 84.16.77.1	permit
 85.158.136.0/21	permit
 86.61.88.25	permit
+87.198.219.130	permit
+87.198.219.153	permit
 87.238.80.0/21	permit
 87.248.103.12	permit
 87.248.103.21	permit
@@ -633,11 +624,9 @@
 87.248.117.201	permit
 87.248.117.202	permit
 87.248.117.205	permit
+87.252.219.254	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
-91.194.248.0/23	permit
-91.211.240.0/22	permit
-91.211.243.0/24	permit
 91.220.42.0/24	permit
 94.236.119.0/26	permit
 94.245.112.0/27	permit
@@ -649,7 +638,6 @@
 96.43.148.64/28	permit
 96.43.148.64/31	permit
 96.43.151.64/28	permit
-96.46.150.192/27	permit
 98.136.44.181	permit
 98.136.44.182/31	permit
 98.136.44.184	permit
@@ -1152,20 +1140,25 @@
 98.139.245.180/31	permit
 98.139.245.208/30	permit
 98.139.245.212/31	permit
+99.78.197.208/28	permit
+103.2.140.0/22	permit
 103.9.8.121	permit
 103.9.8.122	permit
 103.9.8.123	permit
 103.9.96.0/22	permit
 103.13.69.0/24	permit
-103.28.42.0/24	permit
-103.96.20.0/24	permit
-103.96.22.0/24	permit
+103.47.204.0/22	permit
+103.96.21.0/24	permit
+103.96.23.0/24	permit
+103.151.192.0/23	permit
 103.237.104.0/22	permit
 104.43.243.237	permit
 104.47.0.0/17	permit
 104.130.96.0/28	permit
 104.130.122.0/23	permit
+104.214.25.77	permit
 104.215.148.63	permit
+104.215.186.3	permit
 104.245.209.192/26	permit
 106.10.144.64/27	permit
 106.10.144.100/31	permit
@@ -1291,6 +1284,7 @@
 106.10.242.0/24	permit
 106.10.243.0/24	permit
 106.10.244.0/24	permit
+106.39.212.64/29	permit
 106.50.16.0/28	permit
 108.174.0.0/24	permit
 108.174.0.215	permit
@@ -1302,13 +1296,14 @@
 108.175.30.45	permit
 108.177.8.0/21	permit
 108.177.96.0/19	permit
-108.178.6.0/24	permit
 109.237.142.0/24	permit
 111.221.23.128/25	permit
 111.221.26.0/27	permit
 111.221.66.0/25	permit
 111.221.69.128/25	permit
 111.221.112.0/21	permit
+112.19.199.64/29	permit
+112.19.242.64/29	permit
 116.214.12.0/24	permit
 116.214.12.47	permit
 116.214.12.48/31	permit
@@ -1325,6 +1320,7 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+123.126.78.64/29	permit
 124.47.150.0/24	permit
 124.47.189.0/24	permit
 124.108.96.0/24	permit
@@ -1332,11 +1328,19 @@
 124.108.96.28/31	permit
 124.108.96.70/31	permit
 124.108.96.72/31	permit
+128.17.0.0/20	permit
+128.17.64.0/20	permit
+128.17.128.0/20	permit
+128.17.192.0/20	permit
 128.127.70.0/26	permit
+128.245.0.0/20	permit
+128.245.64.0/20	permit
 129.41.77.70	permit
 129.41.169.249	permit
+129.146.236.58	permit
+129.153.194.228	permit
+129.159.87.137	permit
 130.61.9.72	permit
-130.61.68.235	permit
 130.211.0.0/22	permit
 130.248.172.0/24	permit
 130.248.173.0/24	permit
@@ -1345,8 +1349,10 @@
 131.253.121.0/26	permit
 131.253.121.20	permit
 131.253.121.52	permit
-132.145.11.129	permit
 132.145.13.209	permit
+132.226.26.225	permit
+132.226.49.32	permit
+132.226.56.24	permit
 134.170.27.8	permit
 134.170.113.0/26	permit
 134.170.141.64/26	permit
@@ -1356,21 +1362,27 @@
 135.84.82.0/24	permit
 135.84.216.0/22	permit
 136.143.182.0/23	permit
-136.143.188.0/23	permit
+136.143.184.0/24	permit
+136.143.188.0/24	permit
 136.147.128.0/20	permit
 136.147.135.0/24	permit
 136.147.176.0/20	permit
 136.147.176.0/24	permit
 136.147.182.0/24	permit
+138.91.172.26	permit
 139.60.152.0/22	permit
 139.178.64.159	permit
 139.178.64.195	permit
-139.180.17.0/24	permit
 141.193.32.0/23	permit
+143.55.224.0/21	permit
+143.55.232.0/22	permit
+143.55.236.0/22	permit
+144.178.36.0/24	permit
+144.178.38.0/24	permit
 146.20.112.0/26	permit
 146.20.113.0/24	permit
 146.20.191.0/24	permit
-146.88.28.0/24	permit
+146.20.215.0/24	permit
 146.101.78.0/24	permit
 147.75.65.173	permit
 147.75.65.174	permit
@@ -1384,10 +1396,7 @@
 148.105.0.14	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
-151.101.1.140	permit
-151.101.65.140	permit
-151.101.129.140	permit
-151.101.193.140	permit
+152.67.105.195	permit
 157.55.0.192/26	permit
 157.55.1.128/26	permit
 157.55.2.0/25	permit
@@ -1397,6 +1406,7 @@
 157.55.61.0/24	permit
 157.55.157.128/25	permit
 157.55.225.0/25	permit
+157.55.254.216	permit
 157.56.24.0/25	permit
 157.56.120.128/26	permit
 157.56.232.0/21	permit
@@ -1405,21 +1415,26 @@
 157.58.196.96/29	permit
 157.58.249.3	permit
 157.151.208.65	permit
-158.247.16.0/20	permit
+157.255.1.64/29	permit
+159.92.157.0/24	permit
+159.92.158.0/24	permit
+159.92.159.0/24	permit
+159.92.160.0/24	permit
+159.92.161.0/24	permit
+159.92.162.0/24	permit
+159.135.132.128/25	permit
+159.135.140.80/29	permit
 159.135.224.0/20	permit
-161.38.192.0/22	permit
-161.38.196.0/22	permit
-161.71.32.0/21	permit
+159.183.0.0/16	permit
+161.38.192.0/20	permit
+161.38.204.0/22	permit
+161.71.32.0/19	permit
+161.71.64.0/20	permit
 162.208.119.181	permit
 162.247.216.0/22	permit
-162.248.184.121	permit
-162.248.184.122	permit
-162.248.185.121	permit
-162.248.185.122	permit
-162.248.186.121	permit
-162.248.186.122	permit
-163.47.180.0/22	permit
+163.47.180.0/23	permit
 163.114.130.16	permit
+163.114.132.120	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
 166.78.69.146	permit
@@ -1427,16 +1442,7 @@
 166.78.69.170	permit
 166.78.71.131	permit
 167.89.0.0/17	permit
-167.89.2.4	permit
-167.89.22.44	permit
-167.89.25.84	permit
-167.89.31.192/29	permit
-167.89.32.5	permit
-167.89.32.50	permit
 167.89.46.159	permit
-167.89.46.185	permit
-167.89.60.95	permit
-167.89.62.118	permit
 167.89.64.9	permit
 167.89.65.0	permit
 167.89.65.53	permit
@@ -1448,22 +1454,15 @@
 167.89.75.164	permit
 167.89.101.2	permit
 167.89.101.192/28	permit
-167.89.107.125	permit
-167.89.107.127	permit
-167.89.107.129	permit
-167.89.107.136	permit
-167.216.129.170	permit
-167.216.129.182/31	permit
-167.216.129.184/29	permit
-167.216.129.192/29	permit
-167.216.129.200	permit
-167.216.129.205	permit
-167.216.129.206/31	permit
-167.216.129.208/31	permit
 167.216.129.210	permit
+167.216.131.180	permit
 167.220.67.232/29	permit
 167.220.67.238	permit
+168.138.5.36	permit
 168.245.0.0/17	permit
+170.10.68.0/22	permit
+170.10.129.0/24	permit
+170.10.133.0/24	permit
 172.217.0.0/19	permit
 172.217.32.0/20	permit
 172.217.128.0/19	permit
@@ -1473,8 +1472,6 @@
 172.253.112.0/20	permit
 173.0.84.224/27	permit
 173.0.94.244/30	permit
-173.193.132.134/31	permit
-173.193.210.32/27	permit
 173.194.0.0/16	permit
 173.203.79.182	permit
 173.203.81.39	permit
@@ -1482,7 +1479,6 @@
 173.224.160.188	permit
 173.224.161.128/25	permit
 173.228.155.0/24	permit
-173.236.20.0/24	permit
 174.36.84.8/29	permit
 174.36.84.16/29	permit
 174.36.84.32/29	permit
@@ -1494,30 +1490,25 @@
 174.36.114.148/30	permit
 174.36.114.152/29	permit
 174.37.67.28/30	permit
-174.37.226.64/27	permit
-174.129.194.241	permit
 174.129.203.189	permit
-174.137.46.0/24	permit
 176.32.105.0/24	permit
 176.32.127.0/24	permit
 178.236.10.128/26	permit
 180.189.28.0/24	permit
 182.50.76.0/22	permit
 182.50.78.64/28	permit
-184.173.105.0/24	permit
-184.173.153.0/24	permit
-185.4.120.0/24	permit
-185.4.122.0/24	permit
+183.240.219.64/29	permit
 185.12.80.0/22	permit
 185.28.196.0/22	permit
-185.58.84.0/24	permit
-185.58.87.0/24	permit
+185.58.84.93	permit
+185.58.85.0/24	permit
+185.58.86.0/24	permit
 185.72.128.75	permit
 185.72.128.76	permit
+185.72.128.80	permit
 185.80.93.204	permit
 185.80.93.227	permit
 185.80.95.31	permit
-185.90.20.0/22	permit
 185.189.236.0/22	permit
 185.211.120.0/22	permit
 185.250.236.0/22	permit
@@ -1577,7 +1568,6 @@
 192.64.236.0/24	permit
 192.64.237.0/24	permit
 192.64.238.0/24	permit
-192.92.97.0/24	permit
 192.161.144.0/20	permit
 192.162.87.0/24	permit
 192.237.158.0/23	permit
@@ -1589,37 +1579,34 @@
 192.254.113.10	permit
 192.254.113.101	permit
 192.254.114.176	permit
-192.254.115.72	permit
 192.254.118.63	permit
-192.254.127.96/27	permit
+193.7.206.0/25	permit
+193.7.207.0/25	permit
 193.109.254.0/23	permit
-194.64.234.128/27	permit
+193.122.128.100	permit
 194.64.234.129	permit
+194.104.109.0/24	permit
+194.104.111.0/24	permit
 194.106.220.0/23	permit
-194.113.24.0/22	permit
 194.154.193.192/27	permit
-195.54.172.0/23	permit
 195.130.217.0/24	permit
+195.234.109.226	permit
 195.245.230.0/23	permit
 198.2.128.0/18	permit
 198.2.128.0/24	permit
 198.2.132.0/22	permit
 198.2.136.0/23	permit
+198.2.145.0/24	permit
 198.2.177.0/24	permit
-198.2.178.0/24	permit
-198.2.179.0/24	permit
+198.2.178.0/23	permit
 198.2.180.0/24	permit
 198.2.186.0/23	permit
 198.21.0.0/21	permit
-198.21.3.166	permit
-198.21.4.224	permit
 198.37.144.0/20	permit
-198.37.145.250	permit
-198.37.146.118/31	permit
-198.37.149.128	permit
-198.37.151.26	permit
+198.37.152.186	permit
 198.61.254.0/23	permit
 198.61.254.231	permit
+198.74.56.28	permit
 198.178.234.57	permit
 198.245.80.0/20	permit
 198.245.81.0/24	permit
@@ -1636,18 +1623,15 @@
 199.122.120.0/21	permit
 199.122.123.0/24	permit
 199.127.232.0/22	permit
-199.201.64.23	permit
-199.201.65.23	permit
 199.255.192.0/22	permit
 202.129.242.0/23	permit
 202.165.102.47	permit
 202.177.148.100	permit
 202.177.148.110	permit
+203.31.36.0/22	permit
 203.32.4.25	permit
-203.55.21.0/24	permit
 203.81.17.0/24	permit
 203.122.32.250	permit
-203.145.57.160/27	permit
 203.188.194.32	permit
 203.188.194.151	permit
 203.188.194.203	permit
@@ -1680,32 +1664,30 @@
 203.188.201.12/30	permit
 203.209.230.75	permit
 203.209.230.76/31	permit
-204.2.193.0/29	permit
 204.11.168.0/21	permit
 204.13.11.48/29	permit
-204.13.11.48/30	permit
 204.14.232.0/21	permit
 204.14.232.64/28	permit
 204.14.234.64/28	permit
 204.29.186.0/23	permit
-204.75.142.0/24	permit
 204.79.197.212	permit
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
 204.141.32.0/23	permit
 204.141.42.0/23	permit
-204.153.120.0/23	permit
+204.153.121.0/24	permit
+204.232.168.0/24	permit
 205.139.110.0/24	permit
-205.139.111.0/24	permit
 205.201.128.0/20	permit
 205.201.131.128/25	permit
 205.201.134.128/25	permit
 205.201.136.0/23	permit
-205.201.137.229	permit
 205.201.139.0/24	permit
 205.207.104.0/22	permit
 205.207.104.108	permit
+205.220.167.17	permit
+205.220.179.17	permit
 205.251.233.32	permit
 205.251.233.36	permit
 206.25.247.143	permit
@@ -1727,6 +1709,8 @@
 207.46.132.128/27	permit
 207.46.198.0/25	permit
 207.46.200.0/27	permit
+207.46.225.107	permit
+207.58.147.64/28	permit
 207.67.38.0/24	permit
 207.67.98.192/27	permit
 207.68.176.0/26	permit
@@ -1734,7 +1718,8 @@
 207.82.80.0/24	permit
 207.126.144.0/20	permit
 207.171.160.0/19	permit
-207.211.30.0/24	permit
+207.211.30.64/26	permit
+207.211.30.128/25	permit
 207.211.31.0/25	permit
 207.211.41.113	permit
 207.218.90.0/24	permit
@@ -1743,7 +1728,7 @@
 208.43.21.28/30	permit
 208.43.21.64/29	permit
 208.43.21.72/30	permit
-208.43.239.136/30	permit
+208.46.212.80	permit
 208.46.212.208/31	permit
 208.46.212.210	permit
 208.64.132.0/22	permit
@@ -1773,13 +1758,13 @@
 208.71.42.212/31	permit
 208.71.42.214	permit
 208.72.249.240/29	permit
-208.74.204.0/22	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
 208.75.122.246	permit
-208.82.236.96/28	permit
-208.82.237.96/28	permit
-208.82.238.96/28	permit
+208.82.237.96/29	permit
+208.82.237.104/31	permit
+208.82.238.96/29	permit
+208.82.238.104/31	permit
 208.85.50.137	permit
 208.117.48.0/20	permit
 208.185.229.45	permit
@@ -1792,10 +1777,10 @@
 209.67.98.59	permit
 209.85.128.0/17	permit
 212.4.136.0/26	permit
-212.25.240.75	permit
-212.25.240.76	permit
+212.25.240.80	permit
 212.25.240.83	permit
-212.25.240.84	permit
+212.25.240.84/31	permit
+212.25.240.88	permit
 212.82.96.0/24	permit
 212.82.96.32/27	permit
 212.82.96.64/29	permit
@@ -1836,13 +1821,8 @@
 212.82.111.228/31	permit
 212.82.111.230	permit
 212.123.28.40	permit
-212.227.15.0/24	permit
-212.227.15.0/25	permit
-212.227.17.0/27	permit
-212.227.126.128/25	permit
-213.165.64.0/23	permit
-213.167.75.0/24	permit
-213.167.81.0/24	permit
+213.167.75.0/25	permit
+213.167.81.0/25	permit
 213.199.128.139	permit
 213.199.128.145	permit
 213.199.138.181	permit
@@ -1851,6 +1831,7 @@
 213.199.177.0/26	permit
 216.17.150.242	permit
 216.17.150.251	permit
+216.22.15.224/27	permit
 216.24.224.0/20	permit
 216.39.60.0/23	permit
 216.39.60.154/31	permit
@@ -1877,17 +1858,9 @@
 216.39.62.60/31	permit
 216.39.62.136/29	permit
 216.39.62.144/31	permit
-216.46.168.197	permit
-216.46.168.222	permit
-216.52.185.88/29	permit
+216.46.168.0/24	permit
 216.58.192.0/19	permit
 216.66.217.240/29	permit
-216.71.96.0/22	permit
-216.71.152.175	permit
-216.71.152.207	permit
-216.71.154.29	permit
-216.71.155.88	permit
-216.71.155.89	permit
 216.74.162.13	permit
 216.74.162.14	permit
 216.82.240.0/20	permit
@@ -1897,9 +1870,6 @@
 216.109.114.0/24	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
-216.113.160.0/24	permit
-216.113.172.0/25	permit
-216.113.175.0/24	permit
 216.128.126.97	permit
 216.136.162.65	permit
 216.136.162.120/29	permit
@@ -1909,14 +1879,13 @@
 216.203.33.178/31	permit
 216.205.24.0/24	permit
 216.239.32.0/19	permit
-217.72.192.64/26	permit
-217.72.192.248/29	permit
-217.72.207.0/27	permit
 217.77.141.52	permit
 217.77.141.59	permit
-217.175.193.0/24	permit
-217.175.194.0/23	permit
-217.175.196.0/24	permit
+222.73.195.64/29	permit
+223.165.113.0/24	permit
+223.165.115.0/24	permit
+223.165.118.0/23	permit
+223.165.120.0/23	permit
 2001:4860:4000::/36	permit
 2404:6800:4000::/36	permit
 2607:f8b0:4000::/36	permit
@@ -1925,6 +1894,7 @@
 2620:109:c006:104::215	permit
 2620:109:c006:104::/64	permit
 2620:109:c00d:104::/64	permit
+2620:10d:c090:450::120	permit
 2620:10d:c091:450::16	permit
 2620:119:50c0:207::215	permit
 2620:119:50c0:207::/64	permit

data/conf/rspamd/custom/bulk_header.map

@@ -3,7 +3,6 @@
 /.*episerver.*/i
 /.*supergewinne.*/i
 /List-Unsubscribe.*nbps\.eu/i
-/X-Mailer: AWeber.*/i
 /.*regiofinder.*/i
 /.*EmailSocket.*/i
 /List-Unsubscribe:.*respread.*/i

data/conf/rspamd/local.d/composites.conf

@@ -8,7 +8,7 @@ VIRUS_FOUND {
 }
 # Bad policy from free mail providers
 FREEMAIL_POLICY_FAILURE {
-  expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
+  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies";
   score = 16.0;
 }
 # Applies to freemail with undisclosed recipients

data/conf/rspamd/local.d/groups.conf

@@ -18,6 +18,9 @@ symbols {
   "ENCRYPTED_CHAT" {
     score = -20.0;
   }
+  "SOGO_CONTACT" {
+    score = -99.0;
+  }
 }
 
 group "MX" {

data/conf/rspamd/local.d/metadata_exporter.conf

@@ -16,8 +16,7 @@ rules {
     backend = "http";
     url = "http://nginx:9081/pushover.php";
     selector = "mailcow_rcpt";
-    # Only return msgid, do not parse the full message
-    formatter = "msgid";
+    formatter = "json";
     meta_headers = true;
   }
 }

data/conf/rspamd/local.d/multimap.conf

@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }
 
 URLHAUS_ABUSE_CH {
-  type = "url";
-  filter = "full";
+  type = "selector";
+  selector = "urls";
   map = "https://urlhaus.abuse.ch/downloads/text_online/";
   score = 10.0;
 }
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
   type = "header";
   header = "subject";
   regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
   score = 6.0;
   symbols_set = ["BAD_SUBJECT_00"];
 }

data/conf/rspamd/local.d/neural.conf

@@ -1,24 +0,0 @@
-rules {
-  "LONG" {
-    train {
-      max_trains = 200;
-      max_usages = 20;
-      max_iterations = 25;
-      learning_rate = 0.01,
-    }
-    symbol_spam = "NEURAL_SPAM_LONG";
-    symbol_ham = "NEURAL_HAM_LONG";
-    ann_expire = 45d;
-  }
-  "SHORT" {
-    train {
-      max_trains = 100;
-      max_usages = 10;
-      max_iterations = 15;
-      learning_rate = 0.01,
-    }
-    symbol_spam = "NEURAL_SPAM_SHORT";
-    symbol_ham = "NEURAL_HAM_SHORT";
-    ann_expire = 7d;
-  }
-}

data/conf/rspamd/local.d/neural_group.conf

@@ -1,18 +0,0 @@
-symbols = {
-  "NEURAL_SPAM_LONG" {
-    weight = 3.7; # sample weight
-    description = "Neural network spam (long)";
-  }
-  "NEURAL_HAM_LONG" {
-    weight = -4.0; # sample weight
-    description = "Neural network ham (long)";
-  }
-  "NEURAL_SPAM_SHORT" {
-    weight = 2.5; # sample weight
-    description = "Neural network spam (short)";
-  }
-  "NEURAL_HAM_SHORT" {
-    weight = -2.0; # sample weight
-    description = "Neural network ham (short)";
-  }
-}

data/conf/rspamd/lua/ivm-sg.lua

@@ -1,61 +0,0 @@
--- Thanks to https://raw.githubusercontent.com/fatalbanana
-
-local lua_maps = require 'lua_maps'
-local rspamd_regexp = require 'rspamd_regexp'
-local rspamd_util = require 'rspamd_util'
-
-local ivm_sendgrid_ids = lua_maps.map_add_from_ucl(
-  'https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt',
-  'set',
-  'Invaluement Service Provider DNSBL: Sendgrid IDs'
-)
-
-local ivm_sendgrid_envfromdomains = lua_maps.map_add_from_ucl(
-  'https://www.invaluement.com/spdata/sendgrid-envelopefromdomain-dnsbl.txt',
-  'set',
-  'Invaluement Service Provider DNSBL: Sendgrid envelope domains'
-)
-
-local cb_id = rspamd_config:register_symbol({
-  name = 'IVM_SENDGRID',
-  callback = function(task)
-    -- Is it Sendgrid?
-    local sg_hdr = task:get_header('X-SG-EID')
-    if not sg_hdr then return end
-
-    -- Get original envelope from
-    local env_from = task:get_from{'smtp', 'orig'}
-    if not env_from then return end
-
-    -- Check normalised domain in domains list
-    if ivm_sendgrid_envfromdomains and ivm_sendgrid_envfromdomains:get_key(rspamd_util.get_tld(env_from[1].domain)) then
-      task:insert_result('IVM_SENDGRID_DOMAIN', 1.0)
-    end
-
-    -- Check ID in ID list
-    local lp_re = rspamd_regexp.create_cached([[^bounces\+(\d+)-]])
-    local res = lp_re:search(env_from[1].user, true, true)
-    if not res then return end
-    if ivm_sendgrid_ids and ivm_sendgrid_ids:get_key(res[1][2]) then
-      task:insert_result('IVM_SENDGRID_ID', 1.0)
-    end
-  end,
-  description = 'Invaluement Service Provider DNSBL: Sendgrid',
-  type = 'callback',
-})
-
-rspamd_config:register_symbol({
-  name = 'IVM_SENDGRID_DOMAIN',
-  parent = cb_id,
-  group = 'ivmspdnsbl',
-  score = 8.0,
-  type = 'virtual',
-})
-
-rspamd_config:register_symbol({
-  name = 'IVM_SENDGRID_ID',
-  parent = cb_id,
-  group = 'ivmspdnsbl',
-  score = 8.0,
-  type = 'virtual',
-})

data/conf/rspamd/meta_exporter/pushover.php

@@ -47,12 +47,14 @@ if (!function_exists('getallheaders'))  {
 }
 
 $headers = getallheaders();
+$json_body = json_decode(file_get_contents('php://input'));
 
 $qid      = $headers['X-Rspamd-Qid'];
 $rcpts    = $headers['X-Rspamd-Rcpt'];
 $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
 $subject  = $headers['X-Rspamd-Subject'];
+$messageid= $json_body->message_id;
 $priority = 0;
 
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
@@ -65,6 +67,20 @@ if (is_array($symbols_array)) {
   }
 }
 
+$sender_address = $json_body->header_from[0];
+$sender_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $sender_address, $matches)) {
+	$sender_address = $matches['address'];
+  $sender_name =  trim($matches['name'], '"\' ');
+}
+
+$to_address = $json_body->header_to[0];
+$to_name = '-';
+if (preg_match('/(?<name>.*?)<(?<address>.*?)>/i', $to_address, $matches)) {
+	$to_address = $matches['address'];
+  $to_name =  trim($matches['name'], '"\' ');
+}
+
 $rcpt_final_mailboxes = array();
 
 // Loop through all rcpts
@@ -229,9 +245,16 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
     $post_fields = array(
       "token" => $api_data['token'],
       "user" => $api_data['key'],
-      "title" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $title)),
+      "title" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid), $title)
+      ),
       "priority" => $priority,
-      "message" => sprintf("%s", str_replace(array('{SUBJECT}', '{SENDER}'), array($subject, $sender), $text))
+      "message" => sprintf("%s", str_replace(
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}', '\n'),
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid, PHP_EOL), $text)
+      ),
+      "sound" => $attributes['sound'] ?? "pushover"
     );
     if ($attributes['evaluate_x_prio'] == "1" && $priority == 1) {
       $post_fields['expire'] = 600;

data/conf/sogo/cow_mailcow.svg

@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="layer1"
+   x="0px"
+   y="0px"
+   width="434.82101"
+   height="376.871"
+   viewBox="0 0 434.82101 376.871"
+   enable-background="new 0 0 374.82 356.871"
+   xml:space="preserve"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="cow_mailcow.svg"><metadata
+     id="metadata77"><rdf:RDF><cc:Work
+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title><cc:license
+           rdf:resource="" /></cc:Work></rdf:RDF></metadata><defs
+     id="defs75" /><sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="1721"
+     inkscape:window-height="1177"
+     id="namedview73"
+     showgrid="false"
+     inkscape:zoom="1.4142136"
+     inkscape:cx="219.01206"
+     inkscape:cy="236.74714"
+     inkscape:window-x="-8"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1"
+     fit-margin-top="10"
+     fit-margin-left="50"
+     fit-margin-bottom="10"
+     fit-margin-right="10"
+     showguides="true" /><g
+     id="g3"
+     transform="translate(50,10)"><g
+       id="grey_5_"><path
+         d="m 55.948,213.25 c 0.07331,-20.26146 -0.716379,-17.26061 -3.655806,-39.26743 2.227824,-22.4392 -7.627923,-38.85857 -7.669233,-58.34044 0,-4.715 -5.805961,-6.78013 -4.760961,-11.13713 -6.292,13.037 -9.833,27.707 -9.833,43.222 0,25.946 9.89,49.533 26.027,67.059 -0.048,-0.511 -0.082,-1.023 -0.108,-1.536 z"
+         id="path6"
+         inkscape:connector-curvature="0"
+         style="fill:#3d5263"
+         sodipodi:nodetypes="ccccscc" /></g><g
+       id="yellow"><path
+         d="m 254.808,180.412 -0.567,0.455 c -10.49,39.88 -40.951,71.658 -80.048,83.996 l 10.952,9.206 53.296,44.799 31.601,26.563 c 0.783,-2.011 1.229,-4.19 1.231,-6.478 0,-0.007 10e-4,-0.013 10e-4,-0.02 l 0,-16.836 0,-10e-4 0,-28.141 0,-126.736 -16.466,13.193 z"
+         id="path9"
+         inkscape:connector-curvature="0"
+         style="fill:#f9e82d" /><path
+         d="m 23.027,185.52 -6.574,-5.225 -16.452,-13.076 0,90.407 0,81.307 c 0,2.295 0.447,4.481 1.233,6.499 l 58.39,-48.683 26.964,-22.481 12.38,-10.321 C 62.73,251.524 34.307,222.274 23.027,185.52 Z"
+         id="path11"
+         inkscape:connector-curvature="0"
+         style="fill:#f9e82d" /><path
+         d="m 238.441,318.868 -53.296,-44.799 -10.952,-9.206 c -11.431,3.607 -23.597,5.558 -36.22,5.558 -13.653,0 -26.772,-2.28 -39.004,-6.474 l -12.38,10.321 -26.965,22.482 -58.39,48.683 c 2.605,6.69 9.094,11.438 16.706,11.438 l 235.394,0 c 7.613,0 14.103,-4.749 16.707,-11.44 l -31.6,-26.563 z"
+         id="path13"
+         inkscape:connector-curvature="0"
+         style="fill:#edd514;fill-opacity:0.89499996" /></g><g
+       id="grey_4_"><path
+         enable-background="new    "
+         d="M 238.441,318.868 C 196.984,322.876 123.368,324.434 59.625,296.75 38.082,287.394 17.666,274.7 0.002,257.627 l 0,81.307 c 0,2.295 0.447,4.481 1.233,6.499 2.605,6.69 9.094,11.438 16.706,11.438 l 235.394,0 c 7.613,0 14.103,-4.749 16.707,-11.44 0.783,-2.011 1.229,-4.19 1.231,-6.478 l 0,-24.584 c 0,0 -12.58,2.541 -32.832,4.499 z"
+         id="path16"
+         inkscape:connector-curvature="0"
+         style="opacity:0.1;fill:#3d5263" /><path
+         enable-background="new    "
+         d="m 86.588,274.268 c 14.979,6.703 31.579,10.435 49.051,10.435 17.648,0 34.408,-3.803 49.505,-10.634 37.082,-16.777 64.125,-51.824 69.664,-93.657 l -0.567,0.455 c -10.49,39.88 -40.951,71.658 -80.048,83.996 -11.431,3.607 -23.597,5.558 -36.22,5.558 -13.653,0 -26.772,-2.28 -39.004,-6.474 C 62.731,251.524 34.308,222.274 23.028,185.52 l -6.574,-5.225 c 5.525,42.054 32.786,77.261 70.134,93.973 z"
+         id="path18"
+         inkscape:connector-curvature="0"
+         style="opacity:0.1;fill:#3d5263" /></g><g
+       id="white_1_"><path
+         d="m 54.293,63.875 c -1.799,1.745 -3.541,3.548 -5.229,5.402 -0.042,0.046 -0.085,0.092 -0.127,0.139 -0.234,0.258 -0.473,0.51 -0.705,0.77 0.055,-0.055 0.111,-0.108 0.166,-0.163 21.76,-21.782 51.828,-35.259 85.046,-35.259 66.396,0 120.222,53.826 120.222,120.223 0,30.718 -11.526,58.74 -30.482,79.991 21.633,-21.737 35.006,-51.7 35.01,-84.791 0,-0.004 0,-0.009 0,-0.013 0,-21.143 -5.465,-41.007 -15.049,-58.269 -1.449,-2.608 -2.991,-5.157 -4.624,-7.643 -5.377,-8.187 -11.727,-15.676 -18.885,-22.307 -5.903,-5.467 -12.351,-10.354 -19.26,-14.558 -4.278,-2.604 -8.734,-4.944 -13.341,-7.006 -10.627,-4.756 -22.07,-8.016 -34.062,-9.509 -4.915,-0.612 -9.921,-0.931 -15.001,-0.931 -5.747,0 -11.398,0.409 -16.93,1.189 -12.291,1.733 -23.981,5.329 -34.784,10.487 -4.742,2.264 -9.313,4.83 -13.688,7.672 -6.561,4.266 -12.682,9.149 -18.277,14.576 z"
+         id="path21"
+         inkscape:connector-curvature="0"
+         style="fill:#ffffff" /><path
+         d="m 95.828,118.535 c 2.559,0 4.63,-2.071 4.63,-4.629 0,-2.553 -2.071,-4.626 -4.63,-4.626 -2.558,0 -4.634,2.074 -4.634,4.626 10e-4,2.557 2.076,4.629 4.634,4.629 z"
+         id="path23"
+         inkscape:connector-curvature="0"
+         style="fill:#ffffff" /><path
+         d="m 186.85,118.535 c 2.556,0 4.629,-2.071 4.629,-4.629 0,-2.553 -2.074,-4.626 -4.629,-4.626 -2.559,0 -4.631,2.074 -4.631,4.626 0,2.557 2.073,4.629 4.631,4.629 z"
+         id="path25"
+         inkscape:connector-curvature="0"
+         style="fill:#ffffff" /></g><g
+       id="grey_3_"><g
+         id="g28"><path
+           d="m 223.701,234.394 c 18.648,-21.18 29.965,-48.971 29.965,-79.408 0,-66.396 -53.825,-120.223 -120.222,-120.223 -33.218,0 -63.286,13.477 -85.046,35.259 -4.591,5.125 -8.746,10.647 -12.413,16.507 -1.524,2.437 -2.963,4.931 -4.314,7.48 -7.067,13.341 -11.704,28.167 -13.301,43.893 -0.411,4.043 -0.622,8.146 -0.622,12.298 0,3.849 0.188,7.653 0.542,11.409 0.776,8.241 2.38,16.24 4.735,23.912 11.281,36.754 39.703,66.004 75.941,78.427 12.231,4.193 25.351,6.474 39.004,6.474 12.623,0 24.79,-1.95 36.22,-5.558 18.139,-5.725 34.412,-15.64 47.7,-28.603 0.536,-0.522 1.811,-1.867 1.811,-1.867 z m -5.788,-58.356 c -2.132,7.217 -5.052,14.085 -8.668,20.495 -16.571,29.372 -47.64,49.146 -83.233,49.146 -27.584,0 -52.447,-11.88 -69.956,-30.895 C 39.919,197.26 30.03,173.673 30.03,147.726 c 0,-15.515 3.54,-30.185 9.833,-43.222 15.648,-32.42 48.344,-54.73 86.15,-54.73 3.967,0 7.876,0.25 11.717,0.728 47.479,5.898 84.262,47.175 84.262,97.224 -0.002,9.846 -1.431,19.348 -4.079,28.312 z"
+           id="path30"
+           inkscape:connector-curvature="0"
+           style="fill:#f1f2f2" /></g><path
+         d="m 49.064,69.277 c -0.042,0.046 -0.085,0.092 -0.127,0.139 0.042,-0.047 0.085,-0.093 0.127,-0.139 z"
+         id="path32"
+         inkscape:connector-curvature="0"
+         style="fill:#f1f2f2" /></g><g
+       id="darkbrown_1_"><path
+         d="m 257.626,161.89 c -0.488,5.062 -1.29,10.032 -2.387,14.89 -0.31,1.371 -0.643,2.733 -0.999,4.086 l 0.567,-0.455 16.466,-13.193 0,-0.023 -13.647,-5.305 z"
+         id="path35"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620" /><path
+         d="m 0.001,167.219 16.451,13.076 6.574,5.225 c -2.354,-7.672 -3.959,-15.671 -4.735,-23.912 l -2.85,0.871 L 0,167.196"
+         id="path37"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620" /><path
+         d="m 87.491,192.337 c -6.21,0 -11.254,5.034 -11.254,11.257 0,6.216 5.043,11.257 11.254,11.257 6.221,0 11.261,-5.041 11.261,-11.257 0,-6.223 -5.041,-11.257 -11.261,-11.257 z"
+         id="path39"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620" /><path
+         d="m 181.307,192.337 c -6.218,0 -11.259,5.034 -11.259,11.257 0,6.216 5.041,11.257 11.259,11.257 6.22,0 11.257,-5.041 11.257,-11.257 0,-6.223 -5.037,-11.257 -11.257,-11.257 z"
+         id="path41"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620" /><path
+         d="m 182.997,102.25057 c -6.963,0 -15.44243,7.76632 -15.44243,14.73532 0,6.965 8.12588,17.2072 15.08888,17.2072 6.968,0 15.79898,-9.53609 15.79898,-16.50009 0.001,-6.97 -8.47743,-15.44243 -15.44543,-15.44243 z m 3.853,16.28443 c -2.558,0 -4.631,-2.072 -4.631,-4.629 0,-2.552 2.072,-4.626 4.631,-4.626 2.555,0 4.629,2.073 4.629,4.626 0,2.558 -2.073,4.629 -4.629,4.629 z"
+         id="path43"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620"
+         sodipodi:nodetypes="ssscssssss" /><path
+         d="m 89.709786,102.60413 c -6.971,0 -14.379767,8.11987 -14.379767,15.08887 0,6.965 8.824981,16.14653 15.793981,16.14653 6.963,0 15.79298,-9.18253 15.79298,-16.14653 0.001,-6.97 -10.243194,-15.08887 -17.207194,-15.08887 z M 95.828,118.535 c -2.559,0 -4.634,-2.072 -4.634,-4.629 0,-2.552 2.076,-4.626 4.634,-4.626 2.559,0 4.63,2.073 4.63,4.626 0,2.558 -2.071,4.629 -4.63,4.629 z"
+         id="path45"
+         inkscape:connector-curvature="0"
+         style="fill:#5a3620"
+         sodipodi:nodetypes="ssscssssss" /></g><g
+       id="cream"><path
+         d="m 336.302,256.425 c 3.59,-9.155 7.701,-11 9.346,-11.346 -40.757,3.757 -36.661,27.769 -34.026,35.96 0.55,1.712 1.037,2.733 1.037,2.733 0,0 2.031,4.787 7.536,8.748 4.149,2.986 10.27,5.503 18.995,5.144 27.063,0.461 35.631,-50.166 35.631,-50.166 -6.654,11.655 -26.404,9.876 -38.519,8.927 z"
+         id="path48"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /><path
+         d="m 48.937,69.415 c 0.042,-0.046 0.085,-0.092 0.127,-0.139 1.688,-1.854 3.43,-3.657 5.229,-5.402 -8.915,-6.977 -24.344,-15.826 -41.744,-11.633 0,0 2.814,20.458 23.437,34.287 3.667,-5.86 7.822,-11.381 12.413,-16.507 -0.055,0.055 -0.111,0.108 -0.166,0.163 0.231,-0.258 0.47,-0.511 0.704,-0.769 z"
+         id="path50"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /><path
+         d="m 258.812,52.242 c -15.831,-3.815 -30.029,3.169 -39.176,9.714 7.158,6.63 13.508,14.12 18.885,22.307 17.763,-13.689 20.291,-32.021 20.291,-32.021 z"
+         id="path52"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /><path
+         d="m 134.269,160.225 c -43.299,0 -78.388,22.964 -78.388,51.289 0,0.582 0.038,1.157 0.067,1.735 0.026,0.514 0.06,1.025 0.108,1.535 17.508,19.015 42.371,30.895 69.956,30.895 35.594,0 66.662,-19.774 83.233,-49.146 -9.796,-21.016 -39.651,-36.308 -74.976,-36.308 z M 87.491,214.85 c -6.211,0 -11.254,-5.041 -11.254,-11.257 0,-6.223 5.044,-11.257 11.254,-11.257 6.22,0 11.261,5.034 11.261,11.257 0,6.216 -5.04,11.257 -11.261,11.257 z m 93.816,0 c -6.218,0 -11.259,-5.041 -11.259,-11.257 0,-6.223 5.041,-11.257 11.259,-11.257 6.22,0 11.257,5.034 11.257,11.257 0,6.216 -5.037,11.257 -11.257,11.257 z"
+         id="path54"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /><path
+         d="M 86.265,0 C 68.102,16.373 86.113,41.427 86.258,41.628 97.061,36.47 108.751,32.874 121.042,31.141 97.629,27.686 86.265,0 86.265,0 Z"
+         id="path56"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /><path
+         d="m 186.204,0 c 0,0 -10.863,26.476 -33.231,30.883 11.992,1.493 23.435,4.752 34.062,9.509 C 190.383,35.136 202.036,14.271 186.204,0 Z"
+         id="path58"
+         inkscape:connector-curvature="0"
+         style="fill:#fef3df" /></g><g
+       id="g60"><path
+         d="m 217.913,176.038 c 2.647,-8.964 6.55187,-25.89162 6.55187,-35.73662 C 224.46487,90.252379 185.208,56.4 137.728,50.502 c -2.157,28.03 3.629,87.043 80.185,125.536 z m -47.53,-58.345 c 0,-6.97 5.651,-12.614 12.614,-12.614 6.968,0 12.617,5.645 12.617,12.614 0,6.964 -5.649,12.611 -12.617,12.611 -6.963,0 -12.614,-5.646 -12.614,-12.611 z"
+         id="path62"
+         inkscape:connector-curvature="0"
+         style="fill:#87654a"
+         sodipodi:nodetypes="csccsssss" /></g><g
+       id="brown"><path
+         d="m 312.658,283.772 c 0,0 -0.487,-1.021 -1.037,-2.733 -3.758,3.317 -13.036,10.236 -27.03,12.416 l 0,-10e-4 c -0.009,0.002 -0.019,0.003 -0.027,0.005 -4.044,0.628 -8.479,0.863 -13.29,0.497 l 0,28.141 c 2.059,-0.801 4.607,-1.834 7.477,-3.083 5.462,-2.377 12.093,-5.542 18.771,-9.395 0.027,-0.016 0.054,-0.031 0.081,-0.047 8.158,-4.713 16.37,-10.452 22.593,-17.052 -5.506,-3.961 -7.538,-8.748 -7.538,-8.748 z"
+         id="path65"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765" /><path
+         d="m 12.549,52.242 c 17.4,-4.193 32.83,4.656 41.744,11.633 C 59.888,58.449 66.009,53.565 72.57,49.301 48.272,18.498 2.169,37.201 2.169,37.201 -1.114,67.502 15.288,84.594 31.672,94.01 33.023,91.461 34.462,88.966 35.986,86.53 15.363,72.699 12.549,52.242 12.549,52.242 Z"
+         id="path67"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765" /><path
+         d="m 200.376,47.398 c 6.909,4.205 13.356,9.091 19.26,14.558 9.146,-6.545 23.345,-13.529 39.176,-9.714 0,0 -2.527,18.332 -20.291,32.021 1.633,2.485 3.175,5.034 4.624,7.643 15.141,-9.784 29.097,-26.539 26.046,-54.704 0,-10e-4 -44.152,-17.909 -68.815,10.196 z"
+         id="path69"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765" /><path
+         d="m 138.854,50.502 c -3.841,-0.478 -8.875,-0.728 -12.842,-0.728 -37.806,0 -70.502,22.31 -86.15,54.73 -1.045,4.357 -1.603,8.897 -1.603,13.612 0,1.454 0.085,2.787 0.121,4.175 0.127,3.935 0.448,7.585 0.855,11.135 4.291755,24.95762 7.959057,42.49186 13.464,66.758 0.056,0.407 0.164,0.804 0.224,1.211 0.617,4.028 1.642,7.992 3.025,11.854 -0.029,-0.578 -0.067,-1.153 -0.067,-1.735 0,-28.325 35.089,-51.289 78.388,-51.289 35.325,0 65.181,15.292 74.977,36.308 3.616,-6.409 6.536,-13.277 8.668,-20.495 C 179.98905,152.54886 163.9995,134.88987 153.25313,111.82124 142.50675,88.752624 137.775,64.517 138.854,50.502 Z m -47.73,79.802 c -6.97,0 -12.612,-5.646 -12.612,-12.611 0,-6.97 5.642,-12.614 12.612,-12.614 6.964,0 12.611,5.645 12.611,12.614 0.001,6.964 -5.648,12.611 -12.611,12.611 z"
+         id="path71"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765"
+         sodipodi:nodetypes="cscscccccssccscssscs" /></g></g></svg>

data/conf/sogo/custom-palettes.js

@@ -0,0 +1,7 @@
+$mdThemingProvider.definePalette("sogo-green",{50:"eaf5e9",100:"cbe5c8",200:"aad6a5",300:"88c781",400:"66b86a",500:"56b04c",600:"4da143",700:"388e3c",800:"367d2e",900:"225e1b",A100:"ffffff",A200:"69f0ae",A400:"00e676",A700:"00c853",contrastDefaultColor:"dark",contrastLightColors:["300","400","500","600","700","800","900"]})         
+$mdThemingProvider.definePalette("sogo-blue",{50:"f0faf9",100:"e1f5f3",200:"ceebe8",300:"bfe0dd",400:"b2d6d3",500:"a1ccc8",600:"8ebfbb",700:"7db3b0",800:"639997",900:"4d8080",A100:"d4f7fa",A200:"c3f5fa",A400:"53e3f0",A700:"00b0c0",contrastDefaultColor:"light",contrastDarkColors:["50","100","200"]})
+$mdThemingProvider.definePalette("sogo-grey",$mdThemingProvider.extendPalette("grey",{1e3:"baa870"}))
+
+var primarySettings = {default:"900","hue-1":"400","hue-2":"800","hue-3":"A700"}
+var accentSettings = {default:"500","hue-1":"A100","hue-2":"300","hue-3":"A700"}
+var backgroundSettings = {}

data/conf/sogo/custom-theme.js

@@ -1,36 +1,34 @@
-/* EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE
 (function() {
   'use strict';
+
   angular.module('SOGo.Common')
     .config(configure)
 
   configure.$inject = ['$mdThemingProvider'];
   function configure($mdThemingProvider) {
-    var greyMap = $mdThemingProvider.extendPalette('grey', {
-      '200': 'F5F5F5',
-      '300': 'E5E5E5',
-      '1000': '4C566A'
+
+$mdThemingProvider.definePalette("sogo-green",{50:"eaf5e9",100:"cbe5c8",200:"aad6a5",300:"88c781",400:"66b86a",500:"56b04c",600:"4da143",700:"388e3c",800:"367d2e",900:"225e1b",A100:"ffffff",A200:"69f0ae",A400:"00e676",A700:"00c853",contrastDefaultColor:"dark",contrastLightColors:["300","400","500","600","700","800","900"]})         
+$mdThemingProvider.definePalette("sogo-blue",{50:"f0faf9",100:"e1f5f3",200:"ceebe8",300:"bfe0dd",400:"b2d6d3",500:"a1ccc8",600:"8ebfbb",700:"7db3b0",800:"639997",900:"4d8080",A100:"d4f7fa",A200:"c3f5fa",A400:"53e3f0",A700:"00b0c0",contrastDefaultColor:"light",contrastDarkColors:["50","100","200"]})
+$mdThemingProvider.definePalette("sogo-grey",$mdThemingProvider.extendPalette("grey",{1e3:"baa870"}))
+
+var primarySettings = {default:"900","hue-1":"400","hue-2":"800","hue-3":"A700"}
+var accentSettings = {default:"500","hue-1":"A100","hue-2":"300","hue-3":"A700"}
+var backgroundSettings = {}
+
+    var primary = $mdThemingProvider.extendPalette('sogo-blue', {});
+    var accent = $mdThemingProvider.extendPalette('sogo-green', {
+      'A100': 'ffffff'
     });
-    var greenCow = $mdThemingProvider.extendPalette('green', {
-      '600': 'E5E5E5'
-    });
-    $mdThemingProvider.definePalette('frost-grey', greyMap);
-    $mdThemingProvider.definePalette('green-cow', greenCow);
+    var background = $mdThemingProvider.extendPalette('sogo-grey', {});
+
+    $mdThemingProvider.definePalette('primary-cow', primary);
+    $mdThemingProvider.definePalette('accent-cow', accent);
+    $mdThemingProvider.definePalette('background-cow', background);
+
     $mdThemingProvider.theme('default')
-      .primaryPalette('green-cow', {
-        'default': '400',
-        'hue-1': '400',
-        'hue-2': '600',
-        'hue-3': 'A700'
-      })
-      .accentPalette('green', {
-        'default': '600',
-        'hue-1': '300',
-        'hue-2': '300',
-        'hue-3': 'A700'
-      })
-      .backgroundPalette('frost-grey');
+      .primaryPalette('primary-cow', primarySettings)
+      .accentPalette('accent-cow', accentSettings)
+      .backgroundPalette('background-cow', backgroundSettings);
     $mdThemingProvider.generateThemesOnDemand(false);
   }
 })();
- */

data/conf/sogo/sogo.conf

@@ -32,8 +32,6 @@
     // );
 
     // self-signed is not trusted anymore
-    SOGoSieveServer = "sieve://dovecot:4190/?TLS=YES&tlsVerifyMode=none";
-    SOGoSMTPServer = "smtp://postfix:588/?TLS=YES&tlsVerifyMode=none";
     WOPort = "0.0.0.0:20000";
     SOGoMemcachedHost = "memcached";
 
@@ -64,7 +62,7 @@
     SOGoFirstDayOfWeek = "1";
 
     SOGoSieveFolderEncoding = "UTF-8";
-    SOGoPasswordChangeEnabled = YES;
+    SOGoPasswordChangeEnabled = NO;
     SOGoSentFolderName = "Sent";
     SOGoMailShowSubscribedFoldersOnly = NO;
     NGImap4ConnectionStringSeparator = "/";

data/web/_status.502.html

@@ -13,12 +13,12 @@
     Please check the logs or contact support if the error persists.</p>
     <h2>Quick debugging</h2>
     <p>Check Nginx and PHP logs:</p>
-    <pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
+    <pre>docker compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
     <p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
-    <pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
+    <pre>source mailcow.conf ; docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
     <p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
     <pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
-    <pre>docker-compose down --volumes ; docker-compose up -d</pre>
+    <pre>docker compose down --volumes ; docker compose up -d</pre>
     <p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
     <br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
   </body>

data/web/admin.php

@@ -10,9 +10,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $tfa_data = get_tfa();
 $fido2_data = fido2(array("action" => "get_friendly_names"));
-if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
-  $_SESSION['gal'] = json_decode($license_cache, true);
-}
 
 $js_minifier->add('/web/js/site/admin.js');
 $js_minifier->add('/web/js/presets/rspamd.js');
@@ -83,15 +80,12 @@ foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map) {
   ];
 }
 
-
 $template = 'admin.twig';
 $template_data = [
   'tfa_data' => $tfa_data,
   'tfa_id' => @$_SESSION['tfa_id'],
   'fido2_cid' => @$_SESSION['fido2_cid'],
   'fido2_data' => $fido2_data,
-  'gal' => @$_SESSION['gal'],
-  'license_guid' => license('guid'),
   'api' => [
     'ro' => admin_api('ro', 'get'),
     'rw' => admin_api('rw', 'get'),
@@ -109,9 +103,14 @@ $template_data = [
   'rsettings' => $rsettings,
   'rspamd_regex_maps' => $rspamd_regex_maps,
   'logo_specs' => customize('get', 'main_logo_specs'),
+  'favicon_specs' => customize('get', 'favicon_specs'),
+  'ip_check' => customize('get', 'ip_check'),
   'password_complexity' => password_complexity('get'),
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
+  'sogo_palettes' => $GLOBALS['SOGO_PALETTES'],
+  'sogo_theme' => customize('get', 'sogo_theme'),
   'lang_admin' => json_encode($lang['admin']),
+  'lang_datatables' => json_encode($lang['datatables'])
 ];
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';

data/web/api/index.css

@@ -0,0 +1,16 @@
+html {
+    box-sizing: border-box;
+    overflow: -moz-scrollbars-vertical;
+    overflow-y: scroll;
+}
+
+*,
+*:before,
+*:after {
+    box-sizing: inherit;
+}
+
+body {
+    margin: 0;
+    background: #fafafa;
+}

data/web/api/index.html

@@ -5,56 +5,15 @@
     <meta charset="UTF-8">
     <title>Swagger UI</title>
     <link rel="stylesheet" type="text/css" href="./swagger-ui.css" />
+    <link rel="stylesheet" type="text/css" href="index.css" />
     <link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
     <link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
-    <style>
-      html
-      {
-        box-sizing: border-box;
-        overflow: -moz-scrollbars-vertical;
-        overflow-y: scroll;
-      }
-
-      *,
-      *:before,
-      *:after
-      {
-        box-sizing: inherit;
-      }
-
-      body
-      {
-        margin:0;
-        background: #fafafa;
-      }
-    </style>
   </head>
 
   <body>
     <div id="swagger-ui"></div>
-
     <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
     <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
-    <script>
-    window.onload = function() {
-      // Begin Swagger UI call region
-      const ui = SwaggerUIBundle({
-        url: "/api/openapi.yaml",
-        dom_id: '#swagger-ui',
-        deepLinking: true,
-        presets: [
-          SwaggerUIBundle.presets.apis,
-          SwaggerUIStandalonePreset
-        ],
-        plugins: [
-          SwaggerUIBundle.plugins.DownloadUrl
-        ],
-        layout: "StandaloneLayout"
-      });
-      // End Swagger UI call region
-
-      window.ui = ui;
-    };
-  </script>
+    <script src="./swagger-initializer.js" charset="UTF-8"> </script>
   </body>
 </html>

data/web/api/oauth2-redirect.html

@@ -13,7 +13,7 @@
         var isValid, qp, arr;
 
         if (/code|token|error/.test(window.location.hash)) {
-            qp = window.location.hash.substring(1);
+            qp = window.location.hash.substring(1).replace('?', '&');
         } else {
             qp = location.search.substring(1);
         }
@@ -38,7 +38,7 @@
                     authId: oauth2.auth.name,
                     source: "auth",
                     level: "warning",
-                    message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
+                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
                 });
             }
 
@@ -58,7 +58,7 @@
                     authId: oauth2.auth.name,
                     source: "auth",
                     level: "error",
-                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
+                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
                 });
             }
         } else {
@@ -67,9 +67,13 @@
         window.close();
     }
 
-    window.addEventListener('DOMContentLoaded', function () {
-      run();
-    });
+    if (document.readyState !== 'loading') {
+        run();
+    } else {
+        document.addEventListener('DOMContentLoaded', function () {
+            run();
+        });
+    }
 </script>
 </body>
 </html>

data/web/api/openapi.yaml

@@ -209,10 +209,17 @@ paths:
                         - app_passwd
                         - add
                         - active: "1"
-                          app_name: emclient
+                          username: info@domain.tld
+                          app_name: wordpress
                           app_passwd: keyleudecticidechothistishownsan31
                           app_passwd2: keyleudecticidechothistishownsan31
-                          username: hello@mailcow.email
+                          protocols:
+                            - imap_access
+                            - dav_access
+                            - smtp_access
+                            - eas_access
+                            - pop3_access
+                            - sieve_access
                       msg: app_passwd_added
                       type: success
               schema:
@@ -249,6 +256,13 @@ paths:
                 app_name: wordpress
                 app_passwd: keyleudecticidechothistishownsan31
                 app_passwd2: keyleudecticidechothistishownsan31
+                protocols:
+                  - imap_access
+                  - dav_access
+                  - smtp_access
+                  - eas_access
+                  - pop3_access
+                  - sieve_access
               properties:
                 active:
                   description: is alias active or not
@@ -497,27 +511,30 @@ paths:
                           relay_all_recipients: "0"
                           rl_frame: s
                           rl_value: "10"
+                          tags: ["tag1", "tag2"]
                         - null
                       msg:
                         - domain_added
                         - domain.tld
                       type: success
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -544,6 +561,7 @@ paths:
                 rl_frame: s
                 rl_value: "10"
                 restart_sogo: "10"
+                tags: ["tag1", "tag2"]
               properties:
                 active:
                   description: is domain active or not
@@ -563,6 +581,11 @@ paths:
                 domain:
                   description: Fully qualified domain name
                   type: string
+                gal:
+                  description: >-
+                    is domain global address list active or not, it enables
+                    shared contacts accross domain in SOGo webmail
+                  type: boolean
                 mailboxes:
                   description: limit count of mailboxes associated with this domain
                   type: number
@@ -580,6 +603,9 @@ paths:
                     if not, them you have to create "dummy" mailbox for each
                     address to relay
                   type: boolean
+                relay_unknown_only:
+                  description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                  type: boolean
                 rl_frame:
                   enum:
                     - s
@@ -590,6 +616,11 @@ paths:
                 rl_value:
                   description: rate limit value
                   type: number
+                tags:
+                  description: tags for this Domain
+                  type: array
+                  items:
+                    type: string
               type: object
       summary: Create domain
   /api/v1/add/domain-admin:
@@ -668,6 +699,38 @@ paths:
                   type: string
               type: object
       summary: Create Domain Admin user
+  /api/v1/add/sso/domain-admin:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
+          description: OK
+          headers: { }
+      tags:
+        - Single Sign-On
+      description: >-
+        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
+        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
+      operationId: Issue Domain Admin SSO token
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                username: testadmin
+              properties:
+                username:
+                  description: the username for the admin user
+                  type: object
+              type: object
+      summary: Issue Domain Admin SSO token
   /api/v1/edit/da-acl:
     post:
       responses:
@@ -1010,6 +1073,7 @@ paths:
                           force_pw_update: "1"
                           tls_enforce_in: "1"
                           tls_enforce_out: "1"
+                          tags: ["tag1", "tag2"]
                         - null
                       msg:
                         - mailbox_added
@@ -1054,6 +1118,7 @@ paths:
                 force_pw_update: "1"
                 tls_enforce_in: "1"
                 tls_enforce_out: "1"
+                tags: ["tag1", "tag2"]
               properties:
                 active:
                   description: is mailbox active or not
@@ -1934,21 +1999,23 @@ paths:
                         - domain2.tld
                       type: success
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      description: contains request object
+                      items: {}
+                      type: array
+                    msg:
+                      items: {}
+                      type: array
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -1959,14 +2026,15 @@ paths:
         content:
           application/json:
             schema:
+              type: object
               example:
                 - domain.tld
                 - domain2.tld
               properties:
                 items:
-                  description: contains list of domains you want to delete
-                  type: object
-              type: object
+                  type: array
+                  items:
+                    type: string
       summary: Delete domain
   /api/v1/delete/domain-admin:
     post:
@@ -2716,6 +2784,140 @@ paths:
                   type: object
               type: object
       summary: Delete Transport Maps
+  "/api/v1/delete/mailbox/tag/{mailbox}":
+    post:
+      parameters:
+        - description: name of mailbox
+          in: path
+          name: mailbox
+          example: info@domain.tld
+          required: true
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - tags_mailbox
+                        - tags:
+                          - tag1
+                          - tag2
+                          mailbox: info@domain.tld
+                        - null
+                      msg:
+                        - mailbox_modified
+                        - info@domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can delete one or more mailbox tags.
+      operationId: Delete mailbox tags
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - tag1
+                - tag2
+              properties:
+                items:
+                  description: contains list of mailboxes you want to delete
+                  type: object
+              type: object
+      summary: Delete mailbox tags
+  "/api/v1/delete/domain/tag/{domain}":
+    post:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          example: domain.tld
+          required: true
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - log:
+                        - mailbox
+                        - delete
+                        - tags_domain
+                        - tags:
+                          - tag1
+                          - tag2
+                          domain: domain.tld
+                        - null
+                      msg:
+                        - domain_modified
+                        - domain.tld
+                      type: success
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Domains
+      description: You can delete one or more domain tags.
+      operationId: Delete domain tags
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - tag1
+                - tag2
+              properties:
+                items:
+                  description: contains list of domains you want to delete
+                  type: object
+              type: object
+      summary: Delete domain tags
   /api/v1/edit/alias:
     post:
       responses:
@@ -2820,23 +3022,25 @@ paths:
           $ref: "#/components/responses/Unauthorized"
         "200":
           content:
-            "*/*":
+            application/json:
               schema:
-                properties:
-                  log:
-                    description: contains request object
-                    items: {}
-                    type: array
-                  msg:
-                    items: {}
-                    type: array
-                  type:
-                    enum:
-                      - success
-                      - danger
-                      - error
-                    type: string
-                type: object
+                type: array
+                items:
+                  type: object
+                  properties:
+                    log:
+                      type: array
+                      description: contains request object
+                      items: {}
+                    msg:
+                      type: array
+                      items: {}
+                    type:
+                      enum:
+                        - success
+                        - danger
+                        - error
+                      type: string
           description: OK
           headers: {}
       tags:
@@ -2865,6 +3069,7 @@ paths:
                   quota: "10240"
                   relay_all_recipients: "0"
                   relayhost: "2"
+                  tags: ["tag3", "tag4"]
                 items: domain.tld
               properties:
                 attr:
@@ -2903,13 +3108,33 @@ paths:
                         if not, them you have to create "dummy" mailbox for each
                         address to relay
                       type: boolean
+                    relay_unknown_only:
+                      description: Relay non-existing mailboxes only. Existing mailboxes will be delivered locally.
+                      type: boolean
                     relayhost:
                       description: id of relayhost
                       type: number
+                    rl_frame:
+                      enum:
+                        - s
+                        - m
+                        - h
+                        - d
+                      type: string
+                    rl_value:
+                      description: rate limit value
+                      type: number
+                    tags:
+                      description: tags for this Domain
+                      type: array
+                      items:
+                        type: string
                   type: object
                 items:
                   description: contains list of domain names you want update
-                  type: object
+                  type: array
+                  items:
+                    type: string
               type: object
       summary: Update domain
   /api/v1/edit/fail2ban:
@@ -2951,8 +3176,10 @@ paths:
               example:
                 attr:
                   ban_time: "86400"
+                  ban_time_increment: "1"
                   blacklist: "10.100.6.5/32,10.100.8.4/32"
                   max_attempts: "5"
+                  max_ban_time: "86400"
                   netban_ipv4: "24"
                   netban_ipv6: "64"
                   retry_window: "600"
@@ -2966,11 +3193,17 @@ paths:
                       description: the backlisted ips or hostnames separated by comma
                       type: string
                     ban_time:
-                      description: the time a ip should be banned
+                      description: the time an ip should be banned
                       type: number
+                    ban_time_increment:
+                      description: if the time of the ban should increase each time
+                      type: boolean
                     max_attempts:
                       description: the maximum numbe of wrong logins before a ip is banned
                       type: number
+                    max_ban_time:
+                      description: the maximum time an ip should be banned
+                      type: number
                     netban_ipv4:
                       description: the networks mask to ban for ipv4
                       type: number
@@ -3019,6 +3252,7 @@ paths:
                           sogo_access: "1"
                           username:
                             - info@domain.tld
+                          tags: ["tag3", "tag4"]
                         - null
                       msg:
                         - mailbox_modified
@@ -3066,6 +3300,7 @@ paths:
                     - domain3.tld
                     - "*"
                   sogo_access: "1"
+                  tags: ["tag3", "tag4"]
                 items:
                   - info@domain.tld
               properties:
@@ -3154,6 +3389,7 @@ paths:
                           evaluate_x_prio: "0"
                           key: 21e8918e1jksdjcpis712
                           only_x_prio: "0"
+                          sound: "pushover"
                           senders: ""
                           senders_regex: ""
                           text: ""
@@ -3197,6 +3433,7 @@ paths:
                   evaluate_x_prio: "0"
                   key: 21e8918e1jksdjcpis712
                   only_x_prio: "0"
+                  sound: "pushover"
                   senders: ""
                   senders_regex: ""
                   text: ""
@@ -3218,6 +3455,9 @@ paths:
                     only_x_prio:
                       description: Only send push for prio mails
                       type: number
+                    sound:
+                      description: Set notification sound
+                      type: string
                     senders:
                       description: Only send push for emails from these senders
                       type: string
@@ -3793,6 +4033,13 @@ paths:
               - all
               - mailcow.tld
             type: string
+        - description: comma seperated list of tags to filter by
+          example: "tag1,tag2"
+          in: query
+          name: tags
+          required: false
+          schema:
+            type: string
         - description: e.g. api-key-string
           example: api-key-string
           in: header
@@ -3831,6 +4078,7 @@ paths:
                       relay_all_recipients: "0"
                       relayhost: "0"
                       rl: false
+                      tags: ["tag1", "tag2"]
                     - active: "1"
                       aliases_in_domain: 0
                       aliases_left: 400
@@ -3853,6 +4101,7 @@ paths:
                       relay_all_recipients: "0"
                       relayhost: "0"
                       rl: false
+                      tags: ["tag3", "tag4"]
           description: OK
           headers: {}
       tags:
@@ -3872,10 +4121,12 @@ paths:
                 response:
                   value:
                     ban_time: 604800
+                    ban_time_increment: 1
                     blacklist: |-
                       45.82.153.37/32
                       92.118.38.52/32
                     max_attempts: 1
+                    max_ban_time: 604800
                     netban_ipv4: 32
                     netban_ipv6: 128
                     perm_bans:
@@ -4345,6 +4596,13 @@ paths:
               - all
               - user@domain.tld
             type: string
+        - description: comma seperated list of tags to filter by
+          example: "tag1,tag2"
+          in: query
+          name: tags
+          required: false
+          schema:
+            type: string
         - description: e.g. api-key-string
           example: api-key-string
           in: header
@@ -4382,6 +4640,7 @@ paths:
                       rl: false
                       spam_aliases: 0
                       username: info@doman3.tld
+                      tags: ["tag1", "tag2"]
           description: OK
           headers: {}
       tags:
@@ -5072,6 +5331,27 @@ paths:
         of used storage.
       operationId: Get vmail status
       summary: Get vmail status
+  /api/v1/get/status/version:
+    get:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    version: "2022-04"
+          description: OK
+          headers: {}
+      tags:
+        - Status
+      description: >-
+        Using this endpoint you can get the current running release of this
+        instance.
+      operationId: Get version status
+      summary: Get version status
   /api/v1/get/syncjobs/all/no_log:
     get:
       responses:
@@ -5268,6 +5548,163 @@ paths:
                   attr:
                     spam_score: "8,15"
       summary: Edit mailbox spam filter score
+  "/api/v1/get/mailbox/all/{domain}":
+    get:
+      parameters:
+        - description: name of domain
+          in: path
+          name: domain
+          required: false
+          schema:
+            type: string
+        - description: e.g. api-key-string
+          example: api-key-string
+          in: header
+          name: X-API-Key
+          required: false
+          schema:
+            type: string
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - active: "1"
+                      attributes:
+                        force_pw_update: "0"
+                        mailbox_format: "maildir:"
+                        quarantine_notification: never
+                        sogo_access: "1"
+                        tls_enforce_in: "0"
+                        tls_enforce_out: "0"
+                      domain: domain3.tld
+                      is_relayed: 0
+                      local_part: info
+                      max_new_quota: 10737418240
+                      messages: 0
+                      name: Full name
+                      percent_class: success
+                      percent_in_use: 0
+                      quota: 3221225472
+                      quota_used: 0
+                      rl: false
+                      spam_aliases: 0
+                      username: info@domain3.tld
+                      tags: ["tag1", "tag2"]
+          description: OK
+          headers: {}
+      tags:
+        - Mailboxes
+      description: You can list all mailboxes existing in system for a specific domain.
+      operationId: Get mailboxes of a domain
+      summary: Get mailboxes of a domain
+  /api/v1/edit/sogo_theme/:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - customize
+                        - edit
+                        - sogo_theme
+                        - primary: "brown"
+                          accent: "brown"
+                          background: "amber"
+                      msg:
+                        - sogo_theme_modified
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Customize
+      description: >-
+        Using this endpoint you can edit the sogo theme. SOGo has to be restarted after each change.
+      operationId: Edit SOGo theme
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                primary: "brown"
+                accent: "brown"
+                background: "amber"
+      summary: Edit SOGo theme
+  /api/v1/delete/sogo_theme/:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: success
+                      log:
+                        - customize
+                        - delete
+                        - sogo_theme
+                        - items:
+                            - sogo-theme
+                      msg: "sogo_theme_removed"
+              schema:
+                properties:
+                  log:
+                    description: contains request object
+                    items: {}
+                    type: array
+                  msg:
+                    items: {}
+                    type: array
+                  type:
+                    enum:
+                      - success
+                      - danger
+                      - error
+                    type: string
+                type: object
+          description: OK
+          headers: {}
+      tags:
+        - Customize
+      description: >-
+        Using this endpoint you can reset the sogo theme. SOGo has to be restarted after each change.
+      operationId: Reset SOGo theme
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                - items:
+                  - "sogo-theme"
+      summary: Reset SOGo theme
 
 tags:
   - name: Domains
@@ -5294,6 +5731,8 @@ tags:
     description: Manage DKIM keys
   - name: Domain admin
     description: Create or udpdate domain admin users
+  - name: Single Sign-On
+    description: Issue tokens for users
   - name: Address Rewriting
     description: Create BCC maps or recipient maps
   - name: Outgoing TLS Policy Map Overrides
@@ -5310,3 +5749,5 @@ tags:
     description: Get the status of your cow
   - name: Ratelimits
     description: Edit domain ratelimits
+  - name: Customize
+    description: You can customize mailcow's appearance

data/web/api/swagger-initializer.js

@@ -0,0 +1,19 @@
+window.onload = function() {
+  // Begin Swagger UI call region
+  const ui = SwaggerUIBundle({
+    urls: [{url: "/api/openapi.yaml", name: "mailcow API"}],
+    dom_id: '#swagger-ui',
+    deepLinking: true,
+    presets: [
+      SwaggerUIBundle.presets.apis,
+      SwaggerUIStandalonePreset
+    ],
+    plugins: [
+      SwaggerUIBundle.plugins.DownloadUrl
+    ],
+    layout: "StandaloneLayout"
+  });
+  // End Swagger UI call region
+
+  window.ui = ui;
+};

data/web/autodiscover.php

@@ -68,7 +68,7 @@ if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
   exit(0);
 }
 
-$login_role = check_login($login_user, $login_pass, true);
+$login_role = check_login($login_user, $login_pass, array('eas' => TRUE));
 
 if ($login_role === "user") {
   header("Content-Type: application/xml");

data/web/css/build/002-breakpoint.min.css

@@ -1 +1 @@
-@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-collapse.collapse{display:none!important}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}
+@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}

data/web/css/build/003-bootstrap-select.css

@@ -0,0 +1,487 @@
+/*!
+ * Bootstrap-select v1.14.0-beta2 (https://developer.snapappointments.com/bootstrap-select)
+ *
+ * Copyright 2012-2021 SnapAppointments, LLC
+ * Licensed under MIT (https://github.com/snapappointments/bootstrap-select/blob/master/LICENSE)
+ */
+
+@-webkit-keyframes bs-notify-fadeOut {
+  0% {
+    opacity: 0.9;
+  }
+  100% {
+    opacity: 0;
+  }
+}
+@-o-keyframes bs-notify-fadeOut {
+  0% {
+    opacity: 0.9;
+  }
+  100% {
+    opacity: 0;
+  }
+}
+@keyframes bs-notify-fadeOut {
+  0% {
+    opacity: 0.9;
+  }
+  100% {
+    opacity: 0;
+  }
+}
+select.bs-select-hidden,
+.bootstrap-select > select.bs-select-hidden,
+select.selectpicker {
+  display: none !important;
+}
+.bootstrap-select {
+  width: 220px \0;
+  /*IE9 and below*/
+  vertical-align: middle;
+}
+.bootstrap-select > .dropdown-toggle {
+  position: relative;
+  width: 100%;
+  text-align: right;
+  white-space: nowrap;
+  display: -webkit-inline-box;
+  display: -webkit-inline-flex;
+  display: -ms-inline-flexbox;
+  display: inline-flex;
+  -webkit-box-align: center;
+  -webkit-align-items: center;
+      -ms-flex-align: center;
+          align-items: center;
+  -webkit-box-pack: justify;
+  -webkit-justify-content: space-between;
+      -ms-flex-pack: justify;
+          justify-content: space-between;
+}
+.bootstrap-select > .dropdown-toggle:after {
+  margin-top: -1px;
+}
+.bootstrap-select > .dropdown-toggle.bs-placeholder,
+.bootstrap-select > .dropdown-toggle.bs-placeholder:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder:active {
+  color: #999;
+}
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:hover,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:focus,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:active,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:active,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:active,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:active,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:active,
+.bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:active {
+  color: rgba(255, 255, 255, 0.5);
+}
+.bootstrap-select > select {
+  position: absolute !important;
+  bottom: 0;
+  left: 50%;
+  display: block !important;
+  width: 0.5px !important;
+  height: 100% !important;
+  padding: 0 !important;
+  opacity: 0 !important;
+  border: none;
+  z-index: 0 !important;
+}
+.bootstrap-select > select.mobile-device {
+  top: 0;
+  left: 0;
+  display: block !important;
+  width: 100% !important;
+  z-index: 2 !important;
+}
+.has-error .bootstrap-select .dropdown-toggle,
+.error .bootstrap-select .dropdown-toggle,
+.bootstrap-select.is-invalid .dropdown-toggle,
+.was-validated .bootstrap-select select:invalid + .dropdown-toggle {
+  border-color: #b94a48;
+}
+.bootstrap-select.is-valid .dropdown-toggle,
+.was-validated .bootstrap-select select:valid + .dropdown-toggle {
+  border-color: #28a745;
+}
+.bootstrap-select.fit-width {
+  width: auto !important;
+}
+.bootstrap-select:not([class*="col-"]):not([class*="form-control"]):not(.input-group-btn) {
+  width: 220px;
+}
+.bootstrap-select > select.mobile-device:focus + .dropdown-toggle,
+.bootstrap-select .dropdown-toggle:focus {
+  outline: thin dotted #333333 !important;
+  outline: 5px auto -webkit-focus-ring-color !important;
+  outline-offset: -2px;
+}
+.bootstrap-select.form-control {
+  margin-bottom: 0;
+  padding: 0;
+  border: none;
+  height: auto;
+}
+:not(.input-group) > .bootstrap-select.form-control:not([class*="col-"]) {
+  width: 100%;
+}
+.bootstrap-select.form-control.input-group-btn {
+  float: none;
+  z-index: auto;
+}
+.form-inline .bootstrap-select,
+.form-inline .bootstrap-select.form-control:not([class*="col-"]) {
+  width: auto;
+}
+.bootstrap-select:not(.input-group-btn),
+.bootstrap-select[class*="col-"] {
+  float: none;
+  display: inline-block;
+  margin-left: 0;
+}
+.bootstrap-select.dropdown-menu-right,
+.bootstrap-select[class*="col-"].dropdown-menu-right,
+.row .bootstrap-select[class*="col-"].dropdown-menu-right {
+  float: right;
+}
+.form-inline .bootstrap-select,
+.form-horizontal .bootstrap-select,
+.form-group .bootstrap-select {
+  margin-bottom: 0;
+}
+.form-group-lg .bootstrap-select.form-control,
+.form-group-sm .bootstrap-select.form-control {
+  padding: 0;
+}
+.form-group-lg .bootstrap-select.form-control .dropdown-toggle,
+.form-group-sm .bootstrap-select.form-control .dropdown-toggle {
+  height: 100%;
+  font-size: inherit;
+  line-height: inherit;
+  border-radius: inherit;
+}
+.bootstrap-select.form-control-sm .dropdown-toggle,
+.bootstrap-select.form-control-lg .dropdown-toggle {
+  font-size: inherit;
+  line-height: inherit;
+  border-radius: inherit;
+}
+.bootstrap-select.form-control-sm .dropdown-toggle {
+  padding: 0.25rem 0.5rem;
+}
+.bootstrap-select.form-control-lg .dropdown-toggle {
+  padding: 0.5rem 1rem;
+}
+.form-inline .bootstrap-select .form-control {
+  width: 100%;
+}
+.bootstrap-select.disabled,
+.bootstrap-select > .disabled {
+  cursor: not-allowed;
+}
+.bootstrap-select.disabled:focus,
+.bootstrap-select > .disabled:focus {
+  outline: none !important;
+}
+.bootstrap-select.bs-container {
+  position: absolute;
+  top: 0;
+  left: 0;
+  height: 0 !important;
+  padding: 0 !important;
+}
+.bootstrap-select.bs-container .dropdown-menu {
+  z-index: 1060;
+}
+.bootstrap-select .dropdown-toggle .filter-option {
+  position: static;
+  top: 0;
+  left: 0;
+  float: left;
+  height: 100%;
+  width: 100%;
+  text-align: left;
+  overflow: hidden;
+  -webkit-box-flex: 0;
+  -webkit-flex: 0 1 auto;
+      -ms-flex: 0 1 auto;
+          flex: 0 1 auto;
+}
+.bs3.bootstrap-select .dropdown-toggle .filter-option {
+  padding-right: inherit;
+}
+.input-group .bs3-has-addon.bootstrap-select .dropdown-toggle .filter-option {
+  position: absolute;
+  padding-top: inherit;
+  padding-bottom: inherit;
+  padding-left: inherit;
+  float: none;
+}
+.input-group .bs3-has-addon.bootstrap-select .dropdown-toggle .filter-option .filter-option-inner {
+  padding-right: inherit;
+}
+.bootstrap-select .dropdown-toggle .filter-option-inner-inner {
+  overflow: hidden;
+}
+.bootstrap-select .dropdown-toggle .filter-expand {
+  width: 0 !important;
+  float: left;
+  opacity: 0 !important;
+  overflow: hidden;
+}
+.bootstrap-select .dropdown-toggle .caret {
+  position: absolute;
+  top: 50%;
+  right: 12px;
+  margin-top: -2px;
+  vertical-align: middle;
+}
+.bootstrap-select .dropdown-toggle .bs-select-clear-selected {
+  position: relative;
+  display: block;
+  margin-right: 5px;
+  text-align: center;
+}
+.bs3.bootstrap-select .dropdown-toggle .bs-select-clear-selected {
+  padding-right: inherit;
+}
+.bootstrap-select .dropdown-toggle .bs-select-clear-selected span {
+  position: relative;
+  top: -webkit-calc(((-1em / 1.5) + 1ex) / 2);
+  top: calc(((-1em / 1.5) + 1ex) / 2);
+  pointer-events: none;
+}
+.bs3.bootstrap-select .dropdown-toggle .bs-select-clear-selected span {
+  top: auto;
+}
+.bootstrap-select .dropdown-toggle.bs-placeholder .bs-select-clear-selected {
+  display: none;
+}
+.input-group .bootstrap-select.form-control .dropdown-toggle {
+  border-radius: inherit;
+}
+.bootstrap-select[class*="col-"] .dropdown-toggle {
+  width: 100%;
+}
+.bootstrap-select .dropdown-menu {
+  min-width: 100%;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+}
+.bootstrap-select .dropdown-menu > .inner:focus {
+  outline: none !important;
+}
+.bootstrap-select .dropdown-menu.inner {
+  position: static;
+  float: none;
+  border: 0;
+  padding: 0;
+  margin: 0;
+  border-radius: 0;
+  -webkit-box-shadow: none;
+          box-shadow: none;
+}
+.bootstrap-select .dropdown-menu li {
+  position: relative;
+}
+.bootstrap-select .dropdown-menu li.active small {
+  color: rgba(255, 255, 255, 0.5) !important;
+}
+.bootstrap-select .dropdown-menu li.disabled a {
+  cursor: not-allowed;
+}
+.bootstrap-select .dropdown-menu li a {
+  cursor: pointer;
+  -webkit-user-select: none;
+     -moz-user-select: none;
+      -ms-user-select: none;
+          user-select: none;
+}
+.bootstrap-select .dropdown-menu li a.opt {
+  position: relative;
+  padding-left: 2.25em;
+}
+.bootstrap-select .dropdown-menu li a span.check-mark {
+  display: none;
+}
+.bootstrap-select .dropdown-menu li a span.text {
+  display: inline-block;
+}
+.bootstrap-select .dropdown-menu li small {
+  padding-left: 0.5em;
+}
+.bootstrap-select .dropdown-menu .notify {
+  position: absolute;
+  bottom: 5px;
+  width: 96%;
+  margin: 0 2%;
+  min-height: 26px;
+  padding: 3px 5px;
+  background: #f5f5f5;
+  border: 1px solid #e3e3e3;
+  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05);
+          box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05);
+  pointer-events: none;
+  opacity: 0.9;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+}
+.bootstrap-select .dropdown-menu .notify.fadeOut {
+  -webkit-animation: 300ms linear 750ms forwards bs-notify-fadeOut;
+       -o-animation: 300ms linear 750ms forwards bs-notify-fadeOut;
+          animation: 300ms linear 750ms forwards bs-notify-fadeOut;
+}
+.bootstrap-select .no-results {
+  padding: 3px;
+  background: #f5f5f5;
+  margin: 0 5px;
+  white-space: nowrap;
+}
+.bootstrap-select.fit-width .dropdown-toggle .filter-option {
+  position: static;
+  display: inline;
+  padding: 0;
+}
+.bootstrap-select.fit-width .dropdown-toggle .filter-option-inner,
+.bootstrap-select.fit-width .dropdown-toggle .filter-option-inner-inner {
+  display: inline;
+}
+.bootstrap-select.fit-width .dropdown-toggle .bs-caret:before {
+  content: '\00a0';
+}
+.bootstrap-select.fit-width .dropdown-toggle .caret {
+  position: static;
+  top: auto;
+  margin-top: -1px;
+}
+.bootstrap-select.show-tick .dropdown-menu .selected span.check-mark {
+  position: absolute;
+  display: inline-block;
+  right: 15px;
+  top: 5px;
+}
+.bootstrap-select.show-tick .dropdown-menu li a span.text {
+  margin-right: 34px;
+}
+.bootstrap-select .bs-ok-default:after {
+  content: '';
+  display: block;
+  width: 0.5em;
+  height: 1em;
+  border-style: solid;
+  border-width: 0 0.26em 0.26em 0;
+  -webkit-transform-style: preserve-3d;
+          transform-style: preserve-3d;
+  -webkit-transform: rotate(45deg);
+      -ms-transform: rotate(45deg);
+       -o-transform: rotate(45deg);
+          transform: rotate(45deg);
+}
+.bootstrap-select.show-menu-arrow.open > .dropdown-toggle,
+.bootstrap-select.show-menu-arrow.show > .dropdown-toggle {
+  z-index: 1061;
+}
+.bootstrap-select.show-menu-arrow .dropdown-toggle .filter-option:before {
+  content: '';
+  border-left: 7px solid transparent;
+  border-right: 7px solid transparent;
+  border-bottom: 7px solid rgba(204, 204, 204, 0.2);
+  position: absolute;
+  bottom: -4px;
+  left: 9px;
+  display: none;
+}
+.bootstrap-select.show-menu-arrow .dropdown-toggle .filter-option:after {
+  content: '';
+  border-left: 6px solid transparent;
+  border-right: 6px solid transparent;
+  border-bottom: 6px solid white;
+  position: absolute;
+  bottom: -4px;
+  left: 10px;
+  display: none;
+}
+.bootstrap-select.show-menu-arrow.dropup .dropdown-toggle .filter-option:before {
+  bottom: auto;
+  top: -4px;
+  border-top: 7px solid rgba(204, 204, 204, 0.2);
+  border-bottom: 0;
+}
+.bootstrap-select.show-menu-arrow.dropup .dropdown-toggle .filter-option:after {
+  bottom: auto;
+  top: -4px;
+  border-top: 6px solid white;
+  border-bottom: 0;
+}
+.bootstrap-select.show-menu-arrow.pull-right .dropdown-toggle .filter-option:before {
+  right: 12px;
+  left: auto;
+}
+.bootstrap-select.show-menu-arrow.pull-right .dropdown-toggle .filter-option:after {
+  right: 13px;
+  left: auto;
+}
+.bootstrap-select.show-menu-arrow.open > .dropdown-toggle .filter-option:before,
+.bootstrap-select.show-menu-arrow.show > .dropdown-toggle .filter-option:before,
+.bootstrap-select.show-menu-arrow.open > .dropdown-toggle .filter-option:after,
+.bootstrap-select.show-menu-arrow.show > .dropdown-toggle .filter-option:after {
+  display: block;
+}
+.bs-searchbox,
+.bs-actionsbox,
+.bs-donebutton {
+  padding: 4px 8px;
+}
+.bs-actionsbox {
+  width: 100%;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+}
+.bs-actionsbox .btn-group {
+  display: block;
+}
+.bs-actionsbox .btn-group button {
+  width: 50%;
+}
+.bs-donebutton {
+  float: left;
+  width: 100%;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+}
+.bs-donebutton .btn-group {
+  display: block;
+}
+.bs-donebutton .btn-group button {
+  width: 100%;
+}
+.bs-searchbox + .bs-actionsbox {
+  padding: 0 8px 4px;
+}
+.bs-searchbox .form-control {
+  margin-bottom: 0;
+  width: 100%;
+  float: none;
+}
+/*# sourceMappingURL=bootstrap-select.css.map */

data/web/css/build/006-footable.bootstrap.min.css

@@ -1,323 +0,0 @@
-table.footable-details,
-table.footable > thead > tr.footable-filtering > th div.form-group {
-  margin-bottom: 0;
-}
-table.footable,
-table.footable-details {
-  position: relative;
-  width: 100%;
-  border-spacing: 0;
-  border-collapse: collapse;
-}
-table.footable-hide-fouc {
-  display: none;
-}
-table > tbody > tr > td > span.footable-toggle {
-  margin-right: 8px;
-  opacity: 0.3;
-}
-table > tbody > tr > td > span.footable-toggle.last-column {
-  margin-left: 8px;
-  float: right;
-}
-table.table-condensed > tbody > tr > td > span.footable-toggle {
-  margin-right: 5px;
-}
-table.footable-details > tbody > tr > th:nth-child(1) {
-  min-width: 40px;
-  width: 120px;
-}
-table.footable-details > tbody > tr > td:nth-child(2) {
-  word-break: break-all;
-}
-table.footable-details > tbody > tr:first-child > td,
-table.footable-details > tbody > tr:first-child > th,
-table.footable-details > tfoot > tr:first-child > td,
-table.footable-details > tfoot > tr:first-child > th,
-table.footable-details > thead > tr:first-child > td,
-table.footable-details > thead > tr:first-child > th {
-  border-top-width: 0;
-}
-table.footable-details.table-bordered > tbody > tr:first-child > td,
-table.footable-details.table-bordered > tbody > tr:first-child > th,
-table.footable-details.table-bordered > tfoot > tr:first-child > td,
-table.footable-details.table-bordered > tfoot > tr:first-child > th,
-table.footable-details.table-bordered > thead > tr:first-child > td,
-table.footable-details.table-bordered > thead > tr:first-child > th {
-  border-top-width: 1px;
-}
-div.footable-loader {
-  vertical-align: middle;
-  text-align: center;
-  height: 300px;
-  position: relative;
-}
-div.footable-loader > span.fooicon {
-  display: inline-block;
-  opacity: 0.3;
-  font-size: 30px;
-  line-height: 32px;
-  width: 32px;
-  height: 32px;
-  margin-top: -16px;
-  margin-left: -16px;
-  position: absolute;
-  top: 50%;
-  left: 50%;
-  -webkit-animation: fooicon-spin-r 2s infinite linear;
-  animation: fooicon-spin-r 2s infinite linear;
-}
-table.footable > tbody > tr.footable-empty > td {
-  vertical-align: middle;
-  text-align: center;
-  font-size: 30px;
-}
-table.footable > tbody > tr > td,
-table.footable > tbody > tr > th {
-  display: none;
-}
-table.footable > tbody > tr.footable-detail-row > td,
-table.footable > tbody > tr.footable-detail-row > th,
-table.footable > tbody > tr.footable-empty > td,
-table.footable > tbody > tr.footable-empty > th {
-  display: table-cell;
-}
-@-webkit-keyframes fooicon-spin-r {
-  0% {
-    -webkit-transform: rotate(0);
-    transform: rotate(0);
-  }
-  100% {
-    -webkit-transform: rotate(359deg);
-    transform: rotate(359deg);
-  }
-}
-@keyframes fooicon-spin-r {
-  0% {
-    -webkit-transform: rotate(0);
-    transform: rotate(0);
-  }
-  100% {
-    -webkit-transform: rotate(359deg);
-    transform: rotate(359deg);
-  }
-}
-.fooicon {
-  position: relative;
-  top: 0px;
-  display: inline-block;
-  font-family: "bootstrap-icons" !important;
-  font-style: normal;
-  font-weight: 400;
-  line-height: 1;
-  -webkit-font-smoothing: antialiased;
-  -moz-osx-font-smoothing: grayscale;
-}
-@-moz-document url-prefix() {
-  .fooicon {
-    top: 2px;
-  }
-}
-.fooicon:after,
-.fooicon:before {
-  -webkit-box-sizing: border-box;
-  -moz-box-sizing: border-box;
-  box-sizing: border-box;
-}
-.fooicon-loader:before {
-  content: "\f130";
-}
-.fooicon-plus:before {
-  content: "\f4fc";
-}
-.fooicon-minus:before {
-  content: "\f2e8";
-}
-.fooicon-search:before {
-  content: "\f52a";
-}
-.fooicon-remove:before {
-  content: "\f62a";
-}
-.fooicon-sort:before {
-  content: "\f3c6";
-}
-.fooicon-sort-asc:before {
-  content: "\f575";
-}
-.fooicon-sort-desc:before {
-  content: "\f57b";
-}
-.fooicon-pencil:before {
-  content: "\f4c9";
-}
-.fooicon-trash:before {
-  content: "\f62a";
-}
-.fooicon-eye-close:before {
-  content: "\f33f";
-}
-.fooicon-flash:before {
-  content: "\f46e";
-}
-.fooicon-cog:before {
-  content: "\f3e2";
-}
-.fooicon-stats:before {
-  content: "\f359";
-}
-table.footable > thead > tr.footable-filtering > th {
-  border-bottom-width: 1px;
-  font-weight: 400;
-}
-.footable-filtering-external.footable-filtering-right,
-table.footable.footable-filtering-right > thead > tr.footable-filtering > th,
-table.footable > thead > tr.footable-filtering > th {
-  text-align: right;
-}
-.footable-filtering-external.footable-filtering-left,
-table.footable.footable-filtering-left > thead > tr.footable-filtering > th {
-  text-align: left;
-}
-.footable-filtering-external.footable-filtering-center,
-.footable-paging-external.footable-paging-center,
-table.footable-paging-center > tfoot > tr.footable-paging > td,
-table.footable.footable-filtering-center > thead > tr.footable-filtering > th,
-table.footable > tfoot > tr.footable-paging > td {
-  text-align: center;
-}
-table.footable > thead > tr.footable-filtering > th div.form-group + div.form-group {
-  margin-top: 5px;
-}
-table.footable > thead > tr.footable-filtering > th div.input-group {
-  width: 100%;
-}
-.footable-filtering-external ul.dropdown-menu > li > a.checkbox,
-table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox {
-  margin: 0;
-  display: block;
-  position: relative;
-}
-.footable-filtering-external ul.dropdown-menu > li > a.checkbox > label,
-table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox > label {
-  display: block;
-  padding-left: 20px;
-}
-.footable-filtering-external ul.dropdown-menu > li > a.checkbox input[type="checkbox"],
-table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox input[type="checkbox"] {
-  position: absolute;
-  margin-left: -20px;
-}
-@media (min-width: 768px) {
-  table.footable > thead > tr.footable-filtering > th div.input-group {
-    width: auto;
-  }
-  table.footable > thead > tr.footable-filtering > th div.form-group {
-    margin-left: 2px;
-    margin-right: 2px;
-  }
-  table.footable > thead > tr.footable-filtering > th div.form-group + div.form-group {
-    margin-top: 0;
-  }
-}
-table.footable > tbody > tr > td.footable-sortable,
-table.footable > tbody > tr > th.footable-sortable,
-table.footable > tfoot > tr > td.footable-sortable,
-table.footable > tfoot > tr > th.footable-sortable,
-table.footable > thead > tr > td.footable-sortable,
-table.footable > thead > tr > th.footable-sortable {
-  position: relative;
-  padding-right: 30px;
-  cursor: pointer;
-}
-td.footable-sortable > span.fooicon,
-th.footable-sortable > span.fooicon {
-  position: absolute;
-  right: 6px;
-  top: 50%;
-  margin-top: -7px;
-  opacity: 0;
-  transition: opacity 0.3s ease-in;
-}
-td.footable-sortable.footable-asc > span.fooicon,
-td.footable-sortable.footable-desc > span.fooicon,
-td.footable-sortable:hover > span.fooicon,
-th.footable-sortable.footable-asc > span.fooicon,
-th.footable-sortable.footable-desc > span.fooicon,
-th.footable-sortable:hover > span.fooicon {
-  opacity: 1;
-}
-table.footable-sorting-disabled td.footable-sortable.footable-asc > span.fooicon,
-table.footable-sorting-disabled td.footable-sortable.footable-desc > span.fooicon,
-table.footable-sorting-disabled td.footable-sortable:hover > span.fooicon,
-table.footable-sorting-disabled th.footable-sortable.footable-asc > span.fooicon,
-table.footable-sorting-disabled th.footable-sortable.footable-desc > span.fooicon,
-table.footable-sorting-disabled th.footable-sortable:hover > span.fooicon {
-  opacity: 0;
-  visibility: hidden;
-}
-.footable-paging-external ul.pagination,
-table.footable > tfoot > tr.footable-paging > td > ul.pagination {
-  margin: 10px 0 0;
-}
-.footable-paging-external span.label,
-table.footable > tfoot > tr.footable-paging > td > span.label {
-  display: inline-block;
-  margin: 0 0 10px;
-  padding: 4px 10px;
-}
-.footable-paging-external.footable-paging-left,
-table.footable-paging-left > tfoot > tr.footable-paging > td {
-  text-align: left;
-}
-.footable-paging-external.footable-paging-right,
-table.footable-editing-right td.footable-editing,
-table.footable-editing-right tr.footable-editing,
-table.footable-paging-right > tfoot > tr.footable-paging > td {
-  text-align: right;
-}
-ul.pagination > li.footable-page {
-  display: none;
-}
-ul.pagination > li.footable-page.visible {
-  display: inline;
-}
-td.footable-editing {
-  width: 90px;
-  max-width: 90px;
-}
-table.footable-editing-no-delete td.footable-editing,
-table.footable-editing-no-edit td.footable-editing,
-table.footable-editing-no-view td.footable-editing {
-  width: 70px;
-  max-width: 70px;
-}
-table.footable-editing-no-delete.footable-editing-no-view td.footable-editing,
-table.footable-editing-no-edit.footable-editing-no-delete td.footable-editing,
-table.footable-editing-no-edit.footable-editing-no-view td.footable-editing {
-  width: 50px;
-  max-width: 50px;
-}
-table.footable-editing-no-edit.footable-editing-no-delete.footable-editing-no-view td.footable-editing,
-table.footable-editing-no-edit.footable-editing-no-delete.footable-editing-no-view th.footable-editing {
-  width: 0;
-  max-width: 0;
-  display: none !important;
-}
-table.footable-editing-left td.footable-editing,
-table.footable-editing-left tr.footable-editing {
-  text-align: left;
-}
-table.footable-editing button.footable-add,
-table.footable-editing button.footable-hide,
-table.footable-editing-show button.footable-show,
-table.footable-editing.footable-editing-always-show button.footable-hide,
-table.footable-editing.footable-editing-always-show button.footable-show,
-table.footable-editing.footable-editing-always-show.footable-editing-no-add tr.footable-editing {
-  display: none;
-}
-table.footable-editing.footable-editing-always-show button.footable-add,
-table.footable-editing.footable-editing-show button.footable-add,
-table.footable-editing.footable-editing-show button.footable-hide {
-  display: inline-block;
-}

data/web/css/build/011-datatables.css

@@ -0,0 +1,691 @@
+/*
+ * This combined file was created by the DataTables downloader builder:
+ *   https://datatables.net/download
+ *
+ * To rebuild or modify this file with the latest versions of the included
+ * software please visit:
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
+ *
+ * Included libraries:
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
+ */
+
+@charset "UTF-8";
+table.dataTable td.dt-control {
+  text-align: center;
+  cursor: pointer;
+}
+table.dataTable td.dt-control:before {
+  height: 1em;
+  width: 1em;
+  margin-top: -9px;
+  display: inline-block;
+  color: white;
+  border: 0.15em solid white;
+  border-radius: 1em;
+  box-shadow: 0 0 0.2em #444;
+  box-sizing: content-box;
+  text-align: center;
+  text-indent: 0 !important;
+  font-family: "Courier New", Courier, monospace;
+  line-height: 1em;
+  content: "+";
+  background-color: #31b131;
+}
+table.dataTable tr.dt-hasChild td.dt-control:before {
+  content: "-";
+  background-color: #d33333;
+}
+
+table.dataTable thead > tr > th.sorting, table.dataTable thead > tr > th.sorting_asc, table.dataTable thead > tr > th.sorting_desc, table.dataTable thead > tr > th.sorting_asc_disabled, table.dataTable thead > tr > th.sorting_desc_disabled,
+table.dataTable thead > tr > td.sorting,
+table.dataTable thead > tr > td.sorting_asc,
+table.dataTable thead > tr > td.sorting_desc,
+table.dataTable thead > tr > td.sorting_asc_disabled,
+table.dataTable thead > tr > td.sorting_desc_disabled {
+  cursor: pointer;
+  position: relative;
+  padding-right: 26px;
+}
+table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:after,
+table.dataTable thead > tr > td.sorting:before,
+table.dataTable thead > tr > td.sorting:after,
+table.dataTable thead > tr > td.sorting_asc:before,
+table.dataTable thead > tr > td.sorting_asc:after,
+table.dataTable thead > tr > td.sorting_desc:before,
+table.dataTable thead > tr > td.sorting_desc:after,
+table.dataTable thead > tr > td.sorting_asc_disabled:before,
+table.dataTable thead > tr > td.sorting_asc_disabled:after,
+table.dataTable thead > tr > td.sorting_desc_disabled:before,
+table.dataTable thead > tr > td.sorting_desc_disabled:after {
+  position: absolute;
+  display: block;
+  opacity: 0.125;
+  right: 10px;
+  line-height: 9px;
+  font-size: 0.8em;
+}
+table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:before,
+table.dataTable thead > tr > td.sorting:before,
+table.dataTable thead > tr > td.sorting_asc:before,
+table.dataTable thead > tr > td.sorting_desc:before,
+table.dataTable thead > tr > td.sorting_asc_disabled:before,
+table.dataTable thead > tr > td.sorting_desc_disabled:before {
+  bottom: 50%;
+  content: "▲";
+}
+table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:after,
+table.dataTable thead > tr > td.sorting:after,
+table.dataTable thead > tr > td.sorting_asc:after,
+table.dataTable thead > tr > td.sorting_desc:after,
+table.dataTable thead > tr > td.sorting_asc_disabled:after,
+table.dataTable thead > tr > td.sorting_desc_disabled:after {
+  top: 50%;
+  content: "▼";
+}
+table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:after,
+table.dataTable thead > tr > td.sorting_asc:before,
+table.dataTable thead > tr > td.sorting_desc:after {
+  opacity: 0.6;
+}
+table.dataTable thead > tr > th.sorting_desc_disabled:after, table.dataTable thead > tr > th.sorting_asc_disabled:before,
+table.dataTable thead > tr > td.sorting_desc_disabled:after,
+table.dataTable thead > tr > td.sorting_asc_disabled:before {
+  display: none;
+}
+table.dataTable thead > tr > th:active,
+table.dataTable thead > tr > td:active {
+  outline: none;
+}
+
+div.dataTables_scrollBody table.dataTable thead > tr > th:before, div.dataTables_scrollBody table.dataTable thead > tr > th:after,
+div.dataTables_scrollBody table.dataTable thead > tr > td:before,
+div.dataTables_scrollBody table.dataTable thead > tr > td:after {
+  display: none;
+}
+
+div.dataTables_processing {
+  position: absolute;
+  top: 50%;
+  left: 50%;
+  width: 200px;
+  margin-left: -100px;
+  margin-top: -26px;
+  text-align: center;
+  padding: 2px;
+}
+div.dataTables_processing > div:last-child {
+  position: relative;
+  width: 80px;
+  height: 15px;
+  margin: 1em auto;
+}
+div.dataTables_processing > div:last-child > div {
+  position: absolute;
+  top: 0;
+  width: 13px;
+  height: 13px;
+  border-radius: 50%;
+  background: rgba(13, 110, 253, 0.9);
+  animation-timing-function: cubic-bezier(0, 1, 1, 0);
+}
+div.dataTables_processing > div:last-child > div:nth-child(1) {
+  left: 8px;
+  animation: datatables-loader-1 0.6s infinite;
+}
+div.dataTables_processing > div:last-child > div:nth-child(2) {
+  left: 8px;
+  animation: datatables-loader-2 0.6s infinite;
+}
+div.dataTables_processing > div:last-child > div:nth-child(3) {
+  left: 32px;
+  animation: datatables-loader-2 0.6s infinite;
+}
+div.dataTables_processing > div:last-child > div:nth-child(4) {
+  left: 56px;
+  animation: datatables-loader-3 0.6s infinite;
+}
+
+@keyframes datatables-loader-1 {
+  0% {
+    transform: scale(0);
+  }
+  100% {
+    transform: scale(1);
+  }
+}
+@keyframes datatables-loader-3 {
+  0% {
+    transform: scale(1);
+  }
+  100% {
+    transform: scale(0);
+  }
+}
+@keyframes datatables-loader-2 {
+  0% {
+    transform: translate(0, 0);
+  }
+  100% {
+    transform: translate(24px, 0);
+  }
+}
+table.dataTable.nowrap th, table.dataTable.nowrap td {
+  white-space: nowrap;
+}
+table.dataTable th.dt-left,
+table.dataTable td.dt-left {
+  text-align: left;
+}
+table.dataTable th.dt-center,
+table.dataTable td.dt-center,
+table.dataTable td.dataTables_empty {
+  text-align: center;
+}
+table.dataTable th.dt-right,
+table.dataTable td.dt-right {
+  text-align: right;
+}
+table.dataTable th.dt-justify,
+table.dataTable td.dt-justify {
+  text-align: justify;
+}
+table.dataTable th.dt-nowrap,
+table.dataTable td.dt-nowrap {
+  white-space: nowrap;
+}
+table.dataTable thead th,
+table.dataTable thead td,
+table.dataTable tfoot th,
+table.dataTable tfoot td {
+  text-align: left;
+}
+table.dataTable thead th.dt-head-left,
+table.dataTable thead td.dt-head-left,
+table.dataTable tfoot th.dt-head-left,
+table.dataTable tfoot td.dt-head-left {
+  text-align: left;
+}
+table.dataTable thead th.dt-head-center,
+table.dataTable thead td.dt-head-center,
+table.dataTable tfoot th.dt-head-center,
+table.dataTable tfoot td.dt-head-center {
+  text-align: center;
+}
+table.dataTable thead th.dt-head-right,
+table.dataTable thead td.dt-head-right,
+table.dataTable tfoot th.dt-head-right,
+table.dataTable tfoot td.dt-head-right {
+  text-align: right;
+}
+table.dataTable thead th.dt-head-justify,
+table.dataTable thead td.dt-head-justify,
+table.dataTable tfoot th.dt-head-justify,
+table.dataTable tfoot td.dt-head-justify {
+  text-align: justify;
+}
+table.dataTable thead th.dt-head-nowrap,
+table.dataTable thead td.dt-head-nowrap,
+table.dataTable tfoot th.dt-head-nowrap,
+table.dataTable tfoot td.dt-head-nowrap {
+  white-space: nowrap;
+}
+table.dataTable tbody th.dt-body-left,
+table.dataTable tbody td.dt-body-left {
+  text-align: left;
+}
+table.dataTable tbody th.dt-body-center,
+table.dataTable tbody td.dt-body-center {
+  text-align: center;
+}
+table.dataTable tbody th.dt-body-right,
+table.dataTable tbody td.dt-body-right {
+  text-align: right;
+}
+table.dataTable tbody th.dt-body-justify,
+table.dataTable tbody td.dt-body-justify {
+  text-align: justify;
+}
+table.dataTable tbody th.dt-body-nowrap,
+table.dataTable tbody td.dt-body-nowrap {
+  white-space: nowrap;
+}
+
+/*! Bootstrap 5 integration for DataTables
+ *
+ * ©2020 SpryMedia Ltd, all rights reserved.
+ * License: MIT datatables.net/license/mit
+ */
+table.dataTable {
+  clear: both;
+  margin-top: 6px !important;
+  margin-bottom: 6px !important;
+  max-width: none !important;
+  border-collapse: separate !important;
+  border-spacing: 0;
+}
+table.dataTable td,
+table.dataTable th {
+  -webkit-box-sizing: content-box;
+  box-sizing: content-box;
+}
+table.dataTable td.dataTables_empty,
+table.dataTable th.dataTables_empty {
+  text-align: center;
+}
+table.dataTable.nowrap th,
+table.dataTable.nowrap td {
+  white-space: nowrap;
+}
+table.dataTable.table-striped > tbody > tr:nth-of-type(2n+1) > * {
+  box-shadow: none;
+}
+table.dataTable > tbody > tr {
+  background-color: transparent;
+}
+table.dataTable > tbody > tr.selected > * {
+  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9);
+  color: white;
+}
+table.dataTable > tbody > tr.selected a {
+  color: #090a0b;
+}
+table.dataTable.table-striped > tbody > tr.odd > * {
+  box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05);
+}
+table.dataTable.table-striped > tbody > tr.odd.selected > * {
+  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.95);
+}
+table.dataTable.table-hover > tbody > tr:hover > * {
+  box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.075);
+}
+table.dataTable.table-hover > tbody > tr.selected:hover > * {
+  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.975);
+}
+
+div.dataTables_wrapper div.dataTables_length label {
+  font-weight: normal;
+  text-align: left;
+  white-space: nowrap;
+}
+div.dataTables_wrapper div.dataTables_length select {
+  width: auto;
+  display: inline-block;
+}
+div.dataTables_wrapper div.dataTables_filter {
+  text-align: right;
+}
+div.dataTables_wrapper div.dataTables_filter label {
+  font-weight: normal;
+  white-space: nowrap;
+  text-align: left;
+}
+div.dataTables_wrapper div.dataTables_filter input {
+  margin-left: 0.5em;
+  display: inline-block;
+  width: auto;
+}
+div.dataTables_wrapper div.dataTables_info {
+  padding-top: 0.85em;
+}
+div.dataTables_wrapper div.dataTables_paginate {
+  margin: 0;
+  white-space: nowrap;
+  text-align: right;
+}
+div.dataTables_wrapper div.dataTables_paginate ul.pagination {
+  margin: 2px 0;
+  white-space: nowrap;
+  justify-content: flex-end;
+}
+div.dataTables_wrapper div.dt-row {
+  position: relative;
+}
+
+div.dataTables_wrapper span.sorting-value {
+  display: none;
+}
+
+div.dataTables_scrollHead table.dataTable {
+  margin-bottom: 0 !important;
+}
+
+div.dataTables_scrollBody > table {
+  border-top: none;
+  margin-top: 0 !important;
+  margin-bottom: 0 !important;
+}
+div.dataTables_scrollBody > table > thead .sorting:before,
+div.dataTables_scrollBody > table > thead .sorting_asc:before,
+div.dataTables_scrollBody > table > thead .sorting_desc:before,
+div.dataTables_scrollBody > table > thead .sorting:after,
+div.dataTables_scrollBody > table > thead .sorting_asc:after,
+div.dataTables_scrollBody > table > thead .sorting_desc:after {
+  display: none;
+}
+div.dataTables_scrollBody > table > tbody tr:first-child th,
+div.dataTables_scrollBody > table > tbody tr:first-child td {
+  border-top: none;
+}
+
+div.dataTables_scrollFoot > .dataTables_scrollFootInner {
+  box-sizing: content-box;
+}
+div.dataTables_scrollFoot > .dataTables_scrollFootInner > table {
+  margin-top: 0 !important;
+  border-top: none;
+}
+
+@media screen and (max-width: 767px) {
+  div.dataTables_wrapper div.dataTables_length,
+div.dataTables_wrapper div.dataTables_filter,
+div.dataTables_wrapper div.dataTables_info,
+div.dataTables_wrapper div.dataTables_paginate {
+    text-align: center;
+  }
+  div.dataTables_wrapper div.dataTables_paginate ul.pagination {
+    justify-content: center !important;
+  }
+}
+table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) {
+  padding-right: 20px;
+}
+
+table.table-bordered.dataTable {
+  border-right-width: 0;
+}
+table.table-bordered.dataTable thead tr:first-child th,
+table.table-bordered.dataTable thead tr:first-child td {
+  border-top-width: 1px;
+}
+table.table-bordered.dataTable th,
+table.table-bordered.dataTable td {
+  border-left-width: 0;
+}
+table.table-bordered.dataTable th:first-child, table.table-bordered.dataTable th:first-child,
+table.table-bordered.dataTable td:first-child,
+table.table-bordered.dataTable td:first-child {
+  border-left-width: 1px;
+}
+table.table-bordered.dataTable th:last-child, table.table-bordered.dataTable th:last-child,
+table.table-bordered.dataTable td:last-child,
+table.table-bordered.dataTable td:last-child {
+  border-right-width: 1px;
+}
+table.table-bordered.dataTable th,
+table.table-bordered.dataTable td {
+  border-bottom-width: 1px;
+}
+
+div.dataTables_scrollHead table.table-bordered {
+  border-bottom-width: 0;
+}
+
+div.table-responsive > div.dataTables_wrapper > div.row {
+  margin: 0;
+}
+div.table-responsive > div.dataTables_wrapper > div.row > div[class^=col-]:first-child {
+  padding-left: 0;
+}
+div.table-responsive > div.dataTables_wrapper > div.row > div[class^=col-]:last-child {
+  padding-right: 0;
+}
+
+
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.child,
+table.dataTable.dtr-inline.collapsed > tbody > tr > th.child,
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.dataTables_empty {
+  cursor: default !important;
+}
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.child:before,
+table.dataTable.dtr-inline.collapsed > tbody > tr > th.child:before,
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.dataTables_empty:before {
+  display: none !important;
+}
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.dtr-control,
+table.dataTable.dtr-inline.collapsed > tbody > tr > th.dtr-control {
+  position: relative;
+  padding-left: 30px;
+  cursor: pointer;
+}
+table.dataTable.dtr-inline.collapsed > tbody > tr > td.dtr-control:before,
+table.dataTable.dtr-inline.collapsed > tbody > tr > th.dtr-control:before {
+  top: 50%;
+  left: 5px;
+  height: 1em;
+  width: 1em;
+  margin-top: -9px;
+  display: block;
+  position: absolute;
+  color: white;
+  border: 0.15em solid white;
+  border-radius: 1em;
+  box-shadow: 0 0 0.2em #444;
+  box-sizing: content-box;
+  text-align: center;
+  text-indent: 0 !important;
+  font-family: "Courier New", Courier, monospace;
+  line-height: 1em;
+  content: "+";
+  background-color: #0d6efd;
+}
+table.dataTable.dtr-inline.collapsed > tbody > tr.parent > td.dtr-control:before,
+table.dataTable.dtr-inline.collapsed > tbody > tr.parent > th.dtr-control:before {
+  content: "-";
+  background-color: #d33333;
+}
+table.dataTable.dtr-inline.collapsed.compact > tbody > tr > td.dtr-control,
+table.dataTable.dtr-inline.collapsed.compact > tbody > tr > th.dtr-control {
+  padding-left: 27px;
+}
+table.dataTable.dtr-inline.collapsed.compact > tbody > tr > td.dtr-control:before,
+table.dataTable.dtr-inline.collapsed.compact > tbody > tr > th.dtr-control:before {
+  left: 4px;
+  height: 14px;
+  width: 14px;
+  border-radius: 14px;
+  line-height: 14px;
+  text-indent: 3px;
+}
+table.dataTable.dtr-column > tbody > tr > td.dtr-control,
+table.dataTable.dtr-column > tbody > tr > th.dtr-control,
+table.dataTable.dtr-column > tbody > tr > td.control,
+table.dataTable.dtr-column > tbody > tr > th.control {
+  position: relative;
+  cursor: pointer;
+}
+table.dataTable.dtr-column > tbody > tr > td.dtr-control:before,
+table.dataTable.dtr-column > tbody > tr > th.dtr-control:before,
+table.dataTable.dtr-column > tbody > tr > td.control:before,
+table.dataTable.dtr-column > tbody > tr > th.control:before {
+  top: 50%;
+  left: 50%;
+  height: 0.8em;
+  width: 0.8em;
+  margin-top: -0.5em;
+  margin-left: -0.5em;
+  display: block;
+  position: absolute;
+  color: white;
+  border: 0.15em solid white;
+  border-radius: 1em;
+  box-shadow: 0 0 0.2em #444;
+  box-sizing: content-box;
+  text-align: center;
+  text-indent: 0 !important;
+  font-family: "Courier New", Courier, monospace;
+  line-height: 1em;
+  content: "+";
+  background-color: #0d6efd;
+}
+table.dataTable.dtr-column > tbody > tr.parent td.dtr-control:before,
+table.dataTable.dtr-column > tbody > tr.parent th.dtr-control:before,
+table.dataTable.dtr-column > tbody > tr.parent td.control:before,
+table.dataTable.dtr-column > tbody > tr.parent th.control:before {
+  content: "-";
+  background-color: #d33333;
+}
+table.dataTable > tbody > tr.child {
+  padding: 0.5em 1em;
+}
+table.dataTable > tbody > tr.child:hover {
+  background: transparent !important;
+}
+table.dataTable > tbody > tr.child ul.dtr-details {
+  display: inline-block;
+  list-style-type: none;
+  margin: 0;
+  padding: 0;
+}
+table.dataTable > tbody > tr.child ul.dtr-details > li {
+  border-bottom: 1px solid #efefef;
+  padding: 0.5em 0;
+}
+table.dataTable > tbody > tr.child ul.dtr-details > li:first-child {
+  padding-top: 0;
+}
+table.dataTable > tbody > tr.child ul.dtr-details > li:last-child {
+  border-bottom: none;
+}
+table.dataTable > tbody > tr.child span.dtr-title {
+  display: inline-block;
+  min-width: 75px;
+  font-weight: bold;
+}
+div.dtr-modal {
+  position: fixed;
+  box-sizing: border-box;
+  top: 0;
+  left: 0;
+  height: 100%;
+  width: 100%;
+  z-index: 100;
+  padding: 10em 1em;
+}
+div.dtr-modal div.dtr-modal-display {
+  position: absolute;
+  top: 0;
+  left: 0;
+  bottom: 0;
+  right: 0;
+  width: 50%;
+  height: 50%;
+  overflow: auto;
+  margin: auto;
+  z-index: 102;
+  overflow: auto;
+  background-color: #f5f5f7;
+  border: 1px solid black;
+  border-radius: 0.5em;
+  box-shadow: 0 12px 30px rgba(0, 0, 0, 0.6);
+}
+div.dtr-modal div.dtr-modal-content {
+  position: relative;
+  padding: 1em;
+}
+div.dtr-modal div.dtr-modal-close {
+  position: absolute;
+  top: 6px;
+  right: 6px;
+  width: 22px;
+  height: 22px;
+  border: 1px solid #eaeaea;
+  background-color: #f9f9f9;
+  text-align: center;
+  border-radius: 3px;
+  cursor: pointer;
+  z-index: 12;
+}
+div.dtr-modal div.dtr-modal-close:hover {
+  background-color: #eaeaea;
+}
+div.dtr-modal div.dtr-modal-background {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  z-index: 101;
+  background: rgba(0, 0, 0, 0.6);
+}
+
+@media screen and (max-width: 767px) {
+  div.dtr-modal div.dtr-modal-display {
+    width: 95%;
+  }
+}
+div.dtr-bs-modal table.table tr:first-child td {
+  border-top: none;
+}
+
+table.dataTable.table-bordered th.dtr-control.dtr-hidden + *,
+table.dataTable.table-bordered td.dtr-control.dtr-hidden + * {
+  border-left-width: 1px;
+}
+
+
+table.dataTable > tbody > tr > .selected {
+  background-color: rgba(13, 110, 253, 0.9);
+  color: white;
+}
+table.dataTable > tbody > tr > td.select-checkbox,
+table.dataTable > tbody > tr > th.select-checkbox {
+  position: relative;
+}
+table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after,
+table.dataTable > tbody > tr > th.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:after {
+  display: block;
+  position: absolute;
+  top: 1.2em;
+  left: 50%;
+  width: 12px;
+  height: 12px;
+  box-sizing: border-box;
+}
+table.dataTable > tbody > tr > td.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:before {
+  content: " ";
+  margin-top: -5px;
+  margin-left: -6px;
+  border: 1px solid black;
+  border-radius: 3px;
+}
+table.dataTable > tbody > tr.selected > td.select-checkbox:before,
+table.dataTable > tbody > tr.selected > th.select-checkbox:before {
+  border: 1px solid white;
+}
+table.dataTable > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable > tbody > tr.selected > th.select-checkbox:after {
+  content: "✓";
+  font-size: 20px;
+  margin-top: -19px;
+  margin-left: -6px;
+  text-align: center;
+  text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9;
+}
+table.dataTable.compact > tbody > tr > td.select-checkbox:before,
+table.dataTable.compact > tbody > tr > th.select-checkbox:before {
+  margin-top: -12px;
+}
+table.dataTable.compact > tbody > tr.selected > td.select-checkbox:after,
+table.dataTable.compact > tbody > tr.selected > th.select-checkbox:after {
+  margin-top: -16px;
+}
+
+div.dataTables_wrapper span.select-info,
+div.dataTables_wrapper span.select-item {
+  margin-left: 0.5em;
+}
+
+@media screen and (max-width: 640px) {
+  div.dataTables_wrapper span.select-info,
+div.dataTables_wrapper span.select-item {
+    margin-left: 0;
+    display: block;
+  }
+}
+table.dataTable.table-sm tbody td.select-checkbox::before {
+  margin-top: -9px;
+}
+

data/web/css/build/012-Chart.min.css

@@ -1 +0,0 @@
-@keyframes chartjs-render-animation{from{opacity:.99}to{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}

data/web/css/build/012-bootstrap-icons.css

@@ -1,7 +1,7 @@
 @font-face {
   font-family: "bootstrap-icons";
-  src: url("/fonts/bootstrap-icons.woff2?45695e8b569b2b0178db2713ca47065c") format("woff2"),
-url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff");
+  src: url("/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3") format("woff2"),
+url("/fonts/bootstrap-icons.woff?524846017b983fc8ded9325d94ed40f3") format("woff");
 }
 
 .bi::before,
@@ -19,6 +19,7 @@ url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff
   -moz-osx-font-smoothing: grayscale;
 }
 
+.bi-123::before { content: "\f67f"; }
 .bi-alarm-fill::before { content: "\f101"; }
 .bi-alarm::before { content: "\f102"; }
 .bi-align-bottom::before { content: "\f103"; }
@@ -1425,3 +1426,279 @@ url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff
 .bi-webcam-fill::before { content: "\f67c"; }
 .bi-webcam::before { content: "\f67d"; }
 .bi-yin-yang::before { content: "\f67e"; }
+.bi-bandaid-fill::before { content: "\f680"; }
+.bi-bandaid::before { content: "\f681"; }
+.bi-bluetooth::before { content: "\f682"; }
+.bi-body-text::before { content: "\f683"; }
+.bi-boombox::before { content: "\f684"; }
+.bi-boxes::before { content: "\f685"; }
+.bi-dpad-fill::before { content: "\f686"; }
+.bi-dpad::before { content: "\f687"; }
+.bi-ear-fill::before { content: "\f688"; }
+.bi-ear::before { content: "\f689"; }
+.bi-envelope-check-1::before { content: "\f68a"; }
+.bi-envelope-check-fill::before { content: "\f68b"; }
+.bi-envelope-check::before { content: "\f68c"; }
+.bi-envelope-dash-1::before { content: "\f68d"; }
+.bi-envelope-dash-fill::before { content: "\f68e"; }
+.bi-envelope-dash::before { content: "\f68f"; }
+.bi-envelope-exclamation-1::before { content: "\f690"; }
+.bi-envelope-exclamation-fill::before { content: "\f691"; }
+.bi-envelope-exclamation::before { content: "\f692"; }
+.bi-envelope-plus-fill::before { content: "\f693"; }
+.bi-envelope-plus::before { content: "\f694"; }
+.bi-envelope-slash-1::before { content: "\f695"; }
+.bi-envelope-slash-fill::before { content: "\f696"; }
+.bi-envelope-slash::before { content: "\f697"; }
+.bi-envelope-x-1::before { content: "\f698"; }
+.bi-envelope-x-fill::before { content: "\f699"; }
+.bi-envelope-x::before { content: "\f69a"; }
+.bi-explicit-fill::before { content: "\f69b"; }
+.bi-explicit::before { content: "\f69c"; }
+.bi-git::before { content: "\f69d"; }
+.bi-infinity::before { content: "\f69e"; }
+.bi-list-columns-reverse::before { content: "\f69f"; }
+.bi-list-columns::before { content: "\f6a0"; }
+.bi-meta::before { content: "\f6a1"; }
+.bi-mortorboard-fill::before { content: "\f6a2"; }
+.bi-mortorboard::before { content: "\f6a3"; }
+.bi-nintendo-switch::before { content: "\f6a4"; }
+.bi-pc-display-horizontal::before { content: "\f6a5"; }
+.bi-pc-display::before { content: "\f6a6"; }
+.bi-pc-horizontal::before { content: "\f6a7"; }
+.bi-pc::before { content: "\f6a8"; }
+.bi-playstation::before { content: "\f6a9"; }
+.bi-plus-slash-minus::before { content: "\f6aa"; }
+.bi-projector-fill::before { content: "\f6ab"; }
+.bi-projector::before { content: "\f6ac"; }
+.bi-qr-code-scan::before { content: "\f6ad"; }
+.bi-qr-code::before { content: "\f6ae"; }
+.bi-quora::before { content: "\f6af"; }
+.bi-quote::before { content: "\f6b0"; }
+.bi-robot::before { content: "\f6b1"; }
+.bi-send-check-fill::before { content: "\f6b2"; }
+.bi-send-check::before { content: "\f6b3"; }
+.bi-send-dash-fill::before { content: "\f6b4"; }
+.bi-send-dash::before { content: "\f6b5"; }
+.bi-send-exclamation-1::before { content: "\f6b6"; }
+.bi-send-exclamation-fill::before { content: "\f6b7"; }
+.bi-send-exclamation::before { content: "\f6b8"; }
+.bi-send-fill::before { content: "\f6b9"; }
+.bi-send-plus-fill::before { content: "\f6ba"; }
+.bi-send-plus::before { content: "\f6bb"; }
+.bi-send-slash-fill::before { content: "\f6bc"; }
+.bi-send-slash::before { content: "\f6bd"; }
+.bi-send-x-fill::before { content: "\f6be"; }
+.bi-send-x::before { content: "\f6bf"; }
+.bi-send::before { content: "\f6c0"; }
+.bi-steam::before { content: "\f6c1"; }
+.bi-terminal-dash-1::before { content: "\f6c2"; }
+.bi-terminal-dash::before { content: "\f6c3"; }
+.bi-terminal-plus::before { content: "\f6c4"; }
+.bi-terminal-split::before { content: "\f6c5"; }
+.bi-ticket-detailed-fill::before { content: "\f6c6"; }
+.bi-ticket-detailed::before { content: "\f6c7"; }
+.bi-ticket-fill::before { content: "\f6c8"; }
+.bi-ticket-perforated-fill::before { content: "\f6c9"; }
+.bi-ticket-perforated::before { content: "\f6ca"; }
+.bi-ticket::before { content: "\f6cb"; }
+.bi-tiktok::before { content: "\f6cc"; }
+.bi-window-dash::before { content: "\f6cd"; }
+.bi-window-desktop::before { content: "\f6ce"; }
+.bi-window-fullscreen::before { content: "\f6cf"; }
+.bi-window-plus::before { content: "\f6d0"; }
+.bi-window-split::before { content: "\f6d1"; }
+.bi-window-stack::before { content: "\f6d2"; }
+.bi-window-x::before { content: "\f6d3"; }
+.bi-xbox::before { content: "\f6d4"; }
+.bi-ethernet::before { content: "\f6d5"; }
+.bi-hdmi-fill::before { content: "\f6d6"; }
+.bi-hdmi::before { content: "\f6d7"; }
+.bi-usb-c-fill::before { content: "\f6d8"; }
+.bi-usb-c::before { content: "\f6d9"; }
+.bi-usb-fill::before { content: "\f6da"; }
+.bi-usb-plug-fill::before { content: "\f6db"; }
+.bi-usb-plug::before { content: "\f6dc"; }
+.bi-usb-symbol::before { content: "\f6dd"; }
+.bi-usb::before { content: "\f6de"; }
+.bi-boombox-fill::before { content: "\f6df"; }
+.bi-displayport-1::before { content: "\f6e0"; }
+.bi-displayport::before { content: "\f6e1"; }
+.bi-gpu-card::before { content: "\f6e2"; }
+.bi-memory::before { content: "\f6e3"; }
+.bi-modem-fill::before { content: "\f6e4"; }
+.bi-modem::before { content: "\f6e5"; }
+.bi-motherboard-fill::before { content: "\f6e6"; }
+.bi-motherboard::before { content: "\f6e7"; }
+.bi-optical-audio-fill::before { content: "\f6e8"; }
+.bi-optical-audio::before { content: "\f6e9"; }
+.bi-pci-card::before { content: "\f6ea"; }
+.bi-router-fill::before { content: "\f6eb"; }
+.bi-router::before { content: "\f6ec"; }
+.bi-ssd-fill::before { content: "\f6ed"; }
+.bi-ssd::before { content: "\f6ee"; }
+.bi-thunderbolt-fill::before { content: "\f6ef"; }
+.bi-thunderbolt::before { content: "\f6f0"; }
+.bi-usb-drive-fill::before { content: "\f6f1"; }
+.bi-usb-drive::before { content: "\f6f2"; }
+.bi-usb-micro-fill::before { content: "\f6f3"; }
+.bi-usb-micro::before { content: "\f6f4"; }
+.bi-usb-mini-fill::before { content: "\f6f5"; }
+.bi-usb-mini::before { content: "\f6f6"; }
+.bi-cloud-haze2::before { content: "\f6f7"; }
+.bi-device-hdd-fill::before { content: "\f6f8"; }
+.bi-device-hdd::before { content: "\f6f9"; }
+.bi-device-ssd-fill::before { content: "\f6fa"; }
+.bi-device-ssd::before { content: "\f6fb"; }
+.bi-displayport-fill::before { content: "\f6fc"; }
+.bi-mortarboard-fill::before { content: "\f6fd"; }
+.bi-mortarboard::before { content: "\f6fe"; }
+.bi-terminal-x::before { content: "\f6ff"; }
+.bi-arrow-through-heart-fill::before { content: "\f700"; }
+.bi-arrow-through-heart::before { content: "\f701"; }
+.bi-badge-sd-fill::before { content: "\f702"; }
+.bi-badge-sd::before { content: "\f703"; }
+.bi-bag-heart-fill::before { content: "\f704"; }
+.bi-bag-heart::before { content: "\f705"; }
+.bi-balloon-fill::before { content: "\f706"; }
+.bi-balloon-heart-fill::before { content: "\f707"; }
+.bi-balloon-heart::before { content: "\f708"; }
+.bi-balloon::before { content: "\f709"; }
+.bi-box2-fill::before { content: "\f70a"; }
+.bi-box2-heart-fill::before { content: "\f70b"; }
+.bi-box2-heart::before { content: "\f70c"; }
+.bi-box2::before { content: "\f70d"; }
+.bi-braces-asterisk::before { content: "\f70e"; }
+.bi-calendar-heart-fill::before { content: "\f70f"; }
+.bi-calendar-heart::before { content: "\f710"; }
+.bi-calendar2-heart-fill::before { content: "\f711"; }
+.bi-calendar2-heart::before { content: "\f712"; }
+.bi-chat-heart-fill::before { content: "\f713"; }
+.bi-chat-heart::before { content: "\f714"; }
+.bi-chat-left-heart-fill::before { content: "\f715"; }
+.bi-chat-left-heart::before { content: "\f716"; }
+.bi-chat-right-heart-fill::before { content: "\f717"; }
+.bi-chat-right-heart::before { content: "\f718"; }
+.bi-chat-square-heart-fill::before { content: "\f719"; }
+.bi-chat-square-heart::before { content: "\f71a"; }
+.bi-clipboard-check-fill::before { content: "\f71b"; }
+.bi-clipboard-data-fill::before { content: "\f71c"; }
+.bi-clipboard-fill::before { content: "\f71d"; }
+.bi-clipboard-heart-fill::before { content: "\f71e"; }
+.bi-clipboard-heart::before { content: "\f71f"; }
+.bi-clipboard-minus-fill::before { content: "\f720"; }
+.bi-clipboard-plus-fill::before { content: "\f721"; }
+.bi-clipboard-pulse::before { content: "\f722"; }
+.bi-clipboard-x-fill::before { content: "\f723"; }
+.bi-clipboard2-check-fill::before { content: "\f724"; }
+.bi-clipboard2-check::before { content: "\f725"; }
+.bi-clipboard2-data-fill::before { content: "\f726"; }
+.bi-clipboard2-data::before { content: "\f727"; }
+.bi-clipboard2-fill::before { content: "\f728"; }
+.bi-clipboard2-heart-fill::before { content: "\f729"; }
+.bi-clipboard2-heart::before { content: "\f72a"; }
+.bi-clipboard2-minus-fill::before { content: "\f72b"; }
+.bi-clipboard2-minus::before { content: "\f72c"; }
+.bi-clipboard2-plus-fill::before { content: "\f72d"; }
+.bi-clipboard2-plus::before { content: "\f72e"; }
+.bi-clipboard2-pulse-fill::before { content: "\f72f"; }
+.bi-clipboard2-pulse::before { content: "\f730"; }
+.bi-clipboard2-x-fill::before { content: "\f731"; }
+.bi-clipboard2-x::before { content: "\f732"; }
+.bi-clipboard2::before { content: "\f733"; }
+.bi-emoji-kiss-fill::before { content: "\f734"; }
+.bi-emoji-kiss::before { content: "\f735"; }
+.bi-envelope-heart-fill::before { content: "\f736"; }
+.bi-envelope-heart::before { content: "\f737"; }
+.bi-envelope-open-heart-fill::before { content: "\f738"; }
+.bi-envelope-open-heart::before { content: "\f739"; }
+.bi-envelope-paper-fill::before { content: "\f73a"; }
+.bi-envelope-paper-heart-fill::before { content: "\f73b"; }
+.bi-envelope-paper-heart::before { content: "\f73c"; }
+.bi-envelope-paper::before { content: "\f73d"; }
+.bi-filetype-aac::before { content: "\f73e"; }
+.bi-filetype-ai::before { content: "\f73f"; }
+.bi-filetype-bmp::before { content: "\f740"; }
+.bi-filetype-cs::before { content: "\f741"; }
+.bi-filetype-css::before { content: "\f742"; }
+.bi-filetype-csv::before { content: "\f743"; }
+.bi-filetype-doc::before { content: "\f744"; }
+.bi-filetype-docx::before { content: "\f745"; }
+.bi-filetype-exe::before { content: "\f746"; }
+.bi-filetype-gif::before { content: "\f747"; }
+.bi-filetype-heic::before { content: "\f748"; }
+.bi-filetype-html::before { content: "\f749"; }
+.bi-filetype-java::before { content: "\f74a"; }
+.bi-filetype-jpg::before { content: "\f74b"; }
+.bi-filetype-js::before { content: "\f74c"; }
+.bi-filetype-jsx::before { content: "\f74d"; }
+.bi-filetype-key::before { content: "\f74e"; }
+.bi-filetype-m4p::before { content: "\f74f"; }
+.bi-filetype-md::before { content: "\f750"; }
+.bi-filetype-mdx::before { content: "\f751"; }
+.bi-filetype-mov::before { content: "\f752"; }
+.bi-filetype-mp3::before { content: "\f753"; }
+.bi-filetype-mp4::before { content: "\f754"; }
+.bi-filetype-otf::before { content: "\f755"; }
+.bi-filetype-pdf::before { content: "\f756"; }
+.bi-filetype-php::before { content: "\f757"; }
+.bi-filetype-png::before { content: "\f758"; }
+.bi-filetype-ppt-1::before { content: "\f759"; }
+.bi-filetype-ppt::before { content: "\f75a"; }
+.bi-filetype-psd::before { content: "\f75b"; }
+.bi-filetype-py::before { content: "\f75c"; }
+.bi-filetype-raw::before { content: "\f75d"; }
+.bi-filetype-rb::before { content: "\f75e"; }
+.bi-filetype-sass::before { content: "\f75f"; }
+.bi-filetype-scss::before { content: "\f760"; }
+.bi-filetype-sh::before { content: "\f761"; }
+.bi-filetype-svg::before { content: "\f762"; }
+.bi-filetype-tiff::before { content: "\f763"; }
+.bi-filetype-tsx::before { content: "\f764"; }
+.bi-filetype-ttf::before { content: "\f765"; }
+.bi-filetype-txt::before { content: "\f766"; }
+.bi-filetype-wav::before { content: "\f767"; }
+.bi-filetype-woff::before { content: "\f768"; }
+.bi-filetype-xls-1::before { content: "\f769"; }
+.bi-filetype-xls::before { content: "\f76a"; }
+.bi-filetype-xml::before { content: "\f76b"; }
+.bi-filetype-yml::before { content: "\f76c"; }
+.bi-heart-arrow::before { content: "\f76d"; }
+.bi-heart-pulse-fill::before { content: "\f76e"; }
+.bi-heart-pulse::before { content: "\f76f"; }
+.bi-heartbreak-fill::before { content: "\f770"; }
+.bi-heartbreak::before { content: "\f771"; }
+.bi-hearts::before { content: "\f772"; }
+.bi-hospital-fill::before { content: "\f773"; }
+.bi-hospital::before { content: "\f774"; }
+.bi-house-heart-fill::before { content: "\f775"; }
+.bi-house-heart::before { content: "\f776"; }
+.bi-incognito::before { content: "\f777"; }
+.bi-magnet-fill::before { content: "\f778"; }
+.bi-magnet::before { content: "\f779"; }
+.bi-person-heart::before { content: "\f77a"; }
+.bi-person-hearts::before { content: "\f77b"; }
+.bi-phone-flip::before { content: "\f77c"; }
+.bi-plugin::before { content: "\f77d"; }
+.bi-postage-fill::before { content: "\f77e"; }
+.bi-postage-heart-fill::before { content: "\f77f"; }
+.bi-postage-heart::before { content: "\f780"; }
+.bi-postage::before { content: "\f781"; }
+.bi-postcard-fill::before { content: "\f782"; }
+.bi-postcard-heart-fill::before { content: "\f783"; }
+.bi-postcard-heart::before { content: "\f784"; }
+.bi-postcard::before { content: "\f785"; }
+.bi-search-heart-fill::before { content: "\f786"; }
+.bi-search-heart::before { content: "\f787"; }
+.bi-sliders2-vertical::before { content: "\f788"; }
+.bi-sliders2::before { content: "\f789"; }
+.bi-trash3-fill::before { content: "\f78a"; }
+.bi-trash3::before { content: "\f78b"; }
+.bi-valentine::before { content: "\f78c"; }
+.bi-valentine2::before { content: "\f78d"; }
+.bi-wrench-adjustable-circle-fill::before { content: "\f78e"; }
+.bi-wrench-adjustable-circle::before { content: "\f78f"; }
+.bi-wrench-adjustable::before { content: "\f790"; }
+.bi-filetype-json::before { content: "\f791"; }
+.bi-filetype-pptx::before { content: "\f792"; }
+.bi-filetype-xlsx::before { content: "\f793"; }

data/web/css/build/013-datatables.css

@@ -0,0 +1,98 @@
+.dataTables_info {
+    margin: 15px 0 !important;
+    padding: 0px !important;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+    margin: 15px 0 !important;
+}
+.dtr-details {
+    width: 100%;
+}
+.table-striped>tbody>tr:nth-of-type(odd) {
+    background-color: #F2F2F2;
+}
+td.child>ul>li {
+    display: flex;
+}
+table.dataTable>tbody>tr.child ul.dtr-details>li {
+    border-bottom: 1px solid rgba(0, 0, 0, 0.129);
+    padding: 0.5em 0;
+}
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before:hover {
+    background-color: #5e5e5e;
+}
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before,
+table.dataTable td.dt-control:before {
+    background-color: #979797 !important;
+    border: 1.5px solid #616161 !important;
+    border-radius: 2px !important;
+    color: #fff;
+    height: 1em;
+    width: 1em;
+    line-height: 1.25em;
+    border-radius: 0px;
+    box-shadow: none;
+    font-size: 14px;
+    transition: 0.5s all;
+}
+table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr.parent>th.dtr-control:before,
+table.dataTable td.dt-control:before {
+    background-color: #979797 !important;
+}
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.child, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>th.child, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
+    background-color: #fbfbfb;
+}
+table.dataTable.table-striped>tbody>tr>td {
+    vertical-align: middle;
+}
+table.dataTable.table-striped>tbody>tr>td>input[type="checkbox"] {
+    margin-top: 7px;
+}
+td.dtr-col-lg {
+    min-width: 350px;
+    word-break: break-word;
+}
+td.dtr-col-md {
+    min-width: 250px;
+    word-break: break-word;
+}
+td.dtr-col-sm {
+    min-width: 125px;
+    word-break: break-word;
+}
+.dt-data-w100 .dtr-data {
+    width: 100%;
+}
+li .dtr-data {
+    word-break: break-all;
+    flex: 1;
+    padding-left: 5px;
+    padding-right: 5px;
+}
+table.dataTable>tbody>tr.child span.dtr-title {
+    width: 30%;
+    max-width: 250px;
+}
+
+
+div.dataTables_wrapper div.dataTables_filter {
+    text-align: left;
+}
+div.dataTables_wrapper div.dataTables_length {
+    text-align: right;
+}
+.dataTables_paginate, .dataTables_length, .dataTables_filter {
+    margin: 10px 0!important;
+}
+
+td.dt-text-right {
+    text-align: end !important;
+}
+th.dt-text-right {
+    text-align: end !important;
+}

data/web/css/build/014-mailcow.css

@@ -63,6 +63,17 @@
 .navbar-nav {
   margin: 0;
 }
+.navbar-nav .nav-item {
+  flex-direction: column;
+  display: flex;
+  padding: 0 10px !important;
+}
+.navbar-nav .nav-link {
+  height: 44px;
+  display: flex;
+  align-items: center;
+  padding: 0 10px !important;
+}
 .navbar-fixed-bottom .navbar-collapse, 
 .navbar-fixed-top .navbar-collapse {
   max-height: 1000px
@@ -75,6 +86,12 @@
   display: inline-block;
   font-size: inherit;
 }
+.btn-group-xs > .btn, .btn-xs {
+  padding: .25rem .4rem;
+  font-size: .875rem;
+  line-height: 1rem;
+  border-radius: .2rem;
+}
 .icon-spin {
   animation-name: spin;
   animation-duration: 2000ms;
@@ -105,13 +122,22 @@
     transform: rotate(359deg);
   }
 }
-pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}
-.footable-sortable {
-  -webkit-user-select: none;  
-  -moz-user-select: none;    
-  -ms-user-select: none;      
-  user-select: none;
+@keyframes blink {
+  50% { 
+    color: transparent 
+  }
 }
+.loader-dot { 
+  animation: 1s blink infinite 
+}
+.loader-dot:nth-child(2) { 
+  animation-delay: 250ms 
+}
+.loader-dot:nth-child(3) { 
+  animation-delay: 500ms 
+}
+
+pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}
 /* Fix modal moving content left */
 body.modal-open {
   overflow: inherit;
@@ -166,19 +192,11 @@ legend {
   top: 0; right: 0; bottom: 0; left: 0;
   opacity: 0.7;
 }
-#top {
-  padding-top: 70px;
-}
 .bootstrap-select.btn-group .no-results {
   display: none;
 }
-.dropdown-desc {
-  display: block;
-  padding: 3px 10px;
-  clear: both;
-  font-weight: bold;
-  color: #5a5a5a;
-  white-space: nowrap;
+.bootstrap-select>.dropdown-toggle.bs-placeholder.btn-secondary {
+  color: rgb(197, 197, 197) !important;
 }
 .haveibeenpwned {
   cursor: pointer;
@@ -206,7 +224,8 @@ legend {
   flex-direction: column;
 }
 .footer .version {
-    margin-left: auto;
+  margin-left: auto;
+	margin-top: 20px;
 }
 .slave-info {
   padding: 15px 0px 15px 15px;
@@ -224,12 +243,8 @@ legend {
 .btn-input-missing:active:hover,
 .btn-input-missing:active:focus {
   color: #000 !important;
-  background-color: #ff4136;
-  border-color: #ff291c;
-}
-table.footable>tbody>tr.footable-empty>td {
-  font-style:italic;
-  font-size: 1rem;
+  background-color: #ff2f24 !important;
+  border-color: #e21207 !important;
 }
 .navbar-nav > li {
   font-size: 1rem !important;
@@ -255,3 +270,103 @@ code {
 .flag-icon {
   margin-right: 5px;
 }
+
+.dropdown-header {
+  font-weight: 600;
+}
+
+
+.tag-box {
+  display: flex;
+  flex-wrap: wrap;
+  height: auto;
+}
+.tag-badge {
+  transition: 200ms linear;
+  margin-top: 5px;
+  margin-bottom: 5px;
+  margin-left: 2px;
+  margin-right: 2px;
+}
+.tag-badge.btn-badge {
+  cursor: pointer;
+}
+.tag-badge .bi {
+  font-size: 12px;
+}
+.tag-badge.btn-badge:hover {
+  filter: brightness(0.9);
+}
+.tag-input {
+  margin-left: 10px;
+  border: 0 !important;
+  flex: 1;
+  height: 24px;
+  min-width: 150px;
+}
+.tag-input:focus {
+  outline: none;
+}
+.tag-add {
+  padding: 0 5px 0 5px;
+  align-items: center;
+  display: inline-flex;
+}
+
+#dnstable {
+  overflow-x: auto!important;
+}
+.well {
+  border: 1px solid #dfdfdf;
+  background-color: #f9f9f9;
+  padding: 10px;
+}
+
+
+.btn-check-label {
+  color: #555;
+}
+
+.caret {
+  transform: rotate(0deg);
+}
+a[aria-expanded='true'] > .caret, 
+button[aria-expanded='true'] > .caret {
+  transform: rotate(-180deg);
+}
+
+.list-group-details {
+  background: #fff;
+}
+.list-group-header {
+  background: #f7f7f7;
+} 
+
+
+.bg-primary, .alert-primary, .btn-primary {
+  background-color: #0F688D !important;
+  border-color: #0d526d !important;
+}
+.bg-info, .alert-info, .btn-info {
+  background-color: #148DBC !important;
+  border-color: #127ea8 !important;
+}
+
+.bootstrap-select>.dropdown-toggle.bs-placeholder.btn-secondary {
+  color: rgb(137 137 137)!important;
+}
+
+.progress {
+  background-color: #d5d5d5;
+}
+
+
+.btn-outline-secondary:hover {
+    background-color: #f0f0f0;
+}
+.btn.btn-outline-secondary {
+  border-color: #cfcfcf !important;  
+}
+.btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
+    background-color: #f0f0f0 !important;
+}

data/web/css/build/014-responsive.css

@@ -1,308 +0,0 @@
-.space20 {
-  margin-bottom: 20px;
-}
-
-.btn-xs-lg>.lang-sm:after {
-  margin-left: 4px;
-}
-
-.bootstrap-select {
-  max-width: 350px;
-}
-
-.panel-login .apps .btn {
-  width: auto;
-  float: left;
-  margin-right: 10px;
-  margin-top: auto;
-}
-.panel-login .apps .btn:hover {
-  margin-top: 1px !important;
-  border-bottom-width: 3px;
-}
-
-@media (max-width: 767px) {
-  .panel-login .apps .btn {
-    width: 100%;
-    float: none;
-    margin-bottom: 10px;
-  }
-
-  .panel-login .apps .btn {
-    border-bottom-width: 4px;
-  }
-
-  .media-clearfix::after {
-    clear: both;
-    box-sizing: border-box;
-  }
-
-  .media-clearfix::before {
-    display: table;
-    content: " ";
-    box-sizing: border-box;
-  }
-
-  .xs-show {
-    display: block !important;
-  }
-
-  .js-tabcollapse-panel-group .panel{
-    border: none;
-    box-shadow: none;
-  }
-
-  .js-tabcollapse-panel-group .panel-body {
-    padding: 10px 0;
-  }
-
-  .js-tabcollapse-panel-group .js-tabcollapse-panel-body .panel-body {
-    padding: 0;
-  }
-
-  .js-tabcollapse-panel-body .panel-heading {
-    display: none;
-  }
-
-  .js-tabcollapse-panel-body .well,
-  .panel-body .form-inline.well {
-    border: none;
-    padding: 0;
-    margin: 0;
-    box-shadow: none;
-    background-color: #fff;
-  }
-
-  .js-tabcollapse-panel-heading {
-    display: block;
-    height: 37px;
-    line-height: 37px;
-    text-indent: 15px;
-  }
-  .js-tabcollapse-panel-heading:hover {
-    text-decoration: none;
-  }
-  .js-tabcollapse-panel-heading {
-    position: relative;
-  }
-  .js-tabcollapse-panel-heading:after {
-    content: '';
-    display: block;
-    position: absolute;
-    top: 17px;
-    right: 17px;
-    width: 0;
-    height: 0;
-    margin-left: 2px;
-    vertical-align: middle;
-    border-bottom: 4px dashed;
-    border-right: 4px solid transparent;
-    border-left: 4px solid transparent;
-  }
-  .js-tabcollapse-panel-heading.collapsed:after {
-    border-bottom: none;
-    border-top: 4px dashed;
-  }
-
-  .recent-login-success {
-  font-size: 14px;
-  margin-top: 10px !important;
-  }
-  .pull-xs-right {
-  float: right !important;
-  }
-  .pull-xs-right .dropdown-menu {
-  right: 0;
-  left: auto;
-  }
-  .text-xs-left {
-    text-align: left;
-  }
-  .text-xs-bold {
-    font-weight: bold;
-  }
-  .text-xs-bold .small {
-    font-weight: normal;
-    text-align: justify;
-  }
-  .help-block {
-    text-align: justify;
-  }
-  .btn.visible-xs-block {
-    width: 100%;
-    float: none;
-    white-space: normal;
-  }
-  .btn-group.footable-actions .btn.btn-xs-half,
-  .btn.visible-xs-block.btn-xs-half {
-    width: 50%;
-    float: left;
-  }
-  .btn-group.footable-actions .btn.btn-xs-third,
-  .btn.visible-xs-block.btn-xs-third {
-    width: 33.33%;
-    float: left;
-  }
-  .btn-group.footable-actions .btn.btn-xs-quart,
-  .btn.visible-xs-block.btn-xs-quart {
-    width: 25%;
-    float: left;
-  }
-  .btn.visible-xs-block.btn-sm,
-  .btn-xs-lg {
-    padding: 15px 16px 13px;
-    line-height: 15px;
-  }
-  .input-xs-lg {
-  height: 47px;
-    padding: 13px 16px;
-  }
-  .btn-group:not(.input-group-btn) {
-    display: flex;
-    flex-wrap: wrap;
-  }
-  .btn-group.nowrap {
-    flex-wrap: nowrap;
-  }
-  .btn-group.nowrap .dropdown-menu {
-    width: 100%;
-  }
-  .panel-login .btn-group {
-    display: block;
-  }
-  .mass-actions-user .btn-group {
-    float: none;
-  }
-  div[class^='mass-actions'] .dropdown-menu,
-  .panel-xs-lg .dropdown-menu,
-  .dropdown-menu.login {
-    width: 100%;
-  }
-  div[class^='mass-actions'] .btn-group .dropdown-menu {
-  top: 50%;
-  }
-  div[class^='mass-actions'] .btn-group .btn-group .dropdown-menu,
-  div.mass-actions-quarantine .btn-group .dropdown-menu,
-  .panel-xs-lg .dropdown-menu {
-    top: 100%;
-  }
-  div[class^='mass-actions'] .dropdown-menu>li>a,
-  .panel-xs-lg .dropdown-menu>li>a,
-  .dropdown-menu.login>li>a {
-    padding: 8px 20px;
-  }
-  div[class^='mass-actions'] .dropdown-header {
-    font-size: 14px;
-    font-weight: bold;
-  }
-  .space20 {
-    margin-bottom: 10px;
-  }
-  .top100 {
-    top: 100% !important;
-  }
-  .top33 {
-    top: 33% !important;
-  }
-  .footable-filtering .form {
-    width: 65%;
-  }
-  .btn-xs-lg>.lang-sm:after {
-    top: 1px;
-  }
-  table.footable>tfoot>tr.footable-paging>td {
-    text-align: left;
-  }
-  .footable-first-visible {
-    min-width: 55px;
-  }
-  table>tbody>tr>td>span.footable-toggle {
-    font-size: 24px;
-    margin-right: 14px !important;
-  }
-  table>tbody>tr>td>span.footable-toggle + input {
-    position: absolute;
-    left: 38px;
-  }
-  .pagination {
-    margin-bottom: 5px;
-  }
-  tr.footable-filtering>th>form {
-    width: 270px;
-  }
-  .mass-actions-mailbox {
-    padding: 0;
-  }
-  .panel-xs-lg .panel-heading {
-    height: 66px;
-    line-height: 47px;
-  }
-  .panel-xs-lg .btn-group .btn {
-    padding-right: 5px;
-    padding-left: 5px;
-  }
-  .bootstrap-select:not([class*=col-]):not([class*=form-control]):not(.input-group-btn) {
-    width: 100%;
-  }
-  .btn-group:not(.bootstrap-select) {
-    width: auto !important;
-  }
-  .bootstrap-select {
-    max-width: 100%;
-  }
-  .img-responsive {
-    margin: 0 auto;
-  }
-  .btn-group.footable-actions {
-  position: absolute;
-    width: 90vw !important;
-    left: 0;
-    height: 36px;
-    margin-top: -8px;
-  }
-  .btn-group.footable-actions .btn {
-  padding: 10px 16px 7px;
-    line-height: 15px;
-    display: block;
-    width: 100%;
-  }
-  .btn-group.footable-actions:after {
-    content: "";
-    display: block;
-    clear: both;
-  }
-  .bootstrap-select.btn-group.show-tick .dropdown-menu li a span.text {
-    margin-right: 14px;
-    white-space: normal;
-  }
-  .clearfix {
-    flex-basis: 100%;
-    height: 0;
-  }
-  .btn-group > .btn-group {
-    flex-basis: 100%;
-  }
-  .btn-group .btn {
-  display: flex !important;
-  align-items: center;
-  justify-content: center;
-  }
-  .btn-group .btn i {
-    margin-right: 5px;
-  }
-  .btn-group .btn .caret {
-  margin-left: 5px;
-  }
-  .panel-login .btn-group .btn {
-    display: block !important;
-  }
-  .panel-login .clearfix {
-    height: auto;
-  }
-}
-
-@media (max-width: 350px) {
-  .mailcow-logo img {
-    max-width: 250px;
-  }
-}

data/web/css/build/015-responsive.css

@@ -0,0 +1,221 @@
+.btn-xs-lg>.lang-sm:after {
+  margin-left: 4px;
+}
+
+.bootstrap-select {
+  max-width: 350px;
+}
+
+.card-login .apps .btn {
+  width: auto;
+  float: left;
+  margin-right: 10px;
+  margin-top: auto;
+}
+.card-login .apps .btn:hover {
+  margin-top: 1px !important;
+  border-bottom-width: 3px;
+}
+
+.responsive-tabs .nav-tabs {
+  display: none;
+}
+
+.dataTables_paginate.paging_simple_numbers .pagination {
+  display: flex;
+  flex-wrap: wrap;
+}
+
+@media (min-width: 768px) {
+  .responsive-tabs .nav-tabs {
+      display: flex;
+  }
+
+  .responsive-tabs .card .card-body.collapse {
+      display: block;
+  }
+}
+
+
+@media (max-width: 767px) {
+  .responsive-tabs .tab-pane {
+      display: block !important;
+      opacity: 1;
+  }
+
+  .card-login .apps .btn {
+    width: 100%;
+    float: none;
+    margin-bottom: 10px;
+  }
+
+  .card-login .apps .btn {
+    border-bottom-width: 4px;
+  }
+
+  .xs-show {
+    display: block !important;
+  }
+
+  .recent-login-success {
+    font-size: 14px;
+    margin-top: 10px !important;
+  }
+  .pull-xs-right {
+  float: right !important;
+  }
+  .pull-xs-right .dropdown-menu {
+    right: 0;
+    left: auto;
+  }
+  .text-xs-left {
+    text-align: left;
+  }
+  .text-xs-bold {
+    font-weight: bold;
+  }
+  .text-xs-bold .small {
+    font-weight: normal;
+    text-align: justify;
+  }
+  .btn.d-block {
+    width: 100%;
+    white-space: normal;
+  }
+  .btn.btn-xs-half,
+  .btn.d-block.btn-xs-half {
+    width: 50%;
+  }
+  .btn.btn-xs-third,
+  .btn.d-block.btn-xs-third {
+    width: 33.33%;
+  }
+  .btn.btn-xs-quart,
+  .btn.d-block.btn-xs-quart {
+    width: 25%;
+  }
+  .btn.d-block.btn-sm,
+  .btn-xs-lg {
+    padding: .5rem 1rem;
+    line-height: 20px;
+  }
+  .input-xs-lg {
+    height: 47px;
+    padding: 13px 16px;
+  }
+  .btn-group:not(.input-group-btn) {
+    display: flex;
+    flex-wrap: wrap;
+  }
+  .btn-group.nowrap {
+    flex-wrap: nowrap;
+  }
+  .btn-group.nowrap .dropdown-menu {
+    width: 100%;
+  }
+  .card-login .btn-group {
+    display: block;
+  }
+  .mass-actions-user .btn-group {
+    float: none;
+  }
+  div[class^='mass-actions'] .dropdown-menu,
+  .card-xs-lg .dropdown-menu,
+  .dropdown-menu.login {
+    width: 100%;
+  }
+  div[class^='mass-actions'] .btn-group .dropdown-menu {
+    top: 50%;
+  }
+  div[class^='mass-actions'] .btn-group .btn-group .dropdown-menu,
+  div.mass-actions-quarantine .btn-group .dropdown-menu,
+  .card-xs-lg .dropdown-menu {
+    top: 100%;
+  }
+  div[class^='mass-actions'] .dropdown-menu>li>a,
+  .card-xs-lg .dropdown-menu>li>a,
+  .dropdown-menu.login>li>a {
+    padding: 8px 20px;
+  }
+  div[class^='mass-actions'] .dropdown-header {
+    font-size: 14px;
+    font-weight: bold;
+  }
+  .top100 {
+    top: 100% !important;
+  }
+  .top33 {
+    top: 33% !important;
+  }
+  .footable-filtering .form {
+    width: 65%;
+  }
+  .btn-xs-lg>.lang-sm:after {
+    top: 1px;
+  }
+  .pagination {
+    margin-bottom: 5px;
+  }
+  .mass-actions-mailbox {
+    padding: 0;
+  }
+  .card-xs-lg .card-header {
+    height: 66px;
+    line-height: 47px;
+  }
+  .card-xs-lg .btn-group .btn {
+    padding-right: 5px;
+    padding-left: 5px;
+  }
+  .bootstrap-select:not([class*=col-]):not([class*=form-control]):not(.input-group-btn) {
+    width: 100%;
+  }
+  .btn-group:not(.bootstrap-select) {
+    width: auto !important;
+  }
+  .bootstrap-select {
+    max-width: 100%;
+  }
+  .bootstrap-select.btn-group.show-tick .dropdown-menu li a span.text {
+    margin-right: 14px;
+    white-space: normal;
+  }
+  .btn-group > .btn-group {
+    flex-basis: 100%;
+  }
+  .btn-group .btn {
+    display: flex !important;
+    align-items: center;
+    justify-content: center;
+  }
+  .btn-group .btn i {
+    margin-right: 5px;
+  }
+  .card-login .btn-group .btn {
+    display: block !important;
+  }
+
+  .dt-sm-head-hidden .dtr-title {
+    display: none !important;
+  }
+
+  div.dataTables_wrapper div.dataTables_length {
+    text-align: left;
+  }
+
+  .senders-mw220 {
+    max-width: 100% !important;
+  }
+}
+
+@media (max-width: 350px) {
+  .mailcow-logo img {
+    max-width: 250px;
+  }
+}
+
+@media (min-width: 1400px) {
+  .container-xxl, .container-xl, .container-lg, .container-md, .container-sm, .container {
+    max-width: 1600px;
+  }
+}

data/web/css/site/admin.css

@@ -25,7 +25,6 @@ body.modal-open {
 }
 .mass-actions-admin {
   user-select: none;
-  padding:10px 0 10px 0;
 }
 .inputMissingAttr {
   border-color: #FF4136;

data/web/css/site/debug.css

@@ -26,7 +26,6 @@
 }
 .mass-actions-debug {
   user-select: none;
-  padding:10px 0 10px 10px;
 }
 .inputMissingAttr {
   border-color: #FF4136;

data/web/css/site/edit.css

@@ -21,7 +21,6 @@
 }
 .mass-actions-user {
   user-select: none;
-  padding:10px 0 10px 0;
 }
 .inputMissingAttr {
   border-color: #FF4136;