Merge pull request #5250 from mailcow/staging

2023-05
Merge pull request #5214 from mailcow/feat/gh_actions_postscreen
2023-05-25 16:30:16 +02:00 · 2023-05-25 15:40:20 +02:00 · 2023-05-24 11:00:38 +02:00 · 2023-05-23 10:46:21 +02:00 · 2023-05-10 20:32:38 +02:00 · 2023-05-10 08:58:47 +02:00
128 changed files with 7756 additions and 6404 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,13 +1,31 @@
 {
  "enabled": true,
  "timezone": "Europe/Berlin",
-  "dependencyDashboard": false,
+  "dependencyDashboard": true,
  "dependencyDashboardTitle": "Renovate Dashboard",
  "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
  "rebaseWhen": "auto",
  "labels": ["renovate"],
  "assignees": [
    "@magiccc"
  ],
  "baseBranches": ["staging"],
-  "enabledManagers": ["github-actions"]
+  "enabledManagers": ["github-actions", "regex", "docker-compose"],
  "ignorePaths": [
    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
  ],
  "regexManagers": [
    {
      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
      "matchStrings": [
        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
       ]
    },
    {
      "fileMatch": ["(^|/)Dockerfile[^/]*$"],
      "matchStrings": [
        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s"
       ]
    }
  ]
 }
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
    steps:
      - name: Send message
-        uses: thollander/actions-comment-pull-request@main
+        uses: thollander/actions-comment-pull-request@v2.3.1
        with:
          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
          message: |
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v6.0.1
+        uses: actions/stale@v8.0.0
        with:
          repo-token: ${{ secrets.STALE_ACTION_PAT }}
          days-before-stale: 60
--- a/.github/workflows/integration_tests.yml
+++ b/.github/workflows/integration_tests.yml
@@ -1,63 +0,0 @@
 name: mailcow Integration Tests
 on:
  push:
    branches: [ "master", "staging" ]
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  integration_tests:
    runs-on: ubuntu-latest
    steps:
      - name: Setup Ansible
        run: |
          export DEBIAN_FRONTEND=noninteractive
          sudo apt-get update
          sudo apt-get install python3 python3-pip git
          sudo pip3 install ansible
      - name: Prepair Test Environment
        run: |
          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
          ./fork_check.sh
          ./ci.sh
          ./ci-pip-requirements.sh
        env:
          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
      - name: Start Integration Test Server
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-start-server.yml --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Setup Integration Test Server
        run: |
          ./fork_check.sh
          sleep 30
          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Run Integration Tests
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Delete Integration Test Server
        if: always()
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-delete-server.yml --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.3
+        uses: devops-infra/action-pull-request@v0.5.5
        with:
          github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
          title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -26,7 +26,7 @@ jobs:
          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
      - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: data/Dockerfiles/backup/Dockerfile
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -1,20 +0,0 @@
 name: "Tweet trigger release"
 on:
  release:
    types: [published]
 jobs:
  tweet:
    runs-on: ubuntu-latest
    steps:
      - name: "Get Release Tag"
        run:  |
          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
      - name: Tweet-trigger-publish-release
        uses: mugi111/tweet-trigger-release@v1.1
        with:
          consumer_key: ${{ secrets.CONSUMER_KEY }}
          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
          tweet_body: 'A new mailcow update has just been released! Checkout the GitHub Page for changelog and more informations: https://github.com/mailcow/mailcow-dockerized/releases/latest'
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@@ -0,0 +1,39 @@
 name: Update postscreen_access.cidr
 on:
  schedule:
    # Monthly
    - cron: "0 0 1 * *"
  workflow_dispatch: # Allow to run workflow manually
 permissions:
  contents: read # to fetch code (actions/checkout)
 jobs:
  Update-postscreen_access_cidr:
   runs-on: ubuntu-latest
   steps:
    - name: Checkout
      uses: actions/checkout@v3
    - name: Generate postscreen_access.cidr
      run: |
          bash helper-scripts/update_postscreen_whitelist.sh
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v5
      with:
        token: ${{ secrets.mailcow_action_Update_postscreen_access_cidr_pat }}
        commit-message: update postscreen_access.cidr
        committer: milkmaker <milkmaker@mailcow.de>
        author: milkmaker <milkmaker@mailcow.de>
        signoff: false
        branch: update/postscreen_access.cidr
        base: staging
        delete-branch: true
        add-paths: |
          data/conf/postfix/postscreen_access.cidr
        title: '[Postfix] update postscreen_access.cidr'
        body: |
          This PR updates the postscreen_access.cidr using GitHub Actions and [helper-scripts/update_postscreen_whitelist.sh](https://github.com/mailcow/mailcow-dockerized/blob/master/helper-scripts/update_postscreen_whitelist.sh)
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 [![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -213,11 +213,13 @@ while true; do
  done
  ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
  # Start IP detection
  log_f "Detecting IP addresses..."
  IPV4=$(get_ipv4)
  IPV6=$(get_ipv6)
  log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
  fi
  #########################################
  # IP and webroot challenge verification #
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:1.0_base
+FROM clamav/clamav:1.0.1-1_base
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -13,6 +13,7 @@ RUN apk add --update --no-cache python3 \
  fastapi \
  uvicorn \
  aiodocker \
  docker \
  redis 
 COPY docker-entrypoint.sh /app/
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -1,5 +1,6 @@
 from fastapi import FastAPI, Response, Request
 import aiodocker
 import docker
 import psutil
 import sys
 import re
@@ -8,12 +9,40 @@ import os
 import json
 import asyncio
 import redis
 import platform
 from datetime import datetime
 import logging
 from logging.config import dictConfig
 log_config = {
    "version": 1,
    "disable_existing_loggers": False,
    "formatters": {
        "default": {
            "()": "uvicorn.logging.DefaultFormatter",
            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
            "datefmt": "%Y-%m-%d %H:%M:%S",
        },
    },
    "handlers": {
        "default": {
            "formatter": "default",
            "class": "logging.StreamHandler",
            "stream": "ext://sys.stderr",
        },
    },
    "loggers": {
        "api-logger": {"handlers": ["default"], "level": "INFO"},
    },
 }
 dictConfig(log_config)
 containerIds_to_update = []
 host_stats_isUpdating = False
 app = FastAPI()
 logger = logging.getLogger('api-logger')
@app.get("/host/stats")
@@ -21,18 +50,15 @@ async def get_host_update_stats():
  global host_stats_isUpdating
  if host_stats_isUpdating == False:
    print("start host stats task")
    asyncio.create_task(get_host_stats())
    host_stats_isUpdating = True
  while True:
    if redis_client.exists('host_stats'):
      break
    print("wait for host_stats results")
    await asyncio.sleep(1.5)
  print("host stats pulled")
  stats = json.loads(redis_client.get('host_stats'))
  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
@@ -106,14 +132,14 @@ async def post_containers(container_id : str, post_action : str, request: Reques
      else:
        api_call_method_name = '__'.join(['container_post', str(post_action) ])
-      docker_utils = DockerUtils(async_docker_client)
+      docker_utils = DockerUtils(sync_docker_client)
      api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
-      print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-      return await api_call_method(container_id, request_json)
+      return api_call_method(container_id, request_json)
    except Exception as e:
-      print("error - container_post: %s" % str(e))
+      logger.error("error - container_post: %s" % str(e))
      res = {
        "type": "danger",
        "msg": str(e)
@@ -152,398 +178,297 @@ class DockerUtils:
    self.docker_client = docker_client
  # api call: container_post - post_action: stop
-  async def container_post__stop(self, container_id, request_json):
+  def container_post__stop(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      if container._id == container_id:
+      container.stop()
        await container.stop()
    res = {
      'type': 'success', 
      'msg': 'command completed successfully'
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
    res = { 'type': 'success', 'msg': 'command completed successfully'}
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: start
-  async def container_post__start(self, container_id, request_json):
+  def container_post__start(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      if container._id == container_id:
+      container.start()
-        await container.start()
+
-    res = {
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
      'type': 'success', 
      'msg': 'command completed successfully'
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: restart
-  async def container_post__restart(self, container_id, request_json):
+  def container_post__restart(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      if container._id == container_id:
+      container.restart()
-        await container.restart()
+
-    res = {
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
      'type': 'success', 
      'msg': 'command completed successfully'
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: top
-  async def container_post__top(self, container_id, request_json):
+  def container_post__top(self, container_id, request_json):
-    for container in (await self.docker_client.containers.list()):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      if container._id == container_id:
+      res = { 'type': 'success', 'msg': container.top()}
-        ps_exec = await container.exec("ps")      
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        async with ps_exec.start(detach=False) as stream:
+  # api call: container_post - post_action: stats
-          ps_return = await stream.read_out()
+  def container_post__stats(self, container_id, request_json):
-
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-        exec_details = await ps_exec.inspect()
+      for stat in container.stats(decode=True, stream=True):
-        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
+        res = { 'type': 'success', 'msg': stat}
-          res = {
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
            'type': 'success', 
            'msg': ps_return.data.decode('utf-8')
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          res = {
            'type': 'danger', 
            'msg': ''
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  async def container_post__exec__mailq__delete(self, container_id, request_json):
+  def container_post__exec__mailq__delete(self, container_id, request_json):
    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-d %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
        for container in self.docker_client.containers.list(filters={"id": container_id}):
          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
          return exec_run_handler('generic', postsuper_r)
        for container in (await self.docker_client.containers.list()):
          if container._id == container_id:
            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
            return await exec_run_handler('generic', postsuper_r_exec)
  # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  async def container_post__exec__mailq__hold(self, container_id, request_json):
+  def container_post__exec__mailq__hold(self, container_id, request_json):
    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-h %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
-        for container in (await self.docker_client.containers.list()):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-          if container._id == container_id:
+          return exec_run_handler('generic', postsuper_r)
            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
            return await exec_run_handler('generic', postsuper_r_exec)
  # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  async def container_post__exec__mailq__cat(self, container_id, request_json):
+  def container_post__exec__mailq__cat(self, container_id, request_json):
    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
-        sanitized_string = str(' '.join(filtered_qids))
+        sanitized_string = str(' '.join(filtered_qids));
-        for container in (await self.docker_client.containers.list()):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          if container._id == container_id:
+          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
-            postcat_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
+        if not postcat_return:
-            return await exec_run_handler('utf8_text_only', postcat_exec)
+          postcat_return = 'err: invalid'
        return exec_run_handler('utf8_text_only', postcat_return)
   # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  async def container_post__exec__mailq__unhold(self, container_id, request_json):
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-H %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids))
+        sanitized_string = str(' '.join(flagged_qids));
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
-        for container in (await self.docker_client.containers.list()):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-          if container._id == container_id:
+          return exec_run_handler('generic', postsuper_r)
            postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
            return await exec_run_handler('generic', postsuper_r_exec)
  # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  async def container_post__exec__mailq__deliver(self, container_id, request_json):
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-i %s' % i for i in filtered_qids]
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
-        for container in (await self.docker_client.containers.list()):
+          for i in flagged_qids:
-          if container._id == container_id:
+            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
-            for i in flagged_qids:
+            # todo: check each exit code
-              postsuper_r_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')      
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
              async with postsuper_r_exec.start(detach=False) as stream:
                postsuper_r_return = await stream.read_out()
              # todo: check each exit code
            res = {
              'type': 'success', 
              'msg': 'Scheduled immediate delivery'
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: mailq - task: list
  async def container_post__exec__mailq__list(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        mailq_exec = await container.exec(["/usr/sbin/postqueue", "-j"], user='postfix')
        return await exec_run_handler('utf8_text_only', mailq_exec)
  # api call: container_post - post_action: exec - cmd: mailq - task: flush
  async def container_post__exec__mailq__flush(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        postsuper_r_exec = await container.exec(["/usr/sbin/postqueue", "-f"], user='postfix')
        return await exec_run_handler('generic', postsuper_r_exec)
  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
  async def container_post__exec__mailq__super_delete(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        postsuper_r_exec = await container.exec(["/usr/sbin/postsuper", "-d", "ALL"])
        return await exec_run_handler('generic', postsuper_r_exec)
  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
  async def container_post__exec__system__fts_rescan(self, container_id, request_json):
    if 'username' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')         
          async with rescan_exec.start(detach=False) as stream:
            rescan_return = await stream.read_out()
          exec_details = await rescan_exec.inspect()
          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
            res = {
              'type': 'success', 
              'msg': 'fts_rescan: rescan triggered'
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
          else:
            res = {
              'type': 'warning', 
              'msg': 'fts_rescan error'
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
    if 'all' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          rescan_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')          
          async with rescan_exec.start(detach=False) as stream:
            rescan_return = await stream.read_out()
          exec_details = await rescan_exec.inspect()
          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
            res = {
              'type': 'success', 
              'msg': 'fts_rescan: rescan triggered'
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
          else:
            res = {
              'type': 'warning', 
              'msg': 'fts_rescan error'
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: df
  async def container_post__exec__system__df(self, container_id, request_json):
    if 'dir' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          df_exec = await container.exec(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
          async with df_exec.start(detach=False) as stream:
            df_return = await stream.read_out()
          print(df_return)
          print(await df_exec.inspect())
          exec_details = await df_exec.inspect()
          if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
            return df_return.data.decode('utf-8').rstrip()
          else:
            return "0,0,0,0,0,0"
  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
  async def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
        async with sql_exec.start(detach=False) as stream:
          sql_return = await stream.read_out()
        exec_details = await sql_exec.inspect()
        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
          matched = False
          for line in sql_return.data.decode('utf-8').split("\n"):
            if 'is already upgraded to' in line:
              matched = True
          if matched:
            res = {
              'type': 'success', 
              'msg': 'mysql_upgrade: already upgraded',
              'text': sql_return.data.decode('utf-8')
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
          else:
            await container.restart()
            res = {
              'type': 'warning', 
              'msg': 'mysql_upgrade: upgrade was applied',
              'text': sql_return.data.decode('utf-8')
            }
            return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          res = {
            'type': 'error', 
            'msg': 'mysql_upgrade: error running command',
            'text': sql_return.data.decode('utf-8')
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
  async def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        sql_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
        async with sql_exec.start(detach=False) as stream:
          sql_return = await stream.read_out()
        exec_details = await sql_exec.inspect()
        if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
          res = {
            'type': 'info', 
            'msg': 'mysql_tzinfo_to_sql: command completed successfully',
            'text': sql_return.data.decode('utf-8')
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          res = {
            'type': 'error', 
            'msg': 'mysql_tzinfo_to_sql: error running command',
            'text': sql_return.data.decode('utf-8')
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
  async def container_post__exec__reload__dovecot(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
        return await exec_run_handler('generic', reload_exec)
  # api call: container_post - post_action: exec - cmd: reload - task: postfix
  async def container_post__exec__reload__postfix(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        reload_exec = await container.exec(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
        return await exec_run_handler('generic', reload_exec)
  # api call: container_post - post_action: exec - cmd: reload - task: nginx
  async def container_post__exec__reload__nginx(self, container_id, request_json):
    for container in (await self.docker_client.containers.list()):
      if container._id == container_id:
        reload_exec = await container.exec(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
        return await exec_run_handler('generic', reload_exec)
  # api call: container_post - post_action: exec - cmd: sieve - task: list
  async def container_post__exec__sieve__list(self, container_id, request_json):
    if 'username' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          sieve_exec = await container.exec(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
          return await exec_run_handler('utf8_text_only', sieve_exec)
  # api call: container_post - post_action: exec - cmd: sieve - task: print
  async def container_post__exec__sieve__print(self, container_id, request_json):
    if 'username' in request_json and 'script_name' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
          sieve_exec = await container.exec(cmd)
          return await exec_run_handler('utf8_text_only', sieve_exec)
  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
  async def container_post__exec__maildir__cleanup(self, container_id, request_json):
    if 'maildir' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
          sane_name = re.sub(r'\W+', '', request_json['maildir'])
          cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
          maildir_cleanup_exec = await container.exec(cmd, user='vmail')
          return await exec_run_handler('generic', maildir_cleanup_exec)
  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
  async def container_post__exec__rspamd__worker_password(self, container_id, request_json):
    if 'raw' in request_json:
      for container in (await self.docker_client.containers.list()):
        if container._id == container_id:
-          cmd = "./set_worker_password.sh '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+  # api call: container_post - post_action: exec - cmd: mailq - task: list
-          rspamd_password_exec = await container.exec(cmd, user='_rspamd')  
+  def container_post__exec__mailq__list(self, container_id, request_json):
-          async with rspamd_password_exec.start(detach=False) as stream:
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
-            rspamd_password_return = await stream.read_out()
+      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
-
+      return exec_run_handler('utf8_text_only', mailq_return)
-          matched = False
+  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-          if "OK" in rspamd_password_return.data.decode('utf-8'):
+  def container_post__exec__mailq__flush(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
      return exec_run_handler('generic', postqueue_r)
  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
  def container_post__exec__mailq__super_delete(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
      return exec_run_handler('generic', postsuper_r)
  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
  def container_post__exec__system__fts_rescan(self, container_id, request_json):
    if 'username' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
        if rescan_return.exit_code == 0:
          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
    if 'all' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
        if rescan_return.exit_code == 0:
          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: df
  def container_post__exec__system__df(self, container_id, request_json):
    if 'dir' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
        if df_return.exit_code == 0:
          return df_return.output.decode('utf-8').rstrip()
        else:
          return "0,0,0,0,0,0"
  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
      if sql_return.exit_code == 0:
        matched = False
        for line in sql_return.output.decode('utf-8').split("\n"):
          if 'is already upgraded to' in line:
            matched = True
-            await container.restart()
+        if matched:
          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          container.restart()
          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
      else:
        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
        return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
      if sql_return.exit_code == 0:
        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
        return Response(content=json.dumps(res, indent=4), media_type="application/json")
      else:
        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
        return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
  def container_post__exec__reload__dovecot(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: reload - task: postfix
  def container_post__exec__reload__postfix(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: reload - task: nginx
  def container_post__exec__reload__nginx(self, container_id, request_json):
    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: sieve - task: list
  def container_post__exec__sieve__list(self, container_id, request_json):
    if 'username' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
        return exec_run_handler('utf8_text_only', sieve_return)
  # api call: container_post - post_action: exec - cmd: sieve - task: print
  def container_post__exec__sieve__print(self, container_id, request_json):
    if 'username' in request_json and 'script_name' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
        sieve_return = container.exec_run(cmd)
        return exec_run_handler('utf8_text_only', sieve_return)
  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
  def container_post__exec__maildir__cleanup(self, container_id, request_json):
    if 'maildir' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        sane_name = re.sub(r'\W+', '', request_json['maildir'])
        vmail_name = request_json['maildir'].replace("'", "'\\''")
        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
        index_name = request_json['maildir'].split("/")
        if len(index_name) > 1:
          index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
          cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
          cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
        else:
          cmd = ["/bin/bash", "-c", cmd_vmail]
        maildir_cleanup = container.exec_run(cmd, user='vmail')
        return exec_run_handler('generic', maildir_cleanup)
  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
    if 'raw' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
-          if matched:
+        matched = False
-            res = {
+        for line in cmd_response.split("\n"):
-              'type': 'success', 
+          if '$2$' in line:
-              'msg': 'command completed successfully'
+            hash = line.strip()
-            }
+            hash_out = re.search('\$2\$.+$', hash).group(0)
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
+            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
-          else:
+            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
-            res = {
+            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
-              'type': 'danger', 
+            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
-              'msg': 'command did not complete'
+            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
-            }
+              container.restart()
-            return Response(content=json.dumps(res, indent=4), media_type="application/json")
+              matched = True
        if matched:
          res = { 'type': 'success', 'msg': 'command completed successfully' }
          logger.info('success changing Rspamd password')
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          logger.error('failed changing Rspamd password')
          res = { 'type': 'danger', 'msg': 'command did not complete' }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
-async def exec_run_handler(type, exec_obj):
+  def recv_socket_data(c_socket, timeout):
-  async with exec_obj.start(detach=False) as stream:
+    c_socket.setblocking(0)
-    exec_return = await stream.read_out()
+    total_data=[]
    data=''
    begin=time.time()
    while True:
      if total_data and time.time()-begin > timeout:
        break
      elif time.time()-begin > timeout*2:
        break
      try:
        data = c_socket.recv(8192)
        if data:
          total_data.append(data.decode('utf-8'))
          #change the beginning time for measurement
          begin=time.time()
        else:
          #sleep for sometime to indicate a gap
          time.sleep(0.1)
          break
      except:
        pass
    return ''.join(total_data)
-  if exec_return == None:
+  try :
-    exec_return = ""
+    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
-  else:
+    if not cmd.endswith("\n"):
-    exec_return = exec_return.data.decode('utf-8')
+      cmd = cmd + "\n"
-
+    socket.send(cmd.encode('utf-8'))
-  if type == 'generic':       
+    data = recv_socket_data(socket, timeout)
-    exec_details = await exec_obj.inspect()
+    socket.close()
-    if exec_details["ExitCode"] == None or exec_details["ExitCode"] == 0:
+    return data
-      res = {
+  except Exception as e:
-        "type": "success",
+    logger.error("error - exec_cmd_container: %s" % str(e))
-        "msg": "command completed successfully"
+    traceback.print_exc(file=sys.stdout)
-      }
+def exec_run_handler(type, output):
  if type == 'generic':
    if output.exit_code == 0:
      res = { 'type': 'success', 'msg': 'command completed successfully' }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
    else:
-      res = {
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
        "type": "success",
        "msg": "'command failed: " + exec_return
      }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
  if type == 'utf8_text_only':
-    return Response(content=exec_return, media_type="text/plain")
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
 async def get_host_stats(wait=5):
  global host_stats_isUpdating
@@ -561,7 +486,8 @@ async def get_host_stats(wait=5):
        "swap": psutil.swap_memory()
      },
      "uptime": time.time() - psutil.boot_time(),
-      "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S")
+      "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S"),
      "architecture": platform.machine()
    }
    redis_client.set('host_stats', json.dumps(host_stats), ex=10)
@@ -570,12 +496,10 @@ async def get_host_stats(wait=5):
      "type": "danger",
      "msg": str(e)
    }
    print(json.dumps(res, indent=4))
  await asyncio.sleep(wait)
  host_stats_isUpdating = False
 async def get_container_stats(container_id, wait=5, stop=False):
  global containerIds_to_update
@@ -598,13 +522,11 @@ async def get_container_stats(container_id, wait=5, stop=False):
        "type": "danger",
        "msg": str(e)
      }
      print(json.dumps(res, indent=4))
  else:
    res = {
      "type": "danger",
      "msg": "no or invalid id defined"
    }
    print(json.dumps(res, indent=4))
  await asyncio.sleep(wait)
  if stop == True:
@@ -615,9 +537,13 @@ async def get_container_stats(container_id, wait=5, stop=False):
    await get_container_stats(container_id, wait=0, stop=True)
 if os.environ['REDIS_SLAVEOF_IP'] != "":
  redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
 else:
  redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
 sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
 logger.info('DockerApi started')
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,9 +2,12 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.19.1
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
 ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
+
 # Add groups and users before installing Dovecot to not break compatibility
 RUN groupadd -g 5000 vmail \
@@ -18,6 +21,7 @@ RUN groupadd -g 5000 vmail \
  && touch /etc/default/locale \
  && apt-get update \
  && apt-get -y --no-install-recommends install \
  build-essential \
  apt-transport-https \
  ca-certificates \
  cpanminus \
@@ -58,6 +62,7 @@ RUN groupadd -g 5000 vmail \
  libproc-processtable-perl \
  libreadonly-perl \
  libregexp-common-perl \
  libssl-dev \
  libsys-meminfo-perl \
  libterm-readkey-perl \
  libtest-deep-perl \
@@ -107,6 +112,8 @@ RUN groupadd -g 5000 vmail \
  && apt-get autoclean \
  && rm -rf /var/lib/apt/lists/* \
  && rm -rf /tmp/* /var/tmp/* /root/.cache/
 # imapsync dependencies
 RUN cpan Crypt::OpenSSL::PKCS12
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
--- a/data/Dockerfiles/dovecot/imapsync
+++ b/data/Dockerfiles/dovecot/imapsync
@@ -8492,6 +8492,7 @@ sub xoauth2
        require HTML::Entities ;
        require JSON ;
        require JSON::WebToken::Crypt::RSA ;
        require Crypt::OpenSSL::PKCS12;
        require Crypt::OpenSSL::RSA ;
        require Encode::Byte ;
        require IO::Socket::SSL ;
@@ -8532,8 +8533,9 @@ sub xoauth2
            $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");
-            # Get private key from p12 file (would be better in perl...)
+            # Get private key from p12 file
-            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;
+            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
            $key = $pkcs12->private_key($keypass);
            $sync->{ debug } and myprint( "Private key:\n$key\n");
        }
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -64,28 +64,40 @@ def refreshF2boptions():
  global f2boptions
  global quit_now
  global exit_code
  f2boptions = {}
  if not r.get('F2B_OPTIONS'):
-    f2boptions = {}
+    f2boptions['ban_time'] = r.get('F2B_BAN_TIME')
-    f2boptions['ban_time'] = int
+    f2boptions['max_ban_time'] = r.get('F2B_MAX_BAN_TIME')
-    f2boptions['max_attempts'] = int
+    f2boptions['ban_time_increment'] = r.get('F2B_BAN_TIME_INCREMENT')
-    f2boptions['retry_window'] = int
+    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS')
-    f2boptions['netban_ipv4'] = int
+    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW')
-    f2boptions['netban_ipv6'] = int
+    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4')
-    f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
+    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6')
    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 32
    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 128
    r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
  else:
    try:
      f2boptions = {}
      f2boptions = json.loads(r.get('F2B_OPTIONS'))
    except ValueError:
      print('Error loading F2B options: F2B_OPTIONS is not json')
      quit_now = True
      exit_code = 2
  verifyF2boptions(f2boptions)
  r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
 def verifyF2boptions(f2boptions):
  verifyF2boption(f2boptions,'ban_time', 1800)
  verifyF2boption(f2boptions,'max_ban_time', 10000)
  verifyF2boption(f2boptions,'ban_time_increment', True)
  verifyF2boption(f2boptions,'max_attempts', 10)
  verifyF2boption(f2boptions,'retry_window', 600)
  verifyF2boption(f2boptions,'netban_ipv4', 32)
  verifyF2boption(f2boptions,'netban_ipv6', 128)
 def verifyF2boption(f2boptions, f2boption, f2bdefault):
  f2boptions[f2boption] = f2boptions[f2boption] if f2boption in f2boptions and f2boptions[f2boption] is not None else f2bdefault
 def refreshF2bregex():
  global f2bregex
  global quit_now
@@ -147,6 +159,7 @@ def ban(address):
  global lock
  refreshF2boptions()
  BAN_TIME = int(f2boptions['ban_time'])
  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
  MAX_ATTEMPTS = int(f2boptions['max_attempts'])
  RETRY_WINDOW = int(f2boptions['retry_window'])
  NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
@@ -174,20 +187,16 @@ def ban(address):
  net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
  net = str(net)
-  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
+  if not net in bans:
-    bans[net] = { 'attempts': 0 }
+    bans[net] = {'attempts': 0, 'last_attempt': 0, 'ban_counter': 0}
    active_window = RETRY_WINDOW
  else:
    active_window = time.time() - bans[net]['last_attempt']
  bans[net]['attempts'] += 1
  bans[net]['last_attempt'] = time.time()
  active_window = time.time() - bans[net]['last_attempt']
  if bans[net]['attempts'] >= MAX_ATTEMPTS:
    cur_time = int(round(time.time()))
-    logCrit('Banning %s for %d minutes' % (net, BAN_TIME / 60))
+    NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
    logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
    if type(ip) is ipaddress.IPv4Address:
      with lock:
        chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW')
@@ -206,7 +215,7 @@ def ban(address):
        rule.target = target
        if rule not in chain.rules:
          chain.insert_rule(rule)
-    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + BAN_TIME)
+    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + NET_BAN_TIME)
  else:
    logWarn('%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))
@@ -238,7 +247,8 @@ def unban(net):
  r.hdel('F2B_ACTIVE_BANS', '%s' % net)
  r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
  if net in bans:
-    del bans[net]
+    bans[net]['attempts'] = 0
    bans[net]['ban_counter'] += 1
 def permBan(net, unban=False):
  global lock
@@ -332,7 +342,7 @@ def watch():
              logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
              ban(addr)
    except Exception as ex:
-      logWarn('Error reading log line from pubsub')
+      logWarn('Error reading log line from pubsub: %s' % ex)
      quit_now = True
      exit_code = 2
@@ -359,21 +369,30 @@ def snat4(snat_target):
        chain = iptc.Chain(table, 'POSTROUTING')
        table.autocommit = False
        new_rule = get_snat4_rule()
-        for position, rule in enumerate(chain.rules):
+
-          match = all((
+        if not chain.rules:
-            new_rule.get_src() == rule.get_src(),
+          # if there are no rules in the chain, insert the new rule directly
-            new_rule.get_dst() == rule.get_dst(),
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
-            new_rule.target.parameters == rule.target.parameters,
+          chain.insert_rule(new_rule)
-            new_rule.target.name == rule.target.name
+        else:
-          ))
+          for position, rule in enumerate(chain.rules):
-          if position == 0:
+            if not hasattr(rule.target, 'parameter'):
-            if not match:
+                continue
-              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+            match = all((
-              chain.insert_rule(new_rule)
+              new_rule.get_src() == rule.get_src(),
-          else:
+              new_rule.get_dst() == rule.get_dst(),
-            if match:
+              new_rule.target.parameters == rule.target.parameters,
-              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+              new_rule.target.name == rule.target.name
-              chain.delete_rule(rule)
+            ))
            if position == 0:
              if not match:
                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
                chain.insert_rule(new_rule)
            else:
              if match:
                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
                chain.delete_rule(rule)
        table.commit()
        table.autocommit = True
      except:
@@ -418,6 +437,8 @@ def autopurge():
    time.sleep(10)
    refreshF2boptions()
    BAN_TIME = int(f2boptions['ban_time'])
    MAX_BAN_TIME = int(f2boptions['max_ban_time'])
    BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
    MAX_ATTEMPTS = int(f2boptions['max_attempts'])
    QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
    if QUEUE_UNBAN:
@@ -425,7 +446,9 @@ def autopurge():
        unban(str(net))
    for net in bans.copy():
      if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
+        NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
        TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME or TIME_SINCE_LAST_ATTEMPT > MAX_BAN_TIME:
          unban(net)
 def isIpNetwork(address):
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,18 @@
-FROM php:8.1-fpm-alpine3.17
+FROM php:8.2-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
-ENV APCU_PECL 5.1.22
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
-ENV IMAGICK_PECL 3.7.0
+ARG APCU_PECL_VERSION=5.1.22
-ENV MAILPARSE_PECL 3.1.4
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
-ENV MEMCACHED_PECL 3.2.0
+ARG IMAGICK_PECL_VERSION=3.7.0
-ENV REDIS_PECL 5.3.7
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
-ENV COMPOSER 2.4.4
+ARG MAILPARSE_PECL_VERSION=3.1.4
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
 ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
 ARG COMPOSER_VERSION=2.5.5
 RUN apk add -U --no-cache autoconf \
  aspell-dev \
@@ -46,6 +52,7 @@ RUN apk add -U --no-cache autoconf \
  libxpm-dev \
  libzip \
  libzip-dev \
  linux-headers \
  make \
  mysql-client \
  openldap-dev \
@@ -55,11 +62,11 @@ RUN apk add -U --no-cache autoconf \
  samba-client \
  zlib-dev \
  tzdata \
-  && pecl install mailparse-${MAILPARSE_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
-  && pecl install redis-${REDIS_PECL} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
-  && pecl install memcached-${MEMCACHED_PECL} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
-  && pecl install APCu-${APCU_PECL} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
-  && pecl install imagick-${IMAGICK_PECL} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
  && docker-php-ext-enable apcu imagick memcached mailparse redis \
  && pecl clear-cache \
  && docker-php-ext-configure intl \
@@ -69,10 +76,10 @@ RUN apk add -U --no-cache autoconf \
    --with-webp \
    --with-xpm \
    --with-avif \
-  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
+  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
  && docker-php-ext-configure imap --with-imap --with-imap-ssl \
  && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
  && mv composer.phar /usr/local/bin/composer \
  && chmod +x /usr/local/bin/composer \
  && apk del --purge autoconf \
@@ -93,6 +100,7 @@ RUN apk add -U --no-cache autoconf \
    libxml2-dev \
    libxpm-dev \
    libzip-dev \
    linux-headers \
    make \
    openldap-dev \
    pcre-dev \
@@ -102,4 +110,4 @@ COPY ./docker-entrypoint.sh /
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD ["php-fpm"]
+CMD ["php-fpm"]
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -172,6 +172,24 @@ BEGIN
 END;
 //
 DELIMITER ;
 DROP EVENT IF EXISTS clean_sasl_log;
 DELIMITER //
 CREATE EVENT clean_sasl_log
 ON SCHEDULE EVERY 1 DAY DO
 BEGIN
  DELETE sasl_log.* FROM sasl_log
    LEFT JOIN (
      SELECT username, service, MAX(datetime) AS lastdate
      FROM sasl_log
      GROUP BY username, service
    ) AS last ON sasl_log.username = last.username AND sasl_log.service = last.service
    WHERE datetime < DATE_SUB(NOW(), INTERVAL 31 DAY) AND datetime < lastdate;
  DELETE FROM sasl_log
    WHERE username NOT IN (SELECT username FROM mailbox) AND
    datetime < DATE_SUB(NOW(), INTERVAL 31 DAY);
 END;
 //
 DELIMITER ;
 EOF
 fi
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -3,8 +3,9 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
 ENV GOSU_VERSION 1.14
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@@ -2,7 +2,8 @@ FROM solr:7.7-slim
 USER root
-ENV GOSU_VERSION 1.11
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 COPY solr.sh /
 COPY solr-config-7.7.0.xml /
--- a/data/assets/nextcloud/nextcloud.conf
+++ b/data/assets/nextcloud/nextcloud.conf
@@ -24,7 +24,7 @@ server {
  add_header X-Download-Options "noopen" always;
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-Permitted-Cross-Domain-Policies "none" always;
-  add_header X-Robots-Tag "none" always;
+  add_header X-Robots-Tag "noindex, nofollow" always;
  add_header X-XSS-Protection "1; mode=block" always;
  fastcgi_hide_header X-Powered-By;
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -24,6 +24,11 @@ mail_plugins = </etc/dovecot/mail_plugins
 mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
 mail_attachment_dir = /var/attachments
 mail_attachment_min_size = 128k
 # Significantly speeds up very large mailboxes, but is only safe to enable if
 # you do not manually modify the files in the `cur` directories in
 # mailcowdockerized_vmail-vol-1.
 # https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/
 maildir_very_dirty_syncs = yes
 # Dovecot 2.2
 #ssl_protocols = !SSLv3
--- a/data/conf/rspamd/custom/bad_asn.map
+++ b/data/conf/rspamd/custom/bad_asn.map
@@ -27,4 +27,5 @@
 #197518 2 #Rackmarkt SL, Spain
 #197695 2 #Domain names registrar REG.RU Ltd, Russia
 #198068 2 #P.A.G.M. OU, Estonia
-#201942 5 #Soltia Consulting SL, Spain
+#201942 5 #Soltia Consulting SL, Spain
 #213373 4 #IP Connect Inc
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@@ -8,7 +8,7 @@ VIRUS_FOUND {
 }
 # Bad policy from free mail providers
 FREEMAIL_POLICY_FAILURE {
-  expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
+  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies";
  score = 16.0;
 }
 # Applies to freemail with undisclosed recipients
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }
 URLHAUS_ABUSE_CH {
-  type = "url";
+  type = "selector";
-  filter = "full";
+  selector = "urls";
  map = "https://urlhaus.abuse.ch/downloads/text_online/";
  score = 10.0;
 }
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
  type = "header";
  header = "subject";
  regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
  score = 6.0;
  symbols_set = ["BAD_SUBJECT_00"];
 }
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -62,7 +62,7 @@
    SOGoFirstDayOfWeek = "1";
    SOGoSieveFolderEncoding = "UTF-8";
-    SOGoPasswordChangeEnabled = YES;
+    SOGoPasswordChangeEnabled = NO;
    SOGoSentFolderName = "Sent";
    SOGoMailShowSubscribedFoldersOnly = NO;
    NGImap4ConnectionStringSeparator = "/";
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -103,6 +103,7 @@ $template_data = [
  'rsettings' => $rsettings,
  'rspamd_regex_maps' => $rspamd_regex_maps,
  'logo_specs' => customize('get', 'main_logo_specs'),
  'ip_check' => customize('get', 'ip_check'),
  'password_complexity' => password_complexity('get'),
  'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
  'lang_admin' => json_encode($lang['admin']),
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -699,6 +699,38 @@ paths:
                  type: string
              type: object
      summary: Create Domain Admin user
  /api/v1/add/sso/domain-admin:
    post:
      responses:
        "401":
          $ref: "#/components/responses/Unauthorized"
        "200":
          content:
            application/json:
              examples:
                response:
                  value:
                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
          description: OK
          headers: { }
      tags:
        - Single Sign-On
      description: >-
        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
      operationId: Issue Domain Admin SSO token
      requestBody:
        content:
          application/json:
            schema:
              example:
                username: testadmin
              properties:
                username:
                  description: the username for the admin user
                  type: object
              type: object
      summary: Issue Domain Admin SSO token
  /api/v1/edit/da-acl:
    post:
      responses:
@@ -1999,7 +2031,7 @@ paths:
                - domain.tld
                - domain2.tld
              properties:
-                items: 
+                items:
                  type: array
                  items:
                    type: string
@@ -2993,7 +3025,7 @@ paths:
            application/json:
              schema:
                type: array
-                items: 
+                items:
                  type: object
                  properties:
                    log:
@@ -3144,8 +3176,10 @@ paths:
              example:
                attr:
                  ban_time: "86400"
                  ban_time_increment: "1"
                  blacklist: "10.100.6.5/32,10.100.8.4/32"
                  max_attempts: "5"
                  max_ban_time: "86400"
                  netban_ipv4: "24"
                  netban_ipv6: "64"
                  retry_window: "600"
@@ -3159,11 +3193,17 @@ paths:
                      description: the backlisted ips or hostnames separated by comma
                      type: string
                    ban_time:
-                      description: the time a ip should be banned
+                      description: the time an ip should be banned
                      type: number
                    ban_time_increment:
                      description: if the time of the ban should increase each time
                      type: boolean
                    max_attempts:
                      description: the maximum numbe of wrong logins before a ip is banned
                      type: number
                    max_ban_time:
                      description: the maximum time an ip should be banned
                      type: number
                    netban_ipv4:
                      description: the networks mask to ban for ipv4
                      type: number
@@ -4081,10 +4121,12 @@ paths:
                response:
                  value:
                    ban_time: 604800
                    ban_time_increment: 1
                    blacklist: |-
                      45.82.153.37/32
                      92.118.38.52/32
                    max_attempts: 1
                    max_ban_time: 604800
                    netban_ipv4: 32
                    netban_ipv6: 128
                    perm_bans:
@@ -5586,6 +5628,8 @@ tags:
    description: Manage DKIM keys
  - name: Domain admin
    description: Create or udpdate domain admin users
  - name: Single Sign-On
    description: Issue tokens for users
  - name: Address Rewriting
    description: Create BCC maps or recipient maps
  - name: Outgoing TLS Policy Map Overrides
--- a/data/web/css/build/011-datatables.css
+++ b/data/web/css/build/011-datatables.css
@@ -4,10 +4,10 @@
 *
 * To rebuild or modify this file with the latest versions of the included
 * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
 *
 * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
 */
@charset "UTF-8";
@@ -63,7 +63,7 @@ table.dataTable thead > tr > td.sorting_desc_disabled:after {
  opacity: 0.125;
  right: 10px;
  line-height: 9px;
-  font-size: 0.9em;
+  font-size: 0.8em;
 }
 table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:before,
 table.dataTable thead > tr > td.sorting:before,
@@ -72,7 +72,7 @@ table.dataTable thead > tr > td.sorting_desc:before,
 table.dataTable thead > tr > td.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:before {
  bottom: 50%;
-  content: "▴";
+  content: "▲";
 }
 table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting:after,
@@ -81,7 +81,7 @@ table.dataTable thead > tr > td.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:after,
 table.dataTable thead > tr > td.sorting_desc_disabled:after {
  top: 50%;
-  content: "▾";
+  content: "▼";
 }
 table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc:before,
@@ -287,6 +287,9 @@ table.dataTable > tbody > tr.selected > * {
  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9);
  color: white;
 }
 table.dataTable > tbody > tr.selected a {
  color: #090a0b;
 }
 table.dataTable.table-striped > tbody > tr.odd > * {
  box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05);
 }
@@ -335,6 +338,13 @@ div.dataTables_wrapper div.dataTables_paginate ul.pagination {
  white-space: nowrap;
  justify-content: flex-end;
 }
 div.dataTables_wrapper div.dt-row {
  position: relative;
 }
 div.dataTables_wrapper span.sorting-value {
  display: none;
 }
 div.dataTables_scrollHead table.dataTable {
  margin-bottom: 0 !important;
@@ -380,17 +390,6 @@ div.dataTables_wrapper div.dataTables_paginate {
 table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) {
  padding-right: 20px;
 }
 table.dataTable.table-sm .sorting:before,
 table.dataTable.table-sm .sorting_asc:before,
 table.dataTable.table-sm .sorting_desc:before {
  top: 5px;
  right: 0.85em;
 }
 table.dataTable.table-sm .sorting:after,
 table.dataTable.table-sm .sorting_asc:after,
 table.dataTable.table-sm .sorting_desc:after {
  top: 5px;
 }
 table.table-bordered.dataTable {
  border-right-width: 0;
@@ -629,13 +628,13 @@ table.dataTable > tbody > tr > .selected {
  background-color: rgba(13, 110, 253, 0.9);
  color: white;
 }
-table.dataTable tbody td.select-checkbox,
+table.dataTable > tbody > tr > td.select-checkbox,
-table.dataTable tbody th.select-checkbox {
+table.dataTable > tbody > tr > th.select-checkbox {
  position: relative;
 }
-table.dataTable tbody td.select-checkbox:before, table.dataTable tbody td.select-checkbox:after,
+table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after,
-table.dataTable tbody th.select-checkbox:before,
+table.dataTable > tbody > tr > th.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:after {
+table.dataTable > tbody > tr > th.select-checkbox:after {
  display: block;
  position: absolute;
  top: 1.2em;
@@ -644,20 +643,20 @@ table.dataTable tbody th.select-checkbox:after {
  height: 12px;
  box-sizing: border-box;
 }
-table.dataTable tbody td.select-checkbox:before,
+table.dataTable > tbody > tr > td.select-checkbox:before,
-table.dataTable tbody th.select-checkbox:before {
+table.dataTable > tbody > tr > th.select-checkbox:before {
  content: " ";
  margin-top: -5px;
  margin-left: -6px;
  border: 1px solid black;
  border-radius: 3px;
 }
-table.dataTable tr.selected td.select-checkbox:before,
+table.dataTable > tbody > tr.selected > td.select-checkbox:before,
-table.dataTable tr.selected th.select-checkbox:before {
+table.dataTable > tbody > tr.selected > th.select-checkbox:before {
  border: 1px solid white;
 }
-table.dataTable tr.selected td.select-checkbox:after,
+table.dataTable > tbody > tr.selected > td.select-checkbox:after,
-table.dataTable tr.selected th.select-checkbox:after {
+table.dataTable > tbody > tr.selected > th.select-checkbox:after {
  content: "✓";
  font-size: 20px;
  margin-top: -19px;
@@ -665,12 +664,12 @@ table.dataTable tr.selected th.select-checkbox:after {
  text-align: center;
  text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9;
 }
-table.dataTable.compact tbody td.select-checkbox:before,
+table.dataTable.compact > tbody > tr > td.select-checkbox:before,
-table.dataTable.compact tbody th.select-checkbox:before {
+table.dataTable.compact > tbody > tr > th.select-checkbox:before {
  margin-top: -12px;
 }
-table.dataTable.compact tr.selected td.select-checkbox:after,
+table.dataTable.compact > tbody > tr.selected > td.select-checkbox:after,
-table.dataTable.compact tr.selected th.select-checkbox:after {
+table.dataTable.compact > tbody > tr.selected > th.select-checkbox:after {
  margin-top: -16px;
 }
@@ -690,4 +689,3 @@ table.dataTable.table-sm tbody td.select-checkbox::before {
  margin-top: -9px;
 }
--- a/data/web/css/build/013-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -77,4 +77,22 @@ li .dtr-data {
 table.dataTable>tbody>tr.child span.dtr-title {
    width: 30%;
    max-width: 250px;
-}
+}
 div.dataTables_wrapper div.dataTables_filter {
    text-align: left;
 }
 div.dataTables_wrapper div.dataTables_length {
    text-align: right;
 }
 .dataTables_paginate, .dataTables_length, .dataTables_filter {
    margin: 10px 0!important;
 }
 td.dt-text-right {
    text-align: end !important;
 }
 th.dt-text-right {
    text-align: end !important;
 }
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
--- a/data/web/css/build/015-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -199,6 +199,13 @@
    display: none !important;
  }
  div.dataTables_wrapper div.dataTables_length {
    text-align: left;
  }
  .senders-mw220 {
    max-width: 100% !important;
  }
 }
@media (max-width: 350px) {
--- a/data/web/css/site/mailbox.css
+++ b/data/web/css/site/mailbox.css
@@ -66,4 +66,6 @@ table tbody tr td input[type="checkbox"] {
  padding: .2em .4em .3em !important;
  background-color: #ececec!important;
 }
-
+.badge.bg-info .bi {
  font-size: inherit;
 }
--- a/data/web/css/site/quarantine.css
+++ b/data/web/css/site/quarantine.css
@@ -1,102 +1,104 @@
-.pagination a {
+.pagination a {
-  text-decoration: none !important;
+  text-decoration: none !important;
-}
+}
-
+
-.panel.panel-default {
+.panel.panel-default {
-  overflow: visible !important;
+  overflow: visible !important;
-}
+}
-
+
-.table-responsive {
+.table-responsive {
-  overflow: visible !important;
+  overflow: visible !important;
-}
+}
-
+
-.table-responsive {
+.table-responsive {
-  overflow-x: scroll !important;
+  overflow-x: scroll !important;
-}
+}
-
+
-.footer-add-item {
+.footer-add-item {
-  display: block;
+  display: block;
-  text-align: center;
+  text-align: center;
-  font-style: italic;
+  font-style: italic;
-  padding: 10px;
+  padding: 10px;
-  background: #F5F5F5;
+  background: #F5F5F5;
-}
+}
-
+
-@media (min-width: 992px) {
+@media (min-width: 992px) {
-  .container {
+  .container {
-    width: 100%;
+    width: 100%;
-  }
+  }
-}
+}
-@media (min-width: 1920px) {
+@media (min-width: 1920px) {
-  .container {
+  .container {
-      width: 80%;
+      width: 80%;
-  }
+  }
-}
+}
-
+
-.mass-actions-quarantine {
+.mass-actions-quarantine {
-  user-select: none;
+  user-select: none;
-}
+}
-
+
-.inputMissingAttr {
+.inputMissingAttr {
-  border-color: #FF4136;
+  border-color: #FF4136;
-}
+}
-
+
-.modal#qidDetailModal p {
+.modal#qidDetailModal p {
-  word-break: break-all;
+  word-break: break-all;
-}
+}
-
+
-span#qid_detail_score {
+span#qid_detail_score {
-  font-weight: 700;
+  font-weight: 700;
-  margin-left: 5px;
+  margin-left: 5px;
-}
+}
-
+
-span.rspamd-symbol {
+span.rspamd-symbol {
-  display: inline-block;
+  display: inline-block;
-  margin: 2px 6px 2px 0;
+  margin: 2px 6px 2px 0;
-  border-radius: 4px;
+  border-radius: 4px;
-  padding: 0 7px;
+  padding: 0 7px;
-}
+}
-
+
-span.rspamd-symbol.positive {
+span.rspamd-symbol.positive {
-  background: #4CAF50;
+  background: #4CAF50;
-  border: 1px solid #4CAF50;
+  border: 1px solid #4CAF50;
-  color: white;
+  color: white;
-}
+}
-
+
-span.rspamd-symbol.negative {
+span.rspamd-symbol.negative {
-  background: #ff4136;
+  background: #ff4136;
-  border: 1px solid #ff4136;
+  border: 1px solid #ff4136;
-  color: white;
+  color: white;
-}
+}
-
+
-span.rspamd-symbol.neutral {
+span.rspamd-symbol.neutral {
-  background: #f5f5f5;
+  background: #f5f5f5;
-  color: #333;
+  color: #333;
-  border: 1px solid #ccc;
+  border: 1px solid #ccc;
-}
+}
-
+
-span.rspamd-symbol span.score {
+span.rspamd-symbol span.score {
-  font-weight: 700;
+  font-weight: 700;
-}
+}
-
+
-span.mail-address-item {
+span.mail-address-item {
-  background-color: #f5f5f5;
+  background-color: #f5f5f5;
-  border-radius: 4px;
+  border-radius: 4px;
-  border: 1px solid #ccc;
+  border: 1px solid #ccc;
-  padding: 2px 7px;
+  padding: 2px 7px;
-  display: inline-block;
+  display: inline-block;
-  margin: 2px 6px 2px 0;
+  margin: 2px 6px 2px 0;
-}
+}
-
+
-table tbody tr {
+table tbody tr {
-  cursor: pointer;
+  cursor: pointer;
-}
+}
-
+
-table tbody tr td input[type="checkbox"] {
+table tbody tr td input[type="checkbox"] {
-  cursor: pointer;
+  cursor: pointer;
-}
+}
-.label-rspamd-action {
+.label-rspamd-action {
-  font-size:110%;
+  font-size:110%;
-  margin:20px;
+  margin:20px;
-}
+}
-
+.senders-mw220 {
  max-width: 220px;
 }
--- a/data/web/css/themes/lumen-bootstrap.css
+++ b/data/web/css/themes/lumen-bootstrap.css
@@ -11,7 +11,86 @@
 * Copyright 2011-2021 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
 */
-@import url("https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,300;0,400;0,700;1,400&display=swap");
+
 /* source-sans-pro-300 - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: normal;
  font-weight: 300;
  src: url('/fonts/source-sans-pro-v21-latin-300.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-300.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-300.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-300.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-300.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-300.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 /* source-sans-pro-300italic - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: italic;
  font-weight: 300;
  src: url('/fonts/source-sans-pro-v21-latin-300italic.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-300italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-300italic.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-300italic.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-300italic.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-300italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 /* source-sans-pro-regular - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: normal;
  font-weight: 400;
  src: url('/fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 /* source-sans-pro-italic - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: italic;
  font-weight: 400;
  src: url('/fonts/source-sans-pro-v21-latin-italic.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-italic.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-italic.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-italic.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 /* source-sans-pro-700 - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: normal;
  font-weight: 700;
  src: url('/fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 /* source-sans-pro-700italic - latin */
@font-face {
  font-family: 'Source Sans Pro';
  font-style: italic;
  font-weight: 700;
  src: url('/fonts/source-sans-pro-v21-latin-700italic.eot'); /* IE9 Compat Modes */
  src: local(''),
       url('/fonts/source-sans-pro-v21-latin-700italic.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/fonts/source-sans-pro-v21-latin-700italic.woff2') format('woff2'), /* Super Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-700italic.woff') format('woff'), /* Modern Browsers */
       url('/fonts/source-sans-pro-v21-latin-700italic.ttf') format('truetype'), /* Safari, Android, iOS */
       url('/fonts/source-sans-pro-v21-latin-700italic.svg#SourceSansPro') format('svg'); /* Legacy iOS */
 }
 :root {
  --bs-blue: #158cba;
  --bs-indigo: #6610f2;
--- a/data/web/css/themes/mailcow-darkmode.css
+++ b/data/web/css/themes/mailcow-darkmode.css
@@ -20,6 +20,11 @@ legend {
    background-color: #7a7a7a !important;
    border-color: #5c5c5c !important;
 }
 .btn-dark {
  color: #000 !important;;
  background-color: #f6f6f6 !important;;
  border-color: #ddd !important;;
 }
 .btn-check:checked+.btn-secondary, .btn-check:active+.btn-secondary, .btn-secondary:active, .btn-secondary.active, .show>.btn-secondary.dropdown-toggle {
    border-color: #7a7a7a !important;
 }
@@ -299,22 +304,22 @@ a:hover {
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover,
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before:hover {
  background-color: #7a7a7a !important;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before {
  background-color: #7a7a7a !important;
  border: 1.5px solid #5c5c5c !important;
  color: #fff !important;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>th.dtr-control:before {
  background-color: #949494;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr>td.child, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.child,
-table.dataTable.dtr-inline.collapsed>tbody>tr>th.child, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>th.child,
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
  background-color: #444444;
 }
@@ -327,7 +332,7 @@ table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
 }
 .btn.btn-outline-secondary {
  color: #fff !important;
-  border-color: #7a7a7a !important;  
+  border-color: #7a7a7a !important;
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
    background-color: #9b9b9b !important;
@@ -358,3 +363,11 @@ table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
    background: #333;
 }
 span.mail-address-item {
    background-color: #333;
    border-radius: 4px;
    border: 1px solid #555;
    padding: 2px 7px;
    display: inline-block;
    margin: 2px 6px 2px 0;
 }
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -65,6 +65,7 @@ $template_data = [
  'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
  'clamd_status' => $clamd_status,
  'containers' => $containers,
  'ip_check' => customize('get', 'ip_check'),
  'lang_admin' => json_encode($lang['admin']),
  'lang_debug' => json_encode($lang['debug']),
  'lang_datatables' => json_encode($lang['datatables']),
--- a/data/web/fonts/source-sans-pro-v21-latin-300.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-300.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-300.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-300.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-700.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-700.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-700.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-700.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-regular.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-regular.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
--- a/data/web/inc/functions.address_rewriting.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@@ -49,7 +49,9 @@ function bcc($_action, $_data = null, $_attr = null) {
      }
      elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
        $mailbox = mailbox('get', 'mailbox_details', $local_dest);
-        if ($mailbox === false && array_key_exists($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
+        $shared_aliases = mailbox('get', 'shared_aliases');
        $direct_aliases = mailbox('get', 'direct_aliases');
        if ($mailbox === false && in_array($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
          $_SESSION['return'][] = array(
            'type' => 'danger',
            'log' => array(__FUNCTION__, $_action, $_data, $_attr),
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -160,6 +160,25 @@ function customize($_action, $_item, $_data = null) {
            'msg' => 'ui_texts'
          );
        break;
        case 'ip_check':
          $ip_check = ($_data['ip_check_opt_in'] == "1") ? 1 : 0;
          try {
            $redis->set('IP_CHECK', $ip_check);
          }
          catch (RedisException $e) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_item, $_data),
              'msg' => array('redis_error', $e)
            );
            return false;
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_item, $_data),
            'msg' => 'ip_check_opt_in_modified'
          );
        break;
      }
    break;
    case 'delete':
@@ -276,6 +295,20 @@ function customize($_action, $_item, $_data = null) {
            return false;
          }
        break;
        case 'ip_check':
          try {
            $ip_check = ($ip_check = $redis->get('IP_CHECK')) ? $ip_check : 0;
            return $ip_check;
          }
          catch (RedisException $e) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_item, $_data),
              'msg' => array('redis_error', $e)
            );
            return false;
          }
        break;
      }
    break;
  }
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -1,407 +1,468 @@
-<?php
+<?php
-function domain_admin($_action, $_data = null) {
+function domain_admin($_action, $_data = null) {
-  global $pdo;
+  global $pdo;
-  global $lang;
+  global $lang;
-  $_data_log = $_data;
+  $_data_log = $_data;
-  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
+  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
-  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
+  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
-  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
+  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
-  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
+  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
-  switch ($_action) {
+  switch ($_action) {
-    case 'add':
+    case 'add':
-      $username		= strtolower(trim($_data['username']));
+      $username		= strtolower(trim($_data['username']));
-      $password		= $_data['password'];
+      $password		= $_data['password'];
-      $password2  = $_data['password2'];
+      $password2  = $_data['password2'];
-      $domains    = (array)$_data['domains'];
+      $domains    = (array)$_data['domains'];
-      $active     = intval($_data['active']);
+      $active     = intval($_data['active']);
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      if (empty($domains)) {
+      if (empty($domains)) {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'domain_invalid'
+          'msg' => 'domain_invalid'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('username_invalid', $username)
+          'msg' => array('username_invalid', $username)
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
+      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      foreach ($num_results as $num_results_each) {
+      foreach ($num_results as $num_results_each) {
-        if ($num_results_each != 0) {
+        if ($num_results_each != 0) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('object_exists', htmlspecialchars($username))
+            'msg' => array('object_exists', htmlspecialchars($username))
-          );
+          );
-          return false;
+          return false;
-        }
+        }
-      }
+      }
-      if (password_check($password, $password2) !== true) {
+      if (password_check($password, $password2) !== true) {
-        continue;
+        continue;
-      }
+      }
-      $password_hashed = hash_password($password);
+      $password_hashed = hash_password($password);
-      $valid_domains = 0;
+      $valid_domains = 0;
-      foreach ($domains as $domain) {
+      foreach ($domains as $domain) {
-        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_invalid', htmlspecialchars($domain))
+            'msg' => array('domain_invalid', htmlspecialchars($domain))
-          );
+          );
-          continue;
+          continue;
-        }
+        }
-        $valid_domains++;
+        $valid_domains++;
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-            VALUES (:username, :domain, :created, :active)");
+            VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-          ':domain' => $domain,
+          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
+          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
+          ':active' => $active
-        ));
+        ));
-      }
+      }
-      if ($valid_domains != 0) {
+      if ($valid_domains != 0) {
-        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
-          VALUES (:username, :password_hashed, '0', :active)");
+          VALUES (:username, :password_hashed, '0', :active)");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-          ':password_hashed' => $password_hashed,
+          ':password_hashed' => $password_hashed,
-          ':active' => $active
+          ':active' => $active
-        ));
+        ));
-      }
+      }
-      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
+      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
-      $stmt->execute(array(
+      $stmt->execute(array(
-        ':username' => $username
+        ':username' => $username
-      ));
+      ));
-      $_SESSION['return'][] = array(
+      $_SESSION['return'][] = array(
-        'type' => 'success',
+        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
+        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => array('domain_admin_added', htmlspecialchars($username))
+        'msg' => array('domain_admin_added', htmlspecialchars($username))
-      );
+      );
-    break;
+    break;
-    case 'edit':
+    case 'edit':
-      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      // Administrator
+      // Administrator
-      if ($_SESSION['mailcow_cc_role'] == "admin") {
+      if ($_SESSION['mailcow_cc_role'] == "admin") {
-        if (!is_array($_data['username'])) {
+        if (!is_array($_data['username'])) {
-          $usernames = array();
+          $usernames = array();
-          $usernames[] = $_data['username'];
+          $usernames[] = $_data['username'];
-        }
+        }
-        else {
+        else {
-          $usernames = $_data['username'];
+          $usernames = $_data['username'];
-        }
+        }
-        foreach ($usernames as $username) {
+        foreach ($usernames as $username) {
-          $is_now = domain_admin('details', $username);
+          $is_now = domain_admin('details', $username);
-          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
+          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
-          if (!empty($is_now)) {
+          if (!empty($is_now)) {
-            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
-            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
+            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
-            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
+            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
-          }
+          }
-          else {
+          else {
-            $_SESSION['return'][] = array(
+            $_SESSION['return'][] = array(
-              'type' => 'danger',
+              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => 'access_denied'
+              'msg' => 'access_denied'
-            );
+            );
-            continue;
+            continue;
-          }
+          }
-          $password     = $_data['password'];
+          $password     = $_data['password'];
-          $password2    = $_data['password2'];
+          $password2    = $_data['password2'];
-          if (!empty($domains)) {
+          if (!empty($domains)) {
-            foreach ($domains as $domain) {
+            foreach ($domains as $domain) {
-              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-                $_SESSION['return'][] = array(
+                $_SESSION['return'][] = array(
-                  'type' => 'danger',
+                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_data_log),
+                  'log' => array(__FUNCTION__, $_action, $_data_log),
-                  'msg' => array('domain_invalid', htmlspecialchars($domain))
+                  'msg' => array('domain_invalid', htmlspecialchars($domain))
-                );
+                );
-                continue 2;
+                continue 2;
-              }
+              }
-            }
+            }
-          }
+          }
-          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
+          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
-            $_SESSION['return'][] = array(
+            $_SESSION['return'][] = array(
-              'type' => 'danger',
+              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => array('username_invalid', $username_new)
+              'msg' => array('username_invalid', $username_new)
-            );
+            );
-            continue;
+            continue;
-          }
+          }
-          if ($username_new != $username) {
+          if ($username_new != $username) {
-            if (!empty(domain_admin('details', $username_new)['username'])) {
+            if (!empty(domain_admin('details', $username_new)['username'])) {
-              $_SESSION['return'][] = array(
+              $_SESSION['return'][] = array(
-                'type' => 'danger',
+                'type' => 'danger',
-                'log' => array(__FUNCTION__, $_action, $_data_log),
+                'log' => array(__FUNCTION__, $_action, $_data_log),
-                'msg' => array('username_invalid', $username_new)
+                'msg' => array('username_invalid', $username_new)
-              );
+              );
-              continue;
+              continue;
-            }
+            }
-          }
+          }
-          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-          $stmt->execute(array(
+          $stmt->execute(array(
-            ':username' => $username,
+            ':username' => $username,
-          ));
+          ));
-          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
+          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
-          $stmt->execute(array(
+          $stmt->execute(array(
-            ':username_new' => $username_new,
+            ':username_new' => $username_new,
-            ':username' => $username
+            ':username' => $username
-          ));
+          ));
-          if (!empty($domains)) {
+          if (!empty($domains)) {
-            foreach ($domains as $domain) {
+            foreach ($domains as $domain) {
-              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-                VALUES (:username_new, :domain, :created, :active)");
+                VALUES (:username_new, :domain, :created, :active)");
-              $stmt->execute(array(
+              $stmt->execute(array(
-                ':username_new' => $username_new,
+                ':username_new' => $username_new,
-                ':domain' => $domain,
+                ':domain' => $domain,
-                ':created' => date('Y-m-d H:i:s'),
+                ':created' => date('Y-m-d H:i:s'),
-                ':active' => $active
+                ':active' => $active
-              ));
+              ));
-            }
+            }
-          }
+          }
-          if (!empty($password)) {
+          if (!empty($password)) {
-            if (password_check($password, $password2) !== true) {
+            if (password_check($password, $password2) !== true) {
-              return false;
+              return false;
-            }
+            }
-            $password_hashed = hash_password($password);
+            $password_hashed = hash_password($password);
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-            $stmt->execute(array(
+            $stmt->execute(array(
-              ':password_hashed' => $password_hashed,
+              ':password_hashed' => $password_hashed,
-              ':username_new' => $username_new,
+              ':username_new' => $username_new,
-              ':username' => $username,
+              ':username' => $username,
-              ':active' => $active
+              ':active' => $active
-            ));
+            ));
-            if (isset($_data['disable_tfa'])) {
+            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
+              $stmt->execute(array(':username' => $username));
-            }
+            }
-            else {
+            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
+            }
-          }
+          }
-          else {
+          else {
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
-            $stmt->execute(array(
+            $stmt->execute(array(
-              ':username_new' => $username_new,
+              ':username_new' => $username_new,
-              ':username' => $username,
+              ':username' => $username,
-              ':active' => $active
+              ':active' => $active
-            ));
+            ));
-            if (isset($_data['disable_tfa'])) {
+            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
+              $stmt->execute(array(':username' => $username));
-            }
+            }
-            else {
+            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
+            }
-          }
+          }
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'success',
+            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_admin_modified', htmlspecialchars($username))
+            'msg' => array('domain_admin_modified', htmlspecialchars($username))
-          );
+          );
-        }
+        }
-        return true;
+        return true;
-      }
+      }
-      // Domain administrator
+      // Domain administrator
-      // Can only edit itself
+      // Can only edit itself
-      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
+      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
-        $username = $_SESSION['mailcow_cc_username'];
+        $username = $_SESSION['mailcow_cc_username'];
-        $password_old		= $_data['user_old_pass'];
+        $password_old		= $_data['user_old_pass'];
-        $password_new	= $_data['user_new_pass'];
+        $password_new	= $_data['user_new_pass'];
-        $password_new2	= $_data['user_new_pass2'];
+        $password_new2	= $_data['user_new_pass2'];
-
+
-        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-            WHERE `username` = :user");
+            WHERE `username` = :user");
-        $stmt->execute(array(':user' => $username));
+        $stmt->execute(array(':user' => $username));
-        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!verify_hash($row['password'], $password_old)) {
+        if (!verify_hash($row['password'], $password_old)) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'access_denied'
+            'msg' => 'access_denied'
-          );
+          );
-          return false;
+          return false;
-        }
+        }
-        if (password_check($password_new, $password_new2) !== true) {
+        if (password_check($password_new, $password_new2) !== true) {
-          return false;
+          return false;
-        }
+        }
-        $password_hashed = hash_password($password_new);
+        $password_hashed = hash_password($password_new);
-        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':password_hashed' => $password_hashed,
+          ':password_hashed' => $password_hashed,
-          ':username' => $username
+          ':username' => $username
-        ));
+        ));
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'success',
+          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_modified', htmlspecialchars($username))
+          'msg' => array('domain_admin_modified', htmlspecialchars($username))
-        );
+        );
-      }
+      }
-    break;
+    break;
-    case 'delete':
+    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      $usernames = (array)$_data['username'];
+      $usernames = (array)$_data['username'];
-      foreach ($usernames as $username) {
+      foreach ($usernames as $username) {
-        if (empty(domain_admin('details', $username))) {
+        if (empty(domain_admin('details', $username))) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('username_invalid', $username)
+            'msg' => array('username_invalid', $username)
-          );
+          );
-          continue;
+          continue;
-        }
+        }
-        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'success',
+          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_removed', htmlspecialchars($username))
+          'msg' => array('domain_admin_removed', htmlspecialchars($username))
-        );
+        );
-      }
+      }
-    break;
+    break;
-    case 'get':
+    case 'get':
-      $domainadmins = array();
+      $domainadmins = array();
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      $stmt = $pdo->query("SELECT DISTINCT
+      $stmt = $pdo->query("SELECT DISTINCT
-        `username`
+        `username`
-          FROM `domain_admins`
+          FROM `domain_admins`
-            WHERE `username` IN (
+            WHERE `username` IN (
-              SELECT `username` FROM `admin`
+              SELECT `username` FROM `admin`
-                WHERE `superadmin`!='1'
+                WHERE `superadmin`!='1'
-            )");
+            )");
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while ($row = array_shift($rows)) {
+      while ($row = array_shift($rows)) {
-        $domainadmins[] = $row['username'];
+        $domainadmins[] = $row['username'];
-      }
+      }
-      return $domainadmins;
+      return $domainadmins;
-    break;
+    break;
-    case 'details':
+    case 'details':
-      $domainadmindata = array();
+      $domainadmindata = array();
-      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
+      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
-        return false;
+        return false;
-      }
+      }
-      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
+      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
+        return false;
-      }
+      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
-        return false;
+        return false;
-      }
+      }
-      $stmt = $pdo->prepare("SELECT
+      $stmt = $pdo->prepare("SELECT
-        `tfa`.`active` AS `tfa_active`,
+        `tfa`.`active` AS `tfa_active`,
-        `domain_admins`.`username`,
+        `domain_admins`.`username`,
-        `domain_admins`.`created`,
+        `domain_admins`.`created`,
-        `domain_admins`.`active` AS `active`
+        `domain_admins`.`active` AS `active`
-          FROM `domain_admins`
+          FROM `domain_admins`
-          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
+          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
-            WHERE `domain_admins`.`username`= :domain_admin");
+            WHERE `domain_admins`.`username`= :domain_admin");
-      $stmt->execute(array(
+      $stmt->execute(array(
-        ':domain_admin' => $_data
+        ':domain_admin' => $_data
-      ));
+      ));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if (empty($row)) {
+      if (empty($row)) {
-        return false;
+        return false;
-      }
+      }
-      $domainadmindata['username'] = $row['username'];
+      $domainadmindata['username'] = $row['username'];
-      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['active'] = $row['active'];
+      $domainadmindata['active'] = $row['active'];
-      $domainadmindata['active_int'] = $row['active'];
+      $domainadmindata['active_int'] = $row['active'];
-      $domainadmindata['created'] = $row['created'];
+      $domainadmindata['created'] = $row['created'];
-      // GET SELECTED
+      // GET SELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` IN (
+        WHERE `domain` IN (
-          SELECT `domain` FROM `domain_admins`
+          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
+            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
+      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
+      while($row = array_shift($rows)) {
-        $domainadmindata['selected_domains'][] = $row['domain'];
+        $domainadmindata['selected_domains'][] = $row['domain'];
-      }
+      }
-      // GET UNSELECTED
+      // GET UNSELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` NOT IN (
+        WHERE `domain` NOT IN (
-          SELECT `domain` FROM `domain_admins`
+          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
+            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
+      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
+      while($row = array_shift($rows)) {
-        $domainadmindata['unselected_domains'][] = $row['domain'];
+        $domainadmindata['unselected_domains'][] = $row['domain'];
-      }
+      }
-      if (!isset($domainadmindata['unselected_domains'])) {
+      if (!isset($domainadmindata['unselected_domains'])) {
-        $domainadmindata['unselected_domains'] = "";
+        $domainadmindata['unselected_domains'] = "";
-      }
+      }
-
+
-      return $domainadmindata;
+      return $domainadmindata;
-    break;
+    break;
-  }
+  }
-}
+}
 function domain_admin_sso($_action, $_data) {
  global $pdo;
  switch ($_action) {
    case 'check':
      $token = $_data;
      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `da_sso` AS `t1` JOIN `admin` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL '30' SECOND) AND `t2`.`active` = 1 AND `t2`.`superadmin` = 0;");
      $stmt->execute(array(
        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token)
      ));
      $return = $stmt->fetch(PDO::FETCH_ASSOC);
      return empty($return['username']) ? false : $return['username'];
    case 'issue':
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_data),
          'msg' => 'access_denied'
        );
        return false;
      }
      $username = $_data['username'];
      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
        WHERE `username` = :username");
      $stmt->execute(array(':username' => $username));
      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
      if ($num_results < 1) {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_data),
          'msg' => array('object_doesnt_exist', htmlspecialchars($username))
        );
        return false;
      }
      $token = implode('-', array(
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3)))
      ));
      $stmt = $pdo->prepare("INSERT INTO `da_sso` (`username`, `token`)
            VALUES (:username, :token)");
      $stmt->execute(array(
        ':username' => $username,
        ':token' => $token
      ));
      // perform cleanup
      $pdo->query("DELETE FROM `da_sso` WHERE created < DATE_SUB(NOW(), INTERVAL '30' SECOND);");
      return ['token' => $token];
    break;
  }
 }
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -239,7 +239,9 @@ function fail2ban($_action, $_data = null) {
      $is_now = fail2ban('get');
      if (!empty($is_now)) {
        $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
        $ban_time_increment = (isset($_data['ban_time_increment']) && $_data['ban_time_increment'] == "1") ? 1 : 0;
        $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['max_attempts']);
        $max_ban_time = intval((isset($_data['max_ban_time'])) ? $_data['max_ban_time'] : $is_now['max_ban_time']);
        $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
        $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']);
        $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']);
@@ -256,6 +258,8 @@ function fail2ban($_action, $_data = null) {
      }
      $f2b_options = array();
      $f2b_options['ban_time'] = ($ban_time < 60) ? 60 : $ban_time;
      $f2b_options['ban_time_increment'] = ($ban_time_increment == 1) ? true : false;
      $f2b_options['max_ban_time'] = ($max_ban_time < 60) ? 60 : $max_ban_time;
      $f2b_options['netban_ipv4'] = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
      $f2b_options['netban_ipv6'] = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
      $f2b_options['netban_ipv4'] = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1015,20 +1015,58 @@ function formatBytes($size, $precision = 2) {
  }
  return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
 }
-function update_sogo_static_view() {
+function update_sogo_static_view($mailbox = null) {
  if (getenv('SKIP_SOGO') == "y") {
    return true;
  }
  global $pdo;
  global $lang;
-  $stmt = $pdo->query("SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES
+
-    WHERE TABLE_NAME = 'sogo_view'");
+  $mailbox_exists = false;
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+  if ($mailbox !== null) {
-  if ($num_results != 0) {
+    // Check if the mailbox exists
-    $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+    $stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
-      SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
+    $stmt->execute(array(':mailbox' => $mailbox));
-    $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);  
    if ($row){
      $mailbox_exists = true;
    }
  }
  $query = "REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
            SELECT
              mailbox.username,
              mailbox.domain,
              mailbox.username,
              IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0',
                 IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
                 '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
              mailbox.name,
              mailbox.username,
              IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
              IFNULL(gda.ad_alias, ''),
              IFNULL(external_acl.send_as_acl, ''),
              mailbox.kind,
              mailbox.multiple_bookings
            FROM
              mailbox
              LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
              LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
              LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
            WHERE
              mailbox.active = '1'";
  if ($mailbox_exists) {
    $query .= " AND mailbox.username = :mailbox";
    $stmt = $pdo->prepare($query);
    $stmt->execute(array(':mailbox' => $mailbox));
  } else {
    $query .= " GROUP BY mailbox.username";
    $stmt = $pdo->query($query);
  }
  $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
  flush_memcached();
 }
 function edit_user_account($_data) {
@@ -1739,7 +1777,7 @@ function verify_tfa_login($username, $_data) {
              $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'authenticator not found')
+                  'msg' => array('webauthn_authenticator_failed')
              );
              return false;
            } 
@@ -1748,11 +1786,20 @@ function verify_tfa_login($username, $_data) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
+                    'msg' => array('webauthn_publickey_failed')
                );
                return false;
            }
            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
              $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
                  'msg' => array('webauthn_username_failed')
              );
              return false;
            }
            try {
                $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
            }
@@ -1784,21 +1831,12 @@ function verify_tfa_login($username, $_data) {
                $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'could not determine user role')
+                  'msg' => array('webauthn_role_failed')
                );
                return false;
              }
            }
            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
                );
                return false;
            }
            $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
            $_SESSION['tfa_id'] = $process_webauthn['id'];
            $_SESSION['authReq'] = null;
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1264,11 +1264,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            ));
          }
          update_sogo_static_view($username);
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('mailbox_added', htmlspecialchars($username))
          );
          return true;
        break;
        case 'resource':
          $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
@@ -2879,67 +2881,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                $_SESSION['return'][] = array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'access_denied'
+                  'msg' => 'extended_sender_acl_denied'
                );
                return false;
              }
-              $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
+              else {
-              foreach ($extra_acls as $i => &$extra_acl) {
+                $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
-                if (empty($extra_acl)) {
+                foreach ($extra_acls as $i => &$extra_acl) {
-                  continue;
+                  if (empty($extra_acl)) {
-                }
+                    continue;
-                if (substr($extra_acl, 0, 1) === "@") {
+                  }
-                  $extra_acl = ltrim($extra_acl, '@');
+                  if (substr($extra_acl, 0, 1) === "@") {
-                }
+                    $extra_acl = ltrim($extra_acl, '@');
-                if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
+                  }
-                  $_SESSION['return'][] = array(
+                  if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                    'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                  );
                  unset($extra_acls[$i]);
                  continue;
                }
                $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
                if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
                  $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
                  if (in_array($extra_acl_domain, $domains)) {
                    $_SESSION['return'][] = array(
                      'type' => 'danger',
                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                    );
                    unset($extra_acls[$i]);
                    continue;
                  }
-                }
+                  $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
-                else {
+                  if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
-                  if (in_array($extra_acl, $domains)) {
+                    $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
-                    $_SESSION['return'][] = array(
+                    if (in_array($extra_acl_domain, $domains)) {
-                      'type' => 'danger',
+                      $_SESSION['return'][] = array(
-                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'type' => 'danger',
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                    );
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
-                    unset($extra_acls[$i]);
+                      );
-                    continue;
+                      unset($extra_acls[$i]);
                      continue;
                    }
                  }
                  else {
                    if (in_array($extra_acl, $domains)) {
                      $_SESSION['return'][] = array(
                        'type' => 'danger',
                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
                      );
                      unset($extra_acls[$i]);
                      continue;
                    }
                    $extra_acl = '@' . $extra_acl;
                  }
                  $extra_acl = '@' . $extra_acl;
                }
-              }
+                $extra_acls = array_filter($extra_acls);
-              $extra_acls = array_filter($extra_acls);
+                $extra_acls = array_values($extra_acls);
-              $extra_acls = array_values($extra_acls);
+                $extra_acls = array_unique($extra_acls);
-              $extra_acls = array_unique($extra_acls);
+                $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
              $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
              $stmt->execute(array(
                ':username' => $username
              ));
              foreach ($extra_acls as $sender_acl_external) {
                $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
                  VALUES (:sender_acl, :username, 1)");
                $stmt->execute(array(
                  ':sender_acl' => $sender_acl_external,
                  ':username' => $username
                ));
                foreach ($extra_acls as $sender_acl_external) {
                  $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
                    VALUES (:sender_acl, :username, 1)");
                  $stmt->execute(array(
                    ':sender_acl' => $sender_acl_external,
                    ':username' => $username
                  ));
                }
              }
            }
            if (isset($_data['sender_acl'])) {
@@ -3129,7 +3132,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => array('mailbox_modified', $username)
            );
            update_sogo_static_view($username);
          }
          return true;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
@@ -3959,6 +3965,39 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          }
          return $aliasdomaindata;
        break;
        case 'shared_aliases':
          $shared_aliases = array();
          $stmt = $pdo->query("SELECT `address` FROM `alias`
            WHERE `goto` REGEXP ','
            AND `address` NOT LIKE '@%'
            AND `goto` != `address`");
          $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
          while($row = array_shift($rows)) {
            $domain = explode("@", $row['address'])[1];
            if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
              $shared_aliases[] = $row['address'];
            }
          }
          return $shared_aliases;
        break;
        case 'direct_aliases':
          $direct_aliases = array();
          $stmt = $pdo->query("SELECT `address` FROM `alias`
            WHERE `goto` NOT LIKE '%,%'
            AND `address` NOT LIKE '@%'
            AND `goto` != `address`");
          $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
          while($row = array_shift($rows)) {
            $domain = explode("@", $row['address'])[1];
            if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
              $direct_aliases[] = $row['address'];
            }
          }
          return $direct_aliases;
        break;
        case 'domains':
          $domains = array();
          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
@@ -4950,9 +4989,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            $stmt->execute(array(
              ':username' => $username
            ));
-            $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
+            $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as OR `send_as` = :send_as");
            $stmt->execute(array(
-              ':username' => $username
+              ':logged_in_as' => $username,
              ':send_as' => $username
            ));
            // fk, better safe than sorry
            $stmt = $pdo->prepare("DELETE FROM `user_acl` WHERE `username` = :username");
@@ -5052,12 +5092,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              );
              continue;
            }
            update_sogo_static_view($username);
            $_SESSION['return'][] = array(
              'type' => 'success',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => array('mailbox_removed', htmlspecialchars($username))
            );
          }
          return true;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
@@ -5170,15 +5213,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $tags = $_data['tags'];
          if (!is_array($tags)) $tags = array();
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => 'access_denied'
            );
            return false;
          }
          $wasModified = false;
          foreach ($domains as $domain) {            
@@ -5190,7 +5224,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              );
              continue;
            }
-
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
              $_SESSION['return'][] = array(
                'type' => 'danger',
                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                'msg' => 'access_denied'
              );
              return false;
            }
            foreach($tags as $tag){
              // delete tag
              $wasModified = true;
@@ -5264,7 +5306,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
      }
    break;
  }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {
    update_sogo_static_view();
  }
 }
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,140 +1,140 @@
-<?php
+<?php
-// Start session
+// Start session
-if (session_status() !== PHP_SESSION_ACTIVE) {
+if (session_status() !== PHP_SESSION_ACTIVE) {
-  ini_set("session.cookie_httponly", 1);
+  ini_set("session.cookie_httponly", 1);
-  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
+  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
-}
+}
-
+
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
-  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
+  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
+    ini_set("session.cookie_secure", 1);
-  }
+  }
-  $IS_HTTPS = true;
+  $IS_HTTPS = true;
-}
+}
-elseif (isset($_SERVER['HTTPS'])) {
+elseif (isset($_SERVER['HTTPS'])) {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
+    ini_set("session.cookie_secure", 1);
-  }
+  }
-  $IS_HTTPS = true;
+  $IS_HTTPS = true;
-}
+}
-else {
+else {
-  $IS_HTTPS = false;
+  $IS_HTTPS = false;
-}
+}
-
+
-if (session_status() !== PHP_SESSION_ACTIVE) {
+if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_start();
+  session_start();
-}
+}
-
+
-if (!isset($_SESSION['CSRF']['TOKEN'])) {
+if (!isset($_SESSION['CSRF']['TOKEN'])) {
-  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-}
+}
-
+
-// Set session UA
+// Set session UA
-if (!isset($_SESSION['SESS_REMOTE_UA'])) {
+if (!isset($_SESSION['SESS_REMOTE_UA'])) {
-  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
+  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
-}
+}
-
+
-// Keep session active
+// Keep session active
-if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
-  session_unset();
+  session_unset();
-  session_destroy();
+  session_destroy();
-}
+}
-$_SESSION['LAST_ACTIVITY'] = time();
+$_SESSION['LAST_ACTIVITY'] = time();
-
+
-// API
+// API
-if (!empty($_SERVER['HTTP_X_API_KEY'])) {
+if (!empty($_SERVER['HTTP_X_API_KEY'])) {
-  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
+  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
-  $stmt->execute(array(
+  $stmt->execute(array(
-    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
+    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
-  ));
+  ));
-  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
+  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!empty($api_return['api_key'])) {
+  if (!empty($api_return['api_key'])) {
-    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
+    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
-    $remote = get_remote_ip(false);
+    $remote = get_remote_ip(false);
-    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
+    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
-    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
+    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
-      $_SESSION['mailcow_cc_username'] = 'API';
+      $_SESSION['mailcow_cc_username'] = 'API';
-      $_SESSION['mailcow_cc_role'] = 'admin';
+      $_SESSION['mailcow_cc_role'] = 'admin';
-      $_SESSION['mailcow_cc_api'] = true;
+      $_SESSION['mailcow_cc_api'] = true;
-      if ($api_return['access'] == 'rw') {
+      if ($api_return['access'] == 'rw') {
-        $_SESSION['mailcow_cc_api_access'] = 'rw';
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
-      }
+      }
-      else {
+      else {
-        $_SESSION['mailcow_cc_api_access'] = 'ro';
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
-      }
+      }
-    }
+    }
-    else {
+    else {
-      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-      http_response_code(401);
+      http_response_code(401);
-      echo json_encode(array(
+      echo json_encode(array(
-        'type' => 'error',
+        'type' => 'error',
-        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
+        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
-      ));
+      ));
-      unset($_POST);
+      unset($_POST);
-      exit();
+      exit();
-    }
+    }
-  }
+  }
-  else {
+  else {
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    http_response_code(401);
+    http_response_code(401);
-    echo json_encode(array(
+    echo json_encode(array(
-      'type' => 'error',
+      'type' => 'error',
-      'msg' => 'authentication failed'
+      'msg' => 'authentication failed'
-    ));
+    ));
-    unset($_POST);
+    unset($_POST);
-    exit();
+    exit();
-  }
+  }
-}
+}
-
+
-// Handle logouts
+// Handle logouts
-if (isset($_POST["logout"])) {
+if (isset($_POST["logout"])) {
-  if (isset($_SESSION["dual-login"])) {
+  if (isset($_SESSION["dual-login"])) {
-    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
+    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
-    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
-    unset($_SESSION["dual-login"]);
+    unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
+    header("Location: /mailbox");
-    exit();
+    exit();
-  }
+  }
-  else {
+  else {
-    session_regenerate_id(true);
+    session_regenerate_id(true);
-    session_unset();
+    session_unset();
-    session_destroy();
+    session_destroy();
-    session_write_close();
+    session_write_close();
-    header("Location: /");
+    header("Location: /");
-  }
+  }
-}
+}
-
+
-// Check session
+// Check session
-function session_check() {
+function session_check() {
-  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
+  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
-    return true;
+    return true;
-  }
+  }
-  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
+  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
-    $_SESSION['return'][] = array(
+    $_SESSION['return'][] = array(
-      'type' => 'warning',
+      'type' => 'warning',
-      'msg' => 'session_ua'
+      'msg' => 'session_ua'
-    );
+    );
-    return false;
+    return false;
-  }
+  }
-  if (!empty($_POST)) {
+  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
+      $_SESSION['return'][] = array(
-        'type' => 'warning',
+        'type' => 'warning',
-        'msg' => 'session_token'
+        'msg' => 'session_token'
-      );
+      );
-      return false;
+      return false;
-    }
+    }
-    unset($_POST['csrf_token']);
+    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
+    $_SESSION['CSRF']['TIME'] = time();
-  }
+  }
-  return true;
+  return true;
-}
+}
-
+
-if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
+if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  $_POST = array();
+  $_POST = array();
-  $_FILES = array();
+  $_FILES = array();
-}
+}
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,15 @@
 <?php
 // SSO Domain Admin
 if (!empty($_GET['sso_token'])) {
  $username = domain_admin_sso('check', $_GET['sso_token']);
  if ($username !== false) {
    $_SESSION['mailcow_cc_username'] = $username;
    $_SESSION['mailcow_cc_role'] = 'domainadmin';
    header('Location: /mailbox');
  }
 }
 if (isset($_POST["verify_tfa_login"])) {
  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
@@ -6,7 +17,7 @@ if (isset($_POST["verify_tfa_login"])) {
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_methods']);
-	
+
    header("Location: /user");
  } else {
    unset($_SESSION['pending_mailcow_cc_username']);
@@ -34,7 +45,7 @@ if (isset($_POST["quick_delete"])) {
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$login_user = strtolower(trim($_POST["login_user"]));
 	$as = check_login($login_user, $_POST["pass_user"]);
-  
+
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
@@ -52,7 +63,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
        unset($_SESSION['index_query_string']);
        if (in_array('mobileconfig', $http_parameters)) {
            if (in_array('only_email', $http_parameters)) {
-                header("Location: /mobileconfig.php?email_only");
+                header("Location: /mobileconfig.php?only_email");
                die();
            }
            header("Location: /mobileconfig.php");
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -124,7 +124,7 @@ $MAILCOW_APPS = array(
 );
 // Rows until pagination begins
-$PAGINATION_SIZE = 20;
+$PAGINATION_SIZE = 25;
 // Default number of rows/lines to display (log table)
 $LOG_LINES = 1000;
--- a/data/web/js/build/004-datatables.js
+++ b/data/web/js/build/004-datatables.js
@@ -4,20 +4,20 @@
 *
 * To rebuild or modify this file with the latest versions of the included
 * software please visit:
- *   https://datatables.net/download/#bs5/dt-1.12.0/r-2.3.0/sl-1.4.0
+ *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
 *
 * Included libraries:
- *   DataTables 1.12.0, Responsive 2.3.0, Select 1.4.0
+ *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
 */
-/*! DataTables 1.12.0
+/*! DataTables 1.13.1
 * ©2008-2022 SpryMedia Ltd - datatables.net/license
 */
 /**
 * @summary     DataTables
 * @description Paginate, search and order HTML tables
- * @version     1.12.0
+ * @version     1.13.1
 * @author      SpryMedia Ltd
 * @contact     www.datatables.net
 * @copyright   SpryMedia Ltd.
@@ -1162,6 +1162,10 @@
 				$( rowOne[0] ).children('th, td').each( function (i, cell) {
 					var col = oSettings.aoColumns[i];
 					if (! col) {
 						_fnLog( oSettings, 0, 'Incorrect column count', 18 );
 					}
 					if ( col.mData === i ) {
 						var sort = a( cell, 'sort' ) || a( cell, 'order' );
 						var filter = a( cell, 'filter' ) || a( cell, 'search' );
@@ -3166,6 +3170,11 @@
 				create = nTrIn ? false : true;
 				nTd = create ? document.createElement( oCol.sCellType ) : anTds[i];
 				if (! nTd) {
 					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
 				}
 				nTd._DT_CellIndex = {
 					row: iRow,
 					column: i
@@ -3316,10 +3325,16 @@
 			for ( i=0, ien=cells.length ; i<ien ; i++ ) {
 				column = columns[i];
 				column.nTf = cells[i].cell;
-				if ( column.sClass ) {
+				if (column) {
-					$(column.nTf).addClass( column.sClass );
+					column.nTf = cells[i].cell;
 					if ( column.sClass ) {
 						$(column.nTf).addClass( column.sClass );
 					}
 				}
 				else {
 					_fnLog( oSettings, 0, 'Incorrect column count', 18 );
 				}
 			}
 		}
@@ -5079,6 +5094,10 @@
 				_fnDraw( settings );
 			}
 		}
 		else {
 			// No change event - paging was called, but no change
 			_fnCallbackFire( settings, null, 'page-nc', [settings] );
 		}
 		return changed;
 	}
@@ -5348,6 +5367,7 @@
 			footerCopy = footer.clone().prependTo( table );
 			footerTrgEls = footer.find('tr'); // the original tfoot is in its own table and must be sized
 			footerSrcEls = footerCopy.find('tr');
 			footerCopy.find('[id]').removeAttr('id');
 		}
 		// Clone the current header and footer elements and then place it into the inner table
@@ -5355,6 +5375,7 @@
 		headerTrgEls = header.find('tr'); // original header is in its own table
 		headerSrcEls = headerCopy.find('tr');
 		headerCopy.find('th, td').removeAttr('tabindex');
 		headerCopy.find('[id]').removeAttr('id');
 		/*
@@ -8332,8 +8353,12 @@
 	$(document).on('plugin-init.dt', function (e, context) {
 		var api = new _Api( context );
 		const namespace = 'on-plugin-init';
 		const stateSaveParamsEvent = `stateSaveParams.${namespace}`;
 		const destroyEvent = `destroy.${namespace}`;
-		api.on( 'stateSaveParams', function ( e, settings, d ) {
+		api.on( stateSaveParamsEvent, function ( e, settings, d ) {
 			// This could be more compact with the API, but it is a lot faster as a simple
 			// internal loop
 			var idFn = settings.rowIdFn;
@@ -8347,7 +8372,11 @@
 			}
 			d.childRows = ids;
-		})
+		});
 		api.on( destroyEvent, function () {
 			api.off(`${stateSaveParamsEvent} ${destroyEvent}`);
 		});
 		var loaded = api.state.loaded();
@@ -9668,7 +9697,7 @@
 	 *  @type string
 	 *  @default Version number
 	 */
-	DataTable.version = "1.12.0";
+	DataTable.version = "1.13.1";
 	/**
 	 * Private data store, containing all of the settings objects that are
@@ -14092,7 +14121,7 @@
 		 *
 		 *  @type string
 		 */
-		build:"bs5/dt-1.12.0/r-2.3.0/sl-1.4.0",
+		build:"bs5/dt-1.13.1/r-2.4.0/sl-1.5.0",
 		/**
@@ -14730,7 +14759,7 @@
 				var classes = settings.oClasses;
 				var lang = settings.oLanguage.oPaginate;
 				var aria = settings.oLanguage.oAria.paginate || {};
-				var btnDisplay, btnClass, counter=0;
+				var btnDisplay, btnClass;
 				var attach = function( container, buttons ) {
 					var i, ien, node, button, tabIndex;
@@ -14805,7 +14834,7 @@
 										'class': classes.sPageButton+' '+btnClass,
 										'aria-controls': settings.sTableId,
 										'aria-label': aria[ button ],
-										'data-dt-idx': counter,
+										'data-dt-idx': button,
 										'tabindex': tabIndex,
 										'id': idx === 0 && typeof button === 'string' ?
 											settings.sTableId +'_'+ button :
@@ -14817,8 +14846,6 @@
 								_fnBindAction(
 									node, {action: button}, clickHandler
 								);
 								counter++;
 							}
 						}
 					}
@@ -15163,7 +15190,7 @@
 			}
 		}
 		else if (window.luxon) {
-			dt = format
+			dt = format && typeof d === 'string'
 				? window.luxon.DateTime.fromFormat( d, format )
 				: window.luxon.DateTime.fromISO( d );
@@ -15303,14 +15330,26 @@
 	}
 	// Based on locale, determine standard number formatting
-	var __thousands = '';
+	// Fallback for legacy browsers is US English
-	var __decimal = '';
+	var __thousands = ',';
 	var __decimal = '.';
 	if (Intl) {
-		var num = new Intl.NumberFormat().formatToParts(1000.1);
+		try {
-	
+			var num = new Intl.NumberFormat().formatToParts(100000.1);
-		__thousands = num[1].value;
+		
-		__decimal = num[3].value;
+			for (var i=0 ; i<num.length ; i++) {
 				if (num[i].type === 'group') {
 					__thousands = num[i].value;
 				}
 				else if (num[i].type === 'decimal') {
 					__decimal = num[i].value;
 				}
 			}
 		}
 		catch (e) {
 			// noop
 		}
 	}
 	// Formatted date time detection - use by declaring the formats you are going to use
@@ -15379,6 +15418,10 @@
 						return d;
 					}
 					if (d === '' || d === null) {
 						return d;
 					}
 					var negative = d < 0 ? '-' : '';
 					var flo = parseFloat( d );
@@ -15569,7 +15612,7 @@
 	$.each( DataTable, function ( prop, val ) {
 		$.fn.DataTable[ prop ] = val;
 	} );
-	
+
 	return DataTable;
 }));
@@ -15578,14 +15621,6 @@
 * 2020 SpryMedia Ltd - datatables.net/license
 */
 /**
 * DataTables integration for Bootstrap 4. This requires Bootstrap 5 and
 * DataTables 1.10 or newer.
 *
 * This file sets the defaults and adds options to DataTables to style its
 * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
 * for further information.
 */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -15597,16 +15632,22 @@
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
 				// CommonJS environments without a window global must pass a
 				// root. This will give an error otherwise
 				root = window;
 			}
-			if ( ! $ || ! $.fn.dataTable ) {
+			if ( ! $ ) {
-				// Require DataTables, which attaches to jQuery, including
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
-				// jQuery if needed and have a $ property so we can access the
+					require('jquery') :
-				// jQuery object that is used
+					require('jquery')( root );
 				$ = require('datatables.net')(root, $).$;
 			}
 			if ( ! $.fn.dataTable ) {
 				require('datatables.net')(root, $);
 			}
 			return factory( $, root, root.document );
 		};
 	}
@@ -15619,11 +15660,21 @@
 var DataTable = $.fn.dataTable;
 /**
 * DataTables integration for Bootstrap 5. This requires Bootstrap 5 and
 * DataTables 1.10 or newer.
 *
 * This file sets the defaults and adds options to DataTables to style its
 * controls using Bootstrap. See http://datatables.net/manual/styling/bootstrap
 * for further information.
 */
 /* Set the defaults for DataTables initialisation */
 $.extend( true, DataTable.defaults, {
 	dom:
 		"<'row'<'col-sm-12 col-md-6'l><'col-sm-12 col-md-6'f>>" +
-		"<'row'<'col-sm-12'tr>>" +
+		"<'row dt-row'<'col-sm-12'tr>>" +
 		"<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
 	renderer: 'bootstrap'
 } );
@@ -15645,7 +15696,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 	var classes = settings.oClasses;
 	var lang    = settings.oLanguage.oPaginate;
 	var aria = settings.oLanguage.oAria.paginate || {};
-	var btnDisplay, btnClass, counter=0;
+	var btnDisplay, btnClass;
 	var attach = function( container, buttons ) {
 		var i, ien, node, button;
@@ -15714,7 +15765,7 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 								'href': '#',
 								'aria-controls': settings.sTableId,
 								'aria-label': aria[ button ],
-								'data-dt-idx': counter,
+								'data-dt-idx': button,
 								'tabindex': settings.iTabIndex,
 								'class': 'page-link'
 							} )
@@ -15725,13 +15776,12 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 					settings.oApi._fnBindAction(
 						node, {action: button}, clickHandler
 					);
 					counter++;
 				}
 			}
 		}
 	};
 	var hostEl = $(host);
 	// IE9 throws an 'unknown error' if document.activeElement is used
 	// inside an iframe or frame. 
 	var activeEl;
@@ -15741,17 +15791,26 @@ DataTable.ext.renderer.pageButton.bootstrap = function ( settings, host, idx, bu
 		// elements, focus is lost on the select button which is bad for
 		// accessibility. So we want to restore focus once the draw has
 		// completed
-		activeEl = $(host).find(document.activeElement).data('dt-idx');
+		activeEl = hostEl.find(document.activeElement).data('dt-idx');
 	}
 	catch (e) {}
 	var paginationEl = hostEl.children('ul.pagination');
 	if (paginationEl.length) {
 		paginationEl.empty();
 	}
 	else {
 		paginationEl = hostEl.html('<ul/>').children('ul').addClass('pagination');
 	}
 	attach(
-		$(host).empty().html('<ul class="pagination"/>').children('ul'),
+		paginationEl,
 		buttons
 	);
 	if ( activeEl !== undefined ) {
-		$(host).find( '[data-dt-idx='+activeEl+']' ).trigger('focus');
+		hostEl.find('[data-dt-idx='+activeEl+']').trigger('focus');
 	}
 };
@@ -15760,14 +15819,54 @@ return DataTable;
 }));
-/*! Responsive 2.3.0
+/*! Responsive 2.4.0
 * 2014-2022 SpryMedia Ltd - datatables.net/license
 */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
 		define( ['jquery', 'datatables.net'], function ( $ ) {
 			return factory( $, window, document );
 		} );
 	}
 	else if ( typeof exports === 'object' ) {
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
 				// CommonJS environments without a window global must pass a
 				// root. This will give an error otherwise
 				root = window;
 			}
 			if ( ! $ ) {
 				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
 					require('jquery') :
 					require('jquery')( root );
 			}
 			if ( ! $.fn.dataTable ) {
 				require('datatables.net')(root, $);
 			}
 			return factory( $, root, root.document );
 		};
 	}
 	else {
 		// Browser
 		factory( jQuery, window, document );
 	}
 }(function( $, window, document, undefined ) {
 'use strict';
 var DataTable = $.fn.dataTable;
 /**
 * @summary     Responsive
 * @description Responsive tables plug-in for DataTables
- * @version     2.3.0
+ * @version     2.4.0
 * @author      SpryMedia Ltd (www.sprymedia.co.uk)
 * @contact     www.sprymedia.co.uk/contact
 * @copyright   SpryMedia Ltd.
@@ -15781,35 +15880,6 @@ return DataTable;
 *
 * For details please refer to: http://www.datatables.net
 */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
 		define( ['jquery', 'datatables.net'], function ( $ ) {
 			return factory( $, window, document );
 		} );
 	}
 	else if ( typeof exports === 'object' ) {
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
 				root = window;
 			}
 			if ( ! $ || ! $.fn.dataTable ) {
 				$ = require('datatables.net')(root, $).$;
 			}
 			return factory( $, root, root.document );
 		};
 	}
 	else {
 		// Browser
 		factory( jQuery, window, document );
 	}
 }(function( $, window, document, undefined ) {
 'use strict';
 var DataTable = $.fn.dataTable;
 /**
 * Responsive is a plug-in for the DataTables library that makes use of
@@ -15863,9 +15933,10 @@ var Responsive = function ( settings, opts ) {
 	}
 	this.s = {
-		dt: new DataTable.Api( settings ),
+		childNodeStore: {},
 		columns: [],
-		current: []
+		current: [],
 		dt: new DataTable.Api( settings )
 	};
 	// Check if responsive has already been initialised on this table
@@ -16070,6 +16141,63 @@ $.extend( Responsive.prototype, {
 	 * Private methods
 	 */
 	/**
 	 * Get and store nodes from a cell - use for node moving renderers
 	 *
 	 * @param {*} dt DT instance
 	 * @param {*} row Row index
 	 * @param {*} col Column index
 	 */
 	_childNodes: function( dt, row, col ) {
 		var name = row+'-'+col;
 		if ( this.s.childNodeStore[ name ] ) {
 			return this.s.childNodeStore[ name ];
 		}
 		// https://jsperf.com/childnodes-array-slice-vs-loop
 		var nodes = [];
 		var children = dt.cell( row, col ).node().childNodes;
 		for ( var i=0, ien=children.length ; i<ien ; i++ ) {
 			nodes.push( children[i] );
 		}
 		this.s.childNodeStore[ name ] = nodes;
 		return nodes;
 	},
 	/**
 	 * Restore nodes from the cache to a table cell
 	 *
 	 * @param {*} dt DT instance
 	 * @param {*} row Row index
 	 * @param {*} col Column index
 	 */
 	_childNodesRestore: function( dt, row, col ) {
 		var name = row+'-'+col;
 		if ( ! this.s.childNodeStore[ name ] ) {
 			return;
 		}
 		var node = dt.cell( row, col ).node();
 		var store = this.s.childNodeStore[ name ];
 		var parent = store[0].parentNode;
 		var parentChildren = parent.childNodes;
 		var a = [];
 		for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
 			a.push( parentChildren[i] );
 		}
 		for ( var j=0, jen=a.length ; j<jen ; j++ ) {
 			node.appendChild( a[j] );
 		}
 		this.s.childNodeStore[ name ] = undefined;
 	},
 	/**
 	 * Calculate the visibility for the columns in a table for a given
 	 * breakpoint. The result is pre-determined based on the class logic if
@@ -16399,8 +16527,8 @@ $.extend( Responsive.prototype, {
 				: details.renderer;
 			var res = details.display( row, update, function () {
-				return renderer(
+				return renderer.call(
-					dt, row[0], that._detailsObj(row[0])
+					that, dt, row[0], that._detailsObj(row[0])
 				);
 			} );
@@ -16622,9 +16750,11 @@ $.extend( Responsive.prototype, {
 			}
 		} );
-		if ( changed ) {
+		// Always need to update the display, regardless of if it has changed or not, so nodes
-			this._redrawChildren();
+		// can be re-inserted for listHiddenNodes
 		this._redrawChildren();
 		if ( changed ) {
 			// Inform listeners of the change
 			$(dt.table().node()).trigger( 'responsive-resize.dt', [dt, this.s.current] );
@@ -16650,6 +16780,7 @@ $.extend( Responsive.prototype, {
 	{
 		var dt = this.s.dt;
 		var columns = this.s.columns;
 		var that = this;
 		// Are we allowed to do auto sizing?
 		if ( ! this.c.auto ) {
@@ -16663,11 +16794,11 @@ $.extend( Responsive.prototype, {
 		}
 		// Need to restore all children. They will be reinstated by a re-render
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
-			$.each( _childNodeStore, function ( key ) {
+			$.each( this.s.childNodeStore, function ( key ) {
 				var idx = key.split('-');
-				_childNodesRestore( dt, idx[0]*1, idx[1]*1 );
+				that._childNodesRestore( dt, idx[0]*1, idx[1]*1 );
 			} );
 		}
@@ -16787,6 +16918,7 @@ $.extend( Responsive.prototype, {
 	 */
 	_setColumnVis: function ( col, showHide )
 	{
 		var that = this;
 		var dt = this.s.dt;
 		var display = showHide ? '' : 'none'; // empty string will remove the attr
@@ -16803,9 +16935,9 @@ $.extend( Responsive.prototype, {
 			.toggleClass('dtr-hidden', !showHide);
 		// If the are child nodes stored, we might need to reinsert them
-		if ( ! $.isEmptyObject( _childNodeStore ) ) {
+		if ( ! $.isEmptyObject( this.s.childNodeStore ) ) {
 			dt.cells( null, col ).indexes().each( function (idx) {
-				_childNodesRestore( dt, idx.row, idx.column );
+				that._childNodesRestore( dt, idx.row, idx.column );
 			} );
 		}
 	},
@@ -16972,52 +17104,6 @@ Responsive.display = {
 };
 var _childNodeStore = {};
 function _childNodes( dt, row, col ) {
 	var name = row+'-'+col;
 	if ( _childNodeStore[ name ] ) {
 		return _childNodeStore[ name ];
 	}
 	// https://jsperf.com/childnodes-array-slice-vs-loop
 	var nodes = [];
 	var children = dt.cell( row, col ).node().childNodes;
 	for ( var i=0, ien=children.length ; i<ien ; i++ ) {
 		nodes.push( children[i] );
 	}
 	_childNodeStore[ name ] = nodes;
 	return nodes;
 }
 function _childNodesRestore( dt, row, col ) {
 	var name = row+'-'+col;
 	if ( ! _childNodeStore[ name ] ) {
 		return;
 	}
 	var node = dt.cell( row, col ).node();
 	var store = _childNodeStore[ name ];
 	var parent = store[0].parentNode;
 	var parentChildren = parent.childNodes;
 	var a = [];
 	for ( var i=0, ien=parentChildren.length ; i<ien ; i++ ) {
 		a.push( parentChildren[i] );
 	}
 	for ( var j=0, jen=a.length ; j<jen ; j++ ) {
 		node.appendChild( a[j] );
 	}
 	_childNodeStore[ name ] = undefined;
 }
 /**
 * Display methods - functions which define how the hidden data should be shown
 * in the table.
@@ -17029,6 +17115,7 @@ function _childNodesRestore( dt, row, col ) {
 Responsive.renderer = {
 	listHiddenNodes: function () {
 		return function ( api, rowIdx, columns ) {
 			var that = this;
 			var ul = $('<ul data-dtr-index="'+rowIdx+'" class="dtr-details"/>');
 			var found = false;
@@ -17045,7 +17132,7 @@ Responsive.renderer = {
 							'</span> '+
 						'</li>'
 					)
-						.append( $('<span class="dtr-data"/>').append( _childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
+						.append( $('<span class="dtr-data"/>').append( that._childNodes( api, col.rowIndex, col.columnIndex ) ) )// api.cell( col.rowIndex, col.columnIndex ).node().childNodes ) )
 						.appendTo( ul );
 					found = true;
@@ -17229,7 +17316,7 @@ Api.registerPlural( 'columns().responsiveHidden()', 'column().responsiveHidden()
 * @name Responsive.version
 * @static
 */
-Responsive.version = '2.3.0';
+Responsive.version = '2.4.0';
 $.fn.dataTable.Responsive = Responsive;
@@ -17256,12 +17343,12 @@ $(document).on( 'preInit.dt.dtr', function (e, settings, json) {
 } );
-return Responsive;
+return DataTable;
 }));
 /*! Bootstrap 5 integration for DataTables' Responsive
- * ©2021 SpryMedia Ltd - datatables.net/license
+ * © SpryMedia Ltd - datatables.net/license
 */
 (function( factory ){
@@ -17275,17 +17362,26 @@ return Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
 				// CommonJS environments without a window global must pass a
 				// root. This will give an error otherwise
 				root = window;
 			}
-			if ( ! $ || ! $.fn.dataTable ) {
+			if ( ! $ ) {
-				$ = require('datatables.net-bs5')(root, $).$;
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
 					require('jquery') :
 					require('jquery')( root );
 			}
-			if ( ! $.fn.dataTable.Responsive ) {
+			if ( ! $.fn.dataTable ) {
 				require('datatables.net-bs5')(root, $);
 			}
 			if ( ! $.fn.dataTable ) {
 				require('datatables.net-responsive')(root, $);
 			}
 			return factory( $, root, root.document );
 		};
 	}
@@ -17298,6 +17394,7 @@ return Responsive;
 var DataTable = $.fn.dataTable;
 var _display = DataTable.Responsive.display;
 var _original = _display.modal;
 var _modal = $(
@@ -17359,33 +17456,14 @@ _display.modal = function ( options ) {
 };
-return DataTable.Responsive;
+return DataTable;
 }));
-/*! Select for DataTables 1.4.0
+/*! Select for DataTables 1.5.0
 * 2015-2021 SpryMedia Ltd - datatables.net/license/mit
 */
 /**
 * @summary     Select for DataTables
 * @description A collection of API methods, events and buttons for DataTables
 *   that provides selection options of the items in a DataTable
 * @version     1.4.0
 * @file        dataTables.select.js
 * @author      SpryMedia Ltd (www.sprymedia.co.uk)
 * @contact     datatables.net/forums
 * @copyright   Copyright 2015-2021 SpryMedia Ltd.
 *
 * This source file is free software, available under the following license:
 *   MIT license - http://datatables.net/license/mit
 *
 * This source file is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE. See the license files for details.
 *
 * For details please refer to: http://www.datatables.net/extensions/select
 */
 (function( factory ){
 	if ( typeof define === 'function' && define.amd ) {
 		// AMD
@@ -17397,13 +17475,22 @@ return DataTable.Responsive;
 		// CommonJS
 		module.exports = function (root, $) {
 			if ( ! root ) {
 				// CommonJS environments without a window global must pass a
 				// root. This will give an error otherwise
 				root = window;
 			}
-			if ( ! $ || ! $.fn.dataTable ) {
+			if ( ! $ ) {
-				$ = require('datatables.net')(root, $).$;
+				$ = typeof window !== 'undefined' ? // jQuery's factory checks for a global window
 					require('jquery') :
 					require('jquery')( root );
 			}
 			if ( ! $.fn.dataTable ) {
 				require('datatables.net')(root, $);
 			}
 			return factory( $, root, root.document );
 		};
 	}
@@ -17416,10 +17503,11 @@ return DataTable.Responsive;
 var DataTable = $.fn.dataTable;
 // Version information for debugger
 DataTable.select = {};
-DataTable.select.version = '1.4.0';
+DataTable.select.version = '1.5.0';
 DataTable.select.init = function ( dt ) {
 	var ctx = dt.settings()[0];
@@ -18688,7 +18776,6 @@ $(document).on( 'preInit.dt.dtSelect', function (e, ctx) {
 } );
-return DataTable.select;
+return DataTable;
 }));
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@@ -1,3 +1,13 @@
 const LOCALE = undefined;
 const DATETIME_FORMAT = {
  year: "numeric",
  month: "2-digit",
  day: "2-digit",
  hour: "2-digit",
  minute: "2-digit",
  second: "2-digit"
 };
 $(document).ready(function() {
  // mailcow alert box generator
  window.mailcow_alert_box = function(message, type) {
@@ -12,14 +22,22 @@ $(document).ready(function() {
    $.notify({message: msg},{z_index: 20000, delay: auto_hide, type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
  }
-  $(".generate_password").click(function( event ) {
+  $(".generate_password").click(async function( event ) {   
    try { 
      var password_policy = await window.fetch("/api/v1/get/passwordpolicy", { method:'GET', cache:'no-cache' });
      var password_policy = await password_policy.json();
      random_passwd_length = password_policy.length;
    } catch(err) {
      var random_passwd_length = 8;
    }
    event.preventDefault();
    $('[data-hibp]').trigger('input');
    if (typeof($(this).closest("form").data('pwgen-length')) == "number") {
      var random_passwd = GPW.pronounceable($(this).closest("form").data('pwgen-length'))
    }
    else {
-      var random_passwd = GPW.pronounceable(8)
+      var random_passwd = GPW.pronounceable(random_passwd_length)
    }
    $(this).closest("form").find('[data-pwgen-field]').attr('type', 'text');
    $(this).closest("form").find('[data-pwgen-field]').val(random_passwd);
@@ -278,6 +296,8 @@ $(document).ready(function() {
  $.extend($.fn.dataTable.defaults, {
    responsive: true
  });
  // disable default datatable click listener
  $(document).off('click', 'tbody>tr');
  // tag boxes
  $('.tag-box .tag-add').click(function(){
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -1,13 +1,3 @@
 const LOCALE = undefined;
 const DATETIME_FORMAT = {
  year: "numeric",
  month: "2-digit",
  day: "2-digit",
  hour: "2-digit",
  minute: "2-digit",
  second: "2-digit"
 };
 $(document).ready(function() {
  // Parse seconds ago to date
  // Get "now" timestamp
@@ -34,7 +24,7 @@ $(document).ready(function() {
  });
  // set update loop container list
-  containersToUpdate = {}
+  containersToUpdate = {};
  // set default ChartJs Font Color
  Chart.defaults.color = '#999';
  // create host cpu and mem charts
@@ -43,15 +33,47 @@ $(document).ready(function() {
  if (mailcow_info.branch === "master"){
    check_update(mailcow_info.version_tag, mailcow_info.project_url);
  }
-  $("#maiclow_version").click(function(){
+  $("#mailcow_version").click(function(){
-    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" ||
+    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" || mailcow_info.branch !== "master")
       mailcow_info.branch !== "master")
      return;
    showVersionModal("Version " + mailcow_info.version_tag, mailcow_info.version_tag);
  })
  // get public ips
-  get_public_ips();
+  $("#host_show_ip").click(function(){
    $("#host_show_ip").find(".text").addClass("d-none");
    $("#host_show_ip").find(".spinner-border").removeClass("d-none");
    window.fetch("/api/v1/get/status/host/ip", { method:'GET', cache:'no-cache' }).then(function(response) {
      return response.json();
    }).then(function(data) {
      console.log(data);
      // display host ips
      if (data.ipv4)
        $("#host_ipv4").text(data.ipv4);
      if (data.ipv6)
        $("#host_ipv6").text(data.ipv6);
      $("#host_show_ip").addClass("d-none");
      $("#host_show_ip").find(".text").removeClass("d-none");
      $("#host_show_ip").find(".spinner-border").addClass("d-none");
      $("#host_ipv4").removeClass("d-none");
      $("#host_ipv6").removeClass("d-none");
      $("#host_ipv6").removeClass("text-danger");
      $("#host_ipv4").addClass("d-block");
      $("#host_ipv6").addClass("d-block");
    }).catch(function(error){
      console.log(error);
      $("#host_ipv6").removeClass("d-none");
      $("#host_ipv6").addClass("d-block");
      $("#host_ipv6").addClass("text-danger");
      $("#host_ipv6").text(lang_debug.error_show_ip);
      $("#host_show_ip").find(".text").removeClass("d-none");
      $("#host_show_ip").find(".spinner-border").addClass("d-none");
    });
  });
  update_container_stats();
 });
 jQuery(function($){
@@ -85,11 +107,20 @@ jQuery(function($){
      return;
    }
-    $('#autodiscover_log').DataTable({
+    var table = $('#autodiscover_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/autodiscover/100",
@@ -134,6 +165,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-autodiscover-logs', '#autodiscover_log');
    });
  }
  function draw_postfix_logs() {
    // just recalc width if instance already exists
@@ -142,11 +177,20 @@ jQuery(function($){
      return;
    }
-    $('#postfix_log').DataTable({
+    var table = $('#postfix_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/postfix",
@@ -176,6 +220,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-postfix-logs', '#postfix_log');
    });
  }
  function draw_watchdog_logs() {
    // just recalc width if instance already exists
@@ -184,11 +232,20 @@ jQuery(function($){
      return;
    }
-    $('#watchdog_log').DataTable({
+    var table = $('#watchdog_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/watchdog",
@@ -222,6 +279,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-watchdog-logs', '#watchdog_log');
    });
  }
  function draw_api_logs() {
    // just recalc width if instance already exists
@@ -230,11 +291,20 @@ jQuery(function($){
      return;
    }
-    $('#api_log').DataTable({
+    var table =  $('#api_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/api",
@@ -275,6 +345,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-api-logs', '#api_log');
    });
  }
  function draw_rl_logs() {
    // just recalc width if instance already exists
@@ -283,11 +357,20 @@ jQuery(function($){
      return;
    }
-    $('#rl_log').DataTable({
+    var table = $('#rl_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/ratelimited",
@@ -366,6 +449,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-rl-logs', '#rl_log');
    });
  }
  function draw_ui_logs() {
    // just recalc width if instance already exists
@@ -374,11 +461,20 @@ jQuery(function($){
      return;
    }
-    $('#ui_logs').DataTable({
+    var table = $('#ui_logs').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_logs');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/ui",
@@ -437,6 +533,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-ui-logs', '#ui_log');
    });
  }
  function draw_sasl_logs() {
    // just recalc width if instance already exists
@@ -445,11 +545,20 @@ jQuery(function($){
      return;
    }
-    $('#sasl_logs').DataTable({
+    var table = $('#sasl_logs').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/sasl",
@@ -479,12 +588,16 @@ jQuery(function($){
          data: 'datetime',
          defaultContent: '',
          createdCell: function(td, cellData) {
-            cellData = Math.floor((new Date(data.replace(/-/g, "/"))).getTime() / 1000);
+            cellData = Math.floor((new Date(cellData.replace(/-/g, "/"))).getTime() / 1000);
            createSortableDate(td, cellData)
          }
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-sasl-logs', '#sasl_logs');
    });
  }
  function draw_acme_logs() {
    // just recalc width if instance already exists
@@ -493,11 +606,20 @@ jQuery(function($){
      return;
    }
-    $('#acme_log').DataTable({
+    var table = $('#acme_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/acme",
@@ -522,6 +644,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-acme-logs', '#acme_log');
    });
  }
  function draw_netfilter_logs() {
    // just recalc width if instance already exists
@@ -530,11 +656,20 @@ jQuery(function($){
      return;
    }
-    $('#netfilter_log').DataTable({
+    var table = $('#netfilter_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/netfilter",
@@ -564,6 +699,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-netfilter-logs', '#netfilter_log');
    });
  }
  function draw_sogo_logs() {
    // just recalc width if instance already exists
@@ -572,11 +711,20 @@ jQuery(function($){
      return;
    }
-    $('#sogo_log').DataTable({
+    var table = $('#sogo_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/sogo",
@@ -606,6 +754,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-sogo-logs', '#sogo_log');
    });
  }
  function draw_dovecot_logs() {
    // just recalc width if instance already exists
@@ -614,11 +766,20 @@ jQuery(function($){
      return;
    }
-    $('#dovecot_log').DataTable({
+    var table = $('#dovecot_log').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/dovecot",
@@ -648,19 +809,20 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-dovecot-logs', '#dovecot_log');
    });
  }
  function rspamd_pie_graph() {
    $.ajax({
      url: '/api/v1/get/rspamd/actions',
      async: true,
      success: function(data){
        console.log(data);
        var total = 0;
        $(data).map(function(){total += this[1];});
        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
        var values = $.makeArray($(data).map(function(){return this[1];}));
        console.log(values);
        var graphdata = {
          labels: labels,
@@ -717,11 +879,20 @@ jQuery(function($){
      return;
    }
-    $('#rspamd_history').DataTable({
+    var table = $('#rspamd_history').DataTable({
      responsive: true,
      processing: true,
      serverSide: false,
      stateSave: true,
      pageLength: log_pagination_size,
      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
      order: [[0, 'desc']],
      initComplete: function(){
        hideTableExpandCollapseBtn('#tab-rspamd-logs', '#rspamd_history');
      },
      ajax: {
        type: "GET",
        url: "/api/v1/get/logs/rspamd-history",
@@ -767,12 +938,15 @@ jQuery(function($){
          title: 'Score',
          data: 'score',
          defaultContent: '',
          class: 'text-nowrap',
          createdCell: function(td, cellData) {
            $(td).attr({
              "data-order": cellData.sortBy,
              "data-sort": cellData.sortBy
            });
-            $(td).html(cellData.value);
+          },    
          render: function (data) {
            return data.value;
          }
        },
        {
@@ -795,7 +969,9 @@ jQuery(function($){
              "data-order": cellData.sortBy,
              "data-sort": cellData.sortBy
            });
-            $(td).html(cellData.value);
+          },    
          render: function (data) {
            return data.value;
          }
        },
        {
@@ -810,6 +986,10 @@ jQuery(function($){
        }
      ]
    });
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-rspamd-history', '#rspamd_history');
    });
  }
  function process_table_data(data, table) {
    if (table == 'rspamd_history') {
@@ -821,31 +1001,31 @@ jQuery(function($){
        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
      }
      item.symbols = Object.keys(item.symbols).sort(function (a, b) {
-        if (item.symbols[a].score === 0) return 1
+        if (item.symbols[a].score === 0) return 1;
-        if (item.symbols[b].score === 0) return -1
+        if (item.symbols[b].score === 0) return -1;
        if (item.symbols[b].score < 0 && item.symbols[a].score < 0) {
-          return item.symbols[a].score - item.symbols[b].score
+          return item.symbols[a].score - item.symbols[b].score;
        }
        if (item.symbols[b].score > 0 && item.symbols[a].score > 0) {
-          return item.symbols[b].score - item.symbols[a].score
+          return item.symbols[b].score - item.symbols[a].score;
        }
-        return item.symbols[b].score - item.symbols[a].score
+        return item.symbols[b].score - item.symbols[a].score;
      }).map(function(key) {
        var sym = item.symbols[key];
        if (sym.score < 0) {
-          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-success"><b>' + sym.score + '</b></span>)';
        }
        else if (sym.score === 0) {
-          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span><b>' + sym.score + '</b></span>)';
        }
        else {
-          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)'
+          sym.score_formatted = '(<span class="text-danger"><b>' + sym.score + '</b></span>)';
        }
        var str = '<strong>' + key + '</strong> ' + sym.score_formatted;
        if (sym.options) {
          str += ' [' + escapeHtml(sym.options.join(", ")) + "]";
        }
-        return str
+        return str;
      }).join('<br>\n');
      item.subject = escapeHtml(item.subject);
      var scan_time = item.time_real.toFixed(3);
@@ -978,14 +1158,14 @@ jQuery(function($){
        }
      });
    }
-    return data
+    return data;
  };
  $('.add_log_lines').on('click', function (e) {
    e.preventDefault();
-    var log_table= $(this).data("table")
+    var log_table= $(this).data("table");
-    var new_nrows = $(this).data("nrows")
+    var new_nrows = $(this).data("nrows");
-    var post_process = $(this).data("post-process")
+    var post_process = $(this).data("post-process");
-    var log_url = $(this).data("log-url")
+    var log_url = $(this).data("log-url");
    if (log_table === undefined || new_nrows === undefined || post_process === undefined || log_url === undefined) {
      console.log("no data-table or data-nrows or log_url or data-post-process attr found");
      return;
@@ -993,7 +1173,7 @@ jQuery(function($){
    if (table = $('#' + log_table).DataTable()) {
      var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
+      var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows)
      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
@@ -1005,6 +1185,12 @@ jQuery(function($){
      });
    }
  })
  function hideTableExpandCollapseBtn(tab, table){
    if ($(table).hasClass('collapsed'))
      $(tab).find(".table_collapse_option").show();
    else
      $(tab).find(".table_collapse_option").hide();
  }
  // detect element visibility changes
  function onVisible(element, callback) {
@@ -1037,7 +1223,6 @@ jQuery(function($){
  onVisible("[id^=rspamd_donut]", () => rspamd_pie_graph());
  // start polling host stats if tab is active
  onVisible("[id^=tab-containers]", () => update_stats());
  // start polling container stats if collapse is active
@@ -1109,6 +1294,12 @@ function update_stats(timeout=5){
      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
      if (data.architecture == "aarch64"){
        $("#host_architecture").html('<span data-bs-toggle="tooltip" data-bs-placement="top" title="' + lang_debug.wip +'">' + data.architecture + ' ⚠️</span>');
      }
      else {
        $("#host_architecture").html(data.architecture);
      }
      // update cpu and mem chart
      var cpu_chart = Chart.getChart("host_cpu_chart");
@@ -1120,9 +1311,9 @@ function update_stats(timeout=5){
      if (mem_chart.data.labels.length > 30) mem_chart.data.labels.shift();
      cpu_chart.data.datasets[0].data.push(data.cpu.usage);
-      if (cpu_chart.data.datasets[0].data.length > 30)  cpu_chart.data.datasets[0].data.shift();
+      if (cpu_chart.data.datasets[0].data.length > 30) cpu_chart.data.datasets[0].data.shift();
      mem_chart.data.datasets[0].data.push(data.memory.usage);
-      if (mem_chart.data.datasets[0].data.length > 30)  mem_chart.data.datasets[0].data.shift();
+      if (mem_chart.data.datasets[0].data.length > 30) mem_chart.data.datasets[0].data.shift();
      cpu_chart.update();
      mem_chart.update();
@@ -1224,20 +1415,6 @@ function update_container_stats(timeout=5){
  // run again in n seconds
  setTimeout(update_container_stats, timeout * 1000);
 }
 // get public ips
 function get_public_ips(){
  window.fetch("/api/v1/get/status/host/ip", {method:'GET',cache:'no-cache'}).then(function(response) {
    return response.json();
  }).then(function(data) {
    console.log(data);
    // display host ips
    if (data.ipv4)
      $("#host_ipv4").text(data.ipv4);
    if (data.ipv6)
      $("#host_ipv6").text(data.ipv6);
  });
 }
 // format hosts uptime seconds to readable string
 function formatUptime(seconds){
  seconds = Number(seconds);
@@ -1295,23 +1472,23 @@ function createReadWriteChart(chart_id, read_lable, write_lable){
  };
  var optionsNet = {
    interaction: {
-        mode: 'index'
+      mode: 'index'
    },
    scales: {
      yAxis: {
        min: 0,
        grid: {
-            display: false
+          display: false
        },
        ticks: {
          callback: function(i, index, ticks) {
-             return formatBytes(i);
+            return formatBytes(i);
          }
        }
      },
      xAxis: {
        grid: {
-            display: false
+          display: false
        }
      }
    }
@@ -1359,13 +1536,13 @@ function createHostCpuAndMemChart(){
  };
  var optionsCpu = {
    interaction: {
-        mode: 'index'
+      mode: 'index'
    },
    scales: {
      yAxis: {
        min: 0,
        grid: {
-            display: false
+          display: false
        },
        ticks: {
          callback: function(i, index, ticks) {
@@ -1375,7 +1552,7 @@ function createHostCpuAndMemChart(){
      },
      xAxis: {
        grid: {
-            display: false
+          display: false
        }
      }
    }
@@ -1397,13 +1574,13 @@ function createHostCpuAndMemChart(){
  };
  var optionsMem = {
    interaction: {
-        mode: 'index'
+      mode: 'index'
    },
    scales: {
      yAxis: {
        min: 0,
        grid: {
-            display: false
+          display: false
        },
        ticks: {
          callback: function(i, index, ticks) {
@@ -1413,7 +1590,7 @@ function createHostCpuAndMemChart(){
      },
      xAxis: {
        grid: {
-            display: false
+          display: false
        }
      }
    }
@@ -1509,22 +1686,22 @@ function parseGithubMarkdownLinks(inputText) {
  replacePattern1 = /(\b(https?):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/gim;
  replacedText = inputText.replace(replacePattern1, (matched, index, original, input_string) => {
-      if (matched.includes('github.com')){
+    if (matched.includes('github.com')){
-        // return short link if it's github link
+      // return short link if it's github link
-        last_uri_path = matched.split('/');
+      last_uri_path = matched.split('/');
-        last_uri_path = last_uri_path[last_uri_path.length - 1];
+      last_uri_path = last_uri_path[last_uri_path.length - 1];
-        // adjust Full Changelog link to match last git version and new git version, if link is a compare link
+      // adjust Full Changelog link to match last git version and new git version, if link is a compare link
-        if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
+      if (matched.includes('/compare/') && mailcow_info.last_version_tag !== ''){
-          matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
+        matched = matched.replace(last_uri_path,  mailcow_info.last_version_tag + '...' + mailcow_info.version_tag);
-          last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
+        last_uri_path = mailcow_info.last_version_tag + '...' + mailcow_info.version_tag;
-        }
+      }
-        return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
+      return '<a href="' + matched + '" target="_blank">' + last_uri_path + '</a><br>';
-      };
+    };
-      // if it's not a github link, return complete link
+    // if it's not a github link, return complete link
-      return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
+    return '<a href="' + matched + '" target="_blank">' + matched + '</a>';
  });
  return replacedText;
--- a/data/web/js/site/edit.js
+++ b/data/web/js/site/edit.js
@@ -1,210 +1,222 @@
-$(document).ready(function() {
+$(document).ready(function() {
-  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
+  $(".arrow-toggle").on('click', function(e) { e.preventDefault(); $(this).find('.arrow').toggleClass("animation"); });
-  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
+  $("#pushover_delete").click(function() { return confirm(lang.delete_ays); });
-  $(".goto_checkbox").click(function( event ) {
+  $(".goto_checkbox").click(function( event ) {
-   $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
+    $("form[data-id='editalias'] .goto_checkbox").not(this).prop('checked', false);
-    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+    if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-      $('#textarea_alias_goto').prop('disabled', true);
+      $('#textarea_alias_goto').prop('disabled', true);
-    }
+    }
-    else {
+    else {
-      $("#textarea_alias_goto").removeAttr('disabled');
+      $("#textarea_alias_goto").removeAttr('disabled');
-    }
+    }
-  });
+  });
-  $("#disable_sender_check").click(function( event ) {
+  $("#disable_sender_check").click(function( event ) {
-    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
+    if ($("form[data-id='editmailbox'] #disable_sender_check:checked").length > 0) {
-      $('#editSelectSenderACL').prop('disabled', true);
+      $('#editSelectSenderACL').prop('disabled', true);
-      $('#editSelectSenderACL').selectpicker('refresh');
+      $('#editSelectSenderACL').selectpicker('refresh');
-    }
+    }
-    else {
+    else {
-      $('#editSelectSenderACL').prop('disabled', false);
+      $('#editSelectSenderACL').prop('disabled', false);
-      $('#editSelectSenderACL').selectpicker('refresh');
+      $('#editSelectSenderACL').selectpicker('refresh');
-    }
+    }
-  });
+  });
-  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
+  if ($("form[data-id='editalias'] .goto_checkbox:checked").length > 0) {
-    $('#textarea_alias_goto').prop('disabled', true);
+    $('#textarea_alias_goto').prop('disabled', true);
-  }
+  }
-
+
-  $("#mailbox-password-warning-close").click(function( event ) {
+  $("#mailbox-password-warning-close").click(function( event ) {
-    $('#mailbox-passwd-hidden-info').addClass('hidden');
+    $('#mailbox-passwd-hidden-info').addClass('hidden');
-    $('#mailbox-passwd-form-groups').removeClass('hidden');
+    $('#mailbox-passwd-form-groups').removeClass('hidden');
-  });
+  });
-  // Sender ACL
+  // Sender ACL
-  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+  if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-    $("#sender_acl_disabled").show();
+    $("#sender_acl_disabled").show();
-  }
+  }
-  $('#editSelectSenderACL').change(function() {
+  $('#editSelectSenderACL').change(function() {
-    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
+    if ($("#editSelectSenderACL option[value='\*']:selected").length > 0){
-      $("#sender_acl_disabled").show();
+      $("#sender_acl_disabled").show();
-    }
+    }
-    else {
+    else {
-      $("#sender_acl_disabled").hide();
+      $("#sender_acl_disabled").hide();
-    }
+    }
-  });
+  });
-  // Resources
+  // Resources
-  if ($("#editSelectMultipleBookings").val() == "custom") {
+  if ($("#editSelectMultipleBookings").val() == "custom") {
-    $("#multiple_bookings_custom_div").show();
+    $("#multiple_bookings_custom_div").show();
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  }
+  }
-  $("#editSelectMultipleBookings").change(function() {
+  $("#editSelectMultipleBookings").change(function() {
-    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
+    $('input[name=multiple_bookings]').val($("#editSelectMultipleBookings").val());
-    if ($('input[name=multiple_bookings]').val() == "custom") {
+    if ($('input[name=multiple_bookings]').val() == "custom") {
-      $("#multiple_bookings_custom_div").show();
+      $("#multiple_bookings_custom_div").show();
-    }
+    }
-    else {
+    else {
-      $("#multiple_bookings_custom_div").hide();
+      $("#multiple_bookings_custom_div").hide();
-    }
+    }
-  });
+  });
-  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
+  $("#multiple_bookings_custom").bind("change keypress keyup blur", function() {
-    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
+    $('input[name=multiple_bookings]').val($("#multiple_bookings_custom").val());
-  });
+  });
-
+
-  // load tags
+  // load tags
-  if ($('#tags').length){
+  if ($('#tags').length){
-    var tagsEl = $('#tags').parent().find('.tag-values')[0];
+    var tagsEl = $('#tags').parent().find('.tag-values')[0];
-    console.log($(tagsEl).val())
+    console.log($(tagsEl).val())
-    var tags = JSON.parse($(tagsEl).val());
+    var tags = JSON.parse($(tagsEl).val());
-    $(tagsEl).val("");
+    $(tagsEl).val("");
-    
+
-    for (var i = 0; i < tags.length; i++)
+    for (var i = 0; i < tags.length; i++)
-      addTag($('#tags'), tags[i]);
+      addTag($('#tags'), tags[i]);
-  }
+  }
-});
+});
-
+
-jQuery(function($){
+jQuery(function($){
-  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+  // http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-  function validateEmail(email) {
+  function validateEmail(email) {
-    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+    var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-    return re.test(email);
+    return re.test(email);
-  }
+  }
-  function draw_wl_policy_domain_table() {
+  function draw_wl_policy_domain_table() {
-    $('#wl_policy_domain_table').DataTable({
+    $('#wl_policy_domain_table').DataTable({
-      processing: true,
+      responsive: true,
-      serverSide: false,
+      processing: true,
-      language: lang_datatables,
+      serverSide: false,
-      ajax: {
+      stateSave: true,
-        type: "GET",
+      pageLength: pagination_size,
-        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-        dataSrc: function(data){
+           "tr" +
-          $.each(data, function (i, item) {
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-            if (!validateEmail(item.object)) {
+      language: lang_datatables,
-              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
+      ajax: {
-            }
+        type: "GET",
-            else {
+        url: '/api/v1/get/policy_wl_domain/' + table_for_domain,
-              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
+        dataSrc: function(data){
-            }
+          $.each(data, function (i, item) {
-          });
+            if (!validateEmail(item.object)) {
-
+              item.chkbox = '<input type="checkbox" data-id="policy_wl_domain" name="multi_select" value="' + item.prefid + '" />';
-          return data;
+            }
-        }
+            else {
-      },
+              item.chkbox = '<input type="checkbox" disabled title="' + lang_user.spamfilter_table_domain_policy + '" />';
-      columns: [
+            }
-          {
+          });
-            // placeholder, so checkbox will not block child row toggle
+
-            title: '',
+          return data;
-            data: null,
+        }
-            searchable: false,
+      },
-            orderable: false,
+      columns: [
-            defaultContent: ''
+        {
-          },
+          // placeholder, so checkbox will not block child row toggle
-          {
+          title: '',
-            title: '',
+          data: null,
-            data: 'chkbox',
+          searchable: false,
-            searchable: false,
+          orderable: false,
-            orderable: false,
+          defaultContent: ''
-            defaultContent: ''
+        },
-          },
+        {
-          {
+          title: '',
-            title: 'ID',
+          data: 'chkbox',
-            data: 'prefid',
+          searchable: false,
-            defaultContent: ''
+          orderable: false,
-          },
+          defaultContent: ''
-          {
+        },
-            title: lang_user.spamfilter_table_rule,
+        {
-            data: 'value',
+          title: 'ID',
-            defaultContent: ''
+          data: 'prefid',
-          },
+          defaultContent: ''
-          {
+        },
-            title: 'Scope',
+        {
-            data: 'object',
+          title: lang_user.spamfilter_table_rule,
-            defaultContent: ''
+          data: 'value',
-          }
+          defaultContent: ''
-      ]
+        },
-    });
+        {
-  }
+          title: 'Scope',
-  function draw_bl_policy_domain_table() {
+          data: 'object',
-    $('#bl_policy_domain_table').DataTable({
+          defaultContent: ''
-      processing: true,
+        }
-      serverSide: false,
+      ]
-      language: lang_datatables,
+    });
-      ajax: {
+  }
-        type: "GET",
+  function draw_bl_policy_domain_table() {
-        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
+    $('#bl_policy_domain_table').DataTable({
-        dataSrc: function(data){
+      responsive: true,
-          $.each(data, function (i, item) {
+      processing: true,
-            if (!validateEmail(item.object)) {
+      serverSide: false,
-              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
+      stateSave: true,
-            }
+      pageLength: pagination_size,
-            else {
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
+           "tr" +
-            }
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-          });
+      language: lang_datatables,
-
+      ajax: {
-          return data;
+        type: "GET",
-        }
+        url: '/api/v1/get/policy_bl_domain/' + table_for_domain,
-      },
+        dataSrc: function(data){
-      columns: [
+          $.each(data, function (i, item) {
-          {
+            if (!validateEmail(item.object)) {
-            // placeholder, so checkbox will not block child row toggle
+              item.chkbox = '<input type="checkbox" data-id="policy_bl_domain" name="multi_select" value="' + item.prefid + '" />';
-            title: '',
+            }
-            data: null,
+            else {
-            searchable: false,
+              item.chkbox = '<input type="checkbox" disabled tooltip="' + lang_user.spamfilter_table_domain_policy + '" />';
-            orderable: false,
+            }
-            defaultContent: ''
+          });
-          },
+
-          {
+          return data;
-            title: '',
+        }
-            data: 'chkbox',
+      },
-            searchable: false,
+      columns: [
-            orderable: false,
+        {
-            defaultContent: ''
+          // placeholder, so checkbox will not block child row toggle
-          },
+          title: '',
-          {
+          data: null,
-            title: 'ID',
+          searchable: false,
-            data: 'prefid',
+          orderable: false,
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang_user.spamfilter_table_rule,
+          title: '',
-            data: 'value',
+          data: 'chkbox',
-            defaultContent: ''
+          searchable: false,
-          },
+          orderable: false,
-          {
+          defaultContent: ''
-            title: 'Scope',
+        },
-            data: 'object',
+        {
-            defaultContent: ''
+          title: 'ID',
-          }
+          data: 'prefid',
-      ]
+          defaultContent: ''
-    });
+        },
-  }
+        {
-
+          title: lang_user.spamfilter_table_rule,
-  
+          data: 'value',
-  // detect element visibility changes
+          defaultContent: ''
-  function onVisible(element, callback) {
+        },
-    $(document).ready(function() {
+        {
-      element_object = document.querySelector(element);
+          title: 'Scope',
-      if (element_object === null) return;
+          data: 'object',
-
+          defaultContent: ''
-      new IntersectionObserver((entries, observer) => {
+        }
-        entries.forEach(entry => {
+      ]
-          if(entry.intersectionRatio > 0) {
+    });
-            callback(element_object);
+  }
-            observer.disconnect();
+
-          }
+
-        });
+  // detect element visibility changes
-      }).observe(element_object);
+  function onVisible(element, callback) {
-    });
+    $(document).ready(function() {
-  }
+      element_object = document.querySelector(element);
-  // Draw Table if tab is active
+      if (element_object === null) return;
-  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
+
-  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
+      new IntersectionObserver((entries, observer) => {
-});
+        entries.forEach(entry => {
          if(entry.intersectionRatio > 0) {
            callback(element_object);
            observer.disconnect();
          }
        });
      }).observe(element_object);
    });
  }
  // Draw Table if tab is active
  onVisible("[id^=wl_policy_domain_table]", () => draw_wl_policy_domain_table());
  onVisible("[id^=bl_policy_domain_table]", () => draw_bl_policy_domain_table());
 });
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
--- a/data/web/js/site/qhandler.js
+++ b/data/web/js/site/qhandler.js
@@ -1,71 +1,71 @@
-jQuery(function($){
+jQuery(function($){
-  var qitem = $('legend').data('hash');
+  var qitem = $('legend').data('hash');
-  var qError = $("#qid_error");
+  var qError = $("#qid_error");
-  $.ajax({
+  $.ajax({
-    url: '/inc/ajax/qitem_details.php',
+    url: '/inc/ajax/qitem_details.php',
-    data: { hash: qitem },
+    data: { hash: qitem },
-    dataType: 'json',
+    dataType: 'json',
-    success: function(data){
+    success: function(data){
-      $('[data-id="qitems_single"]').each(function(index) {
+      $('[data-id="qitems_single"]').each(function(index) {
-        $(this).attr("data-item", qitem);
+        $(this).attr("data-item", qitem);
-      });
+      });
-      $('#qid_detail_subj').text(data.subject);
+      $('#qid_detail_subj').text(data.subject);
-      $('#qid_detail_hfrom').text(data.header_from);
+      $('#qid_detail_hfrom').text(data.header_from);
-      $('#qid_detail_efrom').text(data.env_from);
+      $('#qid_detail_efrom').text(data.env_from);
-      $('#qid_detail_score').html('');
+      $('#qid_detail_score').html('');
-      $('#qid_detail_symbols').html('');
+      $('#qid_detail_symbols').html('');
-      $('#qid_detail_recipients').html('');
+      $('#qid_detail_recipients').html('');
-      $('#qid_detail_fuzzy').html('');
+      $('#qid_detail_fuzzy').html('');
-      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+      if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-        $.each(data.fuzzy_hashes, function (index, value) {
+        $.each(data.fuzzy_hashes, function (index, value) {
-          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+          $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-        });
+        });
-      } else {
+      } else {
-        $('#qid_detail_fuzzy').append('-');
+        $('#qid_detail_fuzzy').append('-');
-      }
+      }
-      if (typeof data.symbols !== 'undefined') {
+      if (typeof data.symbols !== 'undefined') {
-        data.symbols.sort(function (a, b) {
+        data.symbols.sort(function (a, b) {
-          if (a.score === 0) return 1
+          if (a.score === 0) return 1;
-          if (b.score === 0) return -1
+          if (b.score === 0) return -1;
-          if (b.score < 0 && a.score < 0) {
+          if (b.score < 0 && a.score < 0) {
-            return a.score - b.score
+            return a.score - b.score;
-          }
+          }
-          if (b.score > 0 && a.score > 0) {
+          if (b.score > 0 && a.score > 0) {
-            return b.score - a.score
+            return b.score - a.score;
-          }
+          }
-          return b.score - a.score
+          return b.score - a.score;
-        })
+        })
-        $.each(data.symbols, function (index, value) {
+        $.each(data.symbols, function (index, value) {
-          var highlightClass = ''
+          var highlightClass = '';
-          if (value.score > 0) highlightClass = 'negative'
+          if (value.score > 0) highlightClass = 'negative';
-          else if (value.score < 0) highlightClass = 'positive'
+          else if (value.score < 0) highlightClass = 'positive';
-          else highlightClass = 'neutral'
+          else highlightClass = 'neutral';
-          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+          $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-        });
+        });
-        $('[data-bs-toggle="tooltip"]').tooltip()
+        $('[data-bs-toggle="tooltip"]').tooltip();
-      }
+      }
-      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+      if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-        if (data.action === "add header") {
+        if (data.action === "add header") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-        } else if (data.action === "reject") {
+        } else if (data.action === "reject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-        } else if (data.action === "rewrite subject") {
+        } else if (data.action === "rewrite subject") {
-          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+          $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-        }
+        }
-      }
+      }
-      if (typeof data.recipients !== 'undefined') {
+      if (typeof data.recipients !== 'undefined') {
-        $.each(data.recipients, function(index, value) {
+        $.each(data.recipients, function(index, value) {
-          var elem = $('<span class="mail-address-item"></span>');
+          var elem = $('<span class="mail-address-item"></span>');
-          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+          elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-          $('#qid_detail_recipients').append(elem);
+          $('#qid_detail_recipients').append(elem);
-        });
+        });
-      }
+      }
-    },
+    },
-    error: function(data){
+    error: function(data){
-      if (typeof data.error !== 'undefined') {
+      if (typeof data.error !== 'undefined') {
-        qError.text("Error loading quarantine item");
+        qError.text("Error loading quarantine item");
-        qError.show();
+        qError.show();
-      }
+      }
-    }
+    }
-  });
+  });
-});
+});
--- a/data/web/js/site/quarantine.js
+++ b/data/web/js/site/quarantine.js
@@ -1,260 +1,297 @@
-// Base64 functions
+// Base64 functions
-var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
+var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(r){var t,e,o,a,h,n,c,d="",C=0;for(r=Base64._utf8_encode(r);C<r.length;)a=(t=r.charCodeAt(C++))>>2,h=(3&t)<<4|(e=r.charCodeAt(C++))>>4,n=(15&e)<<2|(o=r.charCodeAt(C++))>>6,c=63&o,isNaN(e)?n=c=64:isNaN(o)&&(c=64),d=d+this._keyStr.charAt(a)+this._keyStr.charAt(h)+this._keyStr.charAt(n)+this._keyStr.charAt(c);return d},decode:function(r){var t,e,o,a,h,n,c="",d=0;for(r=r.replace(/[^A-Za-z0-9\+\/\=]/g,"");d<r.length;)t=this._keyStr.indexOf(r.charAt(d++))<<2|(a=this._keyStr.indexOf(r.charAt(d++)))>>4,e=(15&a)<<4|(h=this._keyStr.indexOf(r.charAt(d++)))>>2,o=(3&h)<<6|(n=this._keyStr.indexOf(r.charAt(d++))),c+=String.fromCharCode(t),64!=h&&(c+=String.fromCharCode(e)),64!=n&&(c+=String.fromCharCode(o));return c=Base64._utf8_decode(c)},_utf8_encode:function(r){r=r.replace(/\r\n/g,"\n");for(var t="",e=0;e<r.length;e++){var o=r.charCodeAt(e);o<128?t+=String.fromCharCode(o):o>127&&o<2048?(t+=String.fromCharCode(o>>6|192),t+=String.fromCharCode(63&o|128)):(t+=String.fromCharCode(o>>12|224),t+=String.fromCharCode(o>>6&63|128),t+=String.fromCharCode(63&o|128))}return t},_utf8_decode:function(r){for(var t="",e=0,o=c1=c2=0;e<r.length;)(o=r.charCodeAt(e))<128?(t+=String.fromCharCode(o),e++):o>191&&o<224?(c2=r.charCodeAt(e+1),t+=String.fromCharCode((31&o)<<6|63&c2),e+=2):(c2=r.charCodeAt(e+1),c3=r.charCodeAt(e+2),t+=String.fromCharCode((15&o)<<12|(63&c2)<<6|63&c3),e+=3);return t}};
-
+
-jQuery(function($){
+jQuery(function($){
-  acl_data = JSON.parse(acl);
+  acl_data = JSON.parse(acl);
-  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
+  // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery
-  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
+  var entityMap={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"};
-  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
+  function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
-  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-  $(".refresh_table").on('click', function(e) {
+  $(".refresh_table").on('click', function(e) {
-    e.preventDefault();
+    e.preventDefault();
-    var table_name = $(this).data('table');
+    var table_name = $(this).data('table');
-    $('#' + table_name).DataTable().ajax.reload();
+    $('#' + table_name).DataTable().ajax.reload();
-  });
+  });
-  function draw_quarantine_table() {
+  function draw_quarantine_table() {
-    $('#quarantinetable').DataTable({
+    var table = $('#quarantinetable').DataTable({
-      processing: true,
+      responsive: true,
-      serverSide: false,
+      processing: true,
-      language: lang_datatables,
+      serverSide: false,
-      ajax: {
+      stateSave: true,
-        type: "GET",
+      pageLength: pagination_size,
-        url: "/api/v1/get/quarantine/all",
+      order: [[2, 'desc']],
-        dataSrc: function(data){
+      lengthMenu: [
-          $.each(data, function (i, item) {
+        [10, 25, 50, 100, -1],
-            if (item.subject === null) {
+        [10, 25, 50, 100, 'all']
-              item.subject = '';
+      ],
-            } else {
+      pagingType: 'first_last_numbers',
-              item.subject = escapeHtml(item.subject);
+      aColumns: [
-            }
+        { sWidth: '8.25%' },
-            if (item.score === null) {
+        { sClass: 'classDataTable' }
-              item.score = '-';
+      ],
-            }
+      dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-            if (item.virus_flag > 0) {
+           "tr" +
-              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
+           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
-            } else {
+      language: lang_datatables,
-              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
+      initComplete: function(){
-            }
+        hideTableExpandCollapseBtn('#quarantinetable');
-            if (item.action === "reject") {
+      },
-              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
+      ajax: {
-            } else if (item.action === "add header") {
+        type: "GET",
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
+        url: "/api/v1/get/quarantine/all",
-            } else if (item.action === "rewrite subject") {
+        dataSrc: function(data){
-              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
+          $.each(data, function (i, item) {
-            }
+            if (item.subject === null) {
-            if(item.notified > 0) {
+              item.subject = '';
-              item.notified = '&#10004;';
+            } else {
-            } else {
+              item.subject = escapeHtml(item.subject);
-              item.notified = '&#10006;';
+            }
-            }
+            if (item.score === null) {
-            if (acl_data.login_as === 1) {
+              item.score = '-';
-            item.action = '<div class="btn-group">' +
+            }
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
+            if (item.virus_flag > 0) {
-              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
+              item.virus = '<span class="badge fs-6 bg-danger">' + lang.high_danger + '</span>';
-              '</div>';
+            } else {
-            }
+              item.virus = '<span class="badge fs-6 bg-secondary">' + lang.neutral_danger + '</span>';
-            else {
+            }
-            item.action = '<div class="btn-group">' +
+            if (item.action === "reject") {
-              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
+              item.rspamdaction = '<span class="badge fs-6 bg-danger">' + lang.rejected + '</span>';
-              '</div>';
+            } else if (item.action === "add header") {
-            }
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.junk_folder + '</span>';
-            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
+            } else if (item.action === "rewrite subject") {
-          });
+              item.rspamdaction = '<span class="badge fs-6 bg-warning">' + lang.rewrite_subject + '</span>';
-
+            }
-          return data;
+            if(item.notified > 0) {
-        }
+              item.notified = '&#10004;';
-      },
+            } else {
-      columns: [
+              item.notified = '&#10006;';
-          {
+            }
-            // placeholder, so checkbox will not block child row toggle
+            if (acl_data.login_as === 1) {
-            title: '',
+            item.action = '<div class="btn-group">' +
-            data: null,
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-xs-half btn-info show_qid_info"><i class="bi bi-box-arrow-up-right"></i> ' + lang.show_item + '</a>' +
-            searchable: false,
+              '<a href="#" data-action="delete_selected" data-id="del-single-qitem" data-api-url="delete/qitem" data-item="' + encodeURI(item.id) + '" class="btn btn-xs  btn-xs-half btn-danger"><i class="bi bi-trash"></i> ' + lang.remove + '</a>' +
-            orderable: false,
+              '</div>';
-            defaultContent: ''
+            }
-          },
+            else {
-          {
+            item.action = '<div class="btn-group">' +
-            title: '',
+              '<a href="#" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-info show_qid_info"><i class="bi bi-file-earmark-text"></i> ' + lang.show_item + '</a>' +
-            data: 'chkbox',
+              '</div>';
-            searchable: false,
+            }
-            orderable: false,
+            item.chkbox = '<input type="checkbox" data-id="qitems" name="multi_select" value="' + item.id + '" />';
-            defaultContent: ''
+          });
-          },
+
-          {
+          return data;
-            title: 'ID',
+        }
-            data: 'id',
+      },
-            defaultContent: ''
+      columns: [
-          },
+        {
-          {
+          // placeholder, so checkbox will not block child row toggle
-            title: lang.qid,
+          title: '',
-            data: 'qid',
+          data: null,
-            defaultContent: ''
+          searchable: false,
-          },
+          orderable: false,
-          {
+          defaultContent: ''
-            title: lang.sender,
+        },
-            data: 'sender',
+        {
-            defaultContent: ''
+          title: '',
-          },
+          data: 'chkbox',
-          {
+          searchable: false,
-            title: lang.subj,
+          orderable: false,
-            data: 'subject',
+          defaultContent: ''
-            defaultContent: ''
+        },
-          },
+        {
-          {
+          title: 'ID',
-            title: lang.rspamd_result,
+          data: 'id',
-            data: 'rspamdaction',
+          defaultContent: ''
-            defaultContent: ''
+        },
-          },
+        {
-          {
+          title: lang.qid,
-            title: lang.rcpt,
+          data: 'qid',
-            data: 'rcpt',
+          defaultContent: ''
-            defaultContent: ''
+        },
-          },
+        {
-          {
+          title: lang.sender,
-            title: lang.danger,
+          data: 'sender',
-            data: 'virus',
+          className: 'senders-mw220',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang.spam_score,
+          title: lang.subj,
-            data: 'score',
+          data: 'subject',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang.notified,
+          title: lang.rspamd_result,
-            data: 'notified',
+          data: 'rspamdaction',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang.received,
+          title: lang.rcpt,
-            data: 'created',
+          data: 'rcpt',
-            defaultContent: '',
+          defaultContent: ''
-            render: function (data,type) {
+        },
-              var date = new Date(data ? data * 1000 : 0); 
+        {
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          title: lang.danger,
-            }
+          data: 'virus',
-          },
+          defaultContent: ''
-          {
+        },
-            title: lang.action,
+        {
-            data: 'action',
+          title: lang.spam_score,
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          data: 'score',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-      ]
+        {
-    });
+          title: lang.notified,
-  }
+          data: 'notified',
-
+          defaultContent: ''
-  $('body').on('click', '.show_qid_info', function (e) {
+        },
-    e.preventDefault();
+        {
-    var qitem = $(this).attr('data-item');
+          title: lang.received,
-    var qError = $("#qid_error");
+          data: 'created',
-
+          defaultContent: '',
-    $('#qidDetailModal').modal('show');
+          createdCell: function(td, cellData) {
-    qError.hide();
+            $(td).attr({
-
+              "data-order": cellData,
-    $.ajax({
+              "data-sort": cellData
-      url: '/inc/ajax/qitem_details.php',
+            });
-      data: { id: qitem },
+
-      dataType: 'json',
+            var date = new Date(cellData ? cellData * 1000 : 0);
-      success: function(data){
+            var dateString = date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-
+            $(td).html(dateString);
-        $('[data-id="qitems_single"]').each(function(index) {
+          }
-          $(this).attr("data-item", qitem);
+        },
-        });
+        {
-
+          title: lang.action,
-        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
+          data: 'action',
-        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
+          className: 'dt-text-right dt-sm-head-hidden',
-        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
+          defaultContent: ''
-
+        },
-        $('#qid_detail_subj').text(data.subject);
+      ]
-        $('#qid_detail_hfrom').text(data.header_from);
+    });
-        $('#qid_detail_efrom').text(data.env_from);
+
-        $('#qid_detail_score').html('');
+    table.on('responsive-resize', function (e, datatable, columns){
-        $('#qid_detail_recipients').html('');
+      hideTableExpandCollapseBtn('#quarantinetable');
-        $('#qid_detail_symbols').html('');
+    });
-        $('#qid_detail_fuzzy').html('');
+  }
-        if (typeof data.symbols !== 'undefined') {
+
-          data.symbols.sort(function (a, b) {
+  $('body').on('click', '.show_qid_info', function (e) {
-            if (a.score === 0) return 1
+    e.preventDefault();
-            if (b.score === 0) return -1
+    var qitem = $(this).attr('data-item');
-            if (b.score < 0 && a.score < 0) {
+    var qError = $("#qid_error");
-              return a.score - b.score
+
-            }
+    $('#qidDetailModal').modal('show');
-            if (b.score > 0 && a.score > 0) {
+    qError.hide();
-              return b.score - a.score
+
-            }
+    $.ajax({
-            return b.score - a.score
+      url: '/inc/ajax/qitem_details.php',
-          })
+      data: { id: qitem },
-          $.each(data.symbols, function (index, value) {
+      dataType: 'json',
-            var highlightClass = ''
+      success: function(data){
-            if (value.score > 0) highlightClass = 'negative'
+
-            else if (value.score < 0) highlightClass = 'positive'
+        $('[data-id="qitems_single"]').each(function(index) {
-            else highlightClass = 'neutral'
+          $(this).attr("data-item", qitem);
-            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
+        });
-          });
+
-          $('[data-bs-toggle="tooltip"]').tooltip()
+        $("#quick_download_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&eml', '_blank')");
-        }
+        $("#quick_release_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_release', '_blank')");
-        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
+        $("#quick_delete_link").attr("onclick", "window.open('/inc/ajax/qitem_details.php?id=" + qitem + "&quick_delete', '_blank')");
-          $.each(data.fuzzy_hashes, function (index, value) {
+
-            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
+        $('#qid_detail_subj').text(data.subject);
-          });
+        $('#qid_detail_hfrom').text(data.header_from);
-        } else {
+        $('#qid_detail_efrom').text(data.env_from);
-          $('#qid_detail_fuzzy').append('-');
+        $('#qid_detail_score').html('');
-        }
+        $('#qid_detail_recipients').html('');
-        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
+        $('#qid_detail_symbols').html('');
-          if (data.action == "add header") {
+        $('#qid_detail_fuzzy').html('');
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
+        if (typeof data.symbols !== 'undefined') {
-          } else if (data.action == "reject") {
+          data.symbols.sort(function (a, b) {
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
+            if (a.score === 0) return 1;
-          } else if (data.action == "rewrite subject") {
+            if (b.score === 0) return -1;
-            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
+            if (b.score < 0 && a.score < 0) {
-          }
+              return a.score - b.score;
-        }
+            }
-        if (typeof data.recipients !== 'undefined') {
+            if (b.score > 0 && a.score > 0) {
-          $.each(data.recipients, function(index, value) {
+              return b.score - a.score;
-            var elem = $('<span class="mail-address-item"></span>');
+            }
-            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
+            return b.score - a.score;
-            $('#qid_detail_recipients').append(elem);
+          })
-          });
+          $.each(data.symbols, function (index, value) {
-        }
+            var highlightClass = '';
-        $('#qid_detail_text').text(data.text_plain);
+            if (value.score > 0) highlightClass = 'negative';
-        $('#qid_detail_text_from_html').text(data.text_html);
+            else if (value.score < 0) highlightClass = 'positive';
-        var qAtts = $("#qid_detail_atts");
+            else highlightClass = 'neutral';
-        if (typeof data.attachments !== 'undefined') {
+            $('#qid_detail_symbols').append('<span data-bs-toggle="tooltip" class="rspamd-symbol ' + highlightClass + '" title="' + (value.options ? value.options.join(', ') : '') + '">' + value.name + ' (<span class="score">' + value.score + '</span>)</span>');
-          qAtts.text('');
+          });
-          $.each(data.attachments, function(index, value) {
+          $('[data-bs-toggle="tooltip"]').tooltip();
-            qAtts.append(
+        }
-              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
+        if (typeof data.fuzzy_hashes === 'object' && data.fuzzy_hashes !== null && data.fuzzy_hashes.length !== 0) {
-              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
+          $.each(data.fuzzy_hashes, function (index, value) {
-            );
+            $('#qid_detail_fuzzy').append('<p style="font-family:monospace">' + value + '</p>');
-          });
+          });
-        }
+        } else {
-        else {
+          $('#qid_detail_fuzzy').append('-');
-          qAtts.text('-');
+        }
-        }
+        if (typeof data.score !== 'undefined' && typeof data.action !== 'undefined') {
-      },
+          if (data.action == "add header") {
-      error: function(data){
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.junk_folder + '</span>');
-        if (typeof data.error !== 'undefined') {
+          } else if (data.action == "reject") {
-          $('#qid_detail_subj').text('-');
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-danger"><b>' + data.score + '</b> - ' + lang.rejected + '</span>');
-          $('#qid_detail_hfrom').text('-');
+          } else if (data.action == "rewrite subject") {
-          $('#qid_detail_efrom').text('-');
+            $('#qid_detail_score').append('<span class="label-rspamd-action badge fs-6 bg-warning"><b>' + data.score + '</b> - ' + lang.rewrite_subject + '</span>');
-          $('#qid_detail_score').html('-');
+          }
-          $('#qid_detail_recipients').html('-');
+        }
-          $('#qid_detail_symbols').html('-');
+        if (typeof data.recipients !== 'undefined') {
-          $('#qid_detail_fuzzy').html('-');
+          $.each(data.recipients, function(index, value) {
-          $('#qid_detail_text').text('-');
+            var elem = $('<span class="mail-address-item"></span>');
-          $('#qid_detail_text_from_html').text('-');
+            elem.text(value.address + ' (' + value.type.toUpperCase() + ')');
-          qError.text("Error loading quarantine item");
+            $('#qid_detail_recipients').append(elem);
-          qError.show();
+          });
-        }
+        }
-      }
+        $('#qid_detail_text').text(data.text_plain);
-    });
+        $('#qid_detail_text_from_html').text(data.text_html);
-  });
+        var qAtts = $("#qid_detail_atts");
-
+        if (typeof data.attachments !== 'undefined') {
-  $('body').on('click', 'span.footable-toggle', function () {
+          qAtts.text('');
-    event.stopPropagation();
+          $.each(data.attachments, function(index, value) {
-  })
+            qAtts.append(
-
+              '<p><a href="/inc/ajax/qitem_details.php?id=' + qitem + '&att=' + index + '" target="_blank">' + value[0] + '</a> (' + value[1] + ')' +
-  // Initial table drawings
+              ' - <small><a href="' + value[3] + '" target="_blank">' + lang.check_hash + '</a></small></p>'
-  draw_quarantine_table();
+            );
-});
+          });
        }
        else {
          qAtts.text('-');
        }
      },
      error: function(data){
        if (typeof data.error !== 'undefined') {
          $('#qid_detail_subj').text('-');
          $('#qid_detail_hfrom').text('-');
          $('#qid_detail_efrom').text('-');
          $('#qid_detail_score').html('-');
          $('#qid_detail_recipients').html('-');
          $('#qid_detail_symbols').html('-');
          $('#qid_detail_fuzzy').html('-');
          $('#qid_detail_text').text('-');
          $('#qid_detail_text_from_html').text('-');
          qError.text("Error loading quarantine item");
          qError.show();
        }
      }
    });
  });
  $('body').on('click', 'span.footable-toggle', function () {
    event.stopPropagation();
  })
  // Initial table drawings
  draw_quarantine_table();
  function hideTableExpandCollapseBtn(table){
    if ($(table).hasClass('collapsed'))
      $(".table_collapse_option").show();
    else
      $(".table_collapse_option").hide();
  }
 });
--- a/data/web/js/site/queue.js
+++ b/data/web/js/site/queue.js
@@ -1,123 +1,128 @@
 jQuery(function($){
-    $(".refresh_table").on('click', function(e) {
+  $(".refresh_table").on('click', function(e) {
-      e.preventDefault();
+    e.preventDefault();
-      var table_name = $(this).data('table');
+    var table_name = $(this).data('table');
-      $('#' + table_name).DataTable().ajax.reload();
+    $('#' + table_name).DataTable().ajax.reload();
-    });
+  });
-    function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
+  function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
-    // Queue item
+  // Queue item
-    $('#showQueuedMsg').on('show.bs.modal', function (e) {
+  $('#showQueuedMsg').on('show.bs.modal', function (e) {
-      $('#queue_msg_content').text(lang.loading);
+    $('#queue_msg_content').text(lang.loading);
-      button = $(e.relatedTarget)
+    button = $(e.relatedTarget)
-      if (button != null) {
+    if (button != null) {
-        $('#queue_id').text(button.data('queue-id'));
+      $('#queue_id').text(button.data('queue-id'));
      }
      $.ajax({
          type: 'GET',
          url: '/api/v1/get/postcat/' + button.data('queue-id'),
          dataType: 'text',
          complete: function (data) {
            console.log(data);
            $('#queue_msg_content').text(data.responseText);
          }
      });
    })
    function draw_queue() {
    // just recalc width if instance already exists
    if ($.fn.DataTable.isDataTable('#queuetable') ) {
      $('#queuetable').DataTable().columns.adjust().responsive.recalc();
      return;
    }
    $.ajax({
      type: 'GET',
      url: '/api/v1/get/postcat/' + button.data('queue-id'),
      dataType: 'text',
      complete: function (data) {
        $('#queue_msg_content').text(data.responseText);
      }
    });
  })
-    $('#queuetable').DataTable({
+  function draw_queue() {
-      processing: true,
+  // just recalc width if instance already exists
-      serverSide: false,
+  if ($.fn.DataTable.isDataTable('#queuetable') ) {
-      language: lang_datatables,
+    $('#queuetable').DataTable().columns.adjust().responsive.recalc();
-      ajax: {
+    return;
-        type: "GET",
+  }
-        url: "/api/v1/get/mailq/all",
+
-        dataSrc: function(data){
+  $('#queuetable').DataTable({
-          $.each(data, function (i, item) {
+    responsive: true,
-            item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
+    processing: true,
-            rcpts = $.map(item.recipients, function(i) {
+    serverSide: false,
-              return escapeHtml(i);
+    stateSave: true,
-            });
+    pageLength: pagination_size,
-            item.recipients = rcpts.join('<hr style="margin:1px!important">');
+    dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" +
-            item.action = '<div class="btn-group">' +
+         "tr" +
-              '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.queue_show_message + '</a>' +
+         "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
    language: lang_datatables,
    ajax: {
      type: "GET",
      url: "/api/v1/get/mailq/all",
      dataSrc: function(data){
        $.each(data, function (i, item) {
          item.chkbox = '<input type="checkbox" data-id="mailqitems" name="multi_select" value="' + item.queue_id + '" />';
          rcpts = $.map(item.recipients, function(i) {
            return escapeHtml(i);
          });
          item.recipients = rcpts.join('<hr style="margin:1px!important">');
          item.action = '<div class="btn-group">' +
            '<a href="#" data-bs-toggle="modal" data-bs-target="#showQueuedMsg" data-queue-id="' + encodeURI(item.queue_id) + '" class="btn btn-xs btn-secondary">' + lang.show_message + '</a>' +
            '</div>';
          });
          return data;
        }
      },
      columns: [
-          {
+        {
-            // placeholder, so checkbox will not block child row toggle
+          // placeholder, so checkbox will not block child row toggle
-            title: '',
+          title: '',
-            data: null,
+          data: null,
-            searchable: false,
+          searchable: false,
-            orderable: false,
+          orderable: false,
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: '',
+          title: '',
-            data: 'chkbox',
+          data: 'chkbox',
-            searchable: false,
+          searchable: false,
-            orderable: false,
+          orderable: false,
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: 'QID',
+          title: 'QID',
-            data: 'queue_id',
+          data: 'queue_id',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: 'Queue',
+          title: 'Queue',
-            data: 'queue_name',
+          data: 'queue_name',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang_admin.arrival_time,
+          title: lang_admin.arrival_time,
-            data: 'arrival_time',
+          data: 'arrival_time',
-            defaultContent: '',
+          defaultContent: '',
-            render: function (data, type){
+          render: function (data, type){
-              var date = new Date(data ? data * 1000 : 0); 
+            var date = new Date(data ? data * 1000 : 0);
-              return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
-            }
+          }
-          },
+        },
-          {
+        {
-            title: lang_admin.message_size,
+          title: lang_admin.message_size,
-            data: 'message_size',
+          data: 'message_size',
-            defaultContent: '',
+          defaultContent: '',
-            render: function (data, type){
+          render: function (data, type){
-              return humanFileSize(data);
+            return humanFileSize(data);
-            }
+          }
-          },
+        },
-          {
+        {
-            title: lang_admin.sender,
+          title: lang_admin.sender,
-            data: 'sender',
+          data: 'sender',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang_admin.recipients,
+          title: lang_admin.recipients,
-            data: 'recipients',
+          data: 'recipients',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
-          {
+        {
-            title: lang_admin.action,
+          title: lang_admin.action,
-            data: 'action',
+          data: 'action',
-            className: 'text-md-end dt-sm-head-hidden dt-body-right',
+          className: 'dt-sm-head-hidden dt-text-right',
-            defaultContent: ''
+          defaultContent: ''
-          },
+        },
      ]
    });
  }
  draw_queue();
-})
+})
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -288,6 +288,18 @@ if (isset($_GET['query'])) {
        case "domain-admin":
          process_add_return(domain_admin('add', $attr));
        break;
        case "sso":
          switch ($object) {
            case "domain-admin":
              $data = domain_admin_sso('issue', $attr);
              if($data) {
                echo json_encode($data);
                exit(0);
              }
              process_add_return($data);
            break;
          }
        break;
        case "admin":
          process_add_return(admin('add', $attr));
        break;
@@ -561,6 +573,15 @@ if (isset($_GET['query'])) {
                  echo '{}';
                }
              break;
              default:
                $password_complexity_rules = password_complexity('get');
                if ($password_complexity_rules !== false) {
                  process_get_return($password_complexity_rules);
                }
                else {
                  echo '{}';
                }
              break;
            }
          break;
@@ -1544,14 +1565,15 @@ if (isset($_GET['query'])) {
                  } 
                  else if ($extra == "ip") {
                    // get public ips
                    $curl = curl_init();
                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                    curl_setopt($curl, CURLOPT_POST, 0);
                    curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
                    curl_setopt($curl, CURLOPT_TIMEOUT, 15);
                    curl_setopt($curl, CURLOPT_URL, 'http://ipv4.mailcow.email');
                    $ipv4 = curl_exec($curl);
                    curl_setopt($curl, CURLOPT_URL, 'http://ipv6.mailcow.email');
                    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                    curl_setopt($curl, CURLOPT_POST, 0);
                    $ipv6 = curl_exec($curl);
                    $ips = array(
                      "ipv4" => $ipv4,
@@ -1913,6 +1935,9 @@ if (isset($_GET['query'])) {
        case "ui_texts":
          process_edit_return(customize('edit', 'ui_texts', $attr));
        break;
        case "ip_check":
          process_edit_return(customize('edit', 'ip_check', $attr));
        break;
        case "self":
          if ($_SESSION['mailcow_cc_role'] == "domainadmin") {
            process_edit_return(domain_admin('edit', $attr));
--- a/data/web/lang/lang.ca-es.json
+++ b/data/web/lang/lang.ca-es.json
@@ -393,7 +393,6 @@
        "toggle_all": "Marcar tots"
    },
    "queue": {
        "queue_command_success": "Queue command completed successfully",
        "queue_manager": "Queue Manager"
    },
    "start": {
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@@ -105,7 +105,8 @@
        "timeout2": "Časový limit pro připojení k lokálnímu serveru",
        "username": "Uživatelské jméno",
        "validate": "Ověřit",
-        "validation_success": "Úspěšně ověřeno"
+        "validation_success": "Úspěšně ověřeno",
        "tags": "Štítky"
    },
    "admin": {
        "access": "Přístupy",
@@ -333,7 +334,11 @@
        "username": "Uživatelské jméno",
        "validate_license_now": "Ověřit GUID na licenčním serveru",
        "verify": "Ověřit",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
        "f2b_max_ban_time": "Maximální délka banu (s)",
        "ip_check": "Kontrola IP",
        "ip_check_disabled": "Kontrola IP je vypnuta. Můžete ji zapnout v <br> <strong>System > Nastavení > Options > Přizpůsobení</strong>"
    },
    "danger": {
        "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@@ -536,7 +541,7 @@
        "inactive": "Neaktivní",
        "kind": "Druh",
        "last_modified": "Naposledy změněn",
-        "lookup_mx": "Cíl je regulární výraz který se shoduje s MX záznamem (<code>.*google\\.com</code> směřuje veškerou poštu na MX které jsou cílem pro google.com přes tento skok)",
+        "lookup_mx": "Cíl je regulární výraz který se shoduje s MX záznamem (<code>.*\\.google\\.com</code> směřuje veškerou poštu na MX které jsou cílem pro google.com přes tento skok)",
        "mailbox": "Úprava mailové schránky",
        "mailbox_quota_def": "Výchozí kvóta schránky",
        "mailbox_relayhost_info": "Aplikované jen na uživatelskou schránku a přímé aliasy, přepisuje předávající server domény.",
@@ -650,7 +655,7 @@
    },
    "login": {
        "delayed": "Přihlášení zpožděno o %s sekund.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Přihlásit",
        "mobileconfig_info": "Ke stažení profilového souboru se přihlaste jako uživatel schránky.",
        "other_logins": "Přihlášení klíčem",
@@ -889,7 +894,6 @@
        "type": "Typ"
    },
    "queue": {
        "queue_deliver_mail": "Doručit",
        "queue_manager": "Správce fronty"
    },
    "ratelimit": {
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -1,18 +1,18 @@
 {
    "acl": {
-        "alias_domains": "Tilføj kældenavn domæner",
+        "alias_domains": "Tilføj domænealias",
        "app_passwds": "Administrer app-adgangskoder",
        "bcc_maps": "BCC kort",
        "delimiter_action": "Afgrænsning handling",
-        "eas_reset": "Nulstil EAS endheder",
+        "eas_reset": "Nulstil EAS enheder",
        "extend_sender_acl": "Tillad at udvide afsenderens ACL med eksterne adresser",
        "filters": "Filtre",
        "login_as": "Login som mailboks bruger",
-        "prohibited": "Forbudt af ACL",
+        "prohibited": "Nægtet af ACL",
-        "protocol_access": "Ændre protokol adgang",
+        "protocol_access": "Skift protokol adgang",
        "pushover": "Pushover",
-        "quarantine": "Karantæneaktioner",
+        "quarantine": "Karantænehandlinger",
-        "quarantine_attachments": "Karantæne vedhæftede filer",
+        "quarantine_attachments": "Karantænevedhæftede filer",
        "quarantine_notification": "Skift karantænemeddelelser",
        "ratelimit": "Satsgrænse",
        "recipient_maps": "Modtagerkort",
@@ -20,12 +20,15 @@
        "sogo_access": "Tillad styring af SOGo-adgang",
        "sogo_profile_reset": "Nulstil SOGo-profil",
        "spam_alias": "Midlertidige aliasser",
-        "spam_policy": "Sortliste / hvidliste",
+        "spam_policy": "Sortliste/hvidliste",
        "spam_score": "Spam-score",
-        "syncjobs": "Synkroniser job",
+        "syncjobs": "Synkroniserings job",
        "tls_policy": "TLS politik",
-        "unlimited_quota": "Ubegrænset quote for mailbokse",
+        "unlimited_quota": "Ubegrænset plads for mailbokse",
-        "domain_desc": "Skift domæne beskrivelse"
+        "domain_desc": "Skift domæne beskrivelse",
        "domain_relayhost": "Skift relæ host for et domæne",
        "mailbox_relayhost": "Skift relæ-host for en postkasse",
        "quarantine_category": "Skift kategorien for karantænemeddelelse"
    },
    "add": {
        "activate_filter_warn": "Alle andre filtre deaktiveres, når aktiv er markeret.",
@@ -33,7 +36,7 @@
        "add": "Tilføj",
        "add_domain_only": "Tilføj kun domæne",
        "add_domain_restart": "Tilføj domæne og genstart SOGo",
-        "alias_address": "Alias adresse (r)",
+        "alias_address": "Alias adresse(r)",
        "alias_address_info": "<small>Fuld e-mail-adresse eller @ eksempel.com for at fange alle beskeder til et domæne (kommasepareret). <b> kun mailcow-domæner</b>.</small>",
        "alias_domain": "Alias-domæne",
        "alias_domain_info": "<small>Kun gyldige domænenavne (kommasepareret).</small>",
@@ -59,7 +62,7 @@
        "gal": "Global adresseliste",
        "gal_info": "GAL indeholder alle objekter i et domæne og kan ikke redigeres af nogen bruger. Information om ledig / optaget i SOGo mangler, hvis deaktiveret! <b> Genstart SOGo for at anvende ændringer. </b>",
        "generate": "generere",
-        "goto_ham": "Lær som <span class=\"text-success\"><b>ham</b></span>",
+        "goto_ham": "Lær som <span class=\"text-success\"><b>ønsket</b></span>",
        "goto_null": "Kassér e-mail i stilhed",
        "goto_spam": "Lær som <span class=\"text-danger\"><b>spam</b></span>",
        "hostname": "Vært",
@@ -80,7 +83,7 @@
        "private_comment": "Privat kommentar",
        "public_comment": "Offentlig kommentar",
        "quota_mb": "Kvota (Mb)",
-        "relay_all": "Send alle modtagere videre",
+        "relay_all": "Besvar alle modtager",
        "relay_all_info": "↪ Hvis du vælger <b> ikke </b> at videresende alle modtagere, skal du tilføje et (\"blind\") postkasse til hver enkelt modtager, der skal videresendes.",
        "relay_domain": "Send dette domæne videre",
        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Du kan definere transportkort til en tilpasset destination for dette domæne. Hvis ikke indstillet, foretages der et MX-opslag.",
@@ -101,7 +104,10 @@
        "timeout2": "Timeout for forbindelse til lokal vært",
        "username": "Brugernavn",
        "validate": "Bekræft",
-        "validation_success": "Valideret med succes"
+        "validation_success": "Valideret med succes",
        "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.<br>Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.",
        "app_passwd_protocols": "Tilladte protokoller for app adgangskode",
        "tags": "Tag's"
    },
    "admin": {
        "access": "Adgang",
@@ -308,7 +314,10 @@
        "username": "Brugernavn",
        "validate_license_now": "Valider GUID mod licensserver",
        "verify": "Verificere",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
        "queue_unban": "unban",
        "admins": "Administratorer"
    },
    "danger": {
        "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -425,7 +434,8 @@
        "username_invalid": "Brugernavn %s kan ikke bruges",
        "validity_missing": "Tildel venligst en gyldighedsperiode",
        "value_missing": "Angiv alle værdier",
-        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s"
+        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
    },
    "debug": {
        "chart_this_server": "Diagram (denne server)",
@@ -442,7 +452,8 @@
        "solr_status": "Solr-status",
        "started_on": "Startede den",
        "static_logs": "Statiske logfiler",
-        "system_containers": "System og Beholdere"
+        "system_containers": "System og Beholdere",
        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
    },
    "diagnostics": {
        "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -553,7 +564,11 @@
        "title": "Rediger objekt",
        "unchanged_if_empty": "Lad være tomt, hvis uændret",
        "username": "Brugernavn",
-        "validate_save": "Valider og gem"
+        "validate_save": "Valider og gem",
        "admin": "Rediger administrator",
        "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
        "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
        "quota_warning_bcc": "Kvoteadvarsel BCC"
    },
    "footer": {
        "cancel": "Afbestille",
@@ -571,7 +586,7 @@
    "header": {
        "administration": "Konfiguration og detailer",
        "apps": "Apps",
-        "debug": "Systemoplysninger",
+        "debug": "Information",
        "email": "E-Mail",
        "mailcow_config": "Konfiguration",
        "quarantine": "Karantæne",
@@ -586,7 +601,7 @@
    },
    "login": {
        "delayed": "Login blev forsinket med% s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Login",
        "mobileconfig_info": "Log ind som postkassebruger for at downloade den anmodede Apple-forbindelsesprofil.",
        "other_logins": "Nøgle login",
@@ -739,7 +754,10 @@
        "username": "Brugernavn",
        "waiting": "Venter",
        "weekly": "Ugentlig",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "goto_ham": "Lær som <b>ønsket</b>",
        "catch_all": "Fang-alt",
        "open_logs": "Åben logfiler"
    },
    "oauth2": {
        "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -803,7 +821,6 @@
        "toggle_all": "Skift alt"
    },
    "queue": {
        "queue_deliver_mail": "Aflevere",
        "queue_manager": "Køadministrator"
    },
    "start": {
@@ -1031,7 +1048,7 @@
        "spamfilter_table_empty": "Intet data at vise",
        "spamfilter_table_remove": "slet",
        "spamfilter_table_rule": "Regl",
-        "spamfilter_wl": "Hvisliste",
+        "spamfilter_wl": "Hvidliste",
        "spamfilter_wl_desc": "Hvidlistede e-mail-adresser til <b>aldrig</b> at klassificeres som spam. Wildcards kan bruges. Et filter anvendes kun på direkte aliaser (aliaser med en enkelt målpostkasse) eksklusive catch-aliaser og selve en postkasse.",
        "spamfilter_yellow": "Gul: denne besked kan være spam, vil blive tagget som spam og flyttes til din junk-mappe",
        "status": "Status",
@@ -1067,5 +1084,11 @@
        "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
        "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
    },
    "datatables": {
        "lengthMenu": "Vis _MENU_ poster",
        "paginate": {
            "first": "Først"
        }
    }
 }
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -175,10 +175,12 @@
        "empty": "Keine Einträge vorhanden",
        "excludes": "Diese Empfänger ausschließen",
        "f2b_ban_time": "Bannzeit in Sekunden",
        "f2b_ban_time_increment": "Bannzeit erhöht sich mit jedem Bann",
        "f2b_blacklist": "Blacklist für Netzwerke und Hosts",
        "f2b_filter": "Regex-Filter",
        "f2b_list_info": "Ein Host oder Netzwerk auf der Blacklist wird immer eine Whitelist-Einheit überwiegen. <b>Die Aktualisierung der Liste dauert einige Sekunden.</b>",
        "f2b_max_attempts": "Max. Versuche",
        "f2b_max_ban_time": "Maximale Bannzeit in Sekunden",
        "f2b_netban_ipv4": "Netzbereich für IPv4-Banns (8-32)",
        "f2b_netban_ipv6": "Netzbereich für IPv6-Banns (8-128)",
        "f2b_parameters": "Fail2ban-Parameter",
@@ -204,6 +206,9 @@
        "include_exclude": "Ein- und Ausschlüsse",
        "include_exclude_info": "Ohne Auswahl werden <b>alle Mailboxen</b> adressiert.",
        "includes": "Diese Empfänger einschließen",
        "ip_check": "IP Check",
        "ip_check_disabled": "IP check ist deaktiviert. Unter dem angegebenen Pfad kann es aktiviert werden<br> <strong>System > Konfiguration > Einstellungen > UI-Anpassung</strong>",
        "ip_check_opt_in": "Opt-In für die Nutzung der Drittanbieter-Dienste <strong>ipv4.mailcow.email</strong> und <strong>ipv6.mailcow.email</strong> zur Auflösung externer IP-Adressen.",
        "is_mx_based": "MX-basiert",
        "last_applied": "Zuletzt angewendet",
        "license_info": "Eine Lizenz ist nicht erforderlich, hilft jedoch der Entwicklung mailcows.<br><a href=\"https://www.servercow.de/mailcow#sal\" target=\"_blank\" alt=\"SAL Bestellung\">Hier kann die mailcow-GUID registriert werden.</a> Alternativ ist <a href=\"https://www.servercow.de/mailcow#support\" target=\"_blank\" alt=\"SAL Bestellung\">die Bestellung von Support-Paketen möglich</a>.",
@@ -211,7 +216,7 @@
        "loading": "Bitte warten...",
        "login_time": "Zeit",
        "logo_info": "Die hochgeladene Grafik wird für die Navigationsleiste auf eine Höhe von 40px skaliert. Für die Darstellung auf der Login-Maske beträgt die skalierte Breite maximal 250px. Eine frei skalierbare Grafik (etwa SVG) wird empfohlen.",
-        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
+        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*\\.google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
        "main_name": "\"mailcow UI\" Name",
        "merged_vars_hint": "Ausgegraute Reihen wurden aus der Datei <code>vars.(local.)inc.php</code> gelesen und können hier nicht verändert werden.",
        "message": "Nachricht",
@@ -336,7 +341,8 @@
        "oauth2_add_client": "Füge OAuth2 Client hinzu",
        "api_read_only": "Schreibgeschützter Zugriff",
        "api_read_write": "Lese-Schreib-Zugriff",
-        "oauth2_apps": "OAuth2 Apps"
+        "oauth2_apps": "OAuth2 Apps",
        "queue_unban": "entsperren"
    },
    "danger": {
        "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -363,6 +369,7 @@
        "domain_not_empty": "Domain %s ist nicht leer",
        "domain_not_found": "Domain %s nicht gefunden",
        "domain_quota_m_in_use": "Domain-Speicherplatzlimit muss größer oder gleich %d MiB sein",
        "extended_sender_acl_denied": "Keine Rechte zum Setzen von externen Absenderadressen",
        "extra_acl_invalid": "Externe Absenderadresse \"%s\" ist ungültig",
        "extra_acl_invalid_domain": "Externe Absenderadresse \"%s\" verwendet eine ungültige Domain",
        "fido2_verification_failed": "FIDO2-Verifizierung fehlgeschlagen: %s",
@@ -450,41 +457,48 @@
        "totp_verification_failed": "TOTP-Verifizierung fehlgeschlagen",
        "transport_dest_exists": "Transport-Maps-Ziel \"%s\" existiert bereits",
        "webauthn_verification_failed": "WebAuthn-Verifizierung fehlgeschlagen: %s",
        "webauthn_authenticator_failed": "Der ausgewählte Authenticator wurde nicht gefunden",
        "webauthn_publickey_failed": "Zu dem ausgewählten Authenticator wurde kein Publickey hinterlegt",
        "webauthn_username_failed": "Der ausgewählte Authenticator gehört zu einem anderen Konto",
        "unknown": "Ein unbekannter Fehler trat auf",
        "unknown_tfa_method": "Unbekannte TFA-Methode",
        "unlimited_quota_acl": "Unendliche Quota untersagt durch ACL",
        "username_invalid": "Benutzername %s kann nicht verwendet werden",
        "validity_missing": "Bitte geben Sie eine Gültigkeitsdauer an",
        "value_missing": "Bitte alle Felder ausfüllen",
-        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s"
+        "yotp_verification_failed": "Yubico OTP-Verifizierung fehlgeschlagen: %s",
        "template_exists": "Vorlage %s existiert bereits",
        "template_id_invalid": "Vorlagen-ID %s ungültig",
        "template_name_invalid": "Name der Vorlage ungültig"
    },
    "datatables": {
-      "collapse_all": "Alle Einklappen",
+        "collapse_all": "Alle Einklappen",
-      "decimal": "",
+        "decimal": ",",
-      "emptyTable": "Keine Daten in der Tabelle vorhanden",
+        "emptyTable": "Keine Daten in der Tabelle vorhanden",
-      "expand_all": "Alle Ausklappen",
+        "expand_all": "Alle Ausklappen",
-      "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
+        "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
-      "infoEmpty": "0 bis 0 von 0 Einträgen",
+        "infoEmpty": "0 bis 0 von 0 Einträgen",
-      "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
+        "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
-      "infoPostFix": "",
+        "infoPostFix": "",
-      "thousands": ".",
+        "thousands": ".",
-      "lengthMenu": "_MENU_ Einträge anzeigen",
+        "lengthMenu": "_MENU_ Einträge anzeigen",
-      "loadingRecords": "Wird geladen...",
+        "loadingRecords": "Wird geladen...",
-      "processing": "Bitte warten...",
+        "processing": "Bitte warten...",
-      "search": "Suchen",
+        "search": "Suchen",
-      "zeroRecords": "Keine Einträge vorhanden.",
+        "zeroRecords": "Keine Einträge vorhanden.",
-      "paginate": {
+        "paginate": {
-        "first": "Erste",
+            "first": "Erste",
-        "previous": "Zurück",
+            "previous": "Zurück",
-        "next": "Nächste",
+            "next": "Nächste",
-        "last": "Letzte"
+            "last": "Letzte"
-      },
+        },
-      "aria": {
+        "aria": {
-        "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
+            "sortAscending": ": aktivieren, um Spalte aufsteigend zu sortieren",
-        "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
+            "sortDescending": ": aktivieren, um Spalte absteigend zu sortieren"
-      }
+        }
    },
    "debug": {
        "architecture": "Architektur",
        "chart_this_server": "Chart (dieser Server)",
        "containers_info": "Container-Information",
        "container_running": "Läuft",
@@ -494,6 +508,7 @@
        "current_time": "Systemzeit",
        "disk_usage": "Festplattennutzung",
        "docs": "Dokumente",
        "error_show_ip": "Konnte die öffentlichen IP Adressen nicht auflösen",
        "external_logs": "Externe Logs",
        "history_all_servers": "History (alle Server)",
        "in_memory_logs": "In-memory Logs",
@@ -506,6 +521,7 @@
        "online_users": "Benutzer online",
        "restart_container": "Neustart",
        "service": "Dienst",
        "show_ip": "Zeige öffentliche IP",
        "size": "Größe",
        "solr_dead": "Solr startet, ist deaktiviert oder temporär nicht erreichbar.",
        "solr_status": "Solr Status",
@@ -519,7 +535,8 @@
        "update_available": "Es ist ein Update verfügbar",
        "no_update_available": "Das System ist auf aktuellem Stand",
        "update_failed": "Es konnte nicht nach einem Update gesucht werden",
-        "username": "Benutzername"
+        "username": "Benutzername",
        "wip": "Aktuell noch in Arbeit"
    },
    "diagnostics": {
        "cname_from_a": "Wert abgeleitet von A/AAAA-Eintrag. Wird unterstützt, sofern der Eintrag auf die korrekte Ressource zeigt.",
@@ -578,7 +595,7 @@
        "inactive": "Inaktiv",
        "kind": "Art",
        "last_modified": "Zuletzt geändert",
-        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
+        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*\\.google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
        "mailbox": "Mailbox bearbeiten",
        "mailbox_quota_def": "Standard-Quota einer Mailbox",
        "mailbox_relayhost_info": "Wird auf eine Mailbox und direkte Alias-Adressen angewendet. Überschreibt die Einstellung einer Domain.",
@@ -645,7 +662,8 @@
        "title": "Objekt bearbeiten",
        "unchanged_if_empty": "Unverändert, wenn leer",
        "username": "Benutzername",
-        "validate_save": "Validieren und speichern"
+        "validate_save": "Validieren und speichern",
        "pushover_sound": "Ton"
    },
    "fido2": {
        "confirm": "Bestätigen",
@@ -686,7 +704,8 @@
        "quarantine": "Quarantäne",
        "restart_netfilter": "Netfilter neustarten",
        "restart_sogo": "SOGo neustarten",
-        "user_settings": "Benutzereinstellungen"
+        "user_settings": "Benutzereinstellungen",
        "mailcow_system": "System"
    },
    "info": {
        "awaiting_tfa_confirmation": "Warte auf TFA-Verifizierung",
@@ -695,7 +714,7 @@
    },
    "login": {
        "delayed": "Login wurde zur Sicherheit um %s Sekunde/n verzögert.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Anmelden",
        "mobileconfig_info": "Bitte als Mailbox-Benutzer einloggen, um das Verbindungsprofil herunterzuladen.",
        "other_logins": "Key Login",
@@ -942,7 +961,7 @@
    "queue": {
        "delete": "Queue löschen",
        "flush": "Queue flushen",
-        "info" : "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
+        "info": "In der Mailqueue befinden sich alle E-Mails, welche auf eine Zustellung warten. Sollte eine E-Mail eine längere Zeit innerhalb der Mailqueue stecken wird diese automatisch vom System gelöscht.<br>Die Fehlermeldung der jeweiligen Mail gibt aufschluss darüber, warum diese nicht zugestellt werden konnte",
        "legend": "Funktionen der Mailqueue Aktionen:",
        "ays": "Soll die derzeitige Queue wirklich komplett bereinigt werden?",
        "deliver_mail": "Ausliefern",
@@ -1001,6 +1020,7 @@
        "forwarding_host_removed": "Weiterleitungs-Host %s wurde entfernt",
        "global_filter_written": "Filterdatei wurde erfolgreich geschrieben",
        "hash_deleted": "Hash wurde gelöscht",
        "ip_check_opt_in_modified": "IP Check wurde erfolgreich gespeichert",
        "item_deleted": "Objekt %s wurde entfernt",
        "item_released": "Objekt %s freigegeben",
        "items_deleted": "Objekt(e) %s wurde(n) erfolgreich entfernt",
@@ -1229,7 +1249,8 @@
        "syncjob_EXIT_CONNECTION_FAILURE": "Verbindungsproblem",
        "syncjob_EXIT_TLS_FAILURE": "Problem mit verschlüsselter Verbindung",
        "syncjob_EXIT_AUTHENTICATION_FAILURE": "Authentifizierungsproblem",
-        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort"
+        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Falscher Benutzername oder Passwort",
        "pushover_sound": "Ton"
    },
    "warning": {
        "cannot_delete_self": "Kann derzeit eingeloggten Benutzer nicht entfernen",
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -177,10 +177,12 @@
        "empty": "No results",
        "excludes": "Excludes these recipients",
        "f2b_ban_time": "Ban time (s)",
        "f2b_ban_time_increment": "Ban time is incremented with each ban",
        "f2b_blacklist": "Blacklisted networks/hosts",
        "f2b_filter": "Regex filters",
        "f2b_list_info": "A blacklisted host or network will always outweigh a whitelist entity. <b>List updates will take a few seconds to be applied.</b>",
        "f2b_max_attempts": "Max. attempts",
        "f2b_max_ban_time": "Max. ban time (s)",
        "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
        "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
        "f2b_parameters": "Fail2ban parameters",
@@ -206,6 +208,9 @@
        "include_exclude": "Include/Exclude",
        "include_exclude_info": "By default - with no selection - <b>all mailboxes</b> are addressed",
        "includes": "Include these recipients",
        "ip_check": "IP Check",
        "ip_check_disabled": "IP check is disabled. You can enable it under<br> <strong>System > Configuration > Options > Customize</strong>",
        "ip_check_opt_in": "Opt-In for using third party service <strong>ipv4.mailcow.email</strong> and <strong>ipv6.mailcow.email</strong> to resolve external IP addresses.",
        "is_mx_based": "MX based",
        "last_applied": "Last applied",
        "license_info": "A license is not required but helps further development.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Register your GUID here</a> or <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">buy support for your mailcow installation.</a>",
@@ -213,7 +218,7 @@
        "loading": "Please wait...",
        "login_time": "Login time",
        "logo_info": "Your image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. A scalable graphic is highly recommended.",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "main_name": "\"mailcow UI\" name",
        "merged_vars_hint": "Greyed out rows were merged from <code>vars.(local.)inc.php</code> and cannot be modified.",
        "message": "Message",
@@ -264,6 +269,7 @@
        "quota_notifications": "Quota notifications",
        "quota_notifications_info": "Quota notifications are sent to users once when crossing 80% and once when crossing 95% usage.",
        "quota_notifications_vars": "{{percent}} equals the current quota of the user<br>{{username}} is the mailbox name",
        "queue_unban": "unban",
        "r_active": "Active restrictions",
        "r_inactive": "Inactive restrictions",
        "r_info": "Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.",
@@ -363,6 +369,7 @@
        "domain_not_empty": "Cannot remove non-empty domain %s",
        "domain_not_found": "Domain %s not found",
        "domain_quota_m_in_use": "Domain quota must be greater or equal to %s MiB",
        "extended_sender_acl_denied": "missing ACL to set external sender addresses",
        "extra_acl_invalid": "External sender address \"%s\" is invalid",
        "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
        "fido2_verification_failed": "FIDO2 verification failed: %s",
@@ -453,6 +460,9 @@
        "totp_verification_failed": "TOTP verification failed",
        "transport_dest_exists": "Transport destination \"%s\" exists",
        "webauthn_verification_failed": "WebAuthn verification failed: %s",
        "webauthn_authenticator_failed": "The selected authenticator was not found",
        "webauthn_publickey_failed": "No public key was stored for the selected authenticator",
        "webauthn_username_failed": "The selected authenticator belongs to another account",
        "unknown": "An unknown error occurred",
        "unknown_tfa_method": "Unknown TFA method",
        "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
@@ -462,32 +472,33 @@
        "yotp_verification_failed": "Yubico OTP verification failed: %s"
    },
    "datatables": {
-      "collapse_all": "Collapse All",
+        "collapse_all": "Collapse All",
-      "decimal": "",
+        "decimal": ".",
-      "emptyTable": "No data available in table",
+        "emptyTable": "No data available in table",
-      "expand_all": "Expand All",
+        "expand_all": "Expand All",
-      "info": "Showing _START_ to _END_ of _TOTAL_ entries",
+        "info": "Showing _START_ to _END_ of _TOTAL_ entries",
-      "infoEmpty": "Showing 0 to 0 of 0 entries",
+        "infoEmpty": "Showing 0 to 0 of 0 entries",
-      "infoFiltered": "(filtered from _MAX_ total entries)",
+        "infoFiltered": "(filtered from _MAX_ total entries)",
-      "infoPostFix": "",
+        "infoPostFix": "",
-      "thousands": ",",
+        "thousands": ",",
-      "lengthMenu": "Show _MENU_ entries",
+        "lengthMenu": "Show _MENU_ entries",
-      "loadingRecords": "Loading...",
+        "loadingRecords": "Loading...",
-      "processing": "Please wait...",
+        "processing": "Please wait...",
-      "search": "Search:",
+        "search": "Search:",
-      "zeroRecords": "No matching records found",
+        "zeroRecords": "No matching records found",
-      "paginate": {
+        "paginate": {
-          "first": "First",
+            "first": "First",
-          "last": "Last",
+            "last": "Last",
-          "next": "Next",
+            "next": "Next",
-          "previous": "Previous"
+            "previous": "Previous"
-      },
+        },
-      "aria": {
+        "aria": {
-          "sortAscending": ": activate to sort column ascending",
+            "sortAscending": ": activate to sort column ascending",
-          "sortDescending": ": activate to sort column descending"
+            "sortDescending": ": activate to sort column descending"
-      }
+        }
    },
    "debug": {
        "architecture": "Architecture",
        "chart_this_server": "Chart (this server)",
        "containers_info": "Container information",
        "container_running": "Running",
@@ -497,6 +508,7 @@
        "current_time": "System Time",
        "disk_usage": "Disk usage",
        "docs": "Docs",
        "error_show_ip": "Could not resolve the public IP addresses",
        "external_logs": "External logs",
        "history_all_servers": "History (all servers)",
        "in_memory_logs": "In-memory logs",
@@ -509,6 +521,7 @@
        "online_users": "Users online",
        "restart_container": "Restart",
        "service": "Service",
        "show_ip": "Show public IP",
        "size": "Size",
        "solr_dead": "Solr is starting, disabled or died.",
        "solr_status": "Solr status",
@@ -522,7 +535,8 @@
        "update_available": "There is an update available",
        "no_update_available": "The System is on the latest version",
        "update_failed": "Could not check for an Update",
-        "username": "Username"
+        "username": "Username",
        "wip": "Currently Work in Progress"
    },
    "diagnostics": {
        "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@@ -581,7 +595,7 @@
        "inactive": "Inactive",
        "kind": "Kind",
        "last_modified": "Last modified",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "mailbox": "Edit mailbox",
        "mailbox_quota_def": "Default mailbox quota",
        "mailbox_relayhost_info": "Applied to the mailbox and direct aliases only, does override a domain relayhost.",
@@ -700,7 +714,7 @@
    },
    "login": {
        "delayed": "Login was delayed by %s seconds.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Login",
        "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
        "other_logins": "Key login",
@@ -947,7 +961,7 @@
    "queue": {
        "delete": "Delete all",
        "flush": "Flush queue",
-        "info" : "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
+        "info": "The mail queue contains all e-mails that are waiting for delivery. If an email is stuck in the mail queue for a long time, it is automatically deleted by the system.<br>The error message of the respective mail gives information about why the mail could not be delivered.",
        "legend": "Mail queue actions functions:",
        "ays": "Please confirm you want to delete all items from the current queue.",
        "deliver_mail": "Deliver",
@@ -961,11 +975,11 @@
        "unhold_mail_legend": "Releases selected mails for delivery. (Requires prior hold)"
    },
    "ratelimit": {
-      "disabled": "Disabled",
+        "disabled": "Disabled",
-      "second": "msgs / second",
+        "second": "msgs / second",
-      "minute": "msgs / minute",
+        "minute": "msgs / minute",
-      "hour": "msgs / hour",
+        "hour": "msgs / hour",
-      "day": "msgs / day"
+        "day": "msgs / day"
    },
    "start": {
        "help": "Show/Hide help panel",
@@ -1013,6 +1027,7 @@
        "forwarding_host_removed": "Forwarding host %s has been removed",
        "global_filter_written": "Filter was successfully written to file",
        "hash_deleted": "Hash deleted",
        "ip_check_opt_in_modified": "IP check was saved successfully",
        "item_deleted": "Item %s successfully deleted",
        "item_released": "Item %s released",
        "items_deleted": "Item %s successfully deleted",
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -141,9 +141,11 @@
        "empty": "Sin resultados",
        "excludes": "Excluye a estos destinatarios",
        "f2b_ban_time": "Tiempo de restricción (s)",
        "f2b_ban_time_increment": "Tiempo de restricción se incrementa con cada restricción",
        "f2b_blacklist": "Redes y hosts en lista negra",
        "f2b_list_info": "Un host o red en lista negra siempre superará a una entidad de la lista blanca. <b>Las actualizaciones de la lista tardarán unos segundos en aplicarse.</b>",
        "f2b_max_attempts": "Max num. de intentos",
        "f2b_max_ban_time": "Max tiempo de restricción (s)",
        "f2b_netban_ipv4": "Tamaño de subred IPv4 para aplicar la restricción (8-32)",
        "f2b_netban_ipv6": "Tamaño de subred IPv6 para aplicar la restricción (8-128)",
        "f2b_parameters": "Parametros Fail2ban",
@@ -602,7 +604,6 @@
        "toggle_all": "Seleccionar todos"
    },
    "queue": {
        "queue_deliver_mail": "Entregar",
        "queue_manager": "Administrador de cola"
    },
    "start": {
--- a/data/web/lang/lang.fi-fi.json
+++ b/data/web/lang/lang.fi-fi.json
@@ -686,7 +686,6 @@
        "toggle_all": "Valitse kaikki"
    },
    "queue": {
        "queue_deliver_mail": "Toimittaa",
        "queue_manager": "Jonon hallinta"
    },
    "start": {
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -24,9 +24,11 @@
        "spam_policy": "Liste Noire/Liste Blanche",
        "spam_score": "Score SPAM",
        "syncjobs": "Tâches de synchronisation",
-        "tls_policy": "Police TLS",
+        "tls_policy": "Politique TLS",
        "unlimited_quota": "Quota illimité pour les boites de courriel",
-        "domain_desc": "Modifier la description du domaine"
+        "domain_desc": "Modifier la description du domaine",
        "domain_relayhost": "Changer le relais pour un domaine",
        "mailbox_relayhost": "Changer le relais d’une boîte de réception"
    },
    "add": {
        "activate_filter_warn": "Tous les autres filtres seront désactivés, quand activé est coché.",
@@ -103,7 +105,9 @@
        "username": "Nom d'utilisateur",
        "validate": "Valider",
        "validation_success": "Validation réussie",
-        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici."
+        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
        "tags": "Etiquettes",
        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application"
    },
    "admin": {
        "access": "Accès",
@@ -168,11 +172,13 @@
        "edit": "Editer",
        "empty": "Aucun résultat",
        "excludes": "Exclure ces destinataires",
-        "f2b_ban_time": "Durée du bannissement(s)",
+        "f2b_ban_time": "Durée du bannissement (s)",
        "f2b_ban_time_increment": "Durée du bannissement est augmentée à chaque bannissement",
        "f2b_blacklist": "Réseaux/Domaines sur Liste Noire",
        "f2b_filter": "Filtre(s) Regex",
        "f2b_list_info": "Un hôte ou un réseau sur liste noire l'emportera toujours sur une entité de liste blanche. <b>L'application des mises à jour de liste prendra quelques secondes.</b>",
        "f2b_max_attempts": "Nb max. de tentatives",
        "f2b_max_ban_time": "Max. durée du bannissement (s)",
        "f2b_netban_ipv4": "Taille du sous-réseau IPv4 pour l'application du bannissement (8-32)",
        "f2b_netban_ipv6": "Taille du sous-réseau IPv6 pour l'application du bannissement (8-128)",
        "f2b_parameters": "Paramètres Fail2ban",
@@ -316,7 +322,11 @@
        "oauth2_add_client": "Ajouter un client OAuth2",
        "password_policy": "Politique de mots de passe",
        "admins": "Administrateurs",
-        "api_read_only": "Accès lecture-seule"
+        "api_read_only": "Accès lecture-seule",
        "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules",
        "password_policy_numbers": "Doit contenir au moins un chiffre",
        "ip_check": "Vérification IP",
        "ip_check_disabled": "La vérification IP est désactivée. Vous pouvez l'activer sous<br> <strong>Système > Configuration > Options > Personnaliser</strong>"
    },
    "danger": {
        "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -435,7 +445,12 @@
        "username_invalid": "Le nom d'utilisateur %s ne peut pas être utilisé",
        "validity_missing": "Veuillez attribuer une période de validité",
        "value_missing": "Veuillez fournir toutes les valeurs",
-        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s"
+        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
        "webauthn_authenticator_failed": "L'authentificateur selectionné est introuvable",
        "demo_mode_enabled": "Le mode de démonstration est activé",
        "template_exists": "La template %s existe déja",
        "template_id_invalid": "Le numéro de template %s est invalide",
        "template_name_invalid": "Le nom de la template est invalide"
    },
    "debug": {
        "chart_this_server": "Graphique (ce serveur)",
@@ -573,7 +588,7 @@
        "unchanged_if_empty": "Si non modifié, laisser en blanc",
        "username": "Nom d'utilisateur",
        "validate_save": "Valider et sauver",
-        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut).",
+        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*\\.google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine."
    },
    "footer": {
@@ -607,7 +622,7 @@
    },
    "login": {
        "delayed": "La connexion a été retardée de %s secondes.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Connexion",
        "mobileconfig_info": "Veuillez vous connecter en tant qu’utilisateur de la boîte pour télécharger le profil de connexion Apple demandé.",
        "other_logins": "Clé d'authentification",
@@ -827,7 +842,6 @@
        "toggle_all": "Tout basculer"
    },
    "queue": {
        "queue_deliver_mail": "Délivrer",
        "queue_manager": "Gestion de la file d'attente"
    },
    "start": {
@@ -1077,9 +1091,12 @@
        "username": "Nom d'utilisateur",
        "verify": "Vérification",
        "waiting": "En attente",
-        "week": "Semaine",
+        "week": "semaine",
        "weekly": "Hebdomadaire",
-        "weeks": "semaines"
+        "weeks": "semaines",
        "months": "mois",
        "year": "année",
        "years": "années"
    },
    "warning": {
        "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
--- a/data/web/lang/lang.hu-hu.json
+++ b/data/web/lang/lang.hu-hu.json
@@ -216,7 +216,6 @@
        "toggle_all": "Összes átkapcsolása"
    },
    "queue": {
        "queue_command_success": "Queue command completed successfully",
        "queue_manager": "Queue Manager"
    },
    "start": {
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -43,7 +43,7 @@
        "app_name": "Nome app",
        "app_password": "Aggiungi la password dell'app",
        "automap": "Prova a mappare automaticamente le cartelle (\"Sent items\", \"Sent\" => \"Posta inviata\" ecc.)",
-        "backup_mx_options": "Relay options",
+        "backup_mx_options": "Opzioni di inoltro",
        "comment_info": "Un commento privato non è visibile all'utente, mentre un commento pubblico viene mostrato come suggerimento quando si passa con il mouse nella panoramica di un utente",
        "custom_params": "Parametri personalizzati",
        "custom_params_hint": "Corretto: --param=xy, errato: --param xy",
@@ -175,10 +175,12 @@
        "empty": "Nessun risultato",
        "excludes": "Esclude questi destinatari",
        "f2b_ban_time": "Tempo di blocco (s)",
        "f2b_ban_time_increment": "Tempo di blocco aumenta ad ogni blocco",
        "f2b_blacklist": "Host/reti in blacklist",
        "f2b_filter": "Filtri Regex",
        "f2b_list_info": "Un host oppure una rete in blacklist, avrà sempre un peso maggiore rispetto ad una in whitelist. <b>L'aggiornamento della lista richiede alcuni secondi per la sua entrata in azione.</b>",
        "f2b_max_attempts": "Tentativi massimi",
        "f2b_max_ban_time": "Tempo massimo di blocco (s)",
        "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
        "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
        "f2b_parameters": "Parametri Fail2ban",
@@ -211,7 +213,7 @@
        "loading": "Caricamento in corso...",
        "login_time": "Ora di accesso",
        "logo_info": "La tua immagine verrà ridimensionata a 40px di altezza, quando verrà usata nella barra di navigazione in alto, ed ad una larghezza massima di 250px nella schermata iniziale. È altamente consigliato l'utilizzo di un'immagine modulabile.",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "main_name": "Nome \"mailcow UI\"",
        "merged_vars_hint": "Greyed out rows were merged from <code>vars.(local.)inc.php</code> and cannot be modified.",
        "message": "Messaggio",
@@ -303,7 +305,7 @@
        "spamfilter": "Filtri spam",
        "subject": "Oggetto",
        "success": "Successo",
-        "sys_mails": "System mails",
+        "sys_mails": "Mail di sistema",
        "text": "Testo",
        "time": "Orario",
        "title": "Titolo",
@@ -335,7 +337,8 @@
        "api_read_write": "Accesso in lettura-scrittura",
        "oauth2_apps": "App OAuth2",
        "oauth2_add_client": "Aggiungere il client OAuth2",
-        "rsettings_preset_4": "Disattivare Rspamd per un dominio"
+        "rsettings_preset_4": "Disattivare Rspamd per un dominio",
        "options": "Opzioni"
    },
    "danger": {
        "access_denied": "Accesso negato o form di login non corretto",
@@ -364,7 +367,7 @@
        "extra_acl_invalid": "External sender address \"%s\" is invalid",
        "extra_acl_invalid_domain": "External sender \"%s\" uses an invalid domain",
        "fido2_verification_failed": "FIDO2 verification failed: %s",
-        "file_open_error": "File cannot be opened for writing",
+        "file_open_error": "Il file non può essere aperto per la scrittura",
        "filter_type": "Wrong filter type",
        "from_invalid": "Il mittente non può essere vuoto",
        "global_filter_write_error": "Could not write filter file: %s",
@@ -397,7 +400,7 @@
        "mailbox_quota_exceeds_domain_quota": "Lo spazio massimo supera la spazio del dominio",
        "mailbox_quota_left_exceeded": "Non c'è abbastanza spazio libero (space left: %d MiB)",
        "mailboxes_in_use": "Lo spazio massimo della casella deve essere maggiore o uguale a %d",
-        "malformed_username": "Malformed username",
+        "malformed_username": "Nome utente non valido",
        "map_content_empty": "Map content cannot be empty",
        "max_alias_exceeded": "Numero massimo di alias superato",
        "max_mailbox_exceeded": "Numero massimo di caselle superato (%d of %d)",
@@ -429,18 +432,18 @@
        "resource_invalid": "Il nome della risorsa non è valido",
        "rl_timeframe": "Rate limit time frame is incorrect",
        "rspamd_ui_pw_length": "Rspamd UI password should be at least 6 chars long",
-        "script_empty": "Script cannot be empty",
+        "script_empty": "Lo script non può essere vuoto",
        "sender_acl_invalid": "Il valore di Sender ACL non è valido",
        "set_acl_failed": "Failed to set ACL",
        "settings_map_invalid": "Settings map ID %s invalid",
        "sieve_error": "Sieve parser error: %s",
        "spam_learn_error": "Spam learn error: %s",
-        "subject_empty": "Subject must not be empty",
+        "subject_empty": "L'oggetto non deve essere vuoto",
        "target_domain_invalid": "Goto domain non è valido",
        "targetd_not_found": "Il target del dominio non è stato trovato",
        "targetd_relay_domain": "Target domain %s is a relay domain",
-        "temp_error": "Temporary error",
+        "temp_error": "Errore temporaneo",
-        "text_empty": "Text must not be empty",
+        "text_empty": "Il testo non deve essere vuoto",
        "tfa_token_invalid": "TFA token invalid",
        "tls_policy_map_dest_invalid": "Policy destination is invalid",
        "tls_policy_map_entry_exists": "A TLS policy map entry \"%s\" exists",
@@ -448,40 +451,54 @@
        "totp_verification_failed": "TOTP verification failed",
        "transport_dest_exists": "Transport destination \"%s\" exists",
        "webauthn_verification_failed": "WebAuthn verification failed: %s",
-        "unknown": "An unknown error occurred",
+        "unknown": "Si è verificato un errore sconosciuto",
        "unknown_tfa_method": "Unknown TFA method",
        "unlimited_quota_acl": "Unlimited quota prohibited by ACL",
-        "username_invalid": "Username %s non può essere utilizzato",
+        "username_invalid": "Il nome utente %s non può essere utilizzato",
        "validity_missing": "Assegnare un periodo di validità",
        "value_missing": "Si prega di fornire tutti i valori",
-        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s"
+        "yotp_verification_failed": "Verifica OTP Yubico fallita: %s",
        "demo_mode_enabled": "La modalità demo è abilitata",
        "template_name_invalid": "Nome template non valido",
        "template_exists": "Il template %s esiste già",
        "template_id_invalid": "Il template con ID %s non è valido"
    },
    "debug": {
        "chart_this_server": "Grafico (questo server)",
-        "containers_info": "Container information",
+        "containers_info": "Informazioni sul container",
        "disk_usage": "Uso del disco",
        "docs": "Docs",
-        "external_logs": "External logs",
+        "external_logs": "Log esterni",
-        "history_all_servers": "History (all servers)",
+        "history_all_servers": "Cronologia (tutti i server)",
        "in_memory_logs": "In-memory logs",
        "jvm_memory_solr": "JVM memory usage",
        "last_modified": "Ultima modifica",
        "log_info": "<p>mailcow <b>in-memory logs</b> are collected in Redis lists and trimmed to LOG_LINES (%d) every minute to reduce hammering.\r\n  <br>In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.\r\n  <br>The in-memory log type should be used for debugging minor issues with containers.</p>\r\n  <p><b>External logs</b> are collected via API of the given application.</p>\r\n  <p><b>Static logs</b> are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).</p>",
-        "login_time": "Time",
+        "login_time": "Orario",
        "logs": "Logs",
-        "online_users": "Users online",
+        "online_users": "Utenti online",
        "restart_container": "Riavvio",
        "service": "Servizio",
-        "size": "Size",
+        "size": "Dimensione",
-        "solr_dead": "Solr is starting, disabled or died.",
+        "solr_dead": "Solr sta partendo, è disabilitato o morto.",
        "solr_status": "Stato Solr",
-        "started_at": "Started at",
+        "started_at": "Iniziato alle",
-        "started_on": "Started on",
+        "started_on": "Iniziato",
-        "static_logs": "Static logs",
+        "static_logs": "Log statici",
        "success": "Successo",
-        "system_containers": "System & Containers",
+        "system_containers": "Sistema & Containers",
        "uptime": "Tempo di attività",
-        "username": "Username"
+        "username": "Nome utente",
        "container_disabled": "Container arrestato o disattivato",
        "update_available": "È disponibile un aggiornamento",
        "container_running": "In esecuzione",
        "container_stopped": "Arrestato",
        "cores": "Cores",
        "current_time": "Orario di sistema",
        "memory": "Memoria",
        "timezone": "Fuso orario",
        "no_update_available": "Il sistema è aggiornato all'ultima versione",
        "update_failed": "Impossibile verificare la presenza di un aggiornamento"
    },
    "diagnostics": {
        "cname_from_a": "Valore letto dal record A/AAAA. Questo è supportato finché il record punta alla risorsa corretta.",
@@ -514,7 +531,7 @@
        "delete1": "Elimina dalla sorgente al termine",
        "delete2": "Delete messages on destination that are not on source",
        "delete2duplicates": "Elimina duplicati nella destinazione",
-        "delete_ays": "Please confirm the deletion process.",
+        "delete_ays": "Si prega di confermare il processo di eliminazione.",
        "description": "Descrizione",
        "disable_login": "Disabilita l'accesso (la posta in arrivo viene correttamente recapitata)",
        "domain": "Modifica dominio",
@@ -527,17 +544,17 @@
        "exclude": "Escludi oggetti (regex)",
        "extended_sender_acl": "External sender addresses",
        "extended_sender_acl_info": "A DKIM domain key should be imported, if available.<br>\r\n  Remember to add this server to the corresponding SPF TXT record.<br>\r\n  Whenever a domain or alias domain is added to this server, that overlaps with an external address, the external address is removed.<br>\r\n  Use @domain.tld to allow to send as *@domain.tld.",
-        "force_pw_update": "Force password update at next login",
+        "force_pw_update": "Forza l'aggiornamento della password al prossimo accesso",
        "force_pw_update_info": "Questo utente potrà accedere solo a %s.",
        "full_name": "Nome completo",
        "gal": "Global Address List",
        "gal_info": "The GAL contains all objects of a domain and cannot be edited by any user. Free/busy information in SOGo is missing, if disabled! <b>Restart SOGo to apply changes.</b>",
-        "generate": "generate",
+        "generate": "crea",
        "grant_types": "Grant types",
        "hostname": "Hostname",
        "inactive": "Inattivo",
        "kind": "Genere",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "mailbox": "Modifica casella di posta",
        "mailbox_quota_def": "Default mailbox quota",
        "mailbox_relayhost_info": "Applied to the mailbox and direct aliases only, does override a domain relayhost.",
@@ -549,7 +566,7 @@
        "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
        "mins_interval": "Intervallo (min)",
        "multiple_bookings": "Prenotazioni multiple",
-        "nexthop": "Next hop",
+        "nexthop": "Prossimo hop",
        "password": "Password",
        "password_repeat": "Conferma password (riscrivi)",
        "previous": "Pagina precedente",
@@ -561,9 +578,9 @@
        "pushover_sender_array": "Only consider the following sender email addresses <small>(comma-separated)</small>",
        "pushover_sender_regex": "Consider the following sender regex",
        "pushover_text": "Notification text",
-        "pushover_title": "Notification title",
+        "pushover_title": "Titolo della notifica",
        "pushover_vars": "When no sender filter is defined, all mails will be considered.<br>Regex filters as well as exact sender checks can be defined individually and will be considered sequentially. They do not depend on each other.<br>Useable variables for text and title (please take note of data protection policies)",
-        "pushover_verify": "Verify credentials",
+        "pushover_verify": "Verifica credenziali",
        "quota_mb": "Spazio (MiB)",
        "quota_warning_bcc": "Quota warning BCC",
        "quota_warning_bcc_info": "Warnings will be sent as separate copies to the following recipients. The subject will be suffixed by the corresponding username in brackets, for example: <code>Quota warning (user@example.com)</code>.",
@@ -582,42 +599,44 @@
        "sender_acl": "Consenti di inviare come",
        "sender_acl_disabled": "<span class=\"badge fs-6 bg-danger\">Sender check is disabled</span>",
        "sender_acl_info": "If mailbox user A is allowed to send as mailbox user B, the sender address is not automatically displayed as selectable \"from\" field in SOGo.<br>\r\n  Mailbox user B needs to create a delegation in SOGo to allow mailbox user A to select their address as sender. To delegate a mailbox in SOGo, use the menu (three dots) to the right of your mailbox name in the upper left while in mail view. This behaviour does not apply to alias addresses.",
-        "sieve_desc": "Short description",
+        "sieve_desc": "Breve descrizione",
        "sieve_type": "Filter type",
        "skipcrossduplicates": "Skip duplicate messages across folders (first come, first serve)",
-        "sogo_visible": "Alias is visible in SOGo",
+        "sogo_visible": "L'alias è visibile in SOGo",
        "sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
        "spam_alias": "Create or change time limited alias addresses",
        "spam_filter": "Spam filter",
-        "spam_policy": "Add or remove items to white-/blacklist",
+        "spam_policy": "Aggiungi o rimuovi elementi dalla whitelist/blacklist",
-        "spam_score": "Set a custom spam score",
+        "spam_score": "Imposta un punteggio spam personalizzato",
        "subfolder2": "Sincronizza in una sottocartella<br /><small>(vuoto = non sincronizzare in sottocartella)</small>",
        "syncjob": "Modifica sincronizzazione",
        "target_address": "Vai all'indirizzo/i <small>(separato da virgola)</small>",
        "target_domain": "Target dominio",
-        "timeout1": "Timeout for connection to remote host",
+        "timeout1": "Timeout per la connessione all'host remoto",
-        "timeout2": "Timeout for connection to local host",
+        "timeout2": "Timeout per la connessione all'host remoto",
        "title": "Modifica oggetto",
        "unchanged_if_empty": "Se immutato lasciare vuoto",
-        "username": "Username",
+        "username": "Nome utente",
        "validate_save": "Convalida e salva",
        "pushover": "Pushover",
        "sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
        "none_inherit": "Nessuno / Eredita",
        "sogo_access": "Concedere l'accesso diretto a SOGo",
        "acl": "ACL (autorizzazione)",
-        "app_passwd_protocols": "Protocolli consentiti per la password dell'app"
+        "app_passwd_protocols": "Protocolli consentiti per la password dell'app",
        "last_modified": "Ultima modifica",
        "pushover_sound": "Suono"
    },
    "fido2": {
-        "confirm": "Confirm",
+        "confirm": "Conferma",
        "fido2_auth": "Login with FIDO2",
-        "fido2_success": "Device successfully registered",
+        "fido2_success": "Dispositivo registrato con successo",
-        "fido2_validation_failed": "Validation failed",
+        "fido2_validation_failed": "Validazione fallita",
-        "fn": "Friendly name",
+        "fn": "Nome descrittivo",
-        "known_ids": "Known IDs",
+        "known_ids": "ID conosciuti",
-        "none": "Disabled",
+        "none": "Disabilitato",
-        "register_status": "Registration status",
+        "register_status": "Stato di registrazione",
-        "rename": "Rename",
+        "rename": "Rinominare",
        "set_fido2": "Register FIDO2 device",
        "set_fn": "Set friendly name",
        "start_fido2_validation": "Start FIDO2 validation",
@@ -641,13 +660,14 @@
    "header": {
        "administration": "Amministrazione",
        "apps": "App",
-        "debug": "Informazioni di sistema",
+        "debug": "Informazioni",
        "email": "E-Mail",
        "mailcow_config": "Configurazione",
        "quarantine": "Quarantena",
        "restart_netfilter": "Riavvia netfilter",
        "restart_sogo": "Riavvia SOGo",
-        "user_settings": "Impostazioni utente"
+        "user_settings": "Impostazioni utente",
        "mailcow_system": "Sistema"
    },
    "info": {
        "awaiting_tfa_confirmation": "In attesa di conferma TFA",
@@ -656,12 +676,12 @@
    },
    "login": {
        "delayed": "L'accesso è stato ritardato di %s secondi.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Login",
        "mobileconfig_info": "Please login as mailbox user to download the requested Apple connection profile.",
        "other_logins": "Key login",
        "password": "Password",
-        "username": "Username"
+        "username": "Nome utente"
    },
    "mailbox": {
        "action": "Azione",
@@ -733,7 +753,7 @@
        "inactive": "Inattivo",
        "insert_preset": "Insert example preset \"%s\"",
        "kind": "Tipo",
-        "last_mail_login": "Last mail login",
+        "last_mail_login": "Ultimo accesso alla posta",
        "last_modified": "Ultima modifica",
        "last_pw_change": "Ultima modifica della password",
        "last_run": "Ultima esecuzione",
@@ -828,7 +848,15 @@
        "sender": "Mittente",
        "all_domains": "Tutti i domini",
        "recipient": "Destinatario",
-        "syncjob_EX_OK": "Successo"
+        "syncjob_EX_OK": "Successo",
        "add_template": "Aggiungi template",
        "force_pw_update": "Forza il cambio della password al prossimo accesso",
        "relay_unknown": "Inoltra a caselle di posta sconosciute",
        "mailbox_templates": "Template della mailbox",
        "domain_templates": "Template di dominio",
        "gal": "Elenco indirizzi globale",
        "templates": "Template",
        "template": "Template"
    },
    "oauth2": {
        "access_denied": "Effettua il login alla casella di posta per garantire l'accesso tramite OAuth2.",
@@ -847,7 +875,7 @@
        "confirm_delete": "Conferma l'eliminazione di questo elemento.",
        "danger": "Pericolo",
        "deliver_inbox": "Consegna nella posta in arrivo",
-        "disabled_by_config": "The current system configuration disables the quarantine functionality. Please set \"retentions per mailbox\" and a \"maximum size\" for quarantine elements.",
+        "disabled_by_config": "L'attuale configurazione del sistema disabilita la funzionalità di quarantena. Imposta \"conservazioni per casella di posta\" e \"dimensione massima\" per gli elementi di quarantena.",
        "download_eml": "Download (.eml)",
        "empty": "Nessun risultato",
        "high_danger": "Alto",
@@ -893,8 +921,18 @@
        "type": "Tipologia"
    },
    "queue": {
-        "queue_deliver_mail": "Consegna",
+        "queue_manager": "Gestore code",
-        "queue_manager": "Gestore code"
+        "delete": "Cancella tutto",
        "ays": "Conferma che desideri eliminare tutti gli elementi dalla coda corrente.",
        "info": "La coda di posta contiene tutte le e-mail in attesa di consegna. Se un'e-mail rimane a lungo nella coda di posta, viene automaticamente cancellata dal sistema.<br>Il messaggio di errore della rispettiva e-mail fornisce informazioni sul motivo per cui non è stato possibile consegnarla.",
        "deliver_mail_legend": "Tenta di riconsegnare i messaggi selezionati.",
        "hold_mail": "Blocca",
        "flush": "Svuota la coda",
        "deliver_mail": "Consegna",
        "show_message": "Mostra messaggio",
        "unhold_mail": "Sblocca",
        "hold_mail_legend": "Blocca le mail selezionate. (Previene ulteriori tentativi di consegna)",
        "legend": "Funzioni delle azioni della coda di posta:"
    },
    "start": {
        "help": "Mostra/Nascondi pannello di aiuto",
@@ -979,7 +1017,10 @@
        "verified_totp_login": "Verified TOTP login",
        "verified_webauthn_login": "Verified WebAuthn login",
        "verified_yotp_login": "Verified Yubico OTP login",
-        "domain_add_dkim_available": "Esisteva già una chiave DKIM"
+        "domain_add_dkim_available": "Esisteva già una chiave DKIM",
        "template_added": "Aggiunto template %s",
        "template_modified": "Le modifiche al template %s sono state salvate",
        "template_removed": "Il template con ID %s è stato cancellato"
    },
    "tfa": {
        "api_register": "%s usa le API Yubico Cloud. Richiedi una chiave API <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">qui</a>",
@@ -1143,7 +1184,7 @@
        "tls_enforce_in": "Imponi TLS in ingresso",
        "tls_enforce_out": "Imponi TLS in uscita",
        "tls_policy": "Politica di crittografia",
-        "tls_policy_warning": "<strong>Attenzione:</strong> If you decide to enforce encrypted mail transfer, you may lose emails.<br />Messages to not satisfy the policy will be bounced with a hard fail by the mail system.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
+        "tls_policy_warning": "<strong>Attenzione:</strong> Se decidi di applicare il trasferimento di posta crittografato, potresti perdere le email.<br />I messaggi che non soddisfano la politica verranno respinti con un hard fail dal sistema di posta.<br />This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
        "user_settings": "Impostazioni utente",
        "username": "Nome utente",
        "verify": "Verifica",
@@ -1167,7 +1208,8 @@
        "syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
        "syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
        "with_app_password": "con password dell'app",
-        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile."
+        "direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile.",
        "pushover_sound": "Suono"
    },
    "warning": {
        "cannot_delete_self": "Cannot delete logged in user",
@@ -1188,5 +1230,29 @@
        "second": "messaggi / secondo",
        "hour": "messaggi / ora",
        "day": "messaggi / giorno"
    },
    "datatables": {
        "infoFiltered": "(filtrato da _MAX_ voci totali)",
        "collapse_all": "Comprimi tutto",
        "emptyTable": "Nessun dato disponibile nella tabella",
        "expand_all": "Espandi tutto",
        "info": "Visualizzazione da _START_ a _END_ di _TOTAL_ voci",
        "infoEmpty": "Visualizzazione da 0 a 0 di 0 voci",
        "thousands": ".",
        "loadingRecords": "Caricamento...",
        "processing": "Attendere prego...",
        "search": "Ricerca:",
        "zeroRecords": "Nessuna corrispondenza trovata",
        "paginate": {
            "first": "Prima",
            "last": "Ultima",
            "next": "Prossima",
            "previous": "Precedente"
        },
        "lengthMenu": "Mostra _MENU_ voci",
        "aria": {
            "sortAscending": ": attivare l'ordinamento crescente delle colonne",
            "sortDescending": ": attivare l'ordinamento decrescente delle colonne"
        }
    }
 }
--- a/data/web/lang/lang.ko-kr.json
+++ b/data/web/lang/lang.ko-kr.json
@@ -777,7 +777,6 @@
        "toggle_all": "선택 반전"
    },
    "queue": {
        "queue_deliver_mail": "Deliver",
        "queue_manager": "대기열 관리자"
    },
    "start": {
--- a/data/web/lang/lang.lv-lv.json
+++ b/data/web/lang/lang.lv-lv.json
@@ -3,7 +3,8 @@
        "bcc_maps": "BCC kartes",
        "filters": "Filtri",
        "recipient_maps": "Saņēmēja kartes",
-        "syncjobs": "Sinhronizācijas uzdevumi"
+        "syncjobs": "Sinhronizācijas uzdevumi",
        "spam_score": "Mēstules novērtējums"
    },
    "add": {
        "activate_filter_warn": "Visi pārējie filtri tiks deaktivizēti, kad aktīvs ir atzīmēts.",
@@ -104,10 +105,10 @@
        "host": "Hosts",
        "import": "Importēt",
        "import_private_key": "Importēt privātu atslēgu",
-        "in_use_by": "Tiek lietots ar",
+        "in_use_by": "Izmanto",
        "inactive": "Neaktīvs",
        "link": "Saite",
-        "loading": "Lūdzu uzgaidiet...",
+        "loading": "Lūgums uzgaidīt...",
        "logo_info": "Jūsu attēls augšējā navigācijas joslā tiks palielināts līdz 40 pikseļiem un maks. sākumlapas platums par 250 pikseļi. Ir ļoti ieteicama pielāgojama grafikaYour image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. Ir ļoti ieteicama pielāgojamā grafika",
        "main_name": "\"mailcow UI\" nosaukums",
        "merged_vars_hint": "Pelēkās rindas tika apvienotas <code>vars.(local.)inc.php</code> un nevar tikt modificētas.",
@@ -144,7 +145,10 @@
        "ui_texts": "UI etiķetes un teksti",
        "unchanged_if_empty": "Ja nav veiktas izmaiņas, atstājiet tukšu",
        "upload": "Augšupielādēt",
-        "username": "Lietotājvārds"
+        "username": "Lietotājvārds",
        "generate": "izveidot",
        "message": "Ziņojums",
        "last_applied": "Pēdējoreiz pielietots"
    },
    "danger": {
        "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -170,7 +174,7 @@
        "is_alias": "%s jau ir zināms alias",
        "is_alias_or_mailbox": "%s jau ir zināms alias, pastkastes vai alias addrese izvērsta no alias domēna.",
        "is_spam_alias": "%s ir jau zināms spam alias",
-        "last_key": "Pēdējā atslēga nevar būt dzēsta",
+        "last_key": "Pēdējo atslēgu nevar izdzēst, tā vietā jāatspējo divpakāpju pārbaude.",
        "login_failed": "Ielogošanās neveiksmīga",
        "mailbox_invalid": "Pastkastes vārds ir nederīgs",
        "mailbox_quota_exceeded": "Kvota pārsniedz domēna limitu (max. %d MiB)",
@@ -262,7 +266,8 @@
        "title": "Labot priekšmetu",
        "unchanged_if_empty": "Ja neizmainīts atstājiet tukšu",
        "username": "Lietotājvārds",
-        "validate_save": "Apstiprināt un saglabāt"
+        "validate_save": "Apstiprināt un saglabāt",
        "last_modified": "Pēdējoreiz mainīts"
    },
    "footer": {
        "cancel": "Atcelt",
@@ -314,21 +319,21 @@
        "bcc_destinations": "BCC galamērķi/s",
        "bcc_info": "BCC kartes tiek izmantotas, lai klusu pārsūtītu visu ziņojumu kopijas uz citu adresi. Saņēmēja kartes tipa ieraksts tiek izmantots, kad vietējais galamērķis darbojas kā pasta adresāts. Sūtītāja kartes atbilst vienam un tam pašam principam. <br/>\r\n   Vietējais galamērķis netiks informēts par piegādes neveiksmi. ",
        "bcc_local_dest": "Vietējais galamērķis",
-        "bcc_map_type": "BCC tips",
+        "bcc_map_type": "BCC veids",
        "bcc_maps": "BCC kartes",
        "bcc_rcpt_map": "saņēmēja karte",
        "bcc_sender_map": "Sūtītāja karte",
        "bcc_to_rcpt": "Pārslēdzieties uz adresāta kartes tipu",
        "bcc_to_sender": "Pārslēgties uz sūtītāja kartes tipu",
        "bcc_type": "BCC tips",
-        "deactivate": "Deaktivizēt",
+        "deactivate": "Deaktivēt",
        "description": "Apraksts",
        "dkim_key_length": "DKIM atslēgas garums (bits)",
        "domain": "Domēns",
        "domain_admins": "Domēna administratori",
        "domain_aliases": "Domēna aliases",
        "domain_quota": "Kvota",
-        "domain_quota_total": "Kopējā  domēna kvota",
+        "domain_quota_total": "Kopējais domēna ierobežojums",
        "domains": "Domēns",
        "edit": "Labot",
        "empty": "Nav rezultātu",
@@ -341,7 +346,7 @@
        "inactive": "Neaktīvs",
        "kind": "Veids",
        "last_run": "Pēdējā norise",
-        "last_run_reset": "Nākamais grafiks",
+        "last_run_reset": "Ievietot sarakstā kā nākamo",
        "mailbox_quota": "Maks. pastkastes izmērs",
        "mailboxes": "Pastkaste",
        "max_aliases": "Maks. iespejamās aliases",
@@ -374,7 +379,13 @@
        "tls_enforce_out": "Piespiest TLS izejošajiem",
        "toggle_all": "Pārslēgt visu",
        "username": "Lietotājvārds",
-        "waiting": "Gaidīšana"
+        "waiting": "Gaidīšana",
        "last_modified": "Pēdējoreiz mainīts",
        "booking_0_short": "Vienmēŗ bezmaksas",
        "daily": "Ik dienu",
        "hourly": "Ik stundu",
        "last_mail_login": "Pēdējā pieteikšanās pastkastē",
        "mailbox": "Pastkaste"
    },
    "quarantine": {
        "action": "Darbības",
@@ -400,7 +411,6 @@
        "toggle_all": "Pārslēgt visu"
    },
    "queue": {
        "queue_command_success": "Queue command completed successfully",
        "queue_manager": "Queue Manager"
    },
    "start": {
@@ -548,5 +558,14 @@
        "waiting": "Waiting",
        "week": "Nedēļa",
        "weeks": "Nedēļas"
    },
    "datatables": {
        "paginate": {
            "first": "Pirmā",
            "last": "Pēdējā"
        }
    },
    "debug": {
        "last_modified": "Pēdējoreiz mainīts"
    }
 }
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -168,10 +168,12 @@
        "empty": "Geen resultaten",
        "excludes": "Exclusief",
        "f2b_ban_time": "Verbanningstijd (s)",
        "f2b_ban_time_increment": "Verbanningstijd wordt verhoogd met elk verbanning",
        "f2b_blacklist": "Netwerken/hosts op de blacklist",
        "f2b_filter": "Regex-filters",
        "f2b_list_info": "Een host of netwerk op de blacklist staat altijd boven eenzelfde op de whitelist. <b>Het doorvoeren van wijzigingen kan enkele seconden in beslag nemen.</b>",
        "f2b_max_attempts": "Maximaal aantal pogingen",
        "f2b_max_ban_time": "Maximaal verbanningstijd (s)",
        "f2b_netban_ipv4": "Voer de IPv4-subnetgrootte in waar de verbanning van kracht moet zijn (8-32)",
        "f2b_netban_ipv6": "Voer de IPv6-subnetgrootte in waar de verbanning van kracht moet zijn (8-128)",
        "f2b_parameters": "Fail2ban",
@@ -598,7 +600,7 @@
    },
    "login": {
        "delayed": "Aanmelding vertraagd met %s seconden.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Aanmelden",
        "mobileconfig_info": "Log in als mailboxgebruiker om het Apple-verbindingsprofiel te downloaden.",
        "other_logins": "Meld aan met key",
@@ -815,7 +817,6 @@
        "toggle_all": "Selecteer alles"
    },
    "queue": {
        "queue_deliver_mail": "Lever af",
        "queue_manager": "Queue manager"
    },
    "start": {
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -1,7 +1,8 @@
 {
    "acl": {
        "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "syncjobs": "Polecenie synchronizacji"
+        "syncjobs": "Polecenie synchronizacji",
        "alias_domains": "Dodaj aliasy domen"
    },
    "add": {
        "active": "Aktywny",
@@ -285,7 +286,6 @@
        "toggle_all": "Zaznacz wszystkie"
    },
    "queue": {
        "queue_command_success": "Queue command completed successfully",
        "queue_manager": "Queue Manager"
    },
    "start": {
--- a/data/web/lang/lang.pt-pt.json
+++ b/data/web/lang/lang.pt-pt.json
@@ -193,7 +193,6 @@
        "remove": "Remover"
    },
    "queue": {
        "queue_command_success": "Queue command completed successfully",
        "queue_manager": "Queue Manager"
    },
    "start": {
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@@ -539,7 +539,7 @@
        "inactive": "Inactiv",
        "kind": "Fel",
        "last_modified": "Ultima modificare",
-        "lookup_mx": "Destinația este o expresie regulată care potrivită cu numele MX (<code>.*google\\.com</code> pentru a direcționa toate e-mailurile vizate către un MX care se termină în google.com peste acest hop)",
+        "lookup_mx": "Destinația este o expresie regulată care potrivită cu numele MX (<code>.*\\.google\\.com</code> pentru a direcționa toate e-mailurile vizate către un MX care se termină în google.com peste acest hop)",
        "mailbox": "Editează căsuța poștală",
        "mailbox_quota_def": "Cota implicită a căsuței poștale",
        "mailbox_relayhost_info": "Aplicat numai căsuței poștale și aliasurilor directe, suprascrie un transport dependent de domeniu.",
@@ -656,7 +656,7 @@
    },
    "login": {
        "delayed": "Conectarea a fost întârziată cu %s secunde.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Autentificare",
        "mobileconfig_info": "Autentificați-vă cu adresa de email pentru a descărca profilul de conexiune Apple.",
        "other_logins": "Autentificare cu cheie",
@@ -895,7 +895,6 @@
        "toggle_all": "Comută toate"
    },
    "queue": {
        "queue_deliver_mail": "Livrează",
        "queue_manager": "Manager de coadă"
    },
    "ratelimit": {
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@@ -37,7 +37,7 @@
        "add_domain_only": "Только добавить домен",
        "add_domain_restart": "Добавить домен и перезапустить SOGo",
        "alias_address": "Псевдоним/ы",
-        "alias_address_info": "<small>Укажите почтовые адреса разделенные запятыми или, если хотите пересылать все сообщения для домена владельцам псевдонима то: <code>@example.com</code>. <b>Только домены mailcow разрешены</b>.</small>",
+        "alias_address_info": "<small>Адрес(а) электронной почты (через запятую) или @example.com (для перехвата всех писем для домена). <b>только домены mailcow</b>.</small>",
        "alias_domain": "Псевдоним домена",
        "alias_domain_info": "<small>Действительные имена доменов, раздёленные запятыми.</small>",
        "app_name": "Название приложения",
@@ -335,7 +335,10 @@
        "username": "Имя пользователя",
        "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
        "verify": "Проверить",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "queue_unban": "разблокировать",
        "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
        "f2b_max_ban_time": "Максимальное время блокировки"
    },
    "danger": {
        "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -654,7 +657,7 @@
    },
    "login": {
        "delayed": "Вход был отложен на %s секунд.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Войти",
        "mobileconfig_info": "Пожалуйста, войдите в систему как пользователь почтового аккаунта для загрузки профиля подключения Apple.",
        "other_logins": "Вход с помощью ключа",
@@ -893,7 +896,6 @@
        "type": "Тип"
    },
    "queue": {
        "queue_deliver_mail": "Доставить",
        "queue_manager": "Очередь на отправку"
    },
    "ratelimit": {
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@@ -106,7 +106,8 @@
        "username": "Používateľské meno",
        "validate": "Overiť",
        "validation_success": "Úspešne overené",
-        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie"
+        "app_passwd_protocols": "Povolené protokoly k heslu aplikácie",
        "tags": "Štítky"
    },
    "admin": {
        "access": "Prístup",
@@ -212,7 +213,7 @@
        "loading": "Čakajte prosím ...",
        "login_time": "Čas prihlásenia",
        "logo_info": "Váš obrázok bude upravený na výšku 40px pre vrchný navigačný riadok a na maximálnu šírku 250px pre úvodnú stránku. Odporúča sa škálovateľná grafika.",
-        "lookup_mx": "Cieľ je regulárny výraz ktorý sa porovnáva s MX záznamom (<code>.*google\\.com</code> smeruje všetku poštu určenú pre MX ktoré sú cieľom pre google.com cez tento skok)",
+        "lookup_mx": "Cieľ je regulárny výraz ktorý sa porovnáva s MX záznamom (<code>.*\\.google\\.com</code> smeruje všetku poštu určenú pre MX ktoré sú cieľom pre google.com cez tento skok)",
        "main_name": "\"mailcow UI\" názov",
        "merged_vars_hint": "Sivé riadky boli načítané z <code>vars.(local.)inc.php</code> a nemôžu byť modifikované cez UI.",
        "message": "Správa",
@@ -538,7 +539,7 @@
        "inactive": "Neaktívny",
        "kind": "Druh",
        "last_modified": "Naposledy upravené",
-        "lookup_mx": "Cieľ je regulárny výraz ktorý sa zhoduje s MX záznamom (<code>.*google\\.com</code> smeruje všetku poštu na MX ktoré sú cieľom pre google.com cez tento skok)",
+        "lookup_mx": "Cieľ je regulárny výraz ktorý sa zhoduje s MX záznamom (<code>.*\\.google\\.com</code> smeruje všetku poštu na MX ktoré sú cieľom pre google.com cez tento skok)",
        "mailbox": "Upraviť mailovú schránku",
        "mailbox_quota_def": "Predvolená veľkosť mailovej schránky",
        "mailbox_relayhost_info": "Aplikované len na používateľské schránky a priame aliasy, prepisuje doménového preposielateľa.",
@@ -656,7 +657,7 @@
    },
    "login": {
        "delayed": "Prihlásenie bolo oneskorené o %s sekúnd.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Prihlásenie",
        "mobileconfig_info": "Prosím, prihláste sa ako mailový používateľ pre stiahnutie požadovaného Apple profilu.",
        "other_logins": "Prihlásenie kľúčom",
@@ -895,7 +896,6 @@
        "type": "Typ"
    },
    "queue": {
        "queue_deliver_mail": "Doručiť",
        "queue_manager": "Správca fronty"
    },
    "ratelimit": {
--- a/data/web/lang/lang.sv-se.json
+++ b/data/web/lang/lang.sv-se.json
@@ -618,7 +618,7 @@
    },
    "login": {
        "delayed": "Av säkerhetsskäl har inloggning inaktiverats i %s sekunder.",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Logga in",
        "mobileconfig_info": "Logga in som en användare av brevlåda för att ladda ner den begärda Apple-anslutningsprofilen.",
        "other_logins": "Loggain med nyckel",
--- a/data/web/lang/lang.uk-ua.json
+++ b/data/web/lang/lang.uk-ua.json
@@ -656,7 +656,7 @@
        "awaiting_tfa_confirmation": "В очікуванні підтвердження TFA"
    },
    "login": {
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "Увійти",
        "other_logins": "Вхід за допомогою ключа",
        "password": "Пароль",
@@ -896,7 +896,6 @@
        "table_size_show_n": "Відображати %s полів"
    },
    "queue": {
        "queue_hold_mail": "Поставити на утримання",
        "queue_manager": "Черга на відправлення"
    },
    "ratelimit": {
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@@ -31,7 +31,7 @@
        "unlimited_quota": "无限邮箱容量配额"
    },
    "add": {
-        "activate_filter_warn": "当 \"启用\" 选项被勾选后，所有其他过滤器都会被禁用",
+        "activate_filter_warn": "当“启用”选项被勾选后，其它所有的过滤器都会被禁用。",
        "active": "启用",
        "add": "添加",
        "add_domain_only": "只添加域名",
@@ -208,12 +208,12 @@
        "includes": "包括这些收件人",
        "is_mx_based": "基于 MX 记录",
        "last_applied": "最后应用的条目",
-        "license_info": "你不需要获取证书便可以使用此项目，但是获取证书可以帮助此项目进一步发展。<br>在这里<a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">注册</a>你的 GUID或者为你的 Mailcow 安装<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">购买</a>支持服务。",
+        "license_info": "使用并不需要许可证，但获得许可证能够帮助此项目进一步发展。<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"订购 SAL\">在这里注册你的 GUID </a>或者<a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"订购支持服务\">为你的 Mailcow 安装购买支持服务。</a>",
        "link": "链接",
        "loading": "请等待...",
        "login_time": "登录时间",
        "logo_info": "你的图片将会在顶部导航栏被缩放为 40px 高，在起始页被缩放为最大 250px 高。强烈推荐使用能较好适应缩放的图片。",
-        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*\\.google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
        "main_name": "Mailcow UI 的名称",
        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 文件并且无法修改。",
        "message": "消息",
@@ -257,7 +257,6 @@
        "quarantine_release_format_att": "附件",
        "quarantine_release_format_raw": "原件 (未修改)",
        "quarantine_retention_size": "每个邮箱保留隔离项目数:<br><small>0 表示 <b>禁用</b>。</small>",
        "queue_manager": "队列管理",
        "quota_notification_html": "通知邮件模板:<br><small>留空则恢复默认模板。</small>",
        "quota_notification_sender": "通知邮件发件人",
        "quota_notification_subject": "通知邮件主题",
@@ -336,7 +335,8 @@
        "username": "用户名",
        "validate_license_now": "通过证书服务器验证 GUID",
        "verify": "验证",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "options": "选项"
    },
    "danger": {
        "access_denied": "访问被拒绝或者表单数据无效",
@@ -403,7 +403,7 @@
        "max_alias_exceeded": "超出最大别名数",
        "max_mailbox_exceeded": "超出最大邮箱数 (%d / %d)",
        "max_quota_in_use": "邮箱数必须大于等于 %d MiB",
-        "maxquota_empty": "每个邮箱的最大配额必须不为0",
+        "maxquota_empty": "每个邮箱的最大配额必须不为 0 。",
        "mysql_error": "MySQL 错误: %s",
        "network_host_invalid": "网络或主机无效: %s",
        "next_hop_interferes": "%s 与下一跳 %s 冲突",
@@ -455,7 +455,8 @@
        "username_invalid": "用户名 %s 无法使用",
        "validity_missing": "请设置有效期",
        "value_missing": "请填入所有值",
-        "yotp_verification_failed": "Yubico OTP 认证失败: %s"
+        "yotp_verification_failed": "Yubico OTP 认证失败: %s",
        "template_exists": "模板 %s 已存在"
    },
    "debug": {
        "chart_this_server": "图表 (此服务器)",
@@ -474,7 +475,7 @@
        "restart_container": "重启",
        "service": "服务",
        "size": "大小",
-        "solr_dead": "Solr 在启动中、已关闭或已停止",
+        "solr_dead": "Solr 在启动中、已关闭或已停止。",
        "solr_status": "Solr 状态",
        "started_at": "开始于",
        "started_on": "启动于",
@@ -482,10 +483,14 @@
        "success": "成功",
        "system_containers": "系统和容器",
        "uptime": "运行时间",
-        "username": "用户名"
+        "username": "用户名",
        "container_disabled": "容器已被停止或禁用",
        "container_running": "运行中",
        "cores": "核心数",
        "memory": "内存"
    },
    "diagnostics": {
-        "cname_from_a": "虽然此记录为 A/AAAA 类型，但只要此记录指向了正确的资源便可以被支持",
+        "cname_from_a": "来自 A/AAAA 记录的值。但只要记录指向正确的资源即可。",
        "dns_records": "DNS 记录",
        "dns_records_24hours": "请注意 DNS 记录的更改可能需要24小时才可以使此页面的当前状态显示正确。此页面为你提供了一个可以便捷查询如何配置 DNS 记录以及检查你的 DNS 记录是否正确的方式。",
        "dns_records_data": "正确数据",
@@ -502,7 +507,7 @@
        "advanced_settings": "高级设置",
        "alias": "编辑别名",
        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址和网络。",
        "allowed_protocols": "允许的协议",
        "app_name": "应用名称",
        "app_passwd": "应用密码",
@@ -539,7 +544,7 @@
        "hostname": "主机名",
        "inactive": "禁用",
        "kind": "类型",
-        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*\\.google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
        "mailbox": "编辑邮箱",
        "mailbox_quota_def": "邮箱默认配额",
        "mailbox_relayhost_info": "只适用于邮箱和邮箱别名，不会覆盖域名的中继主机。",
@@ -630,7 +635,7 @@
        "delete_these_items": "请确认对以下对象 ID 的更改",
        "hibp_check": "使用 haveibeenpwned.com 网站检查密码",
        "hibp_nok": "匹配到密码！存在潜在的使用危险！",
-        "hibp_ok": "未匹配到密码",
+        "hibp_ok": "未找到匹配的记录。",
        "loading": "请等待...",
        "nothing_selected": "未选择",
        "restart_container": "重启容器",
@@ -656,7 +661,7 @@
    },
    "login": {
        "delayed": "请在 %s 秒后重新登录。",
-        "fido2_webauthn": "使用 FIDO2/WebAuthn 登录",
+        "fido2_webauthn": "使用 FIDO2/WebAuthn Login 登录",
        "login": "登录",
        "mobileconfig_info": "请使用邮箱用户登录以下载 Apple 连接描述文件。",
        "other_logins": "Key 登录",
@@ -686,7 +691,7 @@
        "aliases": "别名",
        "all_domains": "全部域名",
        "allow_from_smtp": "只允许这些 IP 使用 <b>SMTP</b>",
-        "allow_from_smtp_info": "留空以允许所有发送者，<br>IPv4/IPv6地址或网络",
+        "allow_from_smtp_info": "留空以允许所有发送者。<br>IPv4/IPv6 地址或网络。",
        "allowed_protocols": "允许用户直接访问的协议 (不会影响应用的密码协议)",
        "backup_mx": "中继域名",
        "bcc": "BCC",
@@ -740,7 +745,7 @@
        "last_run_reset": "下一次运行",
        "mailbox": "邮箱",
        "mailbox_defaults": "默认设置",
-        "mailbox_defaults_info": "配置新邮箱的默认设置",
+        "mailbox_defaults_info": "配置新邮箱的默认设置。",
        "mailbox_defquota": "默认邮箱大小",
        "mailbox_quota": "最大邮箱大小",
        "mailboxes": "邮箱",
@@ -821,7 +826,12 @@
        "username": "用户名",
        "waiting": "等待中",
        "weekly": "每周",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
        "domain_templates": "域名模板",
        "mailbox_templates": "邮箱模板",
        "gal": "全局地址列表",
        "max_aliases": "最大别名数",
        "max_mailboxes": "最大可能的邮箱数"
    },
    "oauth2": {
        "access_denied": "请作为邮箱所有者登录以使用 OAuth2 授权",
@@ -866,7 +876,7 @@
        "refresh": "刷新",
        "rejected": "已拒绝",
        "release": "移除",
-        "release_body": "我们已在此消息中将你的消息作为 eml 附件文件",
+        "release_body": "我们已将你的消息作为 eml 文件附在此消息中。",
        "release_subject": "存在潜在危险的隔离文件 %s",
        "remove": "删除",
        "rewrite_subject": "重写主题",
@@ -886,8 +896,8 @@
        "type": "类型"
    },
    "queue": {
-        "queue_deliver_mail": "递送",
+        "queue_manager": "队列管理器",
-        "queue_manager": "队列管理器"
+        "delete": "全部删除"
    },
    "ratelimit": {
        "disabled": "禁用",
@@ -1181,5 +1191,18 @@
        "quota_exceeded_scope": "域名配额超标: 此域名下现在只能创建无限容量的邮箱。",
        "session_token": "表单字段无效: Token 不匹配",
        "session_ua": "表单字段无效: User-Agent 校验错误"
    },
    "datatables": {
        "info": "正从 _TOTAL_ 个条目中显示 _START_ 到 _END_ 条目",
        "collapse_all": "全部折叠",
        "expand_all": "全部展开",
        "infoEmpty": "正从共 0 个条目中显示从 0 到 0 条目",
        "processing": "请稍等...",
        "search": "搜索：",
        "paginate": {
            "first": "第一页",
            "last": "最后一页",
            "previous": "上一页"
        }
    }
 }
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@@ -213,7 +213,7 @@
        "loading": "請稍等...",
        "login_time": "登入時間",
        "logo_info": "你的起始頁面圖片會在頂部導覽列的限制下被縮放為 40px 高，以及最大 250px 高度。強烈推薦使用能較好縮放的圖片。",
-        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
+        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*\\.google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
        "main_name": "\"mailcow UI\" 名稱",
        "merged_vars_hint": "灰色列來自 <code>vars.(local.)inc.php</code> 並且不能修改。",
        "message": "訊息",
@@ -257,7 +257,6 @@
        "quarantine_release_format_att": "如附件",
        "quarantine_release_format_raw": "未修改的原始信件",
        "quarantine_retention_size": "每個信箱的隔離保留上限：<br><small>0 表示 <b>停用</b>。</small>",
        "queue_manager": "佇列管理",
        "quota_notification_html": "通知信模版：<br><small>留空來重設為預設模版。</small>",
        "quota_notification_sender": "通知信寄件人",
        "quota_notification_subject": "通知信主旨",
@@ -541,7 +540,7 @@
        "inactive": "停用",
        "kind": "種類",
        "last_modified": "上次修改時間",
-        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
+        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*\\.google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
        "mailbox": "編輯信箱",
        "mailbox_quota_def": "預設信箱容量配額",
        "mailbox_relayhost_info": "只會套用於信箱和直接別名，不會覆寫域名中繼主機。",
@@ -656,7 +655,7 @@
    },
    "login": {
        "delayed": "請在 %s 秒後重新登入。",
-        "fido2_webauthn": "FIDO2/WebAuthn",
+        "fido2_webauthn": "FIDO2/WebAuthn Login",
        "login": "登入",
        "mobileconfig_info": "請使用信箱使用者登入以下載 Apple 連接描述檔案。",
        "other_logins": "金鑰登入",
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -60,7 +60,7 @@ elseif (isset($_GET['login'])) {
          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
        ));
        // redirect to sogo (sogo will get the correct credentials via nginx auth_request
-        header("Location: /SOGo/so/${login}");
+        header("Location: /SOGo/so/{$login}");
        exit;
      }
    }
--- a/data/web/templates/admin.twig
+++ b/data/web/templates/admin.twig
@@ -57,7 +57,7 @@
      </div>
    </div> <!-- /col-md-12 -->
  </div> <!-- /row -->
-</div> 
+</div>
 {% include 'modals/admin.twig' %}
@@ -66,7 +66,7 @@ var lang = {{ lang_admin|raw }};
 var lang_datatables = {{ lang_datatables|raw }};
 var admin_username = '{{ mailcow_cc_username }}';
 var csrf_token = '{{ csrf_token }}';
-var pagination_size = '{{ pagination_size }}';
+var pagination_size = Math.trunc('{{ pagination_size }}');
-var log_pagination_size = '{{ log_pagination_size }}';
+var log_pagination_size = Math.trunc('{{ log_pagination_size }}');
 </script>
 {% endblock %}
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@@ -33,6 +33,20 @@
          </div>
        </div>
      {% endif %}
      <legend style="padding-top:20px" unselectable="on">{{ lang.admin.ip_check }}</legend><hr />
      <div id="ip_check">
        <form class="form" data-id="ip_check" role="form" method="post">
          <div class="mb-4">
            <input class="form-check-input" type="checkbox" value="1" name="ip_check_opt_in" id="ip_check_opt_in" {% if ip_check == 1 %}checked{% endif %}>
            <label class="form-check-label" for="ip_check_opt_in">
              {{ lang.admin.ip_check_opt_in|raw }}
            </label>
          </div>
          <p><div class="btn-group">
            <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-success" data-action="edit_selected" data-item="admin" data-id="ip_check" data-reload="no" data-api-url='edit/ip_check' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
          </div></p>
        </form>
      </div>
      <legend>{{ lang.admin.app_links }}</legend><hr />
      <p class="text-muted">{{ lang.admin.merged_vars_hint|raw }}</p>
      <form class="form-inline" data-id="app_links" role="form" method="post">
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@@ -12,6 +12,14 @@
          <label for="f2b_ban_time">{{ lang.admin.f2b_ban_time }}:</label>
          <input type="number" class="form-control" id="f2b_ban_time" name="ban_time" value="{{ f2b_data.ban_time }}" required>
        </div>
        <div class="mb-4">
          <label for="f2b_max_ban_time">{{ lang.admin.f2b_max_ban_time }}:</label>
          <input type="number" class="form-control" id="f2b_max_ban_time" name="max_ban_time" value="{{ f2b_data.max_ban_time }}" required>
        </div>
        <div class="mb-4">
          <input class="form-check-input" type="checkbox" value="1" name="ban_time_increment" id="f2b_ban_time_increment" {% if f2b_data.ban_time_increment == 1 %}checked{% endif %}>
          <label class="form-check-label" for="f2b_ban_time_increment">{{ lang.admin.f2b_ban_time_increment }}</label>
        </div>
        <div class="mb-4">
          <label for="f2b_max_attempts">{{ lang.admin.f2b_max_attempts }}:</label>
          <input type="number" class="form-control" id="f2b_max_attempts" name="max_attempts" value="{{ f2b_data.max_attempts }}" required>
--- a/data/web/templates/admin/tab-routing.twig
+++ b/data/web/templates/admin/tab-routing.twig
@@ -36,7 +36,7 @@
            </div>
            <div class="mb-4">
              <label for="rlyhost_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="rlyhost_password" name="password">
+              <input class="form-control" id="rlyhost_password" name="password" type="password">
            </div>
            <button class="btn btn-sm d-block d-sm-inline btn-success" data-action="add_item" data-id="rlyhost" data-api-url='add/relayhost' data-api-attr='{}' href="#"><i class="bi bi-plus-lg"></i> {{ lang.admin.add }}</button>
          </form>
@@ -86,7 +86,7 @@
            </div>
            <div class="mb-4">
              <label for="transport_password">{{ lang.admin.password }}</label>
-              <input class="form-control" id="transport_password" name="password">
+              <input class="form-control" id="transport_password" name="password" type="password">
            </div>
            <div class="mb-2">
              <label>
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
--- a/data/web/templates/domainadmin.twig
+++ b/data/web/templates/domainadmin.twig
@@ -46,7 +46,7 @@
      <div class="col-sm-3 col-5 text-end">{{ lang.fido2.known_ids }}:</div>
      <div class="col-sm-9 col-7">
        <div class="table-responsive">
-          <table class="table table-striped table-hover table-condensed" id="fido2_keys">
+          <table class="table table-striped table-hover table-condensed w-100" id="fido2_keys">
            <tr>
              <th>ID</th>
              <th style="min-width:240px;text-align: right">{{ lang.admin.action }}</th>
--- a/data/web/templates/edit.twig
+++ b/data/web/templates/edit.twig
@@ -26,7 +26,7 @@
  var lang_user = {{ lang_user|raw }};
  var lang_datatables = {{ lang_datatables|raw }};
  var csrf_token = '{{ csrf_token }}';
-  var pagination_size = '{{ pagination_size }}';
+  var pagination_size = Math.trunc('{{ pagination_size }}');
  var table_for_domain = '{{ domain }}';
 </script>
 {% endblock %}
--- a/Show More
+++ b/Show More
`@@ -1,4 +1,4 @@`
	`FROM clamav/clamav:1.0_base`	`FROM clamav/clamav:1.0.1-1_base`

	`LABEL maintainer "André Peters <andre.peters@servercow.de>"`	`LABEL maintainer "André Peters <andre.peters@servercow.de>"`