Merge pull request #5360 from mailcow/staging

2023-08 - DQS Hotfixes
[Postfix] remove dnsbl_reply.map if not required
2023-08-03 11:36:53 +02:00 · 2023-08-03 09:00:08 +02:00 · 2023-08-03 08:15:16 +02:00 · 2023-08-02 20:20:18 +02:00 · 2023-08-02 17:08:55 +02:00 · 2023-08-02 16:51:56 +02:00
111 changed files with 1980 additions and 988 deletions
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@ -10,7 +10,7 @@ jobs:
    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
    steps:
      - name: Send message
-        uses: thollander/actions-comment-pull-request@v2.3.1
+        uses: thollander/actions-comment-pull-request@v2.4.0
        with:
          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
          message: |
--- a/.github/workflows/update_postscreen_access_list.yml
+++ b/.github/workflows/update_postscreen_access_list.yml
@ -0,0 +1,39 @@
+name: Update postscreen_access.cidr
+
+on:
+  schedule:
+    # Monthly
+    - cron: "0 0 1 * *"
+  workflow_dispatch: # Allow to run workflow manually
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+  
+  
+jobs:
+  Update-postscreen_access_cidr:
+   runs-on: ubuntu-latest
+   steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Generate postscreen_access.cidr
+      run: |
+          bash helper-scripts/update_postscreen_whitelist.sh
+
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        token: ${{ secrets.mailcow_action_Update_postscreen_access_cidr_pat }}
+        commit-message: update postscreen_access.cidr
+        committer: milkmaker <milkmaker@mailcow.de>
+        author: milkmaker <milkmaker@mailcow.de>
+        signoff: false
+        branch: update/postscreen_access.cidr
+        base: staging
+        delete-branch: true
+        add-paths: |
+          data/conf/postfix/postscreen_access.cidr
+        title: '[Postfix] update postscreen_access.cidr'
+        body: |
+          This PR updates the postscreen_access.cidr using GitHub Actions and [helper-scripts/update_postscreen_whitelist.sh](https://github.com/mailcow/mailcow-dockerized/blob/master/helper-scripts/update_postscreen_whitelist.sh)
--- a/.gitignore
+++ b/.gitignore
@ -36,6 +36,8 @@ data/conf/postfix/extra.cf
 data/conf/postfix/sni.map
 data/conf/postfix/sni.map.db
 data/conf/postfix/sql
+data/conf/postfix/dns_blocklists.cf
+data/conf/postfix/dnsbl_reply.map
 data/conf/rspamd/custom/*
 data/conf/rspamd/local.d/*
 data/conf/rspamd/override.d/*
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@ -1,6 +1,6 @@
 FROM alpine:3.17

-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 RUN apk upgrade --no-cache \
  && apk add --update --no-cache \
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@ -1,6 +1,6 @@
 FROM alpine:3.17

-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 WORKDIR /app

@ -14,9 +14,12 @@ RUN apk add --update --no-cache python3 \
  uvicorn \
  aiodocker \
  docker \
-  redis 
+  aioredis 
+RUN mkdir /app/modules

 COPY docker-entrypoint.sh /app/
-COPY dockerapi.py /app/
+COPY main.py /app/main.py
+COPY modules/ /app/modules/

 ENTRYPOINT ["/bin/sh", "/app/docker-entrypoint.sh"]
+CMD exec python main.py
--- a/data/Dockerfiles/dockerapi/docker-entrypoint.sh
+++ b/data/Dockerfiles/dockerapi/docker-entrypoint.sh
@ -6,4 +6,4 @@
  -subj /CN=dockerapi/O=mailcow \
  -addext subjectAltName=DNS:dockerapi`

-`uvicorn --host 0.0.0.0 --port 443 --ssl-certfile=/app/dockerapi_cert.pem --ssl-keyfile=/app/dockerapi_key.pem dockerapi:app`
+exec "$@"
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@ -1,544 +0,0 @@
-from fastapi import FastAPI, Response, Request
-import aiodocker
-import docker
-import psutil
-import sys
-import re
-import time
-import os
-import json
-import asyncio
-import redis
-from datetime import datetime
-import logging
-from logging.config import dictConfig
-
-
-log_config = {
-    "version": 1,
-    "disable_existing_loggers": False,
-    "formatters": {
-        "default": {
-            "()": "uvicorn.logging.DefaultFormatter",
-            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
-            "datefmt": "%Y-%m-%d %H:%M:%S",
-
-        },
-    },
-    "handlers": {
-        "default": {
-            "formatter": "default",
-            "class": "logging.StreamHandler",
-            "stream": "ext://sys.stderr",
-        },
-    },
-    "loggers": {
-        "api-logger": {"handlers": ["default"], "level": "INFO"},
-    },
-}
-dictConfig(log_config)
-
-containerIds_to_update = []
-host_stats_isUpdating = False
-app = FastAPI()
-logger = logging.getLogger('api-logger')
-
-
-@app.get("/host/stats")
-async def get_host_update_stats():
-  global host_stats_isUpdating
-
-  if host_stats_isUpdating == False:
-    asyncio.create_task(get_host_stats())
-    host_stats_isUpdating = True
-
-  while True:
-    if redis_client.exists('host_stats'):
-      break
-    await asyncio.sleep(1.5)
-
-
-  stats = json.loads(redis_client.get('host_stats'))
-  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
-
-@app.get("/containers/{container_id}/json")
-async def get_container(container_id : str):
-  if container_id and container_id.isalnum():
-    try:
-      for container in (await async_docker_client.containers.list()):
-        if container._id == container_id:
-          container_info = await container.show()
-          return Response(content=json.dumps(container_info, indent=4), media_type="application/json")
-     
-      res = {
-        "type": "danger",
-        "msg": "no container found"
-      }
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-    except Exception as e:
-      res = {
-        "type": "danger",
-        "msg": str(e)
-      }
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  else:
-    res = {
-      "type": "danger",
-      "msg": "no or invalid id defined"
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-@app.get("/containers/json")
-async def get_containers():
-  containers = {}
-  try:
-    for container in (await async_docker_client.containers.list()):
-      container_info = await container.show()
-      containers.update({container_info['Id']: container_info})
-    return Response(content=json.dumps(containers, indent=4), media_type="application/json")
-  except Exception as e:
-    res = {
-      "type": "danger",
-      "msg": str(e)
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-@app.post("/containers/{container_id}/{post_action}")
-async def post_containers(container_id : str, post_action : str, request: Request):
-  try : 
-    request_json = await request.json()
-  except Exception as err:
-    request_json = {}
-
-  if container_id and container_id.isalnum() and post_action:
-    try:
-      """Dispatch container_post api call"""
-      if post_action == 'exec':
-        if not request_json or not 'cmd' in request_json:
-          res = {
-            "type": "danger",
-            "msg": "cmd is missing"
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        if not request_json or not 'task' in request_json:
-          res = {
-            "type": "danger",
-            "msg": "task is missing"
-          }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-        api_call_method_name = '__'.join(['container_post', str(post_action), str(request_json['cmd']), str(request_json['task']) ])
-      else:
-        api_call_method_name = '__'.join(['container_post', str(post_action) ])
-
-      docker_utils = DockerUtils(sync_docker_client)
-      api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
-
-
-      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-      return api_call_method(container_id, request_json)
-    except Exception as e:
-      logger.error("error - container_post: %s" % str(e))
-      res = {
-        "type": "danger",
-        "msg": str(e)
-      }
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  else:
-    res = {
-      "type": "danger",
-      "msg": "invalid container id or missing action"
-    }
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-@app.post("/container/{container_id}/stats/update")
-async def post_container_update_stats(container_id : str):
-  global containerIds_to_update
-
-  # start update task for container if no task is running
-  if container_id not in containerIds_to_update:
-    asyncio.create_task(get_container_stats(container_id))
-    containerIds_to_update.append(container_id)
-
-  while True:
-    if redis_client.exists(container_id + '_stats'):
-      break
-    await asyncio.sleep(1.5)
-
-  stats = json.loads(redis_client.get(container_id + '_stats'))
-  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
-
-
-
-
-class DockerUtils:
-  def __init__(self, docker_client):
-    self.docker_client = docker_client
-
-  # api call: container_post - post_action: stop
-  def container_post__stop(self, container_id, request_json):
-    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      container.stop()
-
-    res = { 'type': 'success', 'msg': 'command completed successfully'}
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: start
-  def container_post__start(self, container_id, request_json):
-    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      container.start()
-
-    res = { 'type': 'success', 'msg': 'command completed successfully'}
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: restart
-  def container_post__restart(self, container_id, request_json):
-    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      container.restart()
-
-    res = { 'type': 'success', 'msg': 'command completed successfully'}
-    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: top
-  def container_post__top(self, container_id, request_json):
-    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      res = { 'type': 'success', 'msg': container.top()}
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: stats
-  def container_post__stats(self, container_id, request_json):
-    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      for stat in container.stats(decode=True, stream=True):
-        res = { 'type': 'success', 'msg': stat}
-        return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  def container_post__exec__mailq__delete(self, container_id, request_json):
-    if 'items' in request_json:
-      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request_json['items'])
-      if filtered_qids:
-        flagged_qids = ['-d %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids));
-        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-          return exec_run_handler('generic', postsuper_r)
-
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  def container_post__exec__mailq__hold(self, container_id, request_json):
-    if 'items' in request_json:
-      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request_json['items'])
-      if filtered_qids:
-        flagged_qids = ['-h %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids));
-        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-          return exec_run_handler('generic', postsuper_r)
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  def container_post__exec__mailq__cat(self, container_id, request_json):
-    if 'items' in request_json:
-      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request_json['items'])
-      if filtered_qids:
-        sanitized_string = str(' '.join(filtered_qids));
-
-        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
-        if not postcat_return:
-          postcat_return = 'err: invalid'
-        return exec_run_handler('utf8_text_only', postcat_return)
-
-   # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  def container_post__exec__mailq__unhold(self, container_id, request_json):
-    if 'items' in request_json:
-      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request_json['items'])
-      if filtered_qids:
-        flagged_qids = ['-H %s' % i for i in filtered_qids]
-        sanitized_string = str(' '.join(flagged_qids));
-        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-          return exec_run_handler('generic', postsuper_r)
-
-  # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  def container_post__exec__mailq__deliver(self, container_id, request_json):
-    if 'items' in request_json:
-      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request_json['items'])
-      if filtered_qids:
-        flagged_qids = ['-i %s' % i for i in filtered_qids]
-        for container in self.docker_client.containers.list(filters={"id": container_id}):
-          for i in flagged_qids:
-            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
-            # todo: check each exit code
-          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-          
-  # api call: container_post - post_action: exec - cmd: mailq - task: list
-  def container_post__exec__mailq__list(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
-      return exec_run_handler('utf8_text_only', mailq_return)
-  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  def container_post__exec__mailq__flush(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
-      return exec_run_handler('generic', postqueue_r)
-  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  def container_post__exec__mailq__super_delete(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
-      return exec_run_handler('generic', postsuper_r)
-  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  def container_post__exec__system__fts_rescan(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
-        if rescan_return.exit_code == 0:
-          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-    if 'all' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
-        if rescan_return.exit_code == 0:
-          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: exec - cmd: system - task: df
-  def container_post__exec__system__df(self, container_id, request_json):
-    if 'dir' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
-        if df_return.exit_code == 0:
-          return df_return.output.decode('utf-8').rstrip()
-        else:
-          return "0,0,0,0,0,0"
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
-      if sql_return.exit_code == 0:
-        matched = False
-        for line in sql_return.output.decode('utf-8').split("\n"):
-          if 'is already upgraded to' in line:
-            matched = True
-        if matched:
-          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          container.restart()
-          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-      else:
-        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
-        return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
-      if sql_return.exit_code == 0:
-        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
-        return Response(content=json.dumps(res, indent=4), media_type="application/json")
-      else:
-        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
-        return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  def container_post__exec__reload__dovecot(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
-      return exec_run_handler('generic', reload_return)
-  # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  def container_post__exec__reload__postfix(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
-      return exec_run_handler('generic', reload_return)
-  # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  def container_post__exec__reload__nginx(self, container_id, request_json):
-    for container in self.docker_client.containers.list(filters={"id": container_id}):
-      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
-      return exec_run_handler('generic', reload_return)
-  # api call: container_post - post_action: exec - cmd: sieve - task: list
-  def container_post__exec__sieve__list(self, container_id, request_json):
-    if 'username' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
-        return exec_run_handler('utf8_text_only', sieve_return)
-  # api call: container_post - post_action: exec - cmd: sieve - task: print
-  def container_post__exec__sieve__print(self, container_id, request_json):
-    if 'username' in request.json and 'script_name' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
-        sieve_return = container.exec_run(cmd)
-        return exec_run_handler('utf8_text_only', sieve_return)
-  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  def container_post__exec__maildir__cleanup(self, container_id, request_json):
-    if 'maildir' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        sane_name = re.sub(r'\W+', '', request_json['maildir'])
-        vmail_name = request_json['maildir'].replace("'", "'\\''")
-        index_name = request_json['maildir'].split("/")
-        index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
-        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
-        cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
-        cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
-        maildir_cleanup = container.exec_run(cmd, user='vmail')
-        return exec_run_handler('generic', maildir_cleanup)
-  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
-    if 'raw' in request_json:
-      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
-        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
-
-        matched = False
-        for line in cmd_response.split("\n"):
-          if '$2$' in line:
-            hash = line.strip()
-            hash_out = re.search('\$2\$.+$', hash).group(0)
-            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
-            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
-            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
-            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
-            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
-              container.restart()
-              matched = True
-        if matched:
-          res = { 'type': 'success', 'msg': 'command completed successfully' }
-          logger.info('success changing Rspamd password')
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        else:
-          logger.error('failed changing Rspamd password')
-          res = { 'type': 'danger', 'msg': 'command did not complete' }
-          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
-
-def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
-
-  def recv_socket_data(c_socket, timeout):
-    c_socket.setblocking(0)
-    total_data=[]
-    data=''
-    begin=time.time()
-    while True:
-      if total_data and time.time()-begin > timeout:
-        break
-      elif time.time()-begin > timeout*2:
-        break
-      try:
-        data = c_socket.recv(8192)
-        if data:
-          total_data.append(data.decode('utf-8'))
-          #change the beginning time for measurement
-          begin=time.time()
-        else:
-          #sleep for sometime to indicate a gap
-          time.sleep(0.1)
-          break
-      except:
-        pass
-    return ''.join(total_data)
-    
-
-  try :
-    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
-    if not cmd.endswith("\n"):
-      cmd = cmd + "\n"
-    socket.send(cmd.encode('utf-8'))
-    data = recv_socket_data(socket, timeout)
-    socket.close()
-    return data
-  except Exception as e:
-    logger.error("error - exec_cmd_container: %s" % str(e))
-    traceback.print_exc(file=sys.stdout)
-def exec_run_handler(type, output):
-  if type == 'generic':
-    if output.exit_code == 0:
-      res = { 'type': 'success', 'msg': 'command completed successfully' }
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-    else:
-      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
-      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-  if type == 'utf8_text_only':
-    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
-
-async def get_host_stats(wait=5):
-  global host_stats_isUpdating
-
-  try:
-    system_time = datetime.now()
-    host_stats = {
-      "cpu": {
-        "cores": psutil.cpu_count(),
-        "usage": psutil.cpu_percent()
-      },
-      "memory": {
-        "total": psutil.virtual_memory().total,
-        "usage": psutil.virtual_memory().percent,
-        "swap": psutil.swap_memory()
-      },
-      "uptime": time.time() - psutil.boot_time(),
-      "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S")
-    }
-
-    redis_client.set('host_stats', json.dumps(host_stats), ex=10)
-  except Exception as e:
-    res = {
-      "type": "danger",
-      "msg": str(e)
-    }
-
-  await asyncio.sleep(wait)
-  host_stats_isUpdating = False
-  
-async def get_container_stats(container_id, wait=5, stop=False):
-  global containerIds_to_update
-
-  if container_id and container_id.isalnum():
-    try:
-      for container in (await async_docker_client.containers.list()):
-        if container._id == container_id:
-          res = await container.stats(stream=False)
-
-          if redis_client.exists(container_id + '_stats'):
-            stats = json.loads(redis_client.get(container_id + '_stats'))
-          else:
-            stats = []
-          stats.append(res[0])
-          if len(stats) > 3:
-            del stats[0]
-          redis_client.set(container_id + '_stats', json.dumps(stats), ex=60)
-    except Exception as e:
-      res = {
-        "type": "danger",
-        "msg": str(e)
-      }
-  else:
-    res = {
-      "type": "danger",
-      "msg": "no or invalid id defined"
-    }
-
-  await asyncio.sleep(wait)
-  if stop == True:
-    # update task was called second time, stop
-    containerIds_to_update.remove(container_id)
-  else:
-    # call update task a second time
-    await get_container_stats(container_id, wait=0, stop=True)
-
-
-
-if os.environ['REDIS_SLAVEOF_IP'] != "":
-  redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
-else:
-  redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
-
-sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
-async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
-
-logger.info('DockerApi started')
--- a/data/Dockerfiles/dockerapi/main.py
+++ b/data/Dockerfiles/dockerapi/main.py
@ -0,0 +1,260 @@
+import os
+import sys
+import uvicorn
+import json
+import uuid
+import async_timeout
+import asyncio
+import aioredis
+import aiodocker
+import docker
+import logging
+from logging.config import dictConfig
+from fastapi import FastAPI, Response, Request
+from modules.DockerApi import DockerApi
+
+dockerapi = None
+app = FastAPI()
+
+# Define Routes
+@app.get("/host/stats")
+async def get_host_update_stats():
+  global dockerapi
+
+  if dockerapi.host_stats_isUpdating == False:
+    asyncio.create_task(dockerapi.get_host_stats())
+    dockerapi.host_stats_isUpdating = True
+
+  while True:
+    if await dockerapi.redis_client.exists('host_stats'):
+      break
+    await asyncio.sleep(1.5)
+
+  stats = json.loads(await dockerapi.redis_client.get('host_stats'))
+  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
+
+@app.get("/containers/{container_id}/json")
+async def get_container(container_id : str):
+  global dockerapi
+
+  if container_id and container_id.isalnum():
+    try:
+      for container in (await dockerapi.async_docker_client.containers.list()):
+        if container._id == container_id:
+          container_info = await container.show()
+          return Response(content=json.dumps(container_info, indent=4), media_type="application/json")
+     
+      res = {
+        "type": "danger",
+        "msg": "no container found"
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    except Exception as e:
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  else:
+    res = {
+      "type": "danger",
+      "msg": "no or invalid id defined"
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+@app.get("/containers/json")
+async def get_containers():
+  global dockerapi
+
+  containers = {}
+  try:
+    for container in (await dockerapi.async_docker_client.containers.list()):
+      container_info = await container.show()
+      containers.update({container_info['Id']: container_info})
+    return Response(content=json.dumps(containers, indent=4), media_type="application/json")
+  except Exception as e:
+    res = {
+      "type": "danger",
+      "msg": str(e)
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+@app.post("/containers/{container_id}/{post_action}")
+async def post_containers(container_id : str, post_action : str, request: Request):
+  global dockerapi
+
+  try : 
+    request_json = await request.json()
+  except Exception as err:
+    request_json = {}
+
+  if container_id and container_id.isalnum() and post_action:
+    try:
+      """Dispatch container_post api call"""
+      if post_action == 'exec':
+        if not request_json or not 'cmd' in request_json:
+          res = {
+            "type": "danger",
+            "msg": "cmd is missing"
+          }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        if not request_json or not 'task' in request_json:
+          res = {
+            "type": "danger",
+            "msg": "task is missing"
+          }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+        api_call_method_name = '__'.join(['container_post', str(post_action), str(request_json['cmd']), str(request_json['task']) ])
+      else:
+        api_call_method_name = '__'.join(['container_post', str(post_action) ])
+
+      api_call_method = getattr(dockerapi, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
+
+      dockerapi.logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      return api_call_method(request_json, container_id=container_id)
+    except Exception as e:
+      dockerapi.logger.error("error - container_post: %s" % str(e))
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+  else:
+    res = {
+      "type": "danger",
+      "msg": "invalid container id or missing action"
+    }
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+@app.post("/container/{container_id}/stats/update")
+async def post_container_update_stats(container_id : str):
+  global dockerapi
+
+  # start update task for container if no task is running
+  if container_id not in dockerapi.containerIds_to_update:
+    asyncio.create_task(dockerapi.get_container_stats(container_id))
+    dockerapi.containerIds_to_update.append(container_id)
+
+  while True:
+    if await dockerapi.redis_client.exists(container_id + '_stats'):
+      break
+    await asyncio.sleep(1.5)
+
+  stats = json.loads(await dockerapi.redis_client.get(container_id + '_stats'))
+  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
+
+# Events
+@app.on_event("startup")
+async def startup_event():
+  global dockerapi
+
+  # Initialize a custom logger
+  logger = logging.getLogger("dockerapi")
+  logger.setLevel(logging.INFO)
+  # Configure the logger to output logs to the terminal
+  handler = logging.StreamHandler()
+  handler.setLevel(logging.INFO)
+  formatter = logging.Formatter("%(levelname)s:     %(message)s")
+  handler.setFormatter(formatter)
+  logger.addHandler(handler)
+
+  logger.info("Init APP")
+
+  # Init redis client
+  if os.environ['REDIS_SLAVEOF_IP'] != "":
+    redis_client = redis = await aioredis.from_url(f"redis://{os.environ['REDIS_SLAVEOF_IP']}:{os.environ['REDIS_SLAVEOF_PORT']}/0")
+  else:
+    redis_client = redis = await aioredis.from_url("redis://redis-mailcow:6379/0")
+
+  # Init docker clients
+  sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
+  async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
+
+  dockerapi = DockerApi(redis_client, sync_docker_client, async_docker_client, logger)
+
+  logger.info("Subscribe to redis channel")
+  # Subscribe to redis channel
+  dockerapi.pubsub = redis.pubsub()
+  await dockerapi.pubsub.subscribe("MC_CHANNEL")
+  asyncio.create_task(handle_pubsub_messages(dockerapi.pubsub))
+
+@app.on_event("shutdown")
+async def shutdown_event():
+  global dockerapi
+
+  # Close docker connections
+  dockerapi.sync_docker_client.close()
+  await dockerapi.async_docker_client.close()
+
+  # Close redis
+  await dockerapi.pubsub.unsubscribe("MC_CHANNEL")
+  await dockerapi.redis_client.close()
+
+# PubSub Handler
+async def handle_pubsub_messages(channel: aioredis.client.PubSub):
+  global dockerapi
+
+  while True:
+    try:
+      async with async_timeout.timeout(1):
+        message = await channel.get_message(ignore_subscribe_messages=True)
+        if message is not None:
+          # Parse message
+          data_json = json.loads(message['data'].decode('utf-8'))
+          dockerapi.logger.info(f"PubSub Received - {json.dumps(data_json)}")
+
+          # Handle api_call
+          if 'api_call' in data_json:
+            # api_call: container_post
+            if data_json['api_call'] == "container_post":
+              if 'post_action' in data_json and 'container_name' in data_json:
+                try:
+                  """Dispatch container_post api call"""
+                  request_json = {}
+                  if data_json['post_action'] == 'exec':
+                    if 'request' in data_json:
+                      request_json = data_json['request']
+                      if 'cmd' in request_json:
+                        if 'task' in request_json:
+                          api_call_method_name = '__'.join(['container_post', str(data_json['post_action']), str(request_json['cmd']), str(request_json['task']) ])
+                        else:
+                          dockerapi.logger.error("api call: task missing")
+                      else:
+                        dockerapi.logger.error("api call: cmd missing")
+                    else:
+                      dockerapi.logger.error("api call: request missing")
+                  else:
+                    api_call_method_name = '__'.join(['container_post', str(data_json['post_action'])])
+
+                  if api_call_method_name:
+                    api_call_method = getattr(dockerapi, api_call_method_name)
+                    if api_call_method:
+                      dockerapi.logger.info("api call: %s, container_name: %s" % (api_call_method_name, data_json['container_name']))
+                      api_call_method(request_json, container_name=data_json['container_name'])
+                    else:
+                      dockerapi.logger.error("api call not found: %s, container_name: %s" % (api_call_method_name, data_json['container_name']))
+                except Exception as e:
+                  dockerapi.logger.error("container_post: %s" % str(e))
+              else:
+                dockerapi.logger.error("api call: missing container_name, post_action or request")
+            else:
+              dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
+          else:
+            dockerapi.logger.error("Unknwon PubSub recieved - %s" % json.dumps(data_json))
+              
+        await asyncio.sleep(0.01)
+    except asyncio.TimeoutError:
+      pass
+
+if __name__ == '__main__':
+  uvicorn.run(
+    app,
+    host="0.0.0.0",
+    port=443,
+    ssl_certfile="/app/dockerapi_cert.pem",
+    ssl_keyfile="/app/dockerapi_key.pem",
+    log_level="info",
+    loop="none"
+  )
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@ -0,0 +1,487 @@
+import psutil
+import sys
+import os
+import re
+import time
+import json
+import asyncio
+import platform
+from datetime import datetime
+from fastapi import FastAPI, Response, Request
+
+class DockerApi:
+  def __init__(self, redis_client, sync_docker_client, async_docker_client, logger):
+    self.redis_client = redis_client
+    self.sync_docker_client = sync_docker_client
+    self.async_docker_client = async_docker_client
+    self.logger = logger
+
+    self.host_stats_isUpdating = False
+    self.containerIds_to_update = []
+
+  # api call: container_post - post_action: stop
+  def container_post__stop(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(all=True, filters=filters):
+      container.stop()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: start
+  def container_post__start(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(all=True, filters=filters):
+      container.start()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: restart
+  def container_post__restart(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(all=True, filters=filters):
+      container.restart()
+
+    res = { 'type': 'success', 'msg': 'command completed successfully'}
+    return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: top
+  def container_post__top(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(all=True, filters=filters):
+      res = { 'type': 'success', 'msg': container.top()}
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: stats
+  def container_post__stats(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(all=True, filters=filters):
+      for stat in container.stats(decode=True, stream=True):
+        res = { 'type': 'success', 'msg': stat}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: mailq - task: delete
+  def container_post__exec__mailq__delete(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'items' in request_json:
+      r = re.compile("^[0-9a-fA-F]+$")
+      filtered_qids = filter(r.match, request_json['items'])
+      if filtered_qids:
+        flagged_qids = ['-d %s' % i for i in filtered_qids]
+        sanitized_string = str(' '.join(flagged_qids))
+        for container in self.sync_docker_client.containers.list(filters=filters):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return self.exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: hold
+  def container_post__exec__mailq__hold(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'items' in request_json:
+      r = re.compile("^[0-9a-fA-F]+$")
+      filtered_qids = filter(r.match, request_json['items'])
+      if filtered_qids:
+        flagged_qids = ['-h %s' % i for i in filtered_qids]
+        sanitized_string = str(' '.join(flagged_qids))
+        for container in self.sync_docker_client.containers.list(filters=filters):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return self.exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: cat
+  def container_post__exec__mailq__cat(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'items' in request_json:
+      r = re.compile("^[0-9a-fA-F]+$")
+      filtered_qids = filter(r.match, request_json['items'])
+      if filtered_qids:
+        sanitized_string = str(' '.join(filtered_qids))
+
+        for container in self.sync_docker_client.containers.list(filters=filters):
+          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
+        if not postcat_return:
+          postcat_return = 'err: invalid'
+        return self.exec_run_handler('utf8_text_only', postcat_return)
+  # api call: container_post - post_action: exec - cmd: mailq - task: unhold
+  def container_post__exec__mailq__unhold(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'items' in request_json:
+      r = re.compile("^[0-9a-fA-F]+$")
+      filtered_qids = filter(r.match, request_json['items'])
+      if filtered_qids:
+        flagged_qids = ['-H %s' % i for i in filtered_qids]
+        sanitized_string = str(' '.join(flagged_qids))
+        for container in self.sync_docker_client.containers.list(filters=filters):
+          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
+          return self.exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: deliver
+  def container_post__exec__mailq__deliver(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'items' in request_json:
+      r = re.compile("^[0-9a-fA-F]+$")
+      filtered_qids = filter(r.match, request_json['items'])
+      if filtered_qids:
+        flagged_qids = ['-i %s' % i for i in filtered_qids]
+        for container in self.sync_docker_client.containers.list(filters=filters):
+          for i in flagged_qids:
+            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
+            # todo: check each exit code
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")        
+  # api call: container_post - post_action: exec - cmd: mailq - task: list
+  def container_post__exec__mailq__list(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
+      return self.exec_run_handler('utf8_text_only', mailq_return)
+  # api call: container_post - post_action: exec - cmd: mailq - task: flush
+  def container_post__exec__mailq__flush(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
+      return self.exec_run_handler('generic', postqueue_r)
+  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
+  def container_post__exec__mailq__super_delete(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
+      return self.exec_run_handler('generic', postsuper_r)
+  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
+  def container_post__exec__system__fts_rescan(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'username' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if 'all' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
+        if rescan_return.exit_code == 0:
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: df
+  def container_post__exec__system__df(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'dir' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+        if df_return.exit_code == 0:
+          return df_return.output.decode('utf-8').rstrip()
+        else:
+          return "0,0,0,0,0,0"
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
+  def container_post__exec__system__mysql_upgrade(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
+      if sql_return.exit_code == 0:
+        matched = False
+        for line in sql_return.output.decode('utf-8').split("\n"):
+          if 'is already upgraded to' in line:
+            matched = True
+        if matched:
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          container.restart()
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
+      if sql_return.exit_code == 0:
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
+  def container_post__exec__reload__dovecot(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
+      return self.exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: postfix
+  def container_post__exec__reload__postfix(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
+      return self.exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: reload - task: nginx
+  def container_post__exec__reload__nginx(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    for container in self.sync_docker_client.containers.list(filters=filters):
+      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
+      return self.exec_run_handler('generic', reload_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: list
+  def container_post__exec__sieve__list(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'username' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
+        return self.exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: sieve - task: print
+  def container_post__exec__sieve__print(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'username' in request_json and 'script_name' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
+        sieve_return = container.exec_run(cmd)
+        return self.exec_run_handler('utf8_text_only', sieve_return)
+  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
+  def container_post__exec__maildir__cleanup(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'maildir' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
+        vmail_name = request_json['maildir'].replace("'", "'\\''")
+        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
+        index_name = request_json['maildir'].split("/")
+        if len(index_name) > 1:
+          index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
+          cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
+          cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
+        else:
+          cmd = ["/bin/bash", "-c", cmd_vmail]
+        maildir_cleanup = container.exec_run(cmd, user='vmail')
+        return self.exec_run_handler('generic', maildir_cleanup)
+  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
+  def container_post__exec__rspamd__worker_password(self, request_json, **kwargs):
+    if 'container_id' in kwargs:
+      filters = {"id": kwargs['container_id']}
+    elif 'container_name' in kwargs:
+      filters = {"name": kwargs['container_name']}
+
+    if 'raw' in request_json:
+      for container in self.sync_docker_client.containers.list(filters=filters):
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+        cmd_response = self.exec_cmd_container(container, cmd, user="_rspamd")
+
+        matched = False
+        for line in cmd_response.split("\n"):
+          if '$2$' in line:
+            hash = line.strip()
+            hash_out = re.search('\$2\$.+$', hash).group(0)
+            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
+            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
+            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
+            cmd_response = self.exec_cmd_container(container, cmd, user="_rspamd")
+            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
+              container.restart()
+              matched = True
+        if matched:
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
+          self.logger.info('success changing Rspamd password')
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+        else:
+          self.logger.error('failed changing Rspamd password')
+          res = { 'type': 'danger', 'msg': 'command did not complete' }
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
+
+  # Collect host stats
+  async def get_host_stats(self, wait=5):
+    try:
+      system_time = datetime.now()
+      host_stats = {
+        "cpu": {
+          "cores": psutil.cpu_count(),
+          "usage": psutil.cpu_percent()
+        },
+        "memory": {
+          "total": psutil.virtual_memory().total,
+          "usage": psutil.virtual_memory().percent,
+          "swap": psutil.swap_memory()
+        },
+        "uptime": time.time() - psutil.boot_time(),
+        "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S"),
+        "architecture": platform.machine()
+      }
+
+      await self.redis_client.set('host_stats', json.dumps(host_stats), ex=10)
+    except Exception as e:
+      res = {
+        "type": "danger",
+        "msg": str(e)
+      }
+
+    await asyncio.sleep(wait)
+    self.host_stats_isUpdating = False
+  # Collect container stats
+  async def get_container_stats(self, container_id, wait=5, stop=False):
+    if container_id and container_id.isalnum():
+      try:
+        for container in (await self.async_docker_client.containers.list()):
+          if container._id == container_id:
+            res = await container.stats(stream=False)
+
+            if await self.redis_client.exists(container_id + '_stats'):
+              stats = json.loads(await self.redis_client.get(container_id + '_stats'))
+            else:
+              stats = []
+            stats.append(res[0])
+            if len(stats) > 3:
+              del stats[0]
+            await self.redis_client.set(container_id + '_stats', json.dumps(stats), ex=60)
+      except Exception as e:
+        res = {
+          "type": "danger",
+          "msg": str(e)
+        }
+    else:
+      res = {
+        "type": "danger",
+        "msg": "no or invalid id defined"
+      }
+
+    await asyncio.sleep(wait)
+    if stop == True:
+      # update task was called second time, stop
+      self.containerIds_to_update.remove(container_id)
+    else:
+      # call update task a second time
+      await self.get_container_stats(container_id, wait=0, stop=True)
+
+  def exec_cmd_container(self, container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
+    def recv_socket_data(c_socket, timeout):
+      c_socket.setblocking(0)
+      total_data=[]
+      data=''
+      begin=time.time()
+      while True:
+        if total_data and time.time()-begin > timeout:
+          break
+        elif time.time()-begin > timeout*2:
+          break
+        try:
+          data = c_socket.recv(8192)
+          if data:
+            total_data.append(data.decode('utf-8'))
+            #change the beginning time for measurement
+            begin=time.time()
+          else:
+            #sleep for sometime to indicate a gap
+            time.sleep(0.1)
+            break
+        except:
+          pass
+      return ''.join(total_data)
+      
+    try :
+      socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
+      if not cmd.endswith("\n"):
+        cmd = cmd + "\n"
+      socket.send(cmd.encode('utf-8'))
+      data = recv_socket_data(socket, timeout)
+      socket.close()
+      return data
+    except Exception as e:
+      self.logger.error("error - exec_cmd_container: %s" % str(e))
+      traceback.print_exc(file=sys.stdout)
+
+  def exec_run_handler(self, type, output):
+    if type == 'generic':
+      if output.exit_code == 0:
+        res = { 'type': 'success', 'msg': 'command completed successfully' }
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+      else:
+        res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
+    if type == 'utf8_text_only':
+      return Response(content=output.output.decode('utf-8'), media_type="text/plain")
--- a/data/Dockerfiles/dockerapi/modules/init.py
+++ b/data/Dockerfiles/dockerapi/modules/init.py
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 ARG DEBIAN_FRONTEND=noninteractive
 # renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@ -159,7 +159,7 @@ function auth_password_verify(req, pass)
        VALUES ("%s", 0, "%s", "%s")]], con:escape(req.service), con:escape(req.user), con:escape(req.real_rip)))
      cur:close()
      con:close()
-      return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
+      return dovecot.auth.PASSDB_RESULT_OK, ""
    end
    row = cur:fetch (row, "a")
  end
@ -180,13 +180,13 @@ function auth_password_verify(req, pass)
        if tostring(req.real_rip) == "__IPV4_SOGO__" then
          cur:close()
          con:close()
-          return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
+          return dovecot.auth.PASSDB_RESULT_OK, ""
        elseif row.has_prot_access == "1" then
          con:execute(string.format([[REPLACE INTO sasl_log (service, app_password, username, real_rip)
            VALUES ("%s", %d, "%s", "%s")]], con:escape(req.service), row.id, con:escape(req.user), con:escape(req.real_rip)))
          cur:close()
          con:close()
-          return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
+          return dovecot.auth.PASSDB_RESULT_OK, ""
        end
      end
      row = cur:fetch (row, "a")
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@ -1,5 +1,5 @@
 FROM alpine:3.17
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 ENV XTABLES_LIBDIR /usr/lib/xtables
 ENV PYTHON_IPTABLES_XTABLES_VERSION 12
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@ -1,5 +1,5 @@
 FROM alpine:3.17
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 WORKDIR /app

--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@ -1,5 +1,5 @@
 FROM php:8.2-fpm-alpine3.17
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
 ARG APCU_PECL_VERSION=5.1.22
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@ -172,6 +172,24 @@ BEGIN
 END;
 //
 DELIMITER ;
+DROP EVENT IF EXISTS clean_sasl_log;
+DELIMITER //
+CREATE EVENT clean_sasl_log
+ON SCHEDULE EVERY 1 DAY DO
+BEGIN
+  DELETE sasl_log.* FROM sasl_log
+    LEFT JOIN (
+      SELECT username, service, MAX(datetime) AS lastdate
+      FROM sasl_log
+      GROUP BY username, service
+    ) AS last ON sasl_log.username = last.username AND sasl_log.service = last.service
+    WHERE datetime < DATE_SUB(NOW(), INTERVAL 31 DAY) AND datetime < lastdate;
+  DELETE FROM sasl_log
+    WHERE username NOT IN (SELECT username FROM mailbox) AND
+    datetime < DATE_SUB(NOW(), INTERVAL 31 DAY);
+END;
+//
+DELIMITER ;
 EOF
 fi

--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
@ -17,10 +17,10 @@ RUN groupadd -g 102 postfix \
 	ca-certificates \
 	curl \
 	dirmngr \
-  dnsutils \
+  	dnsutils \
 	gnupg \
 	libsasl2-modules \
-  mariadb-client \
+  	mariadb-client \
 	perl \
 	postfix \
 	postfix-mysql \
@ -32,7 +32,7 @@ RUN groupadd -g 102 postfix \
 	syslog-ng \
 	syslog-ng-core \
 	syslog-ng-mod-redis \
-  tzdata \
+  	tzdata \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& touch /etc/default/locale \
  && printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@ -393,12 +393,101 @@ query = SELECT goto FROM spamalias
    AND validity >= UNIX_TIMESTAMP()
 EOF

-sed -i '/User overrides/q' /opt/postfix/conf/main.cf
+if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
+  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
+# This file can be edited. 
+# Delete this file and restart postfix container to revert any changes.
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+EOF
+fi
+DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
+
+if [ ! -z "$DNSBL_CONFIG" ]; then
+  echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
+  if [ -n "$SPAMHAUS_DQS_KEY" ]; then
+    echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m"
+    echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m"
+    SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[10;11]*8
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.3*4
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+EOF
+
+  cat <<EOF > /opt/postfix/conf/dnsbl_reply.map
+# Autogenerated by mailcow, using Spamhaus DQS reply domains
+${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net     sbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.xbl.dq.spamhaus.net     xbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.pbl.dq.spamhaus.net     pbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net     zen.spamhaus.org
+${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net     dbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net     zrd.spamhaus.org
+EOF
+    )
+  else
+    if [ -f "/opt/postfix/conf/dnsbl_reply.map" ]; then
+      rm /opt/postfix/conf/dnsbl_reply.map
+    fi
+    response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+    if [ "$response" -eq 503 ]; then
+      echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m"
+      echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=""
+    elif [ "$response" -eq 200 ]; then
+      echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m"
+      echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
+EOF
+      )
+
+    else
+      echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m"
+      echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=""
+    fi
+  fi
+fi
+
+# Reset main.cf
+sed -i '/Overrides/q' /opt/postfix/conf/main.cf
 echo >> /opt/postfix/conf/main.cf
+# Append postscreen dnsbl sites to main.cf
+if [ ! -z "$DNSBL_CONFIG" ]; then
+  echo -e "${DNSBL_CONFIG}\n${SPAMHAUS_DNSBL_CONFIG}" >> /opt/postfix/conf/main.cf
+fi
+# Append user overrides
+echo -e "\n# User Overrides" >> /opt/postfix/conf/main.cf
 touch /opt/postfix/conf/extra.cf
 sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
 echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > /opt/postfix/conf/extra.cf
-
 cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf

 if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "Andre Peters <andre.peters@tinc.gmbh>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 ARG DEBIAN_FRONTEND=noninteractive
 ARG CODENAME=bullseye
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@ -1,5 +1,5 @@
 FROM debian:bullseye-slim
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@ -1,6 +1,6 @@
 FROM alpine:3.17

-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"

 RUN apk add --update --no-cache \
 	curl \
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@ -24,6 +24,11 @@ mail_plugins = </etc/dovecot/mail_plugins
 mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
 mail_attachment_dir = /var/attachments
 mail_attachment_min_size = 128k
+# Significantly speeds up very large mailboxes, but is only safe to enable if
+# you do not manually modify the files in the `cur` directories in
+# mailcowdockerized_vmail-vol-1.
+# https://docs.mailcow.email/manual-guides/Dovecot/u_e-dovecot-performance/
+maildir_very_dirty_syncs = yes

 # Dovecot 2.2
 #ssl_protocols = !SSLv3
--- a/data/conf/nginx/includes/site-defaults.conf
+++ b/data/conf/nginx/includes/site-defaults.conf
@ -114,7 +114,7 @@
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_redirect off;
-      error_page 403 /_rspamderror.php;
+      error_page 401 /_rspamderror.php;
    }
    proxy_pass       http://rspamd:11334/;
    proxy_set_header Host      $http_host;
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@ -40,34 +40,6 @@ postscreen_blacklist_action = drop
 postscreen_cache_cleanup_interval = 24h
 postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
 postscreen_dnsbl_action = enforce
-postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-  hostkarma.junkemailfilter.com=127.0.0.1*-2
-  list.dnswl.org=127.0.[0..255].0*-2
-  list.dnswl.org=127.0.[0..255].1*-4
-  list.dnswl.org=127.0.[0..255].2*-6
-  list.dnswl.org=127.0.[0..255].3*-8
-  ix.dnsbl.manitu.net*2
-  bl.spamcop.net*2
-  bl.suomispam.net*2
-  hostkarma.junkemailfilter.com=127.0.0.2*3
-  hostkarma.junkemailfilter.com=127.0.0.4*2
-  hostkarma.junkemailfilter.com=127.0.1.2*1
-  backscatter.spameatingmonkey.net*2
-  bl.ipv6.spameatingmonkey.net*2
-  bl.spameatingmonkey.net*2
-  b.barracudacentral.org=127.0.0.2*7
-  bl.mailspike.net=127.0.0.2*5
-  bl.mailspike.net=127.0.0.[10;11;12]*4
-  dnsbl.sorbs.net=127.0.0.10*8
-  dnsbl.sorbs.net=127.0.0.5*6
-  dnsbl.sorbs.net=127.0.0.7*3
-  dnsbl.sorbs.net=127.0.0.8*2
-  dnsbl.sorbs.net=127.0.0.6*2
-  dnsbl.sorbs.net=127.0.0.9*2
-  zen.spamhaus.org=127.0.0.[10;11]*8
-  zen.spamhaus.org=127.0.0.[4..7]*6
-  zen.spamhaus.org=127.0.0.3*4
-  zen.spamhaus.org=127.0.0.2*3
 postscreen_dnsbl_threshold = 6
 postscreen_dnsbl_ttl = 5m
 postscreen_greet_action = enforce
@ -197,4 +169,4 @@ smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients

 # DO NOT EDIT ANYTHING BELOW #
-# User overrides #
+# Overrides #
--- a/data/conf/postfix/postscreen_access.cidr
+++ b/data/conf/postfix/postscreen_access.cidr
@ -1,15 +1,20 @@
-# Whitelist generated by Postwhite v3.4 on Mon 21 Mar 2022 06:50:26 PM CET
+# Whitelist generated by Postwhite v3.4 on Mon Jul 31 10:06:06 UTC 2023
 # https://github.com/stevejenkins/postwhite/
-# 1898 total rules
+# 2043 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
-2a01:111:f403::/48	permit
-2a01:4180:4050:0400::/64	permit
-2a01:4180:4050:0800::/64	permit
-2a01:4180:4051:0400::/64	permit
-2a01:4180:4051:0800::/64	permit
+2a01:111:f403:8000::/50	permit
+2a01:111:f403::/49	permit
+2a01:111:f403:c000::/51	permit
+2a01:111:f403:f000::/52	permit
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
+2.207.151.53	permit
+3.14.230.16	permit
+3.70.123.177	permit
+3.93.157.0/24	permit
+3.129.120.190	permit
+3.210.190.0/24	permit
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
@ -19,41 +24,53 @@
 13.70.32.43	permit
 13.72.50.45	permit
 13.74.143.28	permit
-13.77.161.179	permit
 13.78.233.182	permit
 13.92.31.129	permit
 13.110.208.0/21	permit
+13.110.209.0/24	permit
 13.110.216.0/22	permit
 13.110.224.0/20	permit
 13.111.0.0/16	permit
-17.41.0.0/16	permit
+15.200.21.50	permit
+15.200.44.248	permit
+15.200.201.185	permit
 17.57.155.0/24	permit
 17.57.156.0/24	permit
 17.58.0.0/16	permit
-17.110.0.0/15	permit
-17.142.0.0/15	permit
-17.162.0.0/15	permit
-17.164.0.0/16	permit
-17.171.37.0/24	permit
-17.172.0.0/16	permit
-17.179.168.0/23	permit
+18.156.89.250	permit
+18.157.243.190	permit
 18.194.95.56	permit
 18.198.96.88	permit
-20.47.149.138	permit
-20.48.0.0/12	permit
+18.208.124.128/25	permit
+18.216.232.154	permit
+18.234.1.244	permit
+18.236.40.242	permit
+20.51.6.32/30	permit
 20.52.52.2	permit
 20.52.128.133	permit
+20.59.80.4/30	permit
 20.63.210.192/28	permit
-20.64.0.0/10	permit
+20.69.8.108/30	permit
+20.70.246.20	permit
+20.76.201.171	permit
+20.83.222.104/30	permit
+20.88.157.184/30	permit
 20.94.180.64/28	permit
+20.97.34.220/30	permit
+20.98.148.156/30	permit
+20.98.194.68/30	permit
+20.105.209.76/30	permit
+20.107.239.64/30	permit
+20.112.250.133	permit
+20.118.139.208/30	permit
 20.185.213.160/27	permit
 20.185.213.224/27	permit
 20.185.214.0/27	permit
 20.185.214.2	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
-20.192.0.0/10	permit
-23.100.85.1	permit
+20.231.239.246	permit
+20.236.44.162	permit
 23.103.224.0/19	permit
 23.249.208.0/20	permit
 23.251.224.0/19	permit
@ -78,46 +95,38 @@
 27.123.206.56/29	permit
 27.123.206.76/30	permit
 27.123.206.80/28	permit
-34.194.25.167	permit
-34.194.144.120	permit
+31.25.48.222	permit
+34.195.217.107	permit
+34.202.239.6	permit
 34.212.163.75	permit
+34.215.104.144	permit
 34.225.212.172	permit
 34.247.168.44	permit
+35.161.32.253	permit
+35.167.93.243	permit
 35.176.132.251	permit
 35.190.247.0/24	permit
 35.191.0.0/16	permit
-37.188.97.188	permit
 37.218.248.47	permit
 37.218.249.47	permit
 37.218.251.62	permit
 39.156.163.64/29	permit
 40.71.187.0/24	permit
-40.76.4.15	permit
-40.77.102.222	permit
 40.92.0.0/15	permit
-40.97.116.82	permit
-40.97.128.194	permit
-40.97.148.226	permit
-40.97.153.146	permit
-40.97.156.114	permit
-40.97.160.2	permit
-40.97.161.50	permit
-40.97.164.146	permit
 40.107.0.0/16	permit
 40.112.65.63	permit
-40.112.72.205	permit
-40.113.200.201	permit
 40.117.80.0/24	permit
-40.121.71.46	permit
 41.74.192.0/22	permit
 41.74.196.0/22	permit
 41.74.200.0/23	permit
 41.74.204.0/23	permit
 41.74.206.0/24	permit
-42.159.163.81	permit
-42.159.163.82	permit
-42.159.163.83	permit
 43.228.184.0/22	permit
+44.206.138.57	permit
+44.209.42.157	permit
+44.236.56.93	permit
+44.238.220.251	permit
+46.19.168.0/23	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
 46.228.36.38/31	permit
@ -167,6 +176,8 @@
 46.243.88.175	permit
 46.243.88.176	permit
 46.243.88.177	permit
+46.243.95.179	permit
+46.243.95.180	permit
 50.18.45.249	permit
 50.18.121.236	permit
 50.18.121.248	permit
@ -178,11 +189,6 @@
 50.31.32.0/19	permit
 50.31.156.96/27	permit
 50.31.205.0/24	permit
-51.4.71.62	permit
-51.4.72.0/24	permit
-51.4.80.0/27	permit
-51.5.72.0/24	permit
-51.5.80.0/27	permit
 51.137.58.21	permit
 51.140.75.55	permit
 51.144.100.179	permit
@ -191,17 +197,28 @@
 52.5.230.59	permit
 52.27.5.72	permit
 52.27.28.47	permit
-52.33.191.91	permit
+52.28.63.81	permit
 52.36.138.31	permit
 52.37.142.146	permit
-52.38.191.253	permit
-52.41.64.145	permit
+52.58.216.183	permit
+52.59.143.3	permit
 52.60.41.5	permit
 52.60.115.116	permit
+52.61.91.9	permit
+52.71.0.205	permit
 52.82.172.0/22	permit
 52.94.124.0/28	permit
 52.95.48.152/29	permit
 52.95.49.88/29	permit
+52.96.91.34	permit
+52.96.111.82	permit
+52.96.172.98	permit
+52.96.214.50	permit
+52.96.222.194	permit
+52.96.222.226	permit
+52.96.223.2	permit
+52.96.228.130	permit
+52.96.229.242	permit
 52.100.0.0/14	permit
 52.119.213.144/28	permit
 52.160.39.140	permit
@ -214,23 +231,29 @@
 52.222.73.83	permit
 52.222.73.120	permit
 52.222.75.85	permit
+52.222.89.228	permit
 52.234.172.96/28	permit
 52.236.28.240/28	permit
-52.237.141.173	permit
 52.244.206.214	permit
 52.247.53.144	permit
 52.250.107.196	permit
 52.250.126.174	permit
-52.251.55.143	permit
 54.90.148.255	permit
-54.156.255.69	permit
 54.172.97.247	permit
+54.174.52.0/24	permit
+54.174.53.128/30	permit
+54.174.57.0/24	permit
+54.174.59.0/24	permit
+54.174.60.0/23	permit
+54.174.63.0/24	permit
 54.186.193.102	permit
-54.191.223.5	permit
+54.191.223.56	permit
 54.194.61.95	permit
 54.195.113.45	permit
+54.213.20.246	permit
 54.214.39.184	permit
 54.216.77.168	permit
+54.221.227.204	permit
 54.240.0.0/18	permit
 54.240.64.0/19	permit
 54.240.96.0/19	permit
@ -238,7 +261,9 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.246.232.180	permit
+54.255.61.23	permit
 62.13.128.0/24	permit
+62.13.128.150	permit
 62.13.129.128/25	permit
 62.13.136.0/22	permit
 62.13.140.0/22	permit
@ -249,22 +274,29 @@
 62.17.146.128/26	permit
 62.140.7.0/24	permit
 62.140.10.21	permit
+62.179.121.0/24	permit
+62.201.172.0/27	permit
+62.201.172.32/27	permit
+62.253.227.114	permit
 63.32.13.159	permit
 63.80.14.0/23	permit
+63.111.28.137	permit
 63.128.21.0/24	permit
 63.143.57.128/25	permit
 63.143.59.128/25	permit
 64.18.0.0/20	permit
 64.20.241.45	permit
-64.34.47.128/27	permit
-64.34.57.192/26	permit
+64.69.212.0/24	permit
 64.71.149.160/28	permit
 64.79.155.0/24	permit
+64.79.155.192	permit
+64.79.155.193	permit
+64.79.155.205	permit
+64.79.155.206	permit
 64.89.44.85	permit
 64.89.45.80	permit
 64.89.45.194	permit
 64.89.45.196	permit
-64.95.144.196	permit
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
@ -290,6 +322,7 @@
 64.207.219.71	permit
 64.207.219.72	permit
 64.207.219.73	permit
+64.207.219.75	permit
 64.207.219.77	permit
 64.207.219.78	permit
 64.207.219.79	permit
@ -300,9 +333,6 @@
 64.207.219.142	permit
 64.207.219.143	permit
 64.233.160.0/19	permit
-65.38.115.76	permit
-65.38.115.84	permit
-65.39.215.0/24	permit
 65.52.80.137	permit
 65.54.51.64/26	permit
 65.54.61.64/26	permit
@ -342,6 +372,10 @@
 66.111.4.225	permit
 66.111.4.229	permit
 66.111.4.230	permit
+66.119.150.192/26	permit
+66.135.202.0/27	permit
+66.135.215.0/24	permit
+66.135.222.1	permit
 66.162.193.226/31	permit
 66.163.184.0/21	permit
 66.163.184.0/24	permit
@ -373,7 +407,8 @@
 66.196.81.234	permit
 66.211.168.230/31	permit
 66.211.170.86/31	permit
-66.211.170.88/30	permit
+66.211.170.88/29	permit
+66.211.184.0/23	permit
 66.218.74.64/30	permit
 66.218.74.68/31	permit
 66.218.75.112/30	permit
@ -445,6 +480,8 @@
 68.142.230.72/30	permit
 68.142.230.76/31	permit
 68.142.230.78	permit
+68.232.140.138	permit
+68.232.157.143	permit
 68.232.192.0/20	permit
 69.63.178.128/25	permit
 69.63.181.0/24	permit
@ -452,6 +489,10 @@
 69.65.42.195	permit
 69.65.49.192/29	permit
 69.72.32.0/20	permit
+69.72.40.93	permit
+69.72.40.94/31	permit
+69.72.40.96/30	permit
+69.72.47.205	permit
 69.147.84.227	permit
 69.162.98.0/24	permit
 69.169.224.0/20	permit
@ -460,7 +501,7 @@
 70.37.151.128/25	permit
 70.42.149.0/24	permit
 70.42.149.35	permit
-72.3.185.0/24	permit
+72.3.237.64/28	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
 72.21.217.142	permit
@ -522,15 +563,11 @@
 72.30.239.228/31	permit
 72.30.239.244/30	permit
 72.30.239.248/31	permit
-72.32.154.0/24	permit
-72.32.217.0/24	permit
-72.32.243.0/24	permit
 72.34.168.76	permit
 72.34.168.80	permit
 72.34.168.85	permit
 72.34.168.86	permit
 72.52.72.32/28	permit
-72.52.72.36	permit
 74.6.128.0/21	permit
 74.6.128.0/24	permit
 74.6.129.0/24	permit
@ -558,8 +595,11 @@
 74.112.67.243	permit
 74.125.0.0/16	permit
 74.202.227.40	permit
+74.208.4.192/26	permit
+74.208.5.64/26	permit
+74.208.122.0/26	permit
 74.209.250.0/24	permit
-74.209.250.12	permit
+76.223.128.0/19	permit
 76.223.176.0/20	permit
 77.238.176.0/22	permit
 77.238.176.0/24	permit
@ -583,7 +623,13 @@
 77.238.189.146/31	permit
 77.238.189.148/30	permit
 81.223.46.0/27	permit
-84.16.77.1	permit
+82.165.159.0/24	permit
+82.165.159.0/26	permit
+82.165.229.31	permit
+82.165.229.130	permit
+82.165.230.21	permit
+82.165.230.22	permit
+84.116.36.0/24	permit
 85.158.136.0/21	permit
 86.61.88.25	permit
 87.198.219.130	permit
@ -624,11 +670,11 @@
 87.248.117.201	permit
 87.248.117.202	permit
 87.248.117.205	permit
-87.252.219.254	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
+91.194.248.0/23	permit
+91.211.240.0/22	permit
 91.220.42.0/24	permit
-94.236.119.0/26	permit
 94.245.112.0/27	permit
 94.245.112.10/31	permit
 95.131.104.0/21	permit
@ -638,6 +684,7 @@
 96.43.148.64/28	permit
 96.43.148.64/31	permit
 96.43.151.64/28	permit
+98.97.248.0/21	permit
 98.136.44.181	permit
 98.136.44.182/31	permit
 98.136.44.184	permit
@ -1142,23 +1189,21 @@
 98.139.245.212/31	permit
 99.78.197.208/28	permit
 103.2.140.0/22	permit
-103.9.8.121	permit
-103.9.8.122	permit
-103.9.8.123	permit
 103.9.96.0/22	permit
 103.13.69.0/24	permit
+103.28.42.0/24	permit
 103.47.204.0/22	permit
 103.96.21.0/24	permit
+103.96.22.0/24	permit
 103.96.23.0/24	permit
 103.151.192.0/23	permit
-103.237.104.0/22	permit
+103.168.172.128/27	permit
 104.43.243.237	permit
+104.44.112.128/25	permit
 104.47.0.0/17	permit
 104.130.96.0/28	permit
 104.130.122.0/23	permit
 104.214.25.77	permit
-104.215.148.63	permit
-104.215.186.3	permit
 104.245.209.192/26	permit
 106.10.144.64/27	permit
 106.10.144.100/31	permit
@ -1320,6 +1365,8 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+121.244.91.48	permit
+122.15.156.182	permit
 123.126.78.64/29	permit
 124.47.150.0/24	permit
 124.47.189.0/24	permit
@ -1335,20 +1382,35 @@
 128.127.70.0/26	permit
 128.245.0.0/20	permit
 128.245.64.0/20	permit
+128.245.176.0/20	permit
+128.245.242.0/24	permit
+128.245.242.16	permit
+128.245.242.17	permit
+128.245.242.18	permit
+128.245.243.0/24	permit
+128.245.244.0/24	permit
+128.245.245.0/24	permit
+128.245.246.0/24	permit
+128.245.247.0/24	permit
 129.41.77.70	permit
 129.41.169.249	permit
+129.80.5.164	permit
+129.80.67.121	permit
+129.146.88.28	permit
+129.146.147.105	permit
 129.146.236.58	permit
+129.151.67.221	permit
+129.153.62.216	permit
+129.153.104.71	permit
+129.153.168.146	permit
+129.153.190.200	permit
 129.153.194.228	permit
 129.159.87.137	permit
+129.213.195.191	permit
 130.61.9.72	permit
 130.211.0.0/22	permit
-130.248.172.0/24	permit
-130.248.173.0/24	permit
-131.107.0.0/16	permit
 131.253.30.0/24	permit
 131.253.121.0/26	permit
-131.253.121.20	permit
-131.253.121.52	permit
 132.145.13.209	permit
 132.226.26.225	permit
 132.226.49.32	permit
@ -1358,9 +1420,13 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.192/26	permit
+135.84.80.0/24	permit
+135.84.81.0/24	permit
 135.84.82.0/24	permit
+135.84.83.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
 136.143.182.0/23	permit
 136.143.184.0/24	permit
 136.143.188.0/24	permit
@ -1369,34 +1435,53 @@
 136.147.176.0/20	permit
 136.147.176.0/24	permit
 136.147.182.0/24	permit
+136.179.50.206	permit
 138.91.172.26	permit
 139.60.152.0/22	permit
-139.178.64.159	permit
-139.178.64.195	permit
+139.138.35.44	permit
+139.138.46.121	permit
+139.138.46.176	permit
+139.138.46.219	permit
+139.138.57.55	permit
+139.138.58.119	permit
+139.180.17.0/24	permit
+141.148.159.229	permit
 141.193.32.0/23	permit
 143.55.224.0/21	permit
 143.55.232.0/22	permit
 143.55.236.0/22	permit
+143.244.80.0/20	permit
+144.24.6.140	permit
+144.34.8.247	permit
+144.34.9.247	permit
+144.34.32.247	permit
+144.34.33.247	permit
 144.178.36.0/24	permit
 144.178.38.0/24	permit
+145.253.228.160/29	permit
+145.253.239.128/29	permit
 146.20.112.0/26	permit
 146.20.113.0/24	permit
 146.20.191.0/24	permit
 146.20.215.0/24	permit
+146.20.215.182	permit
+146.88.28.0/24	permit
 146.101.78.0/24	permit
-147.75.65.173	permit
-147.75.65.174	permit
-147.75.98.190	permit
+147.28.36.0/24	permit
 147.160.158.0/24	permit
 147.243.1.47	permit
 147.243.1.48	permit
 147.243.1.153	permit
 147.243.128.24	permit
 147.243.128.26	permit
-148.105.0.14	permit
+148.105.0.0/16	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
+149.97.173.180	permit
+150.230.98.160	permit
 152.67.105.195	permit
+152.69.200.236	permit
+155.248.208.51	permit
 157.55.0.192/26	permit
 157.55.1.128/26	permit
 157.55.2.0/25	permit
@ -1412,32 +1497,43 @@
 157.56.232.0/21	permit
 157.56.240.0/20	permit
 157.56.248.0/21	permit
+157.58.30.128/25	permit
 157.58.196.96/29	permit
 157.58.249.3	permit
 157.151.208.65	permit
 157.255.1.64/29	permit
+158.101.211.207	permit
+158.120.80.0/21	permit
+158.247.16.0/20	permit
 159.92.157.0/24	permit
+159.92.157.16	permit
+159.92.157.17	permit
+159.92.157.18	permit
 159.92.158.0/24	permit
 159.92.159.0/24	permit
 159.92.160.0/24	permit
 159.92.161.0/24	permit
 159.92.162.0/24	permit
+159.112.240.0/20	permit
+159.112.242.162	permit
 159.135.132.128/25	permit
 159.135.140.80/29	permit
 159.135.224.0/20	permit
+159.135.228.10	permit
 159.183.0.0/16	permit
+160.1.62.192	permit
 161.38.192.0/20	permit
 161.38.204.0/22	permit
 161.71.32.0/19	permit
 161.71.64.0/20	permit
-162.208.119.181	permit
 162.247.216.0/22	permit
+163.47.180.0/22	permit
 163.47.180.0/23	permit
 163.114.130.16	permit
 163.114.132.120	permit
+165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
-166.78.69.146	permit
 166.78.69.169	permit
 166.78.69.170	permit
 166.78.71.131	permit
@ -1457,10 +1553,13 @@
 167.216.129.210	permit
 167.216.131.180	permit
 167.220.67.232/29	permit
-167.220.67.238	permit
 168.138.5.36	permit
+168.138.73.51	permit
 168.245.0.0/17	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
 170.10.68.0/22	permit
+170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.133.0/24	permit
 172.217.0.0/19	permit
@ -1475,10 +1574,8 @@
 173.194.0.0/16	permit
 173.203.79.182	permit
 173.203.81.39	permit
-173.224.160.128/25	permit
-173.224.160.188	permit
 173.224.161.128/25	permit
-173.228.155.0/24	permit
+173.224.165.0/26	permit
 174.36.84.8/29	permit
 174.36.84.16/29	permit
 174.36.84.32/29	permit
@ -1491,6 +1588,7 @@
 174.36.114.152/29	permit
 174.37.67.28/30	permit
 174.129.203.189	permit
+175.41.215.51	permit
 176.32.105.0/24	permit
 176.32.127.0/24	permit
 178.236.10.128/26	permit
@ -1498,8 +1596,9 @@
 182.50.76.0/22	permit
 182.50.78.64/28	permit
 183.240.219.64/29	permit
+185.4.120.0/23	permit
+185.4.122.0/24	permit
 185.12.80.0/22	permit
-185.28.196.0/22	permit
 185.58.84.93	permit
 185.58.85.0/24	permit
 185.58.86.0/24	permit
@ -1509,9 +1608,13 @@
 185.80.93.204	permit
 185.80.93.227	permit
 185.80.95.31	permit
+185.90.20.0/22	permit
 185.189.236.0/22	permit
 185.211.120.0/22	permit
 185.250.236.0/22	permit
+185.250.239.148	permit
+185.250.239.168	permit
+185.250.239.190	permit
 188.125.68.132	permit
 188.125.68.152/31	permit
 188.125.68.156	permit
@ -1563,7 +1666,7 @@
 188.125.85.238	permit
 188.172.128.0/20	permit
 192.0.64.0/18	permit
-192.28.128.0/18	permit
+192.18.139.154	permit
 192.30.252.0/22	permit
 192.64.236.0/24	permit
 192.64.237.0/24	permit
@ -1579,16 +1682,21 @@
 192.254.113.10	permit
 192.254.113.101	permit
 192.254.114.176	permit
-192.254.118.63	permit
 193.7.206.0/25	permit
 193.7.207.0/25	permit
 193.109.254.0/23	permit
 193.122.128.100	permit
+194.64.234.128/27	permit
 194.64.234.129	permit
 194.104.109.0/24	permit
+194.104.110.21	permit
+194.104.110.240/28	permit
 194.104.111.0/24	permit
 194.106.220.0/23	permit
+194.113.24.0/22	permit
 194.154.193.192/27	permit
+195.4.92.0/23	permit
+195.54.172.0/23	permit
 195.130.217.0/24	permit
 195.234.109.226	permit
 195.245.230.0/23	permit
@ -1605,19 +1713,23 @@
 198.37.144.0/20	permit
 198.37.152.186	permit
 198.61.254.0/23	permit
+198.61.254.21	permit
 198.61.254.231	permit
-198.74.56.28	permit
 198.178.234.57	permit
+198.244.48.0/20	permit
+198.244.60.0/22	permit
 198.245.80.0/20	permit
 198.245.81.0/24	permit
 199.15.176.173	permit
-199.15.212.0/22	permit
 199.15.213.187	permit
 199.15.226.37	permit
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
 199.59.148.0/22	permit
+199.67.84.0/24	permit
+199.67.86.0/24	permit
+199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@ -1630,8 +1742,10 @@
 202.177.148.110	permit
 203.31.36.0/22	permit
 203.32.4.25	permit
+203.55.21.0/24	permit
 203.81.17.0/24	permit
 203.122.32.250	permit
+203.145.57.160/27	permit
 203.188.194.32	permit
 203.188.194.151	permit
 203.188.194.203	permit
@ -1666,28 +1780,31 @@
 203.209.230.76/31	permit
 204.11.168.0/21	permit
 204.13.11.48/29	permit
+204.13.11.48/30	permit
 204.14.232.0/21	permit
 204.14.232.64/28	permit
 204.14.234.64/28	permit
 204.29.186.0/23	permit
+204.75.142.0/24	permit
 204.79.197.212	permit
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
 204.141.32.0/23	permit
 204.141.42.0/23	permit
-204.153.121.0/24	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
 205.201.128.0/20	permit
 205.201.131.128/25	permit
 205.201.134.128/25	permit
 205.201.136.0/23	permit
+205.201.137.229	permit
 205.201.139.0/24	permit
 205.207.104.0/22	permit
-205.207.104.108	permit
 205.220.167.17	permit
+205.220.167.98	permit
 205.220.179.17	permit
+205.220.179.98	permit
 205.251.233.32	permit
 205.251.233.36	permit
 206.25.247.143	permit
@ -1723,6 +1840,7 @@
 207.211.31.0/25	permit
 207.211.41.113	permit
 207.218.90.0/24	permit
+207.218.90.122	permit
 207.250.68.0/24	permit
 208.40.232.70	permit
 208.43.21.28/30	permit
@ -1758,8 +1876,10 @@
 208.71.42.212/31	permit
 208.71.42.214	permit
 208.72.249.240/29	permit
+208.74.204.0/22	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
+208.75.121.246	permit
 208.75.122.246	permit
 208.82.237.96/29	permit
 208.82.237.104/31	permit
@ -1773,14 +1893,13 @@
 209.46.117.168	permit
 209.46.117.179	permit
 209.61.151.0/24	permit
+209.61.151.236	permit
+209.61.151.249	permit
+209.61.151.251	permit
 209.67.98.46	permit
 209.67.98.59	permit
 209.85.128.0/17	permit
 212.4.136.0/26	permit
-212.25.240.80	permit
-212.25.240.83	permit
-212.25.240.84/31	permit
-212.25.240.88	permit
 212.82.96.0/24	permit
 212.82.96.32/27	permit
 212.82.96.64/29	permit
@ -1821,6 +1940,12 @@
 212.82.111.228/31	permit
 212.82.111.230	permit
 212.123.28.40	permit
+212.227.15.0/24	permit
+212.227.15.0/25	permit
+212.227.17.0/27	permit
+212.227.126.128/25	permit
+213.46.255.0/24	permit
+213.165.64.0/23	permit
 213.167.75.0/25	permit
 213.167.81.0/25	permit
 213.199.128.139	permit
@ -1861,6 +1986,10 @@
 216.46.168.0/24	permit
 216.58.192.0/19	permit
 216.66.217.240/29	permit
+216.71.138.33	permit
+216.71.152.207	permit
+216.71.154.29	permit
+216.71.155.89	permit
 216.74.162.13	permit
 216.74.162.14	permit
 216.82.240.0/20	permit
@ -1870,33 +1999,49 @@
 216.109.114.0/24	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
+216.113.160.0/24	permit
+216.113.172.0/25	permit
+216.113.175.0/24	permit
 216.128.126.97	permit
 216.136.162.65	permit
 216.136.162.120/29	permit
 216.136.168.80/28	permit
+216.145.217.0/24	permit
+216.145.221.0/24	permit
 216.198.0.0/18	permit
 216.203.30.55	permit
 216.203.33.178/31	permit
 216.205.24.0/24	permit
 216.239.32.0/19	permit
+217.72.192.64/26	permit
+217.72.192.248/29	permit
+217.72.207.0/27	permit
 217.77.141.52	permit
 217.77.141.59	permit
+217.175.194.0/24	permit
 222.73.195.64/29	permit
 223.165.113.0/24	permit
 223.165.115.0/24	permit
 223.165.118.0/23	permit
 223.165.120.0/23	permit
+2001:0868:0100:0600::/64	permit
 2001:4860:4000::/36	permit
+2001:748:100:40::2:0/112	permit
 2404:6800:4000::/36	permit
+2603:1010:3:3::5b	permit
+2603:1020:201:10::10f	permit
+2603:1030:20e:3::23c	permit
+2603:1030:b:3::152	permit
+2603:1030:c02:8::14	permit
 2607:f8b0:4000::/36	permit
-2620:109:c003:104::215	permit
 2620:109:c003:104::/64	permit
-2620:109:c006:104::215	permit
+2620:109:c003:104::215	permit
 2620:109:c006:104::/64	permit
+2620:109:c006:104::215	permit
 2620:109:c00d:104::/64	permit
 2620:10d:c090:450::120	permit
-2620:10d:c091:450::16	permit
-2620:119:50c0:207::215	permit
+2620:10d:c091:400::8:1	permit
 2620:119:50c0:207::/64	permit
+2620:119:50c0:207::215	permit
 2800:3f0:4000::/36	permit
 194.25.134.0/24 permit # t-online.de
--- a/data/conf/rspamd/custom/bad_asn.map
+++ b/data/conf/rspamd/custom/bad_asn.map
@ -27,4 +27,5 @@
 #197518 2 #Rackmarkt SL, Spain
 #197695 2 #Domain names registrar REG.RU Ltd, Russia
 #198068 2 #P.A.G.M. OU, Estonia
-#201942 5 #Soltia Consulting SL, Spain
+#201942 5 #Soltia Consulting SL, Spain
+#213373 4 #IP Connect Inc
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@ -68,3 +68,39 @@ WL_FWD_HOST {
 ENCRYPTED_CHAT {
  expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
 }
+
+CLAMD_SPAM_FOUND {
+  expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE";
+  description = "Probably Spam, Securite Spam Flag set through ClamAV";
+  score = 5;
+}
+
+CLAMD_BAD_PDF {
+  expression = "CLAM_SECI_PDF & !MAILCOW_WHITE";
+  description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_BAD_JPG {
+  expression = "CLAM_SECI_JPG & !MAILCOW_WHITE";
+  description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_ASCII_MALWARE {
+  expression = "CLAM_SECI_ASCII & !MAILCOW_WHITE";
+  description = "ASCII malware found, Securite ASCII malware Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_HTML_MALWARE {
+  expression = "CLAM_SECI_HTML & !MAILCOW_WHITE";
+  description = "HTML malware found, Securite HTML malware Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_JS_MALWARE {
+  expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
+  description = "JS malware found, Securite JS malware Flag set through ClamAV";
+  score = 8;
+}
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@ -340,6 +340,10 @@ rspamd_config:register_symbol({
      if not bcc_dest then
        return -- stop
      end
+      -- dot stuff content before sending
+      local email_content = tostring(task:get_content())
+      email_content = string.gsub(email_content, "\r\n%.", "\r\n..")
+      -- send mail
      lua_smtp.sendmail({
        task = task,
        host = os.getenv("IPV4_NETWORK") .. '.253',
@ -347,8 +351,8 @@ rspamd_config:register_symbol({
        from = task:get_from(stp)[1].addr,
        recipients = bcc_dest,
        helo = 'bcc',
-        timeout = 10,
-      }, task:get_content(), sendmail_cb)
+        timeout = 20,
+      }, email_content, sendmail_cb)
    end

    -- determine from
--- a/data/web/admin.php
+++ b/data/web/admin.php
@ -80,6 +80,11 @@ foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map) {
  ];
 }

+// cors settings
+$cors_settings = cors('get');
+$cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allowed_origins']);
+$cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
+
 $template = 'admin.twig';
 $template_data = [
  'tfa_data' => $tfa_data,
@ -106,6 +111,7 @@ $template_data = [
  'ip_check' => customize('get', 'ip_check'),
  'password_complexity' => password_complexity('get'),
  'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
+  'cors_settings' => $cors_settings,
  'lang_admin' => json_encode($lang['admin']),
  'lang_datatables' => json_encode($lang['datatables'])
 ];
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@ -1,4 +1,4 @@
-openapi: 3.0.0
+openapi: 3.1.0
 info:
  description: >-
    mailcow is complete e-mailing solution with advanced antispam, antivirus,
@ -5602,6 +5602,50 @@ paths:
      description: You can list all mailboxes existing in system for a specific domain.
      operationId: Get mailboxes of a domain
      summary: Get mailboxes of a domain
+  /api/v1/edit/cors:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: "success"
+                      log: ["cors", "edit", {"allowed_origins": ["*", "mail.mailcow.tld"], "allowed_methods": ["POST", "GET", "DELETE", "PUT"]}]
+                      msg: "cors_headers_edited"
+          description: OK
+          headers: { }
+      tags:
+        - Cross-Origin Resource Sharing (CORS)
+      description: >-
+        This endpoint allows you to manage Cross-Origin Resource Sharing (CORS) settings for the API. 
+        CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests. 
+        By editing the CORS settings, you can specify which domains and which methods are permitted to access the API resources from outside the mailcow domain.
+      operationId: Edit Cross-Origin Resource Sharing (CORS) settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  allowed_origins: ["*", "mail.mailcow.tld"]
+                  allowed_methods: ["POST", "GET", "DELETE", "PUT"]
+              properties:
+                attr:
+                  type: object
+                  properties:
+                    allowed_origins:
+                      type: array
+                      items:
+                        type: string
+                    allowed_methods:
+                      type: array
+                      items:
+                        type: string
+      summary: Edit Cross-Origin Resource Sharing (CORS) settings

 tags:
  - name: Domains
@ -5646,3 +5690,5 @@ tags:
    description: Get the status of your cow
  - name: Ratelimits
    description: Edit domain ratelimits
+  - name: Cross-Origin Resource Sharing (CORS)
+    description: Manage Cross-Origin Resource Sharing (CORS) settings
--- a/data/web/api/swagger-initializer.js
+++ b/data/web/api/swagger-initializer.js
@ -1,6 +1,6 @@
 window.onload = function() {
  // Begin Swagger UI call region
-  const ui = SwaggerUIBundle({
+  window.ui = SwaggerUIBundle({
    urls: [{url: "/api/openapi.yaml", name: "mailcow API"}],
    dom_id: '#swagger-ui',
    deepLinking: true,
@ -15,5 +15,4 @@ window.onload = function() {
  });
  // End Swagger UI call region

-  window.ui = ui;
 };
--- a/data/web/api/swagger-ui-bundle.js
+++ b/data/web/api/swagger-ui-bundle.js
--- a/data/web/api/swagger-ui-bundle.js.map
+++ b/data/web/api/swagger-ui-bundle.js.map
--- a/data/web/api/swagger-ui-es-bundle-core.js
+++ b/data/web/api/swagger-ui-es-bundle-core.js
--- a/data/web/api/swagger-ui-es-bundle-core.js.map
+++ b/data/web/api/swagger-ui-es-bundle-core.js.map
--- a/data/web/api/swagger-ui-es-bundle.js
+++ b/data/web/api/swagger-ui-es-bundle.js
--- a/data/web/api/swagger-ui-es-bundle.js.map
+++ b/data/web/api/swagger-ui-es-bundle.js.map
--- a/data/web/api/swagger-ui-standalone-preset.js
+++ b/data/web/api/swagger-ui-standalone-preset.js
--- a/data/web/api/swagger-ui-standalone-preset.js.map
+++ b/data/web/api/swagger-ui-standalone-preset.js.map
--- a/data/web/api/swagger-ui.css
+++ b/data/web/api/swagger-ui.css
--- a/data/web/api/swagger-ui.css.map
+++ b/data/web/api/swagger-ui.css.map
--- a/data/web/api/swagger-ui.js
+++ b/data/web/api/swagger-ui.js
--- a/data/web/api/swagger-ui.js.map
+++ b/data/web/api/swagger-ui.js.map
--- a/data/web/css/build/011-datatables.css
+++ b/data/web/css/build/011-datatables.css
@ -342,6 +342,10 @@ div.dataTables_wrapper div.dt-row {
  position: relative;
 }

+div.dataTables_wrapper span.sorting-value {
+  display: none;
+}
+
 div.dataTables_scrollHead table.dataTable {
  margin-bottom: 0 !important;
 }
--- a/data/web/css/site/mailbox.css
+++ b/data/web/css/site/mailbox.css
@ -66,4 +66,6 @@ table tbody tr td input[type="checkbox"] {
  padding: .2em .4em .3em !important;
  background-color: #ececec!important;
 }
-
+.badge.bg-info .bi {
+  font-size: inherit;
+}
--- a/data/web/css/themes/mailcow-darkmode.css
+++ b/data/web/css/themes/mailcow-darkmode.css
@ -20,6 +20,11 @@ legend {
    background-color: #7a7a7a !important;
    border-color: #5c5c5c !important;
 }
+.btn-dark {
+  color: #000 !important;;
+  background-color: #f6f6f6 !important;;
+  border-color: #ddd !important;;
+}
 .btn-check:checked+.btn-secondary, .btn-check:active+.btn-secondary, .btn-secondary:active, .btn-secondary.active, .show>.btn-secondary.dropdown-toggle {
    border-color: #7a7a7a !important;
 }
@ -299,22 +304,22 @@ a:hover {
 }


-table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover,
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before:hover {
  background-color: #7a7a7a !important;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before {
  background-color: #7a7a7a !important;
  border: 1.5px solid #5c5c5c !important;
  color: #fff !important;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before, 
+table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>th.dtr-control:before {
  background-color: #949494;
 }
-table.dataTable.dtr-inline.collapsed>tbody>tr>td.child, 
-table.dataTable.dtr-inline.collapsed>tbody>tr>th.child, 
+table.dataTable.dtr-inline.collapsed>tbody>tr>td.child,
+table.dataTable.dtr-inline.collapsed>tbody>tr>th.child,
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
  background-color: #444444;
 }
@ -327,7 +332,7 @@ table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
 }
 .btn.btn-outline-secondary {
  color: #fff !important;
-  border-color: #7a7a7a !important;  
+  border-color: #7a7a7a !important;
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
    background-color: #9b9b9b !important;
--- a/data/web/inc/functions.address_rewriting.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@ -49,7 +49,9 @@ function bcc($_action, $_data = null, $_attr = null) {
      }
      elseif (filter_var($local_dest, FILTER_VALIDATE_EMAIL)) {
        $mailbox = mailbox('get', 'mailbox_details', $local_dest);
-        if ($mailbox === false && array_key_exists($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
+        $shared_aliases = mailbox('get', 'shared_aliases');
+        $direct_aliases = mailbox('get', 'direct_aliases');
+        if ($mailbox === false && in_array($local_dest, array_merge($direct_aliases, $shared_aliases)) === false) {
          $_SESSION['return'][] = array(
            'type' => 'danger',
            'log' => array(__FUNCTION__, $_action, $_data, $_attr),
--- a/data/web/inc/functions.docker.inc.php
+++ b/data/web/inc/functions.docker.inc.php
@ -192,5 +192,16 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
      }
      return false;
    break;
+    case 'broadcast':
+      $request = array(
+        "api_call" => "container_post",
+        "container_name" => $service_name,
+        "post_action" => $attr1,
+        "request" => $attr2
+      );
+
+      $redis->publish("MC_CHANNEL", json_encode($request));
+      return true;
+    break;
  }
 }
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@ -526,8 +526,9 @@ function logger($_data = false) {
          ':remote' => get_remote_ip()
        ));
      }
-      catch (Exception $e) {
-        // Do nothing
+      catch (PDOException $e) {
+        # handle the exception here, as the exception handler function results in a white page
+        error_log($e->getMessage(), 0);
      }
    }
  }
@ -1015,20 +1016,58 @@ function formatBytes($size, $precision = 2) {
  }
  return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
 }
-function update_sogo_static_view() {
+function update_sogo_static_view($mailbox = null) {
  if (getenv('SKIP_SOGO') == "y") {
    return true;
  }
  global $pdo;
  global $lang;
-  $stmt = $pdo->query("SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES
-    WHERE TABLE_NAME = 'sogo_view'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results != 0) {
-    $stmt = $pdo->query("REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
-      SELECT `c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings` from sogo_view");
-    $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+
+  $mailbox_exists = false;
+  if ($mailbox !== null) {
+    // Check if the mailbox exists
+    $stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
+    $stmt->execute(array(':mailbox' => $mailbox));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);  
+    if ($row){
+      $mailbox_exists = true;
+    }
  }
+
+  $query = "REPLACE INTO _sogo_static_view (`c_uid`, `domain`, `c_name`, `c_password`, `c_cn`, `mail`, `aliases`, `ad_aliases`, `ext_acl`, `kind`, `multiple_bookings`)
+            SELECT
+              mailbox.username,
+              mailbox.domain,
+              mailbox.username,
+              IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0',
+                 IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
+                 '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
+              mailbox.name,
+              mailbox.username,
+              IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
+              IFNULL(gda.ad_alias, ''),
+              IFNULL(external_acl.send_as_acl, ''),
+              mailbox.kind,
+              mailbox.multiple_bookings
+            FROM
+              mailbox
+              LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
+              LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
+              LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
+            WHERE
+              mailbox.active = '1'";
+  
+  if ($mailbox_exists) {
+    $query .= " AND mailbox.username = :mailbox";
+    $stmt = $pdo->prepare($query);
+    $stmt->execute(array(':mailbox' => $mailbox));
+  } else {
+    $query .= " GROUP BY mailbox.username";
+    $stmt = $pdo->query($query);
+  }
+  
+  $stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
+  
  flush_memcached();
 }
 function edit_user_account($_data) {
@ -2093,6 +2132,120 @@ function rspamd_ui($action, $data = null) {
    break;
  }
 }
+function cors($action, $data = null) {
+  global $redis;
+
+  switch ($action) {
+    case "edit":
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }    
+
+      $allowed_origins = isset($data['allowed_origins']) ? $data['allowed_origins'] : array($_SERVER['SERVER_NAME']);
+      $allowed_origins = !is_array($allowed_origins) ? array_filter(array_map('trim', explode("\n", $allowed_origins))) : $allowed_origins;
+      foreach ($allowed_origins as $origin) {
+        if (!filter_var($origin, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) && $origin != '*') {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $action, $data),
+            'msg' => 'cors_invalid_origin'
+          );
+          return false;
+        }
+      }
+
+      $allowed_methods = isset($data['allowed_methods']) ? $data['allowed_methods'] : array('GET', 'POST', 'PUT', 'DELETE');
+      $allowed_methods  = !is_array($allowed_methods) ? array_map('trim', preg_split( "/( |,|;|\n)/", $allowed_methods)) : $allowed_methods;
+      $available_methods = array('GET', 'POST', 'PUT', 'DELETE');
+      foreach ($allowed_methods as $method) {
+        if (!in_array($method, $available_methods)) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $action, $data),
+            'msg' => 'cors_invalid_method'
+          );
+          return false;
+        }
+      }
+
+      try {
+        $redis->hMSet('CORS_SETTINGS', array(
+          'allowed_origins' => implode(', ', $allowed_origins),
+          'allowed_methods' => implode(', ', $allowed_methods)
+        ));   
+      } catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => array('redis_error', $e)
+        );
+        return false;
+      }
+
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $action, $data),
+        'msg' => 'cors_headers_edited'
+      );
+      return true;
+    break;
+    case "get":
+      try {
+        $cors_settings                  = $redis->hMGet('CORS_SETTINGS', array('allowed_origins', 'allowed_methods'));
+      } catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => array('redis_error', $e)
+        );
+      }
+
+      $cors_settings                    = !$cors_settings ? array('allowed_origins' => $_SERVER['SERVER_NAME'], 'allowed_methods' => 'GET, POST, PUT, DELETE') : $cors_settings;
+      $cors_settings['allowed_origins'] = empty($cors_settings['allowed_origins']) ? $_SERVER['SERVER_NAME'] : $cors_settings['allowed_origins'];
+      $cors_settings['allowed_methods'] = empty($cors_settings['allowed_methods']) ? 'GET, POST, PUT, DELETE, OPTION' : $cors_settings['allowed_methods'];
+
+      return $cors_settings;
+    break;
+    case "set_headers":
+      $cors_settings = cors('get');
+      // check if requested origin is in allowed origins
+      $allowed_origins = explode(', ', $cors_settings['allowed_origins']);
+      $cors_settings['allowed_origins'] = $allowed_origins[0];
+      if (in_array('*', $allowed_origins)){
+        $cors_settings['allowed_origins'] = '*';
+      } else if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) {
+        $cors_settings['allowed_origins'] = $_SERVER['HTTP_ORIGIN'];
+      }
+      // always allow OPTIONS for preflight request
+      $cors_settings["allowed_methods"] = empty($cors_settings["allowed_methods"]) ? 'OPTIONS' : $cors_settings["allowed_methods"] . ', ' . 'OPTIONS';
+
+      header('Access-Control-Allow-Origin: ' . $cors_settings['allowed_origins']);
+      header('Access-Control-Allow-Methods: '. $cors_settings['allowed_methods']);
+      header('Access-Control-Allow-Headers: Accept, Content-Type, X-Api-Key, Origin');
+
+      // Access-Control settings requested, this is just a preflight request
+      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && 
+        isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
+        isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
+  
+        $allowed_methods = explode(', ', $cors_settings["allowed_methods"]);
+        if (in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], $allowed_methods, true))
+          // method allowed send 200 OK
+          http_response_code(200);
+        else
+          // method not allowed send 405 METHOD NOT ALLOWED
+          http_response_code(405);
+
+        exit;
+      }
+    break;
+  }
+}

 function get_logs($application, $lines = false) {
  if ($lines === false) {
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@ -1264,11 +1264,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            ));
          }

+          update_sogo_static_view($username);
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('mailbox_added', htmlspecialchars($username))
          );
+          return true;
        break;
        case 'resource':
          $domain             = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
@ -3130,7 +3132,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => array('mailbox_modified', $username)
            );
+
+            update_sogo_static_view($username);
          }
+          return true;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
@ -3960,6 +3965,39 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          }
          return $aliasdomaindata;
        break;
+        case 'shared_aliases':
+          $shared_aliases = array();
+          $stmt = $pdo->query("SELECT `address` FROM `alias`
+            WHERE `goto` REGEXP ','
+            AND `address` NOT LIKE '@%'
+            AND `goto` != `address`");
+          $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+          while($row = array_shift($rows)) {
+            $domain = explode("@", $row['address'])[1];
+            if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+              $shared_aliases[] = $row['address'];
+            }
+          }
+
+          return $shared_aliases;
+        break;
+        case 'direct_aliases':
+          $direct_aliases = array();
+          $stmt = $pdo->query("SELECT `address` FROM `alias`
+            WHERE `goto` NOT LIKE '%,%'
+            AND `address` NOT LIKE '@%'
+            AND `goto` != `address`");
+          $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+          while($row = array_shift($rows)) {
+            $domain = explode("@", $row['address'])[1];
+            if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+              $direct_aliases[] = $row['address'];
+            }
+          }
+
+          return $direct_aliases;
+        break;
        case 'domains':
          $domains = array();
          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
@ -4892,13 +4930,19 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            if (!empty($mailbox_details['domain']) && !empty($mailbox_details['local_part'])) {
              $maildir = $mailbox_details['domain'] . '/' . $mailbox_details['local_part'];
              $exec_fields = array('cmd' => 'maildir', 'task' => 'cleanup', 'maildir' => $maildir);
-              $maildir_gc = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
-              if ($maildir_gc['type'] != 'success') {
-                $_SESSION['return'][] = array(
-                  'type' => 'warning',
-                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'Could not move maildir to garbage collector: ' . $maildir_gc['msg']
-                );
+
+              if (getenv("CLUSTERMODE") == "replication") {
+                // broadcast to each dovecot container
+                docker('broadcast', 'dovecot-mailcow', 'exec', $exec_fields);
+              } else {
+                $maildir_gc = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
+                if ($maildir_gc['type'] != 'success') {
+                  $_SESSION['return'][] = array(
+                    'type' => 'warning',
+                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                    'msg' => 'Could not move maildir to garbage collector: ' . $maildir_gc['msg']
+                  );
+                }
              }
            }
            else {
@ -4951,9 +4995,10 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            $stmt->execute(array(
              ':username' => $username
            ));
-            $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
+            $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as OR `send_as` = :send_as");
            $stmt->execute(array(
-              ':username' => $username
+              ':logged_in_as' => $username,
+              ':send_as' => $username
            ));
            // fk, better safe than sorry
            $stmt = $pdo->prepare("DELETE FROM `user_acl` WHERE `username` = :username");
@ -5053,12 +5098,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              );
              continue;
            }
+            
+            update_sogo_static_view($username);
            $_SESSION['return'][] = array(
              'type' => 'success',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => array('mailbox_removed', htmlspecialchars($username))
            );
          }
+          return true;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
@ -5264,7 +5312,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
      }
    break;
  }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource')) && getenv('SKIP_SOGO') != "y") {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {
    update_sogo_static_view();
  }
 }
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@ -63,7 +63,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
        unset($_SESSION['index_query_string']);
        if (in_array('mobileconfig', $http_parameters)) {
            if (in_array('only_email', $http_parameters)) {
-                header("Location: /mobileconfig.php?email_only");
+                header("Location: /mobileconfig.php?only_email");
                die();
            }
            header("Location: /mobileconfig.php");
--- a/data/web/js/build/013-mailcow.js
+++ b/data/web/js/build/013-mailcow.js
@ -1,3 +1,13 @@
+const LOCALE = undefined;
+const DATETIME_FORMAT = {
+  year: "numeric",
+  month: "2-digit",
+  day: "2-digit",
+  hour: "2-digit",
+  minute: "2-digit",
+  second: "2-digit"
+};
+
 $(document).ready(function() {
  // mailcow alert box generator
  window.mailcow_alert_box = function(message, type) {
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@ -117,8 +117,8 @@ jQuery(function($){
          data: 'tfa_active',
          defaultContent: '',
            render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -126,8 +126,8 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -260,8 +260,8 @@ jQuery(function($){
          data: 'tfa_active',
          defaultContent: '',
          render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -269,8 +269,8 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -337,7 +337,7 @@ jQuery(function($){
          data: 'keep_spam',
          defaultContent: '',
          render: function(data, type){
-            return 'yes'==data?'<i class="bi bi-x-lg"></i>':'no'==data&&'<i class="bi bi-check-lg"></i>';
+            return 'yes'==data?'<i class="bi bi-x-lg"><span class="sorting-value">yes</span></i>':'no'==data&&'<i class="bi bi-check-lg"><span class="sorting-value">no</span></i>';
          }
        },
        {
@ -414,8 +414,8 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -492,8 +492,8 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            if(data == 1) return '<i class="bi bi-check-lg"></i>';
-            else return '<i class="bi bi-x-lg"></i>';
+            if(data == 1) return '<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>';
+            else return '<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@ -1,13 +1,3 @@
-const LOCALE = undefined;
-const DATETIME_FORMAT = {
-  year: "numeric",
-  month: "2-digit",
-  day: "2-digit",
-  hour: "2-digit",
-  minute: "2-digit",
-  second: "2-digit"
-};
-
 $(document).ready(function() {
  // Parse seconds ago to date
  // Get "now" timestamp
@ -43,7 +33,7 @@ $(document).ready(function() {
  if (mailcow_info.branch === "master"){
    check_update(mailcow_info.version_tag, mailcow_info.project_url);
  }
-  $("#maiclow_version").click(function(){
+  $("#mailcow_version").click(function(){
    if (mailcow_cc_role !== "admin" && mailcow_cc_role !== "domainadmin" || mailcow_info.branch !== "master")
      return;

@ -829,13 +819,10 @@ jQuery(function($){
      url: '/api/v1/get/rspamd/actions',
      async: true,
      success: function(data){
-        console.log(data);
-
        var total = 0;
        $(data).map(function(){total += this[1];});
        var labels = $.makeArray($(data).map(function(){return this[0] + ' ' + Math.round(this[1]/total * 100) + '%';}));
        var values = $.makeArray($(data).map(function(){return this[1];}));
-        console.log(values);

        var graphdata = {
          labels: labels,
@ -951,12 +938,15 @@ jQuery(function($){
          title: 'Score',
          data: 'score',
          defaultContent: '',
+          class: 'text-nowrap',
          createdCell: function(td, cellData) {
            $(td).attr({
              "data-order": cellData.sortBy,
              "data-sort": cellData.sortBy
            });
-            $(td).html(cellData.value);
+          },    
+          render: function (data) {
+            return data.value;
          }
        },
        {
@ -979,7 +969,9 @@ jQuery(function($){
              "data-order": cellData.sortBy,
              "data-sort": cellData.sortBy
            });
-            $(td).html(cellData.value);
+          },    
+          render: function (data) {
+            return data.value;
          }
        },
        {
@ -1181,7 +1173,7 @@ jQuery(function($){

    if (table = $('#' + log_table).DataTable()) {
      var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows)
+      var load_rows = (table.data().count() + 1) + '-' + (table.data().count() + new_nrows)

      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
@ -1302,6 +1294,12 @@ function update_stats(timeout=5){
      $("#host_cpu_usage").text(parseInt(data.cpu.usage).toString() + "%");
      $("#host_memory_total").text((data.memory.total / (1024 ** 3)).toFixed(2).toString() + "GB");
      $("#host_memory_usage").text(parseInt(data.memory.usage).toString() + "%");
+      if (data.architecture == "aarch64"){
+        $("#host_architecture").html('<span data-bs-toggle="tooltip" data-bs-placement="top" title="' + lang_debug.wip +'">' + data.architecture + ' ⚠️</span>');
+      }
+      else {
+        $("#host_architecture").html(data.architecture);
+      }

      // update cpu and mem chart
      var cpu_chart = Chart.getChart("host_cpu_chart");
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@ -607,7 +607,7 @@ jQuery(function($){
          defaultContent: '',
          responsivePriority: 6,
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':(0==data?'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>':2==data&&'&#8212;');
          }
        },
        {
@ -754,7 +754,7 @@ jQuery(function($){
          data: 'attributes.gal',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -762,7 +762,7 @@ jQuery(function($){
          data: 'attributes.backupmx',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -770,7 +770,7 @@ jQuery(function($){
          data: 'attributes.relay_all_recipients',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -778,7 +778,7 @@ jQuery(function($){
          data: 'attributes.relay_unknown_only',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -787,7 +787,7 @@ jQuery(function($){
          defaultContent: '',
          responsivePriority: 4,
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -1093,7 +1093,7 @@ jQuery(function($){
          defaultContent: '',
          responsivePriority: 4,
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':(0==data?'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>':2==data&&'&#8212;');
          }
        },
        {
@ -1164,13 +1164,13 @@ jQuery(function($){

            item.attributes.quota = humanFileSize(item.attributes.quota);

-            item.attributes.tls_enforce_in = '<i class="text-' + (item.attributes.tls_enforce_in == 1 ? 'success bi bi-lock-fill' : 'danger bi bi-unlock-fill') + '"></i>';
-            item.attributes.tls_enforce_out = '<i class="text-' + (item.attributes.tls_enforce_out == 1 ? 'success bi bi-lock-fill' : 'danger bi bi-unlock-fill') + '"></i>';
-            item.attributes.pop3_access = '<i class="text-' + (item.attributes.pop3_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.pop3_access == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            item.attributes.imap_access = '<i class="text-' + (item.attributes.imap_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.imap_access == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            item.attributes.smtp_access = '<i class="text-' + (item.attributes.smtp_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.smtp_access == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            item.attributes.sieve_access = '<i class="text-' + (item.attributes.sieve_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sieve_access == 1 ? 'check-lg' : 'x-lg') + '"></i>';
-            item.attributes.sogo_access = '<i class="text-' + (item.attributes.sogo_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sogo_access == 1 ? 'check-lg' : 'x-lg') + '"></i>';
+            item.attributes.tls_enforce_in = '<i class="text-' + (item.attributes.tls_enforce_in == 1 ? 'success bi bi-lock-fill' : 'danger bi bi-unlock-fill') + '"><span class="sorting-value">' + (item.attributes.tls_enforce_in == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.tls_enforce_out = '<i class="text-' + (item.attributes.tls_enforce_out == 1 ? 'success bi bi-lock-fill' : 'danger bi bi-unlock-fill') + '"><span class="sorting-value">' + (item.attributes.tls_enforce_out == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.pop3_access = '<i class="text-' + (item.attributes.pop3_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.pop3_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.pop3_access == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.imap_access = '<i class="text-' + (item.attributes.imap_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.imap_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.imap_access == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.smtp_access = '<i class="text-' + (item.attributes.smtp_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.smtp_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.smtp_access == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.sieve_access = '<i class="text-' + (item.attributes.sieve_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sieve_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.sieve_access == 1 ? '1' : '0') + '</span></i>';
+            item.attributes.sogo_access = '<i class="text-' + (item.attributes.sogo_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sogo_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.sogo_access == 1 ? '1' : '0') + '</span></i>';
            if (item.attributes.quarantine_notification === 'never') {
              item.attributes.quarantine_notification = lang.never;
            } else if (item.attributes.quarantine_notification === 'hourly') {
@ -1188,7 +1188,6 @@ jQuery(function($){
              item.attributes.quarantine_category = lang.q_all;
            }

-
            if (item.template.toLowerCase() == "default"){
              item.action = '<div class="btn-group">' +
                '<a href="/edit/template/' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-xs-half btn-secondary"><i class="bi bi-pencil-fill"></i> ' + lang.edit + '</a>' +
@ -1329,7 +1328,7 @@ jQuery(function($){
          defaultContent: '',
          responsivePriority: 4,
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':(0==data?'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>':2==data&&'&#8212;');
          }
        },
        {
@ -1440,7 +1439,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':(0==data?'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>':2==data&&'&#8212;');
          }
        },
        {
@ -1459,30 +1458,37 @@ jQuery(function($){
  }
  function draw_bcc_table() {
    $.get("/api/v1/get/bcc-destination-options", function(data){
+      var optgroup = "";
      // Domains
-      var optgroup = "<optgroup label='" + lang.domains + "'>";
-      $.each(data.domains, function(index, domain){
-        optgroup += "<option value='" + domain + "'>" + domain + "</option>";
-      });
-      optgroup += "</optgroup>";
-      $('#bcc-local-dest').append(optgroup);
-      // Alias domains
-      var optgroup = "<optgroup label='" + lang.domain_aliases + "'>";
-      $.each(data.alias_domains, function(index, alias_domain){
-        optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>";
-      });
-      optgroup += "</optgroup>"
-      $('#bcc-local-dest').append(optgroup);
-      // Mailboxes and aliases
-      $.each(data.mailboxes, function(mailbox, aliases){
-        var optgroup = "<optgroup label='" + mailbox + "'>";
-        $.each(aliases, function(index, alias){
-          optgroup += "<option value='" + alias + "'>" + alias + "</option>";
+      if (data.domains && data.domains.length > 0) {
+        optgroup = "<optgroup label='" + lang.domains + "'>";
+        $.each(data.domains, function(index, domain){
+          optgroup += "<option value='" + domain + "'>" + domain + "</option>";
        });
        optgroup += "</optgroup>";
        $('#bcc-local-dest').append(optgroup);
-      });
-      // Finish
+      }
+      // Alias domains
+      if (data.alias_domains && data.alias_domains.length > 0) {
+        optgroup = "<optgroup label='" + lang.domain_aliases + "'>";
+        $.each(data.alias_domains, function(index, alias_domain){
+          optgroup += "<option value='" + alias_domain + "'>" + alias_domain + "</option>";
+        });
+        optgroup += "</optgroup>"
+        $('#bcc-local-dest').append(optgroup);
+      }
+      // Mailboxes and aliases
+      if (data.mailboxes && Object.keys(data.mailboxes).length > 0) {
+        $.each(data.mailboxes, function(mailbox, aliases){
+          optgroup = "<optgroup label='" + mailbox + "'>";
+          $.each(aliases, function(index, alias){
+            optgroup += "<option value='" + alias + "'>" + alias + "</option>";
+          });
+          optgroup += "</optgroup>";
+          $('#bcc-local-dest').append(optgroup);
+        });
+      }
+      // Recreate picker
      $('#bcc-local-dest').selectpicker('refresh');
    });

@ -1578,7 +1584,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':(0==data?'<i class="bi bi-x-lg"></i>':2==data&&'&#8212;');
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':(0==data?'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>':2==data&&'&#8212;');
          }
        },
        {
@ -1675,7 +1681,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -1782,7 +1788,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -1917,7 +1923,7 @@ jQuery(function($){
          data: 'sogo_visible',
          defaultContent: '',
          render: function(data, type){
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -1936,7 +1942,7 @@ jQuery(function($){
          defaultContent: '',
          responsivePriority: 6,
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -1952,6 +1958,10 @@ jQuery(function($){
    table.on('responsive-resize', function (e, datatable, columns){
      hideTableExpandCollapseBtn('#tab-mbox-aliases', '#alias_table');
    });
+    
+    table.on( 'draw', function (){
+        $('#alias_table [data-bs-toggle="tooltip"]').tooltip();
+    });
  }
  function draw_aliasdomain_table() {
    // just recalc width if instance already exists
@ -2031,7 +2041,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -2167,7 +2177,7 @@ jQuery(function($){
          data: 'active',
          defaultContent: '',
          render: function (data, type) {
-            return 1==data?'<i class="bi bi-check-lg"></i>':0==data&&'<i class="bi bi-x-lg"></i>';
+            return 1==data?'<i class="bi bi-check-lg"><span class="sorting-value">1</span></i>':0==data&&'<i class="bi bi-x-lg"><span class="sorting-value">0</span></i>';
          }
        },
        {
@ -2323,16 +2333,19 @@ jQuery(function($){
  // detect element visibility changes
  function onVisible(element, callback) {
    $(document).ready(function() {
-      element_object = document.querySelector(element);
+      let element_object = document.querySelector(element);
      if (element_object === null) return;

-      new IntersectionObserver((entries, observer) => {
+      let observer = new IntersectionObserver((entries, observer) => {
        entries.forEach(entry => {
          if(entry.intersectionRatio > 0) {
            callback(element_object);
+            observer.unobserve(element_object);
          }
        });
-      }).observe(element_object);
+      })
+      
+      observer.observe(element_object);
    });
  }

--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@ -127,6 +127,20 @@ jQuery(function($){
    }
  }

+  
+  function createSortableDate(td, cellData, date_string = false) {
+    if (date_string)
+      var date = new Date(cellData);
+    else
+      var date = new Date(cellData ? cellData * 1000 : 0);
+
+    var timestamp = date.getTime();
+    $(td).attr({
+      "data-order": timestamp,
+      "data-sort": timestamp
+    });
+    $(td).html(date.toLocaleDateString(LOCALE, DATETIME_FORMAT));
+  }
  function draw_tla_table() {
    // just recalc width if instance already exists
    if ($.fn.DataTable.isDataTable('#tla_table') ) {
@ -144,6 +158,7 @@ jQuery(function($){
           "tr" +
           "<'row'<'col-sm-12 col-md-5'i><'col-sm-12 col-md-7'p>>",
      language: lang_datatables,
+      order: [[4, 'desc']],
      ajax: {
        type: "GET",
        url: "/api/v1/get/time_limited_aliases",
@ -191,18 +206,16 @@ jQuery(function($){
          title: lang.alias_valid_until,
          data: 'validity',
          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data ? data * 1000 : 0);
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData)
          }
        },
        {
          title: lang.created_on,
          data: 'created',
          defaultContent: '',
-          render: function (data, type) {
-            var date = new Date(data.replace(/-/g, "/"));
-            return date.toLocaleDateString(undefined, {year: "numeric", month: "2-digit", day: "2-digit", hour: "2-digit", minute: "2-digit", second: "2-digit"});
+          createdCell: function(td, cellData) {
+            createSortableDate(td, cellData, true)
          }
        },
        {
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@ -2,9 +2,9 @@
 /*
   see /api
 */
-
-header('Content-Type: application/json');
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+cors("set_headers");
+header('Content-Type: application/json');
 error_reporting(0);

 function api_log($_data) {
@ -288,18 +288,18 @@ if (isset($_GET['query'])) {
        case "domain-admin":
          process_add_return(domain_admin('add', $attr));
        break;
-        case "sso":
-          switch ($object) {
-            case "domain-admin":
-              $data = domain_admin_sso('issue', $attr);
-              if($data) {
-                echo json_encode($data);
-                exit(0);
-              }
-              process_add_return($data);
-            break;
-          }
-        break;
+        case "sso":
+          switch ($object) {
+            case "domain-admin":
+              $data = domain_admin_sso('issue', $attr);
+              if($data) {
+                echo json_encode($data);
+                exit(0);
+              }
+              process_add_return($data);
+            break;
+          }
+        break;
        case "admin":
          process_add_return(admin('add', $attr));
        break;
@ -1946,6 +1946,9 @@ if (isset($_GET['query'])) {
            process_edit_return(edit_user_account($attr));
          }
        break;
+        case "cors":
+          process_edit_return(cors('edit', $attr));
+        break;
        // return no route found if no case is matched
        default:
          http_response_code(404);
--- a/data/web/lang/lang.cs-cz.json
+++ b/data/web/lang/lang.cs-cz.json
@ -105,7 +105,8 @@
        "timeout2": "Časový limit pro připojení k lokálnímu serveru",
        "username": "Uživatelské jméno",
        "validate": "Ověřit",
-        "validation_success": "Úspěšně ověřeno"
+        "validation_success": "Úspěšně ověřeno",
+        "tags": "Štítky"
    },
    "admin": {
        "access": "Přístupy",
@ -333,7 +334,11 @@
        "username": "Uživatelské jméno",
        "validate_license_now": "Ověřit GUID na licenčním serveru",
        "verify": "Ověřit",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "f2b_ban_time_increment": "Délka banu je prodlužována s každým dalším banem",
+        "f2b_max_ban_time": "Maximální délka banu (s)",
+        "ip_check": "Kontrola IP",
+        "ip_check_disabled": "Kontrola IP je vypnuta. Můžete ji zapnout v <br> <strong>System > Nastavení > Options > Přizpůsobení</strong>"
    },
    "danger": {
        "access_denied": "Přístup odepřen nebo jsou neplatná data ve formuláři",
@ -536,7 +541,7 @@
        "inactive": "Neaktivní",
        "kind": "Druh",
        "last_modified": "Naposledy změněn",
-        "lookup_mx": "Cíl je regulární výraz který se shoduje s MX záznamem (<code>.*google\\.com</code> směřuje veškerou poštu na MX které jsou cílem pro google.com přes tento skok)",
+        "lookup_mx": "Cíl je regulární výraz který se shoduje s MX záznamem (<code>.*\\.google\\.com</code> směřuje veškerou poštu na MX které jsou cílem pro google.com přes tento skok)",
        "mailbox": "Úprava mailové schránky",
        "mailbox_quota_def": "Výchozí kvóta schránky",
        "mailbox_relayhost_info": "Aplikované jen na uživatelskou schránku a přímé aliasy, přepisuje předávající server domény.",
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@ -147,6 +147,7 @@
        "change_logo": "Logo ändern",
        "configuration": "Konfiguration",
        "convert_html_to_text": "Konvertiere HTML zu reinem Text",
+        "cors_settings": "CORS Einstellungen",
        "credentials_transport_warning": "<b>Warnung</b>: Das Hinzufügen einer neuen Regel bewirkt die Aktualisierung der Authentifizierungsdaten aller vorhandenen Einträge mit identischem Next Hop.",
        "customer_id": "Kunde",
        "customize": "UI-Anpassung",
@ -216,7 +217,7 @@
        "loading": "Bitte warten...",
        "login_time": "Zeit",
        "logo_info": "Die hochgeladene Grafik wird für die Navigationsleiste auf eine Höhe von 40px skaliert. Für die Darstellung auf der Login-Maske beträgt die skalierte Breite maximal 250px. Eine frei skalierbare Grafik (etwa SVG) wird empfohlen.",
-        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
+        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*\\.google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
        "main_name": "\"mailcow UI\" Name",
        "merged_vars_hint": "Ausgegraute Reihen wurden aus der Datei <code>vars.(local.)inc.php</code> gelesen und können hier nicht verändert werden.",
        "message": "Nachricht",
@ -358,6 +359,8 @@
        "bcc_exists": "Ein BCC-Map-Eintrag %s existiert bereits als Typ %s",
        "bcc_must_be_email": "BCC-Ziel %s ist keine gültige E-Mail-Adresse",
        "comment_too_long": "Kommentarfeld darf maximal 160 Zeichen enthalten",
+        "cors_invalid_method": "Allow-Methods enthält eine ungültige Methode",
+        "cors_invalid_origin": "Allow-Origins enthält eine ungültige Origin",
        "defquota_empty": "Standard-Quota darf nicht 0 sein",
        "demo_mode_enabled": "Demo Mode ist aktiviert",
        "description_invalid": "Ressourcenbeschreibung für %s ist ungültig",
@ -498,6 +501,7 @@
        }
    },
    "debug": {
+        "architecture": "Architektur",
        "chart_this_server": "Chart (dieser Server)",
        "containers_info": "Container-Information",
        "container_running": "Läuft",
@ -534,7 +538,8 @@
        "update_available": "Es ist ein Update verfügbar",
        "no_update_available": "Das System ist auf aktuellem Stand",
        "update_failed": "Es konnte nicht nach einem Update gesucht werden",
-        "username": "Benutzername"
+        "username": "Benutzername",
+        "wip": "Aktuell noch in Arbeit"
    },
    "diagnostics": {
        "cname_from_a": "Wert abgeleitet von A/AAAA-Eintrag. Wird unterstützt, sofern der Eintrag auf die korrekte Ressource zeigt.",
@ -593,7 +598,7 @@
        "inactive": "Inaktiv",
        "kind": "Art",
        "last_modified": "Zuletzt geändert",
-        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
+        "lookup_mx": "Ziel mit MX vergleichen (Regex, etwa <code>.*\\.google\\.com</code>, um alle Ziele mit MX *google.com zu routen)",
        "mailbox": "Mailbox bearbeiten",
        "mailbox_quota_def": "Standard-Quota einer Mailbox",
        "mailbox_relayhost_info": "Wird auf eine Mailbox und direkte Alias-Adressen angewendet. Überschreibt die Einstellung einer Domain.",
@ -996,6 +1001,7 @@
        "bcc_deleted": "BCC-Map-Einträge gelöscht: %s",
        "bcc_edited": "BCC-Map-Eintrag %s wurde geändert",
        "bcc_saved": "BCC- Map-Eintrag wurde gespeichert",
+        "cors_headers_edited": "CORS Einstellungen wurden erfolgreich gespeichert",
        "db_init_complete": "Datenbankinitialisierung abgeschlossen",
        "delete_filter": "Filter-ID %s wurde gelöscht",
        "delete_filters": "Filter gelöscht: %s",
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@ -133,6 +133,8 @@
        "admins": "Administrators",
        "admins_ldap": "LDAP Administrators",
        "advanced_settings": "Advanced settings",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
        "api_allow_from": "Allow API access from these IPs/CIDR network notations",
        "api_info": "The API is a work in progress. The documentation can be found at <a href=\"/api\">/api</a>",
        "api_key": "API key",
@ -149,6 +151,7 @@
        "change_logo": "Change logo",
        "configuration": "Configuration",
        "convert_html_to_text": "Convert HTML to plain text",
+        "cors_settings": "CORS Settings",
        "credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching next hop column.",
        "customer_id": "Customer ID",
        "customize": "Customize",
@ -218,7 +221,7 @@
        "loading": "Please wait...",
        "login_time": "Login time",
        "logo_info": "Your image will be scaled to a height of 40px for the top navigation bar and a max. width of 250px for the start page. A scalable graphic is highly recommended.",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "main_name": "\"mailcow UI\" name",
        "merged_vars_hint": "Greyed out rows were merged from <code>vars.(local.)inc.php</code> and cannot be modified.",
        "message": "Message",
@ -358,6 +361,8 @@
        "bcc_exists": "A BCC map %s exists for type %s",
        "bcc_must_be_email": "BCC destination %s is not a valid email address",
        "comment_too_long": "Comment too long, max 160 chars allowed",
+        "cors_invalid_method": "Invalid Allow-Method specified",
+        "cors_invalid_origin": "Invalid Allow-Origin specified",
        "defquota_empty": "Default quota per mailbox must not be 0.",
        "demo_mode_enabled": "Demo Mode is enabled",
        "description_invalid": "Resource description for %s is invalid",
@ -498,6 +503,7 @@
        }
    },
    "debug": {
+        "architecture": "Architecture",
        "chart_this_server": "Chart (this server)",
        "containers_info": "Container information",
        "container_running": "Running",
@ -534,7 +540,8 @@
        "update_available": "There is an update available",
        "no_update_available": "The System is on the latest version",
        "update_failed": "Could not check for an Update",
-        "username": "Username"
+        "username": "Username",
+        "wip": "Currently Work in Progress"
    },
    "diagnostics": {
        "cname_from_a": "Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.",
@ -593,7 +600,7 @@
        "inactive": "Inactive",
        "kind": "Kind",
        "last_modified": "Last modified",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "mailbox": "Edit mailbox",
        "mailbox_quota_def": "Default mailbox quota",
        "mailbox_relayhost_info": "Applied to the mailbox and direct aliases only, does override a domain relayhost.",
@ -1003,6 +1010,7 @@
        "bcc_deleted": "BCC map entries deleted: %s",
        "bcc_edited": "BCC map entry %s edited",
        "bcc_saved": "BCC map entry saved",
+        "cors_headers_edited": "CORS settings have been saved",
        "db_init_complete": "Database initialization completed",
        "delete_filter": "Deleted filters ID %s",
        "delete_filters": "Deleted filters: %s",
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@ -588,7 +588,7 @@
        "unchanged_if_empty": "Si non modifié, laisser en blanc",
        "username": "Nom d'utilisateur",
        "validate_save": "Valider et sauver",
-        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
+        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*\\.google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine."
    },
    "footer": {
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@ -213,7 +213,7 @@
        "loading": "Caricamento in corso...",
        "login_time": "Ora di accesso",
        "logo_info": "La tua immagine verrà ridimensionata a 40px di altezza, quando verrà usata nella barra di navigazione in alto, ed ad una larghezza massima di 250px nella schermata iniziale. È altamente consigliato l'utilizzo di un'immagine modulabile.",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "main_name": "Nome \"mailcow UI\"",
        "merged_vars_hint": "Greyed out rows were merged from <code>vars.(local.)inc.php</code> and cannot be modified.",
        "message": "Messaggio",
@ -554,7 +554,7 @@
        "hostname": "Hostname",
        "inactive": "Inattivo",
        "kind": "Genere",
-        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
+        "lookup_mx": "Destination is a regular expression to match against MX name (<code>.*\\.google\\.com</code> to route all mail targeted to a MX ending in google.com over this hop)",
        "mailbox": "Modifica casella di posta",
        "mailbox_quota_def": "Default mailbox quota",
        "mailbox_relayhost_info": "Applied to the mailbox and direct aliases only, does override a domain relayhost.",
--- a/data/web/lang/lang.ro-ro.json
+++ b/data/web/lang/lang.ro-ro.json
@ -539,7 +539,7 @@
        "inactive": "Inactiv",
        "kind": "Fel",
        "last_modified": "Ultima modificare",
-        "lookup_mx": "Destinația este o expresie regulată care potrivită cu numele MX (<code>.*google\\.com</code> pentru a direcționa toate e-mailurile vizate către un MX care se termină în google.com peste acest hop)",
+        "lookup_mx": "Destinația este o expresie regulată care potrivită cu numele MX (<code>.*\\.google\\.com</code> pentru a direcționa toate e-mailurile vizate către un MX care se termină în google.com peste acest hop)",
        "mailbox": "Editează căsuța poștală",
        "mailbox_quota_def": "Cota implicită a căsuței poștale",
        "mailbox_relayhost_info": "Aplicat numai căsuței poștale și aliasurilor directe, suprascrie un transport dependent de domeniu.",
--- a/data/web/lang/lang.ru-ru.json
+++ b/data/web/lang/lang.ru-ru.json
@ -336,7 +336,9 @@
        "validate_license_now": "Получить лицензию на основе GUID с сервера лицензий",
        "verify": "Проверить",
        "yes": "&#10003;",
-        "queue_unban": "разблокировать"
+        "queue_unban": "разблокировать",
+        "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
+        "f2b_max_ban_time": "Максимальное время блокировки"
    },
    "danger": {
        "access_denied": "Доступ запрещён, или указаны неверные данные",
--- a/data/web/lang/lang.sk-sk.json
+++ b/data/web/lang/lang.sk-sk.json
@ -213,7 +213,7 @@
        "loading": "Čakajte prosím ...",
        "login_time": "Čas prihlásenia",
        "logo_info": "Váš obrázok bude upravený na výšku 40px pre vrchný navigačný riadok a na maximálnu šírku 250px pre úvodnú stránku. Odporúča sa škálovateľná grafika.",
-        "lookup_mx": "Cieľ je regulárny výraz ktorý sa porovnáva s MX záznamom (<code>.*google\\.com</code> smeruje všetku poštu určenú pre MX ktoré sú cieľom pre google.com cez tento skok)",
+        "lookup_mx": "Cieľ je regulárny výraz ktorý sa porovnáva s MX záznamom (<code>.*\\.google\\.com</code> smeruje všetku poštu určenú pre MX ktoré sú cieľom pre google.com cez tento skok)",
        "main_name": "\"mailcow UI\" názov",
        "merged_vars_hint": "Sivé riadky boli načítané z <code>vars.(local.)inc.php</code> a nemôžu byť modifikované cez UI.",
        "message": "Správa",
@ -539,7 +539,7 @@
        "inactive": "Neaktívny",
        "kind": "Druh",
        "last_modified": "Naposledy upravené",
-        "lookup_mx": "Cieľ je regulárny výraz ktorý sa zhoduje s MX záznamom (<code>.*google\\.com</code> smeruje všetku poštu na MX ktoré sú cieľom pre google.com cez tento skok)",
+        "lookup_mx": "Cieľ je regulárny výraz ktorý sa zhoduje s MX záznamom (<code>.*\\.google\\.com</code> smeruje všetku poštu na MX ktoré sú cieľom pre google.com cez tento skok)",
        "mailbox": "Upraviť mailovú schránku",
        "mailbox_quota_def": "Predvolená veľkosť mailovej schránky",
        "mailbox_relayhost_info": "Aplikované len na používateľské schránky a priame aliasy, prepisuje doménového preposielateľa.",
--- a/data/web/lang/lang.zh-cn.json
+++ b/data/web/lang/lang.zh-cn.json
@ -213,7 +213,7 @@
        "loading": "请等待...",
        "login_time": "登录时间",
        "logo_info": "你的图片将会在顶部导航栏被缩放为 40px 高，在起始页被缩放为最大 250px 高。强烈推荐使用能较好适应缩放的图片。",
-        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*\\.google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
        "main_name": "Mailcow UI 的名称",
        "merged_vars_hint": "灰色行来自 <code>vars.(local.)inc.php</code> 文件并且无法修改。",
        "message": "消息",
@ -544,7 +544,7 @@
        "hostname": "主机名",
        "inactive": "禁用",
        "kind": "类型",
-        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
+        "lookup_mx": "应当为一个正则表达式，用于匹配 MX 记录 (例如 <code>.*\\.google\\.com</code> 将转发所有拥有以 google.com 结尾的 MX 记录的邮件)",
        "mailbox": "编辑邮箱",
        "mailbox_quota_def": "邮箱默认配额",
        "mailbox_relayhost_info": "只适用于邮箱和邮箱别名，不会覆盖域名的中继主机。",
--- a/data/web/lang/lang.zh-tw.json
+++ b/data/web/lang/lang.zh-tw.json
@ -213,7 +213,7 @@
        "loading": "請稍等...",
        "login_time": "登入時間",
        "logo_info": "你的起始頁面圖片會在頂部導覽列的限制下被縮放為 40px 高，以及最大 250px 高度。強烈推薦使用能較好縮放的圖片。",
-        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
+        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*\\.google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
        "main_name": "\"mailcow UI\" 名稱",
        "merged_vars_hint": "灰色列來自 <code>vars.(local.)inc.php</code> 並且不能修改。",
        "message": "訊息",
@ -540,7 +540,7 @@
        "inactive": "停用",
        "kind": "種類",
        "last_modified": "上次修改時間",
-        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
+        "lookup_mx": "目的地是可以用來匹配 MX 紀錄的正規表達式 (<code>.*\\.google\\.com</code> 會將所有 MX 結尾於 google.com 的郵件轉發到此主機。)",
        "mailbox": "編輯信箱",
        "mailbox_quota_def": "預設信箱容量配額",
        "mailbox_relayhost_info": "只會套用於信箱和直接別名，不會覆寫域名中繼主機。",
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@ -60,7 +60,7 @@ elseif (isset($_GET['login'])) {
          ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
        ));
        // redirect to sogo (sogo will get the correct credentials via nginx auth_request
-        header("Location: /SOGo/so/${login}");
+        header("Location: /SOGo/so/{$login}");
        exit;
      }
    }
--- a/data/web/templates/admin/tab-config-admins.twig
+++ b/data/web/templates/admin/tab-config-admins.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show active" id="tab-config-admins" role="tabpanel" aria-labelledby="tab-config-admins">
+<div class="tab-pane fade show active" id="tab-config-admins" role="tabpanel" aria-labelledby="tab-config-admins">
  <div class="card mb-4">
    <div class="card-header bg-danger text-white d-flex fs-5">
      <button class="btn d-md-none text-white flex-grow-1 text-start" data-bs-target="#collapse-tab-config-admins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-admins">
@ -97,6 +97,39 @@
          <div class="col-lg-12">
            <p class="text-muted">{{ lang.admin.api_info|raw }}</p>
          </div>
+          <div class="col-lg-12">
+            <div class="card mb-3">
+              <div class="card-header">
+                <h4 class="card-title"><i class="bi bi-file-earmark-arrow-down"></i> {{ lang.admin.cors_settings }}</h4>
+              </div>
+              <div class="card-body">
+                <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" data-id="editcors" method="post">
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2 mb-4" for="allowed_origins">{{ lang.admin.allowed_origins }}</label>
+                    <div class="col-sm-9 mb-4">
+                      <textarea class="form-control textarea-code" rows="7" name="allowed_origins" id="allowed_origins">{{ cors_settings.allowed_origins }}</textarea>
+                    </div>
+                  </div>
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2" for="allowed_methods">{{ lang.admin.allowed_methods }}</label>
+                    <div class="col-sm-9">
+                      <select name="allowed_methods" id="allowed_methods" multiple class="form-control">
+                        <option value="POST"{% if "POST" in cors_settings.allowed_methods  %} selected{% endif %}>POST</option>
+                        <option value="GET"{% if "GET" in cors_settings.allowed_methods  %} selected{% endif %}>GET</option>
+                        <option value="DELETE"{% if "DELETE" in cors_settings.allowed_methods  %} selected{% endif %}>DELETE</option>
+                        <option value="PUT"{% if "PUT" in cors_settings.allowed_methods %} selected{% endif %}>PUT</option>
+                      </select>
+                    </div>
+                  </div>
+                  <div class="row mb-4">
+                    <div class="offset-sm-2 col-sm-9">
+                      <button class="btn btn-sm visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline btn-success" data-item="cors" data-api-url="edit/cors" data-id="editcors" data-action="edit_selected" href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+                    </div>
+                  </div>
+                </form>
+              </div>
+            </div>
+          </div>
          <div class="col-lg-6">
            <div class="card mb-3">
              <div class="card-header">
@ -194,7 +227,7 @@

  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dadmins" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-dadmins">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dadmins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-dadmins">
        {{ lang.admin.domain_admins }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.domain_admins }}</span>
--- a/data/web/templates/admin/tab-config-customize.twig
+++ b/data/web/templates/admin/tab-config-customize.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-customize" role="tabpanel" aria-labelledby="tab-config-customize">
+<div class="tab-pane fade" id="tab-config-customize" role="tabpanel" aria-labelledby="tab-config-customize">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-customize" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-customize">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-customize" data-bs-toggle="collapse" aria-controls="collapse-tab-config-customize">
        {{ lang.admin.customize }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.customize }}</span>
--- a/data/web/templates/admin/tab-config-dkim.twig
+++ b/data/web/templates/admin/tab-config-dkim.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-dkim" role="tabpanel" aria-labelledby="tab-config-dkim">
+<div class="tab-pane fade" id="tab-config-dkim" role="tabpanel" aria-labelledby="tab-config-dkim">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dkim" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-dkim">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dkim" data-bs-toggle="collapse" aria-controls="collapse-tab-config-dkim">
        {{ lang.admin.dkim_keys }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.dkim_keys }}</span>
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-f2b" role="tabpanel" aria-labelledby="tab-config-f2b">
+<div class="tab-pane fade" id="tab-config-f2b" role="tabpanel" aria-labelledby="tab-config-f2b">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-f2b" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-f2b">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-f2b" data-bs-toggle="collapse" aria-controls="collapse-tab-config-f2b">
        {{ lang.admin.f2b_parameters }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.f2b_parameters }}</span>
@ -92,16 +92,16 @@
      {% endif %}
      {% for active_ban in f2b_data.active_bans %}
        <p>
-          <span class="badge fs-5 bg-info" style="padding:4px;font-size:85%;">
+          <span class="badge fs-5 bg-info py-0">
            <i class="bi bi-funnel-fill"></i>
            <a href="https://bgp.he.net/ip/{{ active_ban.ip }}" target="_blank" style="color:white">
              {{ active_ban.network }}
            </a>
            ({{ active_ban.banned_until }}) -
            {% if active_ban.queued_for_unban == 0 %}
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[{{ lang.admin.queue_unban }}]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[{{ lang.admin.queue_unban }}]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
            {% else %}
            <i>{{ lang.admin.unban_pending }}</i>
            {% endif %}
--- a/data/web/templates/admin/tab-config-fwdhosts.twig
+++ b/data/web/templates/admin/tab-config-fwdhosts.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-fwdhosts" role="tabpanel" aria-labelledby="tab-config-fwdhosts">
+<div class="tab-pane fade" id="tab-config-fwdhosts" role="tabpanel" aria-labelledby="tab-config-fwdhosts">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-fwdhosts" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-fwdhosts">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-fwdhosts" data-bs-toggle="collapse" aria-controls="collapse-tab-config-fwdhosts">
        {{ lang.admin.forwarding_hosts }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.forwarding_hosts }}</span>
--- a/data/web/templates/admin/tab-config-oauth2.twig
+++ b/data/web/templates/admin/tab-config-oauth2.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-oauth2" role="tabpanel" aria-labelledby="tab-config-oauth2">
+<div class="tab-pane fade" id="tab-config-oauth2" role="tabpanel" aria-labelledby="tab-config-oauth2">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-oauth2" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-oauth2">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-oauth2" data-bs-toggle="collapse" aria-controls="collapse-tab-config-oauth2">
        {{ lang.admin.oauth2_apps }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.oauth2_apps }}</span>
--- a/data/web/templates/admin/tab-config-password-policy.twig
+++ b/data/web/templates/admin/tab-config-password-policy.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-password-policy" role="tabpanel" aria-labelledby="tab-config-password-policy">
+<div class="tab-pane fade" id="tab-config-password-policy" role="tabpanel" aria-labelledby="tab-config-password-policy">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-policy" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-password-policy">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-policy" data-bs-toggle="collapse" aria-controls="collapse-tab-config-password-policy">
        {{ lang.admin.password_policy }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.password_policy }}</span>
--- a/data/web/templates/admin/tab-config-quarantine.twig
+++ b/data/web/templates/admin/tab-config-quarantine.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-quarantine" role="tabpanel" aria-labelledby="tab-config-quarantine">
+<div class="tab-pane fade" id="tab-config-quarantine" role="tabpanel" aria-labelledby="tab-config-quarantine">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quarantine" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-quarantine">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quarantine" data-bs-toggle="collapse" aria-controls="collapse-tab-config-quarantine">
        {{ lang.admin.quarantine }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.quarantine }}</span>
--- a/data/web/templates/admin/tab-config-quota.twig
+++ b/data/web/templates/admin/tab-config-quota.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-quota" role="tabpanel" aria-labelledby="tab-config-quota">
+<div class="tab-pane fade" id="tab-config-quota" role="tabpanel" aria-labelledby="tab-config-quota">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quota" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-quota">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quota" data-bs-toggle="collapse" aria-controls="collapse-tab-config-quota">
        {{ lang.admin.quota_notifications }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.quota_notifications }}</span>
--- a/data/web/templates/admin/tab-config-rsettings.twig
+++ b/data/web/templates/admin/tab-config-rsettings.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-rsettings" role="tabpanel" aria-labelledby="tab-config-rsettings">
+<div class="tab-pane fade" id="tab-config-rsettings" role="tabpanel" aria-labelledby="tab-config-rsettings">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rsettings" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-rsettings">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rsettings" data-bs-toggle="collapse" aria-controls="collapse-tab-config-rsettings">
        {{ lang.admin.rspamd_settings_map }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.rspamd_settings_map }}</span>
--- a/data/web/templates/admin/tab-config-rspamd.twig
+++ b/data/web/templates/admin/tab-config-rspamd.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-rspamd" role="tabpanel" aria-labelledby="tab-config-rspamd">
+<div class="tab-pane fade" id="tab-config-rspamd" role="tabpanel" aria-labelledby="tab-config-rspamd">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rspamd" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-rspamd">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rspamd" data-bs-toggle="collapse" aria-controls="collapse-tab-config-rspamd">
        Rspamd UI
      </button>
      <span class="d-none d-md-block">Rspamd UI</span>
--- a/data/web/templates/admin/tab-globalfilter-regex.twig
+++ b/data/web/templates/admin/tab-globalfilter-regex.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-globalfilter-regex" role="tabpanel" aria-labelledby="tab-globalfilter-regex">
+<div class="tab-pane fade" id="tab-globalfilter-regex" role="tabpanel" aria-labelledby="tab-globalfilter-regex">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-regex" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-regex">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-regex" data-bs-toggle="collapse" aria-controls="collapse-tab-config-regex">
        {{ lang.admin.rspamd_global_filters }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.rspamd_global_filters }}</span>
--- a/data/web/templates/admin/tab-ldap.twig
+++ b/data/web/templates/admin/tab-ldap.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-ldap-admins" role="tabpanel" aria-labelledby="tab-config-ldap-admins">
+<div class="tab-pane fade" id="tab-config-ldap-admins" role="tabpanel" aria-labelledby="tab-config-ldap-admins">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-ldap-admins" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-ldap-admins">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-ldap-admins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-ldap-admins">
        {{ lang.admin.admins_ldap }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.admins_ldap }}</span>
--- a/data/web/templates/admin/tab-routing.twig
+++ b/data/web/templates/admin/tab-routing.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-routing" role="tabpanel" aria-labelledby="tab-routing">
+<div class="tab-pane fade" id="tab-routing" role="tabpanel" aria-labelledby="tab-routing">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-routing" data-bs-toggle="collapse" aria-controls="ollapse-tab-routing">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-routing" data-bs-toggle="collapse" aria-controls="collapse-tab-routing">
        {{ lang.admin.relayhosts }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.relayhosts }}</span>
@ -47,7 +47,7 @@

  <div class="card mb-4">
    <div class="card-header d-flex">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-maps" data-bs-toggle="collapse" aria-controls="ollapse-tab-maps">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-maps" data-bs-toggle="collapse" aria-controls="collapse-tab-maps">
        {{ lang.admin.transport_maps }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.transport_maps }}</span>
--- a/data/web/templates/admin/tab-sys-mails.twig
+++ b/data/web/templates/admin/tab-sys-mails.twig
@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-sys-mails" role="tabpanel" aria-labelledby="tab-sys-mails">
+<div class="tab-pane fade" id="tab-sys-mails" role="tabpanel" aria-labelledby="tab-sys-mails">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-sys-mails" data-bs-toggle="collapse" aria-controls="ollapse-tab-sys-mails">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-sys-mails" data-bs-toggle="collapse" aria-controls="collapse-tab-sys-mails">
        {{ lang.admin.sys_mails }}
      </button>
      <span class="d-none d-md-block">{{ lang.admin.sys_mails }}</span>
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@ -49,6 +49,12 @@
                          <p><b>{{ hostname }}</b></p>
                        </div></td>
                      </tr>
+                      <tr>
+                        <td>{{ lang.debug.architecture }}</td>
+                        <td class="text-break"><div>
+                          <p id="host_architecture">-</p>
+                        </div></td>
+                      </tr>
                      <tr>
                        <td>IPs</td>
                        <td class="text-break">
@ -70,7 +76,7 @@
                        <td>Version</td>
                        <td class="text-break">
                          <div class="fw-bolder">
-                            <p ><a href="#" id="maiclow_version">{{ mailcow_info.version_tag }}</a></p>
+                            <p ><a href="#" id="mailcow_version">{{ mailcow_info.version_tag }}</a></p>
                            <p id="mailcow_update"></p>
                          </div>
                        </td>
@ -491,8 +497,8 @@
            <legend>{{ lang.debug.history_all_servers }}</legend><hr />
            <a class="btn btn-sm btn-secondary dropdown-toggle mb-4" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
            <ul class="dropdown-menu">
-              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="100" href="#">+ 100</a></li>
-              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="1000" href="#">+ 1000</a></li>
+              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd-history" data-nrows="100" href="#">+ 100</a></li>
+              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd-history" data-nrows="1000" href="#">+ 1000</a></li>
              <li class="table_collapse_option"><hr class="dropdown-divider"></li>
              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>
--- a/data/web/templates/edit/mailbox.twig
+++ b/data/web/templates/edit/mailbox.twig
@ -109,25 +109,25 @@
        <label class="control-label col-sm-2">{{ lang.user.quarantine_notification }}</label>
        <div class="col-sm-10">
          <div class="btn-group" data-acl="{{ acl.quarantine_notification }}">
-            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary{% if quarantine_notification == 'never' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light{% if quarantine_notification == 'never' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_notification"
            data-api-url='edit/quarantine_notification'
            data-api-attr='{"quarantine_notification":"never"}'>{{ lang.user.never }}</button>
-            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary{% if quarantine_notification == 'hourly' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light{% if quarantine_notification == 'hourly' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_notification"
            data-api-url='edit/quarantine_notification'
            data-api-attr='{"quarantine_notification":"hourly"}'>{{ lang.user.hourly }}</button>
-            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary{% if quarantine_notification == 'daily' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light{% if quarantine_notification == 'daily' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_notification"
            data-api-url='edit/quarantine_notification'
            data-api-attr='{"quarantine_notification":"daily"}'>{{ lang.user.daily }}</button>
-            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-secondary{% if quarantine_notification == 'weekly' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-quart d-block d-sm-inline btn-light{% if quarantine_notification == 'weekly' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_notification"
@ -141,19 +141,19 @@
        <label class="control-label col-sm-2">{{ lang.user.quarantine_category }}</label>
        <div class="col-sm-10">
          <div class="btn-group" data-acl="{{ acl.quarantine_category }}">
-            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-secondary{% if quarantine_category == 'reject' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-light{% if quarantine_category == 'reject' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_category"
            data-api-url='edit/quarantine_category'
            data-api-attr='{"quarantine_category":"reject"}'>{{ lang.user.q_reject }}</button>
-            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-secondary{% if quarantine_category == 'add_header' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-light{% if quarantine_category == 'add_header' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_category"
            data-api-url='edit/quarantine_category'
            data-api-attr='{"quarantine_category":"add_header"}'>{{ lang.user.q_add_header }}</button>
-            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-secondary{% if quarantine_category == 'all' %} active{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-third d-block d-sm-inline btn-light{% if quarantine_category == 'all' %} btn-dark{% endif %}"
            data-action="edit_selected"
            data-item="{{ mailbox }}"
            data-id="quarantine_category"
@ -167,13 +167,13 @@
        <label class="control-label col-sm-2" for="sender_acl">{{ lang.user.tls_policy }}</label>
        <div class="col-sm-10">
          <div class="btn-group" data-acl="{{ acl.tls_policy }}">
-            <button type="button" class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary{% if get_tls_policy.tls_enforce_in == '1' %} active"{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-half d-block d-sm-inline btn-light{% if get_tls_policy.tls_enforce_in == '1' %} btn-dark"{% endif %}"
              data-action="edit_selected"
              data-item="{{ mailbox }}"
              data-id="tls_policy"
              data-api-url='edit/tls_policy'
              data-api-attr='{"tls_enforce_in": {% if get_tls_policy.tls_enforce_in == '1' %}0{% else %}1{% endif %} }'>{{ lang.user.tls_enforce_in }}</button>
-            <button type="button" class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary{% if get_tls_policy.tls_enforce_out == '1' %} active"{% endif %}"
+            <button type="button" class="btn btn-sm btn-xs-half d-block d-sm-inline btn-light{% if get_tls_policy.tls_enforce_out == '1' %} btn-dark"{% endif %}"
              data-action="edit_selected"
              data-item="{{ mailbox }}"
              data-id="tls_policy"
--- a/data/web/templates/mailbox/tab-bcc.twig
+++ b/data/web/templates/mailbox/tab-bcc.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-bcc" role="tabpanel" aria-labelledby="tab-bcc">
+<div class="tab-pane fade" id="tab-bcc" role="tabpanel" aria-labelledby="tab-bcc">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-bcc" data-bs-toggle="collapse" aria-controls="collapse-tab-bcc">
--- a/data/web/templates/mailbox/tab-domain-aliases.twig
+++ b/data/web/templates/mailbox/tab-domain-aliases.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
+<div class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-domain-aliases">
--- a/data/web/templates/mailbox/tab-domains.twig
+++ b/data/web/templates/mailbox/tab-domains.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show active" id="tab-domains" role="tabpanel" aria-labelledby="tab-domains">
+<div class="tab-pane fade show active" id="tab-domains" role="tabpanel" aria-labelledby="tab-domains">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domains" data-bs-toggle="collapse" aria-controls="collapse-tab-domains">
--- a/data/web/templates/mailbox/tab-filters.twig
+++ b/data/web/templates/mailbox/tab-filters.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-filters" role="tabpanel" aria-labelledby="tab-filters">
+<div class="tab-pane fade" id="tab-filters" role="tabpanel" aria-labelledby="tab-filters">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-filters" data-bs-toggle="collapse" aria-controls="collapse-tab-filters">
--- a/data/web/templates/mailbox/tab-mailboxes.twig
+++ b/data/web/templates/mailbox/tab-mailboxes.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mailboxes" role="tabpanel" aria-labelledby="tab-mailboxes">
+<div class="tab-pane fade" id="tab-mailboxes" role="tabpanel" aria-labelledby="tab-mailboxes">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mailboxes" data-bs-toggle="collapse" aria-controls="collapse-tab-mailboxes">
@ -54,6 +54,7 @@
            <li class="dropdown-header">SMTP</li>
            <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"smtp_access":1}' href="#">{{ lang.mailbox.activate }}</a></li>
            <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"smtp_access":0}' href="#">{{ lang.mailbox.deactivate }}</a></li>
+            <li><hr class="dropdown-divider"></li>
            <li class="dropdown-header">Sieve</li>
            <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"sieve_access":1}' href="#">{{ lang.mailbox.activate }}</a></li>
            <li><a class="dropdown-item" data-action="edit_selected" data-id="mailbox" data-api-url='edit/mailbox' data-api-attr='{"sieve_access":0}' href="#">{{ lang.mailbox.deactivate }}</a></li>
@ -61,7 +62,7 @@
          <a class="btn btn-sm btn-success" href="#" data-bs-toggle="modal" data-bs-target="#addMailboxModal"><i class="bi bi-plus-lg"></i> {{ lang.mailbox.add_mailbox }}</a>
        </div>
        <div class="btn-group d-none d-lg-flex">
-          <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>          
+          <a class="btn btn-sm btn-secondary" id="toggle_multi_select_all" data-id="mailbox" href="#"><i class="bi bi-check-all"></i> {{ lang.mailbox.toggle_all }}</a>
          <a class="btn btn-sm btn-xs-half btn-secondary dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
          <ul class="dropdown-menu">
            <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="mailbox_table">{{ lang.datatables.expand_all }}</a></li>
--- a/data/web/templates/mailbox/tab-mbox-aliases.twig
+++ b/data/web/templates/mailbox/tab-mbox-aliases.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mbox-aliases" role="tabpanel" aria-labelledby="tab-mbox-aliases">
+<div class="tab-pane fade" id="tab-mbox-aliases" role="tabpanel" aria-labelledby="tab-mbox-aliases">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mbox-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-mbox-aliases">
--- a/data/web/templates/mailbox/tab-resources.twig
+++ b/data/web/templates/mailbox/tab-resources.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-resources" role="tabpanel" aria-labelledby="tab-resources">
+<div class="tab-pane fade" id="tab-resources" role="tabpanel" aria-labelledby="tab-resources">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-resources" data-bs-toggle="collapse" aria-controls="collapse-tab-resources">
--- a/data/web/templates/mailbox/tab-syncjobs.twig
+++ b/data/web/templates/mailbox/tab-syncjobs.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-syncjobs"  role="tabpanel" aria-labelledby="tab-syncjobs">
+<div class="tab-pane fade" id="tab-syncjobs"  role="tabpanel" aria-labelledby="tab-syncjobs">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-syncjobs" data-bs-toggle="collapse" aria-controls="collapse-tab-syncjobs">
--- a/data/web/templates/mailbox/tab-templates-domains.twig
+++ b/data/web/templates/mailbox/tab-templates-domains.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show" id="tab-templates-domains" role="tabpanel" aria-labelledby="tab-templates-domains">
+<div class="tab-pane fade show" id="tab-templates-domains" role="tabpanel" aria-labelledby="tab-templates-domains">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-templates-domains" data-bs-toggle="collapse" aria-controls="collapse-tab-templates-domains">
--- a/data/web/templates/mailbox/tab-templates-mbox.twig
+++ b/data/web/templates/mailbox/tab-templates-mbox.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show" id="tab-templates-mbox" role="tabpanel" aria-labelledby="tab-templates-mbox">
+<div class="tab-pane fade show" id="tab-templates-mbox" role="tabpanel" aria-labelledby="tab-templates-mbox">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-templates-mbox" data-bs-toggle="collapse" aria-controls="collapse-tab-templates-mbox">
--- a/data/web/templates/mailbox/tab-tls-policy.twig
+++ b/data/web/templates/mailbox/tab-tls-policy.twig
@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade{% if mailcow_cc_role != 'admin' %} d-none{% endif %}" id="tab-tls-policy" role="tabpanel" aria-labelledby="tab-tls-policy">
+<div class="tab-pane fade{% if mailcow_cc_role != 'admin' %} d-none{% endif %}" id="tab-tls-policy" role="tabpanel" aria-labelledby="tab-tls-policy">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-tls-policy" data-bs-toggle="collapse" aria-controls="collapse-tab-tls-policy">
--- a/data/web/templates/user.twig
+++ b/data/web/templates/user.twig
@ -12,11 +12,21 @@
        <li><button class="dropdown-item" role="tab" aria-selected="false" aria-controls="tab-config-f2b" data-bs-toggle="tab" data-bs-target="#tab-user-settings">{{ lang.user.mailbox_settings }}</button></li>
      </ul>
    </li>
+    {% if acl.spam_alias == 1 %}
    <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="SpamAliases" role="tab" data-bs-toggle="tab" data-bs-target="#SpamAliases">{{ lang.user.spam_aliases }}</button></li>
+    {% endif %}
+    {% if acl.spam_score == 1 %}
    <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="Spamfilter" role="tab" data-bs-toggle="tab" data-bs-target="#Spamfilter">{{ lang.user.spamfilter }}</button></li>
+    {% endif %}
+    {% if acl.syncjobs == 1 %}
    <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="Syncjobs" role="tab" data-bs-toggle="tab" data-bs-target="#Syncjobs">{{ lang.user.sync_jobs }}</button></li>
+    {% endif %}
+    {% if acl.app_passwds == 1 %}
    <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="AppPasswds" role="tab" data-bs-toggle="tab" data-bs-target="#AppPasswds">{{ lang.user.app_passwds }}</button></li>
+    {% endif %}
+    {% if acl.pushover == 1 %}
    <li class="nav-item" role="presentation"><button class="nav-link" role="tab" aria-selected="false" aria-controls="Pushover" role="tab" data-bs-toggle="tab" data-bs-target="#Pushover">Pushover API</button></li>
+    {% endif %}
  </ul>

  <div class="row">
@ -25,11 +35,11 @@
        {% include 'user/tab-user-auth.twig' %}
        {% include 'user/tab-user-details.twig' %}
        {% include 'user/tab-user-settings.twig' %}
-        {% include 'user/SpamAliases.twig' %}
-        {% include 'user/Spamfilter.twig' %}
-        {% include 'user/Syncjobs.twig' %}
-        {% include 'user/AppPasswds.twig' %}
-        {% include 'user/Pushover.twig' %}
+        {% if acl.spam_alias == 1 %}{% include 'user/SpamAliases.twig' %}{% endif %}
+        {% if acl.spam_score == 1 %}{% include 'user/Spamfilter.twig' %}{% endif %}
+        {% if acl.syncjobs == 1 %}{% include 'user/Syncjobs.twig' %}{% endif %}
+        {% if acl.app_passwds == 1 %}{% include 'user/AppPasswds.twig' %}{% endif %}
+        {% if acl.pushover == 1 %}{% include 'user/Pushover.twig' %}{% endif %}
      </div>
    </div>
  </div>
--- a/data/web/templates/user/AppPasswds.twig
+++ b/data/web/templates/user/AppPasswds.twig
@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="AppPasswds" role="tabpanel" aria-labelledby="AppPasswds">
+<div class="tab-pane fade" id="AppPasswds" role="tabpanel" aria-labelledby="AppPasswds">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-AppPasswds" data-bs-toggle="collapse" aria-controls="collapse-tab-AppPasswds">
        {{ lang.user.app_passwds }}
      </button>
-      <span class="d-none d-md-block">{{ lang.user.app_passwds }}
+      <span class="d-none d-md-block">{{ lang.user.app_passwds }}</span>
    </div>
    <div id="collapse-tab-AppPasswds" class="card-body collapse" data-bs-parent="#user-content">
      <div class="mass-actions-user mb-4">
--- a/data/web/templates/user/Pushover.twig
+++ b/data/web/templates/user/Pushover.twig
@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="Pushover" role="tabpanel" aria-labelledby="Pushover">
+<div class="tab-pane fade" id="Pushover" role="tabpanel" aria-labelledby="Pushover">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-Pushover" data-bs-toggle="collapse" aria-controls="collapse-tab-Pushover">
        Pushover API
      </button>
-      <span class="d-none d-md-block">Pushover API
+      <span class="d-none d-md-block">Pushover API</span>
    </div>
    <div id="collapse-tab-Pushover" class="card-body collapse" data-bs-parent="#user-content">
      <form data-id="pushover" class="form well" method="post">
--- a/data/web/templates/user/SpamAliases.twig
+++ b/data/web/templates/user/SpamAliases.twig
@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="SpamAliases" role="tabpanel" aria-labelledby="SpamAliases">
+<div class="tab-pane fade" id="SpamAliases" role="tabpanel" aria-labelledby="SpamAliases">
  <div class="card mb-4">
    <div class="card-header d-flex fs-5">
      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-SpamAliases" data-bs-toggle="collapse" aria-controls="collapse-tab-SpamAliases">
        {{ lang.user.spam_aliases }}
      </button>
-      <span class="d-none d-md-block">{{ lang.user.spam_aliases }}
+      <span class="d-none d-md-block">{{ lang.user.spam_aliases }}</span>
    </div>
    <div id="collapse-tab-SpamAliases" class="card-body collapse" data-bs-parent="#user-content">
      <div class="row">
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Patrick Schult	d6c3c58f42	Merge pull request #5360 from mailcow/staging 2023-08 - DQS Hotfixes	2023-08-03 11:36:53 +02:00
FreddleSpl0it	b050cb9864	[Postfix] remove dnsbl_reply.map if not required	2023-08-03 09:00:08 +02:00
Patrick Schult	e176724775	Merge pull request #5357 from DocFraggle/staging Add postscreen_dnsbl_reply_map to avoid disclosure of DQS key	2023-08-03 08:15:16 +02:00
DocFraggle	8f9ed9e0df	Merge branch 'staging' into staging	2023-08-02 20:20:18 +02:00
FreddleSpl0it	003eecf131	[Postfix] remove spamhaus dbl and zrd from postscreen_dnsbl_sites	2023-08-02 17:08:55 +02:00
Patrick Schult	180b9fc8d2	Merge pull request #5359 from mailcow/fix/gen-dnsbl [Postfix] rework dns_blocklists.cf generation	2023-08-02 16:51:56 +02:00
FreddleSpl0it	5d3491c801	[Postfix] only apply DNSBL if dns_blocklists.cf is not empty	2023-08-02 16:48:22 +02:00
FreddleSpl0it	c45684b986	[Postfix] rework dns_blocklists.cf generation	2023-08-02 16:36:59 +02:00
Patrick Schult	5c886d2f4e	Merge pull request #5356 from sriccio/fix-postfix-merge-order Fix main.cf merging order	2023-08-02 15:17:20 +02:00
Christian Hailer	9f39af46aa	Add postscreen_dnsbl_reply_map to avoid disclosure of DQS key with Spamhaus setup	2023-08-01 16:12:44 +02:00
Sébastien RICCIO	7cda9f063f	Fix for fix I did not paid attention to the "User overrides" sed/q	2023-08-01 13:59:23 +02:00
Sébastien RICCIO	5e7583c5e6	Fix main.cf merging order Now the dnsbl files are merged before extra.cf	2023-08-01 10:49:26 +02:00
Niklas Meyer	a1fb962215	Merge pull request #5350 from mailcow/staging 2023-07a	2023-07-31 14:52:24 +02:00
Niklas Meyer	57d849a51b	Merge pull request #5349 from DocFraggle/spamhaus_domains Fix spamhaus query domains (.net only)	2023-07-31 14:34:01 +02:00
Hailer, Christian	3000da6b88	Fix spamhaus query domains (.net only)	2023-07-31 13:50:36 +02:00
Niklas Meyer	db75cbbcb0	Merge pull request #5347 from mailcow/feat/sogo-5.8.4 Update SOGo to 5.8.4	2023-07-31 12:36:24 +02:00
Niklas Meyer	22acbb6b57	Merge pull request #5267 from mailcow/update/postscreen_access.cidr [Postfix] update postscreen_access.cidr	2023-07-31 12:06:41 +02:00
milkmaker	31cb0f7db1	update postscreen_access.cidr	2023-07-31 10:06:07 +00:00
DerLinkman	6d17b9f504	Added dns_blocklists.cf for customizations	2023-07-31 12:03:31 +02:00
DerLinkman	0f337971ff	Reimplemented option for custom dnsbls	2023-07-31 12:03:07 +02:00
DerLinkman	6cf2775e7e	Fix Reponse Code for ASN Checks	2023-07-31 12:01:34 +02:00
Niklas Meyer	dabf9104ed	Merge pull request #5342 from DocFraggle/mailcow_spamhaus dns_blocklists.cf isn't appended to main.cf and therefore ineffective…	2023-07-30 19:02:01 +02:00
Christian Hailer	952ddb18fd	dns_blocklists.cf isn't appended to main.cf and therefore ineffective #5340	2023-07-30 18:56:52 +02:00
DerLinkman	34d990a800	Removed obsolete whois package	2023-07-28 20:35:28 +02:00
DerLinkman	020cb21b35	Added remote Bad ASN Check for Spamhaus DNSBL	2023-07-28 20:33:12 +02:00
DerLinkman	525364ba65	Implemented remote Bad AS lookup	2023-07-28 20:27:38 +02:00
DerLinkman	731fabef58	Fixed Syntax error in generate_config.sh	2023-07-28 12:20:47 +02:00
DerLinkman	c10be77a1b	Fixed Syntax error in generate_config.sh	2023-07-28 12:13:07 +02:00
DerLinkman	a8bc4e3f37	Merge branch 'staging'	2023-07-28 10:35:17 +02:00
DerLinkman	815572f200	Merge branch 'feat/spamhaus-dqs-asn' into staging	2023-07-28 10:33:34 +02:00
Patrick Schult	23fc54f2cf	Merge pull request #5332 from mailcow/staging 2023-07	2023-07-28 10:26:49 +02:00
FreddleSpl0it	11407973b1	[Web] change style of f2b active ban actions	2023-07-27 14:19:18 +02:00
FreddleSpl0it	b9867e3fe0	[Web] change style of f2b active ban actions	2023-07-27 14:16:11 +02:00
FreddleSpl0it	3814c3294f	[Web] add edit/cors api endpoint to swagger	2023-07-27 13:45:57 +02:00
FreddleSpl0it	9c44b5e546	[Web] display is_catch_all and aliases_send_as_all if not empty #5320	2023-07-27 12:10:01 +02:00
FreddleSpl0it	cd635ec813	[Dockerapi] Update to 2.05	2023-07-27 11:30:47 +02:00
FreddleSpl0it	03831149f8	[Web] fix visual bug #5322	2023-07-27 11:28:49 +02:00
renovate[bot]	521120a448	Update dependency nextcloud/server to v27.0.1 (#5324 ) Signed-off-by: milkmaker <milkmaker@mailcow.de> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-07-24 10:43:00 +02:00
DerLinkman	ec8d298c36	Update postfix.sh to include pbl for dqs	2023-07-13 16:42:59 +02:00
Patrick Schult	03580cbf39	Merge pull request #5315 from SnailShea/fix/twig-typos Fixes several instances of missing </span>, extra role='tabpanel' and…	2023-07-12 08:55:28 +02:00
Niklas Meyer	2b009c71c1	Merge pull request #5316 from mailcow/feat/rspamd-securite-symbols [Rspamd] Native mailcow Support for Securite ClamAV Signatures	2023-07-12 08:27:20 +02:00
SnailShea	b903cf3888	Fixes several instances of missing </span>, extra role='tabpanel' and misspelled 'collapse'	2023-07-11 19:00:05 -04:00
Patrick Schult	cf239dd6b2	Merge pull request #5215 from goodygh/5136-fix-logger-error-handling [web] logger pdo exception handling workaround	2023-07-10 10:31:38 +02:00
Patrick Schult	a0723f60d2	Merge pull request #5221 from mailcow/fix/dot-stuffing-bcc [Rspamd] add dot-stuffing to bcc forwarding	2023-07-10 10:07:31 +02:00
Patrick Schult	da8e496430	Merge pull request #5310 from mailcow/feat/ha-pubsub [Dockerapi] add redis pubsub handler for broadcasting requests	2023-07-10 10:05:07 +02:00
Patrick Schult	722134e474	Merge pull request #5312 from mailcow/fix/ui-logs [Web] fix loading rspamd-history	2023-07-10 10:03:29 +02:00
FreddleSpl0it	cb1a11e551	[Web] fix rspamd-history	2023-07-10 09:35:51 +02:00
Patrick Schult	8984509f58	Merge pull request #5213 from mailcow/feat/cors [Web] add cors to json_api	2023-07-07 14:13:09 +02:00
FreddleSpl0it	0f0d43b253	[Dockerapi] add missing import os	2023-07-07 11:32:28 +02:00
FreddleSpl0it	0f6956572e	[Web] add CLUSTERMODE environment variable	2023-07-07 09:58:51 +02:00
Niklas Meyer	29892dc694	Merge pull request #5262 from mailcow/fix-5252 Rspamd returns 401 on unsuccesful logins	2023-06-27 11:16:34 +02:00
Niklas Meyer	14265f3de8	Merge pull request #5263 from mailcow:update-api [API] Update swagger version to 5.1.0	2023-06-27 10:41:24 +02:00
Niklas Meyer	0863bffdd2	Merge pull request #5283 from superpuffin:master Update nextcloud heper script to disable SMTP TLS host verification	2023-06-27 10:40:06 +02:00
Niklas Meyer	3b748a30cc	Merge pull request #5284 from mailcow:renovate/nextcloud-server-27.x Update dependency nextcloud/server to v27	2023-06-27 10:39:08 +02:00
DerLinkman	5619175108	Upate SOGo to 5.8.4	2023-06-27 10:36:53 +02:00
DerLinkman	6e9c024b3c	Changed weight to score for CLAMD_SPAM	2023-06-27 10:28:52 +02:00
DerLinkman	8cd4ae1e34	Improved Scores	2023-06-23 16:19:37 +02:00
DerLinkman	689856b186	New Symbols defined for Security ClamAV DBs	2023-06-23 16:13:25 +02:00
DerLinkman	7b645303d6	Added Colorful Outputs for the Spamhaus info in PF	2023-06-23 15:54:49 +02:00
DerLinkman	408381bddb	Update Postfix image to 1.69 + improvements	2023-06-23 15:48:13 +02:00
DerLinkman	380cdab6fc	Removed dnsbl from main.cf	2023-06-23 14:26:17 +02:00
DerLinkman	03b7a8d639	Implemented Postfix Blocklist generation	2023-06-23 14:25:07 +02:00
DerLinkman	bf6a61fa2d	Small corrections to update/generate.sh	2023-06-23 14:20:06 +02:00
DerLinkman	1de47072f8	Added DQS Values to update.sh/generate + check of variable	2023-06-23 12:26:57 +02:00
Peter	c0c46b7cf5	[API] Update swagger version	2023-06-19 21:35:10 +02:00
Peter	42a91af7ac	[API] Update swagger version	2023-06-15 19:20:09 +02:00
renovate[bot]	6e1ee638ff	Update dependency nextcloud/server to v27 Signed-off-by: milkmaker <milkmaker@mailcow.de>	2023-06-13 14:02:53 +00:00
Yorgos Bos	61c8afa088	Fix smtp settings for nextcloud v26	2023-06-13 10:54:42 +02:00
renovate[bot]	c873a14127	Update thollander/actions-comment-pull-request action to v2.4.0 (#5280 ) Signed-off-by: milkmaker <milkmaker@mailcow.de> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-06-12 17:12:59 +02:00
FreddleSpl0it	06cce79806	[Dockerapi] add pubsub handler for broadcasting in ha setup	2023-06-12 16:37:48 +02:00
DerLinkman	0927c5df57	Fixed small typo in update.sh	2023-06-01 15:27:00 +02:00
Niklas Meyer	e691d2c782	Merge pull request #5266 from mailcow/staging [Dovecot] remove pass return in Dovecot lua auth	2023-05-30 16:57:10 +02:00
FreddleSpl0it	67510adb9e	[Dovecot] remove pass return in Dovecot lua auth	2023-05-30 16:47:03 +02:00
Niklas Meyer	490d553dfc	Merge pull request #5264 from mailcow/staging 2023-05a	2023-05-30 16:23:26 +02:00
DerLinkman	70aab7568e	Changed maintainers to tinc (Dockerfiles)	2023-05-30 16:20:35 +02:00
DerLinkman	f82aba3e26	[Dovecot] Update to 1.24	2023-05-30 16:18:14 +02:00
FreddleSpl0it	f80940efdc	[Dovecot] remove pass return in Dovecot lua auth	2023-05-30 09:09:41 +02:00
Peter	6f875398c0	[API] Update swagger version	2023-05-28 23:29:58 +02:00
Peter	7a582afbdc	Rspamd returns 401 on unsuccesful logins	2023-05-28 22:43:26 +02:00
renovate[bot]	38cd376228	Update dependency nextcloud/server to v26.0.2 (#5254 ) Signed-off-by: milkmaker <milkmaker@mailcow.de> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-05-28 15:48:28 +02:00
Niklas Meyer	74bcec45f1	Merge pull request #5250 from mailcow/staging 2023-05	2023-05-25 16:30:16 +02:00
Niklas Meyer	9700b3251f	Merge pull request #5214 from mailcow/feat/gh_actions_postscreen Add GitHub action update_postscreen_access_list.yml	2023-05-25 15:40:20 +02:00
Niklas Meyer	88b8d50cd5	Merge pull request #4028 from Daniel15/patch-2 Enable maildir_very_dirty_syncs by default	2023-05-24 11:00:38 +02:00
DerLinkman	55b0191050	[PHP] Update to 1.84	2023-05-23 10:46:21 +02:00
Peter	33c97fb318	change domain for docs	2023-05-10 20:32:38 +02:00
Niklas Meyer	23d33ad5a8	Merge pull request #5231 from mailcow/renovate/alpine-3.x Update alpine Docker tag to v3.18	2023-05-10 08:58:47 +02:00
renovate[bot]	bd6c98047a	Update alpine Docker tag to v3.18 Signed-off-by: milkmaker <milkmaker@mailcow.de>	2023-05-10 01:50:21 +00:00
Patrick Schult	73d6a29ae1	Merge pull request #5205 from mailcow/clean_sasl_log Clean up old entries from sasl_log	2023-05-09 09:49:40 +02:00
Patrick Schult	173e39c859	Merge pull request #5200 from mailcow/fix/delete-sender-acl [Web] Fix deleting sender_acl when mbox is deleted	2023-05-08 16:35:42 +02:00
Patrick Schult	c0745c5cde	Merge pull request #5197 from mailcow/fix/bcc-validation [Web] Fix BCC validation	2023-05-08 16:32:12 +02:00
Patrick Schult	1a6f93327e	Merge pull request #5203 from mailcow/feat/bad_asn Add IP Connect Inc to bad_asn.map	2023-05-08 16:01:44 +02:00
Patrick Schult	3c68a53170	Merge pull request #5201 from mailcow/fix/sieve-print [Dockerapi] Fix typo in dockerapi sieve print	2023-05-08 16:00:22 +02:00
Patrick Schult	e38c27ed67	Merge pull request #5211 from goodygh/5175-fix-mobileconfig-redirect [web] Fix typo in mobileconfig redirect	2023-05-08 15:55:50 +02:00
Patrick Schult	8eaf8bbbde	Merge pull request #5220 from mailcow/fix/bcc-selectpicker [Web] fix bcc localdest selectpicker	2023-05-08 15:53:53 +02:00
Patrick Schult	e015c7dbca	Merge pull request #5202 from mailcow/feat/user-acl-tabs [Web] hide user tabs if acl is missing	2023-05-08 15:48:52 +02:00
Patrick Schult	58452abcdf	Merge pull request #5204 from mailcow/fix/rspamd-table [Web] fix rspamd table on sm devices	2023-05-08 15:43:58 +02:00
Patrick Schult	2cbf0da137	Merge pull request #5198 from mailcow/fix/sorting-tla [Web] Fix temporary email aliases sorting	2023-05-08 15:29:32 +02:00
FreddleSpl0it	97a492b891	[Rspamd] add dot-stuffing to bcc forwarding	2023-05-03 15:04:09 +02:00
FreddleSpl0it	aabcd10539	[Web] fix bcc localdest selectpicker	2023-05-03 09:59:49 +02:00
milkmaker	ee607dc3cc	Translations update from Weblate (#5218 ) * [Web] Updated lang.en-gb.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.cs-cz.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.de-de.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.fr-fr.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.ro-ro.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.sk-sk.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.zh-cn.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.it-it.json Co-authored-by: Peter <magic@kthx.at> * [Web] Updated lang.zh-tw.json Co-authored-by: Peter <magic@kthx.at> --------- Co-authored-by: Peter <magic@kthx.at>	2023-05-02 18:29:38 +02:00
DerLinkman	1265302a8e	[DockerAPI] Update to 2.04	2023-05-02 18:11:59 +02:00
DerLinkman	b5acf56e20	Added Platform Information on Status Page	2023-05-02 18:11:10 +02:00
goodygh	9752313d24	logger pdo exception handling workaround	2023-04-29 02:39:04 +02:00
FreddleSpl0it	fe4a418af4	[Web] fix rspamd table scan_time on sm devices	2023-04-27 10:45:11 +02:00
Peter	e5f03e8526	Update update_postscreen_whitelist.sh	2023-04-26 18:44:35 +02:00
Peter	fb60c4a150	Add update_postscreen_access_list.yml	2023-04-26 18:43:54 +02:00
FreddleSpl0it	6b82284a41	[Web] cors - add check if origin is valid	2023-04-26 11:19:50 +02:00
FreddleSpl0it	192f67cd41	[Web] add cors to json_api	2023-04-26 10:46:07 +02:00
goodygh	fd203abd47	Fix typo in mobileconfig redirect	2023-04-25 22:11:04 +02:00
milkmaker	6b65f0fc74	[Web] Updated lang.ru-ru.json (#5210 ) Co-authored-by: Vakhtang <vakhtang.g.st@gmail.com>	2023-04-25 20:59:05 +02:00
Michael Kuron	856b3b62f2	Clean up old sasl_log entries	2023-04-22 14:16:42 +02:00
FreddleSpl0it	0372a2150d	[Web] fix rspamd table on sm devices	2023-04-21 20:14:43 +02:00
Peter	f3322c0577	Add IP Connect Inc	2023-04-21 19:43:20 +02:00
FreddleSpl0it	c2bcc4e086	[Web] hide user tabs if acl is missing	2023-04-21 17:03:40 +02:00
FreddleSpl0it	6e79c48640	[Dockerapi] Fix typo in dockerapi sieve print	2023-04-21 16:15:16 +02:00
FreddleSpl0it	d7dfa95e1b	[Web] Fix deleting sender_acl when mbox is deleted	2023-04-21 13:47:13 +02:00
FreddleSpl0it	cf1cc24e33	[Web] Fix temporary email aliases sorting	2023-04-21 12:26:50 +02:00
FreddleSpl0it	6824a5650f	[Web] Fix BCC validation	2023-04-21 11:21:43 +02:00
Niklas Meyer	73570cc8b5	Merge pull request #5196 from ewong012/staging	2023-04-21 08:14:24 +02:00
Ethan Wong	959dcb9980	[Update.sh] Fix install docs link Old link returns 404.	2023-04-20 13:52:46 -07:00
Patrick Schult	8f28666916	Merge pull request #5195 from mailcow/staging 2023-04b	2023-04-20 16:49:17 +02:00
Patrick Schult	3eaa5a626c	Merge pull request #5187 from mailcow/fix-5185 Nextcloud helperscript - redo PHP check	2023-04-20 14:20:03 +02:00
Patrick Schult	8c79056a94	Merge pull request #5194 from mailcow/renovate/nextcloud-server-26.x Update dependency nextcloud/server to v26.0.1	2023-04-20 14:19:19 +02:00
Patrick Schult	ed076dc23e	Merge pull request #5186 from goodygh/datatables_sorting [Web] Datatables sorting	2023-04-20 13:50:57 +02:00
FreddleSpl0it	be2286c11c	[Dockerapi] fix maildir cleanup for domains	2023-04-20 13:41:11 +02:00
renovate[bot]	0e24c3d300	Update dependency nextcloud/server to v26.0.1 Signed-off-by: milkmaker <milkmaker@mailcow.de>	2023-04-20 11:36:01 +00:00
FreddleSpl0it	e1d8df6580	[Web] check mailbox before replacing sogo_static_view	2023-04-20 13:20:51 +02:00
Patrick Schult	04a08a7d69	Merge pull request #5193 from mailcow/feat/update-sogo [SOGo] update sogo 5.8.2.20230419	2023-04-20 12:32:42 +02:00
FreddleSpl0it	3c0c8aa01f	[SOGo] update sogo 5.8.2.20230419	2023-04-20 12:07:21 +02:00
Patrick Schult	026b278357	Merge pull request #5183 from mailcow/fix/add-mbox-performance [Web] optimizing mailbox add/edit/delete performance	2023-04-20 11:34:41 +02:00
FreddleSpl0it	4121509ceb	[Web] optimizing update_sogo_static_view function	2023-04-20 11:28:59 +02:00
Patrick Schult	00ac61f0a4	Merge pull request #5184 from bdwebnet/fix/ui-allowed-protocols Added dropdown divider to "allowed protocols" selection on mailbox page	2023-04-19 17:31:05 +02:00
Patrick Schult	4bb0dbb2f7	Merge pull request #5191 from shiz0/patch-1 Fix Typo	2023-04-19 17:26:54 +02:00
Patrick Schult	13b6df74af	Merge pull request #5174 from bdwebnet/staging Fix error "Deprecated: Using ${var} in strings is deprecated, use {$…	2023-04-19 17:23:26 +02:00
FreddleSpl0it	5c025bf865	[Rspamd] rollback to 3.4	2023-04-19 17:03:04 +02:00
Hannes Happle	20fc9eaf84	Fix Typo	2023-04-16 14:32:44 +02:00
Peter	22a0479fab	Redo the PHP check grep	2023-04-13 21:11:40 +02:00
goodygh	3510d5617d	Fix sorting for active relayhost	2023-04-13 19:18:04 +02:00
goodygh	236d627fbd	Fix sorting for active transport map	2023-04-13 19:14:20 +02:00
goodygh	99739eada0	Fix sorting for active fowrardinghoststable	2023-04-13 19:01:03 +02:00
goodygh	7bfef57894	Fix sorting for active and tla on admins	2023-04-13 18:54:59 +02:00
goodygh	d9dfe15253	Fix sorting for active and tla on domain-admins	2023-04-13 18:54:08 +02:00
goodygh	3fe8aaa719	Fix sorting for active tls-policy-map	2023-04-13 18:14:18 +02:00
goodygh	78a8fac6af	Fix sorting for active bcc-map and recipient-map	2023-04-13 18:10:21 +02:00
bd	6986e7758f	Added dropdown divider to "allowed protocols" selection on mailbox page	2023-04-13 17:33:28 +02:00
BD	b4a9df76b8	Merge branch 'mailcow:staging' into staging	2023-04-13 17:22:13 +02:00
FreddleSpl0it	d9d958356a	[Web] optimizing update_sogo_static_view function	2023-04-13 14:35:55 +02:00
goodygh	96f954a4e2	Fix sorting for active syncjobs	2023-04-12 00:36:46 +02:00
goodygh	44585e1c15	Fix sorting datatable in domain aliases	2023-04-12 00:23:53 +02:00
goodygh	c737ff4180	Fix sorting datatable in aliases	2023-04-12 00:21:27 +02:00
goodygh	025279009d	Fix sorting for active resources	2023-04-12 00:17:41 +02:00
goodygh	a9dc13d567	Fix sorting datatable in mailbox templates	2023-04-12 00:15:16 +02:00
goodygh	c3ed01c9b5	Fix sorting for active mailboxes	2023-04-11 23:49:50 +02:00
goodygh	bd0b4a521e	Fix sorting datatable in domain templates	2023-04-11 23:42:43 +02:00
goodygh	800a0ace71	Fix sorting for active domain in domains table	2023-04-11 23:19:56 +02:00
goodygh	db97869472	Datatable hide sorting value	2023-04-11 23:18:13 +02:00
milkmaker	f681fcf154	[Web] Updated lang.cs-cz.json (#5177 ) Co-authored-by: utaxiu <kontakt@malyjakub.cz>	2023-04-11 17:38:39 +02:00
Patrick Schult	db1b5956fc	Merge pull request #5133 from FELDSAM-INC/feldsam/bs5-related-fixes BS5 related fixes	2023-04-11 06:35:41 +02:00
BD	bdb07061ed	Fix error "Deprecated: Using ${var} in strings is deprecated, use {$var} instead in /web/sogo-auth.php on line 63"	2023-04-08 17:29:34 +02:00
Kristian Feldsam	80dacc015a	[web] fixed mailbox/user settings buttons styling Signed-off-by: Kristian Feldsam <feldsam@gmail.com> [web] fixed mailbox/user settings buttons styling Signed-off-by: Kristian Feldsam <feldsam@gmail.com>	2023-03-31 13:19:20 +02:00
Kristian Feldsam	e5e6418be8	[web] fixed tooltips in ajax loaded alias table Signed-off-by: Kristian Feldsam <feldsam@gmail.com>	2023-03-20 01:38:34 +01:00
Kristian Feldsam	6507b53bbb	[web] fix mailbox badge height Signed-off-by: Kristian Feldsam <feldsam@gmail.com>	2023-03-20 01:38:31 +01:00
Daniel Lo Nigro	1606658cb1	Add missing spaces	2021-08-28 20:02:39 -07:00
Daniel Lo Nigro	54ba66733e	Enable maildir_very_dirty_syncs rather than just adding comment	2021-05-02 16:39:26 -07:00
Daniel Lo Nigro	f6847e6f8c	Add comment about maildir_very_dirty_syncs to dovecot.conf	2021-03-13 10:46:32 -08:00