Merge branch 'master' into feature/fts-xapian

[XAPIAN] Added Solr Replacement [BETA]

.github/workflows/close_old_issues_and_prs.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v8.0.0
+        uses: actions/stale@v7.0.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

.gitignore

@@ -13,6 +13,7 @@ data/conf/dovecot/acl_anyone
 data/conf/dovecot/dovecot-master.passwd
 data/conf/dovecot/dovecot-master.userdb
 data/conf/dovecot/extra.conf
+data/conf/dovecot/dovecot-fts-flatcurve.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua

data/Dockerfiles/dockerapi/dockerapi.py

@@ -380,12 +380,7 @@ class DockerUtils:
     if 'maildir' in request_json:
       for container in self.docker_client.containers.list(filters={"id": container_id}):
         sane_name = re.sub(r'\W+', '', request_json['maildir'])
-        vmail_name = request_json['maildir'].replace("'", "'\\''")
-        index_name = request_json['maildir'].split("/")
-        index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
-        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
-        cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
-        cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
         maildir_cleanup = container.exec_run(cmd, user='vmail')
         return exec_run_handler('generic', maildir_cleanup)
   # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password

data/Dockerfiles/dovecot/Dockerfile

@@ -1,27 +1,17 @@
-FROM debian:bullseye-slim
+FROM debian:bullseye-slim as build
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
-ARG DOVECOT=2.3.20
-# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
-ARG GOSU_VERSION=1.16
+ARG DOVECOT=2.3.19.1
+ARG FLATCURVE=v0.3.2
+ARG XAPIAN=1.4.21
 ENV LC_ALL C
 
 
 # Add groups and users before installing Dovecot to not break compatibility
-RUN groupadd -g 5000 vmail \
-  && groupadd -g 401 dovecot \
-  && groupadd -g 402 dovenull \
-  && groupadd -g 999 sogo \
-  && usermod -a -G sogo nobody \
-  && useradd -g vmail -u 5000 vmail -d /var/vmail \
-  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
-  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
-  && touch /etc/default/locale \
+RUN touch /etc/default/locale \
   && apt-get update \
   && apt-get -y --no-install-recommends install \
-  build-essential \
   apt-transport-https \
   ca-certificates \
   cpanminus \
@@ -62,7 +52,6 @@ RUN groupadd -g 5000 vmail \
   libproc-processtable-perl \
   libreadonly-perl \
   libregexp-common-perl \
-  libssl-dev \
   libsys-meminfo-perl \
   libterm-readkey-perl \
   libtest-deep-perl \
@@ -78,7 +67,13 @@ RUN groupadd -g 5000 vmail \
   libunicode-string-perl \
   liburi-perl \
   libwww-perl \
+  libstemmer-dev \
+  libexttextcat-dev \
+  libldap-dev \
+  libghc-bzlib-dev \
   lua-sql-mysql \
+  liblz4-dev \
+  libzstd-dev \
   lua-socket \
   mariadb-client \
   procps \
@@ -89,32 +84,152 @@ RUN groupadd -g 5000 vmail \
   syslog-ng-core \
   syslog-ng-mod-redis \
   wget \
+  git \
+  bison \
+  flex \
+  build-essential \
+  autoconf \
+  automake \
+  libtool \
+  make \
+  libxapian-dev \
+  default-libmysqlclient-dev \
+  libicu-dev \
+  zlib1g-dev \
+  pkg-config \
+  libsqlite3-dev \
+  liblua5.3-dev \
   && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
   && chmod +x /usr/local/bin/gosu \
-  && gosu nobody true \
-  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
-  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
-  && apt-get update \
-  && apt-get -y --no-install-recommends install \
-  dovecot-lua \
-  dovecot-managesieved \
-  dovecot-sieve \
-  dovecot-lmtpd \
-  dovecot-ldap \
-  dovecot-mysql \
-  dovecot-core \
-  dovecot-pop3d \
-  dovecot-imapd \
-  dovecot-solr \
-  && pip3 install mysql-connector-python html2text jinja2 redis \
-  && apt-get autoremove --purge -y \
-  && apt-get autoclean \
-  && rm -rf /var/lib/apt/lists/* \
-  && rm -rf /tmp/* /var/tmp/* /root/.cache/
-# imapsync dependencies
-RUN cpan Crypt::OpenSSL::PKCS12
+  && gosu nobody true
+#  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
+#  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
+#  && apt-get update \
+#  && apt-get -y --no-install-recommends install \
+#  dovecot-lua \
+#  dovecot-managesieved \
+#  dovecot-sieve \
+#  dovecot-lmtpd \
+#  dovecot-ldap \
+#  dovecot-mysql \
+#  dovecot-core \
+#  dovecot-pop3d \
+#  dovecot-imapd \
+#  dovecot-dev
 
+RUN cd /tmp && git clone --depth 1 --branch ${DOVECOT} https://github.com/dovecot/core.git dovecot/core && cd dovecot/core \
+  && ./autogen.sh \
+  && PANDOC=false ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl --enable-maintainer-mode --with-sql=yes --with-lua=yes --with-mysql --with-ldap --with-zstd --with-lz4 --with-ssl=openssl --with-notify=inotify --with-bzlib --with-zlib --enable-hardening --with-stemmer --with-textcat --with-icu \
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN cd /tmp && git clone --depth 1 --branch release-0.5 https://github.com/dovecot/pigeonhole dovecot/pigeonhole && cd dovecot/pigeonhole \
+  && ./autogen.sh \
+  && ./configure --with-dovecot=/usr/lib/dovecot --with-managesieve\ 
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN  cd /tmp && wget https://oligarchy.co.uk/xapian/${XAPIAN}/xapian-core-${XAPIAN}.tar.xz && tar xf xapian-core-${XAPIAN}.tar.xz && cd xapian-core-${XAPIAN} \
+  && ./configure --prefix=/usr/local/xapian \
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN cd /tmp && git clone --depth 1 --branch ${FLATCURVE} https://github.com/slusarz/dovecot-fts-flatcurve.git dovecot/flatcurve && cd dovecot/flatcurve \
+  && ./autogen.sh \
+  && ./configure --with-dovecot=/usr/lib/dovecot \
+  && make -j6 \
+  && make install \
+  && make clean
+
+FROM debian:bullseye-slim
+RUN groupadd -g 5000 vmail \
+  && groupadd -g 401 dovecot \
+  && groupadd -g 402 dovenull \
+  && groupadd -g 999 sogo \
+  && usermod -a -G sogo nobody \
+  && useradd -g vmail -u 5000 vmail -d /var/vmail \
+  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
+  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
+  && apt update && apt install lua-socket \
+  mariadb-client \
+  libstemmer-dev \
+  libexttextcat-dev \
+  libicu-dev \
+  libxapian-dev \
+  libsqlite3-dev \
+  liblua5.3-dev \
+  lua-sql-mysql \
+  libldap-dev \
+  procps \
+  python3-pip \
+  redis-server \
+  supervisor \
+  syslog-ng \
+  syslog-ng-core \
+  syslog-ng-mod-redis \
+  cpanminus \
+  curl \
+  libauthen-ntlm-perl \
+  libcgi-pm-perl \
+  libcrypt-openssl-rsa-perl \
+  libcrypt-ssleay-perl \
+  libdata-uniqid-perl \
+  libdbd-mysql-perl \
+  libdbi-perl \
+  libdigest-hmac-perl \
+  libdist-checkconflicts-perl \
+  libencode-imaputf7-perl \
+  libfile-copy-recursive-perl \
+  libfile-tail-perl \
+  libhtml-parser-perl \
+  libio-compress-perl \
+  libio-socket-inet6-perl \
+  libio-socket-ssl-perl \
+  libio-tee-perl \
+  libipc-run-perl \
+  libjson-webtoken-perl \
+  liblockfile-simple-perl \
+  libmail-imapclient-perl \
+  libmodule-implementation-perl \
+  libmodule-scandeps-perl \
+  libnet-ssleay-perl \
+  libpackage-stash-perl \
+  libpackage-stash-xs-perl \
+  libpar-packer-perl \
+  libparse-recdescent-perl \
+  libproc-processtable-perl \
+  libreadonly-perl \
+  libregexp-common-perl \
+  libsys-meminfo-perl \
+  libterm-readkey-perl \
+  libtest-deep-perl \
+  libtest-fatal-perl \
+  libtest-mock-guard-perl \
+  libtest-mockobject-perl \
+  libtest-nowarnings-perl \
+  libtest-pod-perl \
+  libtest-requires-perl \
+  libtest-simple-perl \
+  libtest-warn-perl \
+  libtry-tiny-perl \
+  libunicode-string-perl \
+  liburi-perl \
+  libwww-perl \
+  dnsutils \
+  gettext-base -y --no-install-recommends \
+  && pip3 install mysql-connector-python html2text jinja2 redis
+COPY --from=build /usr/lib/dovecot /usr/lib/dovecot
+COPY --from=build /usr/bin/doveconf /usr/bin/doveconf
+COPY --from=build /usr/bin/doveadm /usr/bin/doveadm
+COPY --from=build /usr/bin/dovecot-sysreport /usr/bin/dovecot-sysreport
+COPY --from=build /usr/sbin/dovecot /usr/sbin/dovecot
+COPY --from=build /usr/libexec/dovecot/ /usr/libexec/dovecot/
+COPY --from=build /usr/local/bin /usr/local/bin
+COPY --from=build /usr/local/xapian/ /usr/local/xapian
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -109,17 +109,19 @@ EOF
 
 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
 
-if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${SKIP_XAPIAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
 
+sed -i 's/vsz_limit.*/vsz_limit = '${XAPIAN_HEAP}m/g /etc/dovecot/dovecot-fts-flatcurve.conf
+
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 # Autogenerated by mailcow
 driver = mysql

data/Dockerfiles/dovecot/imapsync

@@ -8492,7 +8492,6 @@ sub xoauth2
         require HTML::Entities ;
         require JSON ;
         require JSON::WebToken::Crypt::RSA ;
-        require Crypt::OpenSSL::PKCS12;
         require Crypt::OpenSSL::RSA ;
         require Encode::Byte ;
         require IO::Socket::SSL ;
@@ -8533,9 +8532,8 @@ sub xoauth2
 
             $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");
 
-            # Get private key from p12 file
-            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
-            $key = $pkcs12->private_key($keypass);
+            # Get private key from p12 file (would be better in perl...)
+            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;
 
             $sync->{ debug } and myprint( "Private key:\n$key\n");
         }

data/Dockerfiles/netfilter/server.py

@@ -64,40 +64,28 @@ def refreshF2boptions():
   global f2boptions
   global quit_now
   global exit_code
-
-  f2boptions = {}
-
   if not r.get('F2B_OPTIONS'):
-    f2boptions['ban_time'] = r.get('F2B_BAN_TIME')
-    f2boptions['max_ban_time'] = r.get('F2B_MAX_BAN_TIME')
-    f2boptions['ban_time_increment'] = r.get('F2B_BAN_TIME_INCREMENT')
-    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS')
-    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW')
-    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4')
-    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6')
+    f2boptions = {}
+    f2boptions['ban_time'] = int
+    f2boptions['max_attempts'] = int
+    f2boptions['retry_window'] = int
+    f2boptions['netban_ipv4'] = int
+    f2boptions['netban_ipv6'] = int
+    f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
+    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
+    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
+    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 32
+    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 128
+    r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
   else:
     try:
+      f2boptions = {}
       f2boptions = json.loads(r.get('F2B_OPTIONS'))
     except ValueError:
       print('Error loading F2B options: F2B_OPTIONS is not json')
       quit_now = True
       exit_code = 2
 
-  verifyF2boptions(f2boptions)
-  r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
-
-def verifyF2boptions(f2boptions):
-  verifyF2boption(f2boptions,'ban_time', 1800)
-  verifyF2boption(f2boptions,'max_ban_time', 10000)
-  verifyF2boption(f2boptions,'ban_time_increment', True)
-  verifyF2boption(f2boptions,'max_attempts', 10)
-  verifyF2boption(f2boptions,'retry_window', 600)
-  verifyF2boption(f2boptions,'netban_ipv4', 32)
-  verifyF2boption(f2boptions,'netban_ipv6', 128)
-
-def verifyF2boption(f2boptions, f2boption, f2bdefault):
-  f2boptions[f2boption] = f2boptions[f2boption] if f2boption in f2boptions and f2boptions[f2boption] is not None else f2bdefault
-
 def refreshF2bregex():
   global f2bregex
   global quit_now
@@ -159,7 +147,6 @@ def ban(address):
   global lock
   refreshF2boptions()
   BAN_TIME = int(f2boptions['ban_time'])
-  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
   MAX_ATTEMPTS = int(f2boptions['max_attempts'])
   RETRY_WINDOW = int(f2boptions['retry_window'])
   NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
@@ -187,16 +174,20 @@ def ban(address):
   net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
   net = str(net)
 
-  if not net in bans:
-    bans[net] = {'attempts': 0, 'last_attempt': 0, 'ban_counter': 0}
+  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
+    bans[net] = { 'attempts': 0 }
+    active_window = RETRY_WINDOW
+  else:
+    active_window = time.time() - bans[net]['last_attempt']
 
   bans[net]['attempts'] += 1
   bans[net]['last_attempt'] = time.time()
 
+  active_window = time.time() - bans[net]['last_attempt']
+
   if bans[net]['attempts'] >= MAX_ATTEMPTS:
     cur_time = int(round(time.time()))
-    NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
-    logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
+    logCrit('Banning %s for %d minutes' % (net, BAN_TIME / 60))
     if type(ip) is ipaddress.IPv4Address:
       with lock:
         chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW')
@@ -215,7 +206,7 @@ def ban(address):
         rule.target = target
         if rule not in chain.rules:
           chain.insert_rule(rule)
-    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + NET_BAN_TIME)
+    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + BAN_TIME)
   else:
     logWarn('%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))
 
@@ -247,8 +238,7 @@ def unban(net):
   r.hdel('F2B_ACTIVE_BANS', '%s' % net)
   r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
   if net in bans:
-    bans[net]['attempts'] = 0
-    bans[net]['ban_counter'] += 1
+    del bans[net]
 
 def permBan(net, unban=False):
   global lock
@@ -342,7 +332,7 @@ def watch():
               logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
               ban(addr)
     except Exception as ex:
-      logWarn('Error reading log line from pubsub: %s' % ex)
+      logWarn('Error reading log line from pubsub')
       quit_now = True
       exit_code = 2
 
@@ -376,8 +366,6 @@ def snat4(snat_target):
           chain.insert_rule(new_rule)
         else:
           for position, rule in enumerate(chain.rules):
-            if not hasattr(rule.target, 'parameter'):
-                continue
             match = all((
               new_rule.get_src() == rule.get_src(),
               new_rule.get_dst() == rule.get_dst(),
@@ -437,8 +425,6 @@ def autopurge():
     time.sleep(10)
     refreshF2boptions()
     BAN_TIME = int(f2boptions['ban_time'])
-    MAX_BAN_TIME = int(f2boptions['max_ban_time'])
-    BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
     MAX_ATTEMPTS = int(f2boptions['max_attempts'])
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
     if QUEUE_UNBAN:
@@ -446,9 +432,7 @@ def autopurge():
         unban(str(net))
     for net in bans.copy():
       if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
-        TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
-        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME or TIME_SINCE_LAST_ATTEMPT > MAX_BAN_TIME:
+        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
           unban(net)
 
 def isIpNetwork(address):

data/Dockerfiles/phpfpm/Dockerfile

@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.17
+FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
@@ -12,7 +12,7 @@ ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
-ARG COMPOSER_VERSION=2.5.5
+ARG COMPOSER_VERSION=2.5.4
 
 RUN apk add -U --no-cache autoconf \
   aspell-dev \
@@ -52,7 +52,6 @@ RUN apk add -U --no-cache autoconf \
   libxpm-dev \
   libzip \
   libzip-dev \
-  linux-headers \
   make \
   mysql-client \
   openldap-dev \
@@ -76,7 +75,7 @@ RUN apk add -U --no-cache autoconf \
     --with-webp \
     --with-xpm \
     --with-avif \
-  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
+  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
   && docker-php-ext-install -j 4 imap \
   && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
@@ -100,7 +99,6 @@ RUN apk add -U --no-cache autoconf \
     libxml2-dev \
     libxpm-dev \
     libzip-dev \
-    linux-headers \
     make \
     openldap-dev \
     pcre-dev \

data/assets/nextcloud/nextcloud.conf

@@ -24,7 +24,7 @@ server {
   add_header X-Download-Options "noopen" always;
   add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-Permitted-Cross-Domain-Policies "none" always;
-  add_header X-Robots-Tag "noindex, nofollow" always;
+  add_header X-Robots-Tag "none" always;
   add_header X-XSS-Protection "1; mode=block" always;
 
   fastcgi_hide_header X-Powered-By;

data/conf/dovecot/dovecot-fts-flatcurve.conf

@@ -0,0 +1,23 @@
+plugin {
+  fts = flatcurve
+  fts_autoindex = yes
+
+  fts_languages = en de  
+
+  fts_tokenizers = generic email-address
+  fts_tokenizer_generic = algorithm=simple
+  # All of these are optional, and indicate the default values.
+  # They are listed here for documentation purposes; most people should
+  # not need to define/override in their config.
+  fts_flatcurve_commit_limit = 500
+  fts_flatcurve_max_term_size = 30
+  fts_flatcurve_min_term_size = 2
+  fts_flatcurve_optimize_limit = 10
+  fts_flatcurve_rotate_size = 5000
+  fts_flatcurve_rotate_time = 5000
+  fts_flatcurve_substring_search = yes
+}
+
+service indexer-worker {
+    vsz_limit = 1024m
+}

data/conf/dovecot/dovecot.conf

@@ -11,6 +11,7 @@ auth_mechanisms = plain login
 #mail_debug = yes
 #auth_debug = yes
 log_path = syslog
+log_debug = category=fts-flatcurve
 disable_plaintext_auth = yes
 # Uncomment on NFS share
 #mmap_disable = yes
@@ -189,9 +190,6 @@ plugin {
   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
   acl = vfile
   acl_user = %u
-  fts = solr
-  fts_autoindex = yes
-  fts_solr = url=http://solr:8983/solr/dovecot-fts/
   quota = dict:Userquota::proxy::sqlquota
   quota_rule2 = Trash:storage=+100%%
   sieve = /var/vmail/sieve/%u.sieve
@@ -242,6 +240,7 @@ plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size
   mail_log_cached_only = yes
+
 }
 service quota-warning {
   executable = script /usr/local/bin/quota_notify.py
@@ -297,6 +296,7 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
 !include_try /etc/dovecot/extra.conf
 !include_try /etc/dovecot/sogo-sso.conf
 !include_try /etc/dovecot/shared_namespace.conf
+!include_try /etc/dovecot/dovecot-fts-flatcurve.conf
 # </Includes>
 default_client_limit = 10400
 default_vsz_limit = 1024 M

data/conf/rspamd/local.d/composites.conf

@@ -8,7 +8,7 @@ VIRUS_FOUND {
 }
 # Bad policy from free mail providers
 FREEMAIL_POLICY_FAILURE {
-  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies";
+  expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
   score = 16.0;
 }
 # Applies to freemail with undisclosed recipients

data/conf/rspamd/local.d/multimap.conf

@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }
 
 URLHAUS_ABUSE_CH {
-  type = "selector";
-  selector = "urls";
+  type = "url";
+  filter = "full";
   map = "https://urlhaus.abuse.ch/downloads/text_online/";
   score = 10.0;
 }

data/conf/sogo/sogo.conf

@@ -62,7 +62,7 @@
     SOGoFirstDayOfWeek = "1";
 
     SOGoSieveFolderEncoding = "UTF-8";
-    SOGoPasswordChangeEnabled = NO;
+    SOGoPasswordChangeEnabled = YES;
     SOGoSentFolderName = "Sent";
     SOGoMailShowSubscribedFoldersOnly = NO;
     NGImap4ConnectionStringSeparator = "/";

data/web/api/openapi.yaml

@@ -3176,10 +3176,8 @@ paths:
               example:
                 attr:
                   ban_time: "86400"
-                  ban_time_increment: "1"
                   blacklist: "10.100.6.5/32,10.100.8.4/32"
                   max_attempts: "5"
-                  max_ban_time: "86400"
                   netban_ipv4: "24"
                   netban_ipv6: "64"
                   retry_window: "600"
@@ -3193,17 +3191,11 @@ paths:
                       description: the backlisted ips or hostnames separated by comma
                       type: string
                     ban_time:
-                      description: the time an ip should be banned
+                      description: the time a ip should be banned
                       type: number
-                    ban_time_increment:
-                      description: if the time of the ban should increase each time
-                      type: boolean
                     max_attempts:
                       description: the maximum numbe of wrong logins before a ip is banned
                       type: number
-                    max_ban_time:
-                      description: the maximum time an ip should be banned
-                      type: number
                     netban_ipv4:
                       description: the networks mask to ban for ipv4
                       type: number
@@ -4121,12 +4113,10 @@ paths:
                 response:
                   value:
                     ban_time: 604800
-                    ban_time_increment: 1
                     blacklist: |-
                       45.82.153.37/32
                       92.118.38.52/32
                     max_attempts: 1
-                    max_ban_time: 604800
                     netban_ipv4: 32
                     netban_ipv6: 128
                     perm_bans:

data/web/inc/functions.fail2ban.inc.php

@@ -239,9 +239,7 @@ function fail2ban($_action, $_data = null) {
       $is_now = fail2ban('get');
       if (!empty($is_now)) {
         $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
-        $ban_time_increment = (isset($_data['ban_time_increment']) && $_data['ban_time_increment'] == "1") ? 1 : 0;
         $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['max_attempts']);
-        $max_ban_time = intval((isset($_data['max_ban_time'])) ? $_data['max_ban_time'] : $is_now['max_ban_time']);
         $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
         $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']);
         $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']);
@@ -258,8 +256,6 @@ function fail2ban($_action, $_data = null) {
       }
       $f2b_options = array();
       $f2b_options['ban_time'] = ($ban_time < 60) ? 60 : $ban_time;
-      $f2b_options['ban_time_increment'] = ($ban_time_increment == 1) ? true : false;
-      $f2b_options['max_ban_time'] = ($max_ban_time < 60) ? 60 : $max_ban_time;
       $f2b_options['netban_ipv4'] = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
       $f2b_options['netban_ipv6'] = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
       $f2b_options['netban_ipv4'] = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;

data/web/js/site/debug.js

@@ -1181,7 +1181,7 @@ jQuery(function($){
 
     if (table = $('#' + log_table).DataTable()) {
       var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows)
+      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)
 
       $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
         if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }

data/web/lang/lang.da-dk.json

@@ -4,15 +4,15 @@
         "app_passwds": "Administrer app-adgangskoder",
         "bcc_maps": "BCC kort",
         "delimiter_action": "Afgrænsning handling",
-        "eas_reset": "Nulstil EAS enheder",
+        "eas_reset": "Nulstil EAS endheder",
         "extend_sender_acl": "Tillad at udvide afsenderens ACL med eksterne adresser",
         "filters": "Filtre",
         "login_as": "Login som mailboks bruger",
-        "prohibited": "Nægtet af ACL",
-        "protocol_access": "Skift protokol adgang",
+        "prohibited": "Forbudt af ACL",
+        "protocol_access": "Ændre protokol adgang",
         "pushover": "Pushover",
-        "quarantine": "Karantænehandlinger",
-        "quarantine_attachments": "Karantænevedhæftede filer",
+        "quarantine": "Karantæneaktioner",
+        "quarantine_attachments": "Karantæne vedhæftede filer",
         "quarantine_notification": "Skift karantænemeddelelser",
         "ratelimit": "Satsgrænse",
         "recipient_maps": "Modtagerkort",
@@ -20,15 +20,12 @@
         "sogo_access": "Tillad styring af SOGo-adgang",
         "sogo_profile_reset": "Nulstil SOGo-profil",
         "spam_alias": "Midlertidige aliasser",
-        "spam_policy": "Sortliste/hvidliste",
+        "spam_policy": "Sortliste / hvidliste",
         "spam_score": "Spam-score",
         "syncjobs": "Synkroniserings job",
         "tls_policy": "TLS politik",
         "unlimited_quota": "Ubegrænset plads for mailbokse",
-        "domain_desc": "Skift domæne beskrivelse",
-        "domain_relayhost": "Skift relæ host for et domæne",
-        "mailbox_relayhost": "Skift relæ-host for en postkasse",
-        "quarantine_category": "Skift kategorien for karantænemeddelelse"
+        "domain_desc": "Skift domæne beskrivelse"
     },
     "add": {
         "activate_filter_warn": "Alle andre filtre deaktiveres, når aktiv er markeret.",
@@ -62,7 +59,7 @@
         "gal": "Global adresseliste",
         "gal_info": "GAL indeholder alle objekter i et domæne og kan ikke redigeres af nogen bruger. Information om ledig / optaget i SOGo mangler, hvis deaktiveret! <b> Genstart SOGo for at anvende ændringer. </b>",
         "generate": "generere",
-        "goto_ham": "Lær som <span class=\"text-success\"><b>ønsket</b></span>",
+        "goto_ham": "Lær som <span class=\"text-success\"><b>ham</b></span>",
         "goto_null": "Kassér e-mail i stilhed",
         "goto_spam": "Lær som <span class=\"text-danger\"><b>spam</b></span>",
         "hostname": "Vært",
@@ -83,7 +80,7 @@
         "private_comment": "Privat kommentar",
         "public_comment": "Offentlig kommentar",
         "quota_mb": "Kvota (Mb)",
-        "relay_all": "Besvar alle modtager",
+        "relay_all": "Send alle modtagere videre",
         "relay_all_info": "↪ Hvis du vælger <b> ikke </b> at videresende alle modtagere, skal du tilføje et (\"blind\") postkasse til hver enkelt modtager, der skal videresendes.",
         "relay_domain": "Send dette domæne videre",
         "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Du kan definere transportkort til en tilpasset destination for dette domæne. Hvis ikke indstillet, foretages der et MX-opslag.",
@@ -104,10 +101,7 @@
         "timeout2": "Timeout for forbindelse til lokal vært",
         "username": "Brugernavn",
         "validate": "Bekræft",
-        "validation_success": "Valideret med succes",
-        "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.<br>Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.",
-        "app_passwd_protocols": "Tilladte protokoller for app adgangskode",
-        "tags": "Tag's"
+        "validation_success": "Valideret med succes"
     },
     "admin": {
         "access": "Adgang",
@@ -314,10 +308,7 @@
         "username": "Brugernavn",
         "validate_license_now": "Valider GUID mod licensserver",
         "verify": "Verificere",
-        "yes": "&#10003;",
-        "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
-        "queue_unban": "unban",
-        "admins": "Administratorer"
+        "yes": "&#10003;"
     },
     "danger": {
         "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -434,8 +425,7 @@
         "username_invalid": "Brugernavn %s kan ikke bruges",
         "validity_missing": "Tildel venligst en gyldighedsperiode",
         "value_missing": "Angiv alle værdier",
-        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
-        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
+        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s"
     },
     "debug": {
         "chart_this_server": "Diagram (denne server)",
@@ -452,8 +442,7 @@
         "solr_status": "Solr-status",
         "started_on": "Startede den",
         "static_logs": "Statiske logfiler",
-        "system_containers": "System og Beholdere",
-        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
+        "system_containers": "System og Beholdere"
     },
     "diagnostics": {
         "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -564,11 +553,7 @@
         "title": "Rediger objekt",
         "unchanged_if_empty": "Lad være tomt, hvis uændret",
         "username": "Brugernavn",
-        "validate_save": "Valider og gem",
-        "admin": "Rediger administrator",
-        "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
-        "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
-        "quota_warning_bcc": "Kvoteadvarsel BCC"
+        "validate_save": "Valider og gem"
     },
     "footer": {
         "cancel": "Afbestille",
@@ -586,7 +571,7 @@
     "header": {
         "administration": "Konfiguration og detailer",
         "apps": "Apps",
-        "debug": "Information",
+        "debug": "Systemoplysninger",
         "email": "E-Mail",
         "mailcow_config": "Konfiguration",
         "quarantine": "Karantæne",
@@ -754,10 +739,7 @@
         "username": "Brugernavn",
         "waiting": "Venter",
         "weekly": "Ugentlig",
-        "yes": "&#10003;",
-        "goto_ham": "Lær som <b>ønsket</b>",
-        "catch_all": "Fang-alt",
-        "open_logs": "Åben logfiler"
+        "yes": "&#10003;"
     },
     "oauth2": {
         "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -1048,7 +1030,7 @@
         "spamfilter_table_empty": "Intet data at vise",
         "spamfilter_table_remove": "slet",
         "spamfilter_table_rule": "Regl",
-        "spamfilter_wl": "Hvidliste",
+        "spamfilter_wl": "Hvisliste",
         "spamfilter_wl_desc": "Hvidlistede e-mail-adresser til <b>aldrig</b> at klassificeres som spam. Wildcards kan bruges. Et filter anvendes kun på direkte aliaser (aliaser med en enkelt målpostkasse) eksklusive catch-aliaser og selve en postkasse.",
         "spamfilter_yellow": "Gul: denne besked kan være spam, vil blive tagget som spam og flyttes til din junk-mappe",
         "status": "Status",
@@ -1084,11 +1066,5 @@
         "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
         "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
         "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
-    },
-    "datatables": {
-        "lengthMenu": "Vis _MENU_ poster",
-        "paginate": {
-            "first": "Først"
-        }
     }
 }

data/web/lang/lang.de-de.json

@@ -175,12 +175,10 @@
         "empty": "Keine Einträge vorhanden",
         "excludes": "Diese Empfänger ausschließen",
         "f2b_ban_time": "Bannzeit in Sekunden",
-        "f2b_ban_time_increment": "Bannzeit erhöht sich mit jedem Bann",
         "f2b_blacklist": "Blacklist für Netzwerke und Hosts",
         "f2b_filter": "Regex-Filter",
         "f2b_list_info": "Ein Host oder Netzwerk auf der Blacklist wird immer eine Whitelist-Einheit überwiegen. <b>Die Aktualisierung der Liste dauert einige Sekunden.</b>",
         "f2b_max_attempts": "Max. Versuche",
-        "f2b_max_ban_time": "Maximale Bannzeit in Sekunden",
         "f2b_netban_ipv4": "Netzbereich für IPv4-Banns (8-32)",
         "f2b_netban_ipv6": "Netzbereich für IPv6-Banns (8-128)",
         "f2b_parameters": "Fail2ban-Parameter",

data/web/lang/lang.en-gb.json

@@ -177,12 +177,10 @@
         "empty": "No results",
         "excludes": "Excludes these recipients",
         "f2b_ban_time": "Ban time (s)",
-        "f2b_ban_time_increment": "Ban time is incremented with each ban",
         "f2b_blacklist": "Blacklisted networks/hosts",
         "f2b_filter": "Regex filters",
         "f2b_list_info": "A blacklisted host or network will always outweigh a whitelist entity. <b>List updates will take a few seconds to be applied.</b>",
         "f2b_max_attempts": "Max. attempts",
-        "f2b_max_ban_time": "Max. ban time (s)",
         "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
         "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
         "f2b_parameters": "Fail2ban parameters",

data/web/lang/lang.es-es.json

@@ -141,11 +141,9 @@
         "empty": "Sin resultados",
         "excludes": "Excluye a estos destinatarios",
         "f2b_ban_time": "Tiempo de restricción (s)",
-        "f2b_ban_time_increment": "Tiempo de restricción se incrementa con cada restricción",
         "f2b_blacklist": "Redes y hosts en lista negra",
         "f2b_list_info": "Un host o red en lista negra siempre superará a una entidad de la lista blanca. <b>Las actualizaciones de la lista tardarán unos segundos en aplicarse.</b>",
         "f2b_max_attempts": "Max num. de intentos",
-        "f2b_max_ban_time": "Max tiempo de restricción (s)",
         "f2b_netban_ipv4": "Tamaño de subred IPv4 para aplicar la restricción (8-32)",
         "f2b_netban_ipv6": "Tamaño de subred IPv6 para aplicar la restricción (8-128)",
         "f2b_parameters": "Parametros Fail2ban",

data/web/lang/lang.fr-fr.json

@@ -24,7 +24,7 @@
         "spam_policy": "Liste Noire/Liste Blanche",
         "spam_score": "Score SPAM",
         "syncjobs": "Tâches de synchronisation",
-        "tls_policy": "Politique TLS",
+        "tls_policy": "Police TLS",
         "unlimited_quota": "Quota illimité pour les boites de courriel",
         "domain_desc": "Modifier la description du domaine",
         "domain_relayhost": "Changer le relais pour un domaine",
@@ -106,8 +106,7 @@
         "validate": "Valider",
         "validation_success": "Validation réussie",
         "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
-        "tags": "Etiquettes",
-        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application"
+        "tags": "Etiquettes"
     },
     "admin": {
         "access": "Accès",
@@ -172,13 +171,11 @@
         "edit": "Editer",
         "empty": "Aucun résultat",
         "excludes": "Exclure ces destinataires",
-        "f2b_ban_time": "Durée du bannissement (s)",
-        "f2b_ban_time_increment": "Durée du bannissement est augmentée à chaque bannissement",
+        "f2b_ban_time": "Durée du bannissement(s)",
         "f2b_blacklist": "Réseaux/Domaines sur Liste Noire",
         "f2b_filter": "Filtre(s) Regex",
         "f2b_list_info": "Un hôte ou un réseau sur liste noire l'emportera toujours sur une entité de liste blanche. <b>L'application des mises à jour de liste prendra quelques secondes.</b>",
         "f2b_max_attempts": "Nb max. de tentatives",
-        "f2b_max_ban_time": "Max. durée du bannissement (s)",
         "f2b_netban_ipv4": "Taille du sous-réseau IPv4 pour l'application du bannissement (8-32)",
         "f2b_netban_ipv6": "Taille du sous-réseau IPv6 pour l'application du bannissement (8-128)",
         "f2b_parameters": "Paramètres Fail2ban",
@@ -324,9 +321,7 @@
         "admins": "Administrateurs",
         "api_read_only": "Accès lecture-seule",
         "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules",
-        "password_policy_numbers": "Doit contenir au moins un chiffre",
-        "ip_check": "Vérification IP",
-        "ip_check_disabled": "La vérification IP est désactivée. Vous pouvez l'activer sous<br> <strong>Système > Configuration > Options > Personnaliser</strong>"
+        "password_policy_numbers": "Doit contenir au moins un chiffre"
     },
     "danger": {
         "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -445,12 +440,7 @@
         "username_invalid": "Le nom d'utilisateur %s ne peut pas être utilisé",
         "validity_missing": "Veuillez attribuer une période de validité",
         "value_missing": "Veuillez fournir toutes les valeurs",
-        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
-        "webauthn_authenticator_failed": "L'authentificateur selectionné est introuvable",
-        "demo_mode_enabled": "Le mode de démonstration est activé",
-        "template_exists": "La template %s existe déja",
-        "template_id_invalid": "Le numéro de template %s est invalide",
-        "template_name_invalid": "Le nom de la template est invalide"
+        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s"
     },
     "debug": {
         "chart_this_server": "Graphique (ce serveur)",
@@ -588,7 +578,7 @@
         "unchanged_if_empty": "Si non modifié, laisser en blanc",
         "username": "Nom d'utilisateur",
         "validate_save": "Valider et sauver",
-        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
+        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut).",
         "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine."
     },
     "footer": {
@@ -1091,12 +1081,9 @@
         "username": "Nom d'utilisateur",
         "verify": "Vérification",
         "waiting": "En attente",
-        "week": "semaine",
+        "week": "Semaine",
         "weekly": "Hebdomadaire",
-        "weeks": "semaines",
-        "months": "mois",
-        "year": "année",
-        "years": "années"
+        "weeks": "semaines"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",

data/web/lang/lang.it-it.json

@@ -175,12 +175,10 @@
         "empty": "Nessun risultato",
         "excludes": "Esclude questi destinatari",
         "f2b_ban_time": "Tempo di blocco (s)",
-        "f2b_ban_time_increment": "Tempo di blocco aumenta ad ogni blocco",
         "f2b_blacklist": "Host/reti in blacklist",
         "f2b_filter": "Filtri Regex",
         "f2b_list_info": "Un host oppure una rete in blacklist, avrà sempre un peso maggiore rispetto ad una in whitelist. <b>L'aggiornamento della lista richiede alcuni secondi per la sua entrata in azione.</b>",
         "f2b_max_attempts": "Tentativi massimi",
-        "f2b_max_ban_time": "Tempo massimo di blocco (s)",
         "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
         "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
         "f2b_parameters": "Parametri Fail2ban",

data/web/lang/lang.nl-nl.json

@@ -168,12 +168,10 @@
         "empty": "Geen resultaten",
         "excludes": "Exclusief",
         "f2b_ban_time": "Verbanningstijd (s)",
-        "f2b_ban_time_increment": "Verbanningstijd wordt verhoogd met elk verbanning",
         "f2b_blacklist": "Netwerken/hosts op de blacklist",
         "f2b_filter": "Regex-filters",
         "f2b_list_info": "Een host of netwerk op de blacklist staat altijd boven eenzelfde op de whitelist. <b>Het doorvoeren van wijzigingen kan enkele seconden in beslag nemen.</b>",
         "f2b_max_attempts": "Maximaal aantal pogingen",
-        "f2b_max_ban_time": "Maximaal verbanningstijd (s)",
         "f2b_netban_ipv4": "Voer de IPv4-subnetgrootte in waar de verbanning van kracht moet zijn (8-32)",
         "f2b_netban_ipv6": "Voer de IPv6-subnetgrootte in waar de verbanning van kracht moet zijn (8-128)",
         "f2b_parameters": "Fail2ban",

data/web/lang/lang.pl-pl.json

@@ -1,8 +1,7 @@
 {
     "acl": {
         "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "syncjobs": "Polecenie synchronizacji",
-        "alias_domains": "Dodaj aliasy domen"
+        "syncjobs": "Polecenie synchronizacji"
     },
     "add": {
         "active": "Aktywny",

data/web/templates/admin/tab-config-f2b.twig

@@ -12,14 +12,6 @@
           <label for="f2b_ban_time">{{ lang.admin.f2b_ban_time }}:</label>
           <input type="number" class="form-control" id="f2b_ban_time" name="ban_time" value="{{ f2b_data.ban_time }}" required>
         </div>
-        <div class="mb-4">
-          <label for="f2b_max_ban_time">{{ lang.admin.f2b_max_ban_time }}:</label>
-          <input type="number" class="form-control" id="f2b_max_ban_time" name="max_ban_time" value="{{ f2b_data.max_ban_time }}" required>
-        </div>
-        <div class="mb-4">
-          <input class="form-check-input" type="checkbox" value="1" name="ban_time_increment" id="f2b_ban_time_increment" {% if f2b_data.ban_time_increment == 1 %}checked{% endif %}>
-          <label class="form-check-label" for="f2b_ban_time_increment">{{ lang.admin.f2b_ban_time_increment }}</label>
-        </div>
         <div class="mb-4">
           <label for="f2b_max_attempts">{{ lang.admin.f2b_max_attempts }}:</label>
           <input type="number" class="form-control" id="f2b_max_attempts" name="max_attempts" value="{{ f2b_data.max_attempts }}" required>

data/web/templates/debug.twig

@@ -612,7 +612,7 @@
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
-            <p class="text-muted">{{ lang.admin.hash_remove_info|raw }}</p>
+            <p class="text-muted">{{ lang.admin.hash_remove_info }}</p>
             <table id="rl_log" class="table table-striped dt-responsive w-100"></table>
           </div>
         </div>

data/web/templates/mailbox.twig

@@ -19,7 +19,7 @@
     </li>
     <li class="nav-item" role="presentation"><button class="nav-link" aria-controls="tab-resources" role="tab" data-bs-toggle="tab" data-bs-target="#tab-resources">{{ lang.mailbox.resources }}</button></li>
     <li class="nav-item dropdown">
-      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.aliases }}</a>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" data-bs-target="#">{{ lang.mailbox.aliases }}</a>
       <ul class="dropdown-menu">
         <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-mbox-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mbox-aliases">{{ lang.mailbox.aliases }}</button></li>
         <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-domain-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domain-aliases">{{ lang.mailbox.domain_aliases }}</button></li>

docker-compose.yml

@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.93
+      image: mailcow/rspamd:1.92
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.83
+      image: mailcow/phpfpm:1.82
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -154,7 +154,7 @@ services:
         - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
         - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
@@ -169,7 +169,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.116
+      image: mailcow/sogo:1.115
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -191,7 +191,7 @@ services:
       volumes:
         - ./data/hooks/sogo:/hooks:Z
         - ./data/conf/sogo/:/etc/sogo/:z
-        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
+        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
         - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
         - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
         - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
@@ -216,7 +216,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.23
+      image: mailcow/dovecot:1.20-xapian
       depends_on:
         - mysql-mailcow
       dns:
@@ -250,7 +250,8 @@ services:
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
         - ACL_ANYONE=${ACL_ANYONE:-disallow}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
+        - XAPIAN_HEAP=${XAPIAN_HEAP:-1024}
         - MAILDIR_SUB=${MAILDIR_SUB:-}
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
@@ -281,7 +282,7 @@ services:
         ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
         ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
         ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
-        ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
+        ofelia.job-exec.dovecot_fts.command: "doveadm fts optimize -A"
         ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
         ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
       ulimits:
@@ -425,7 +426,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.52
+      image: mailcow/netfilter:1.51
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -510,7 +511,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.02
+      image: mailcow/dockerapi:2.01
       security_opt:
         - label=disable
       restart: always
@@ -528,22 +529,6 @@ services:
           aliases:
             - dockerapi
 
-    solr-mailcow:
-      image: mailcow/solr:1.8.1
-      restart: always
-      volumes:
-        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
-      ports:
-        - "${SOLR_PORT:-127.0.0.1:18983}:8983"
-      environment:
-        - TZ=${TZ}
-        - SOLR_HEAP=${SOLR_HEAP:-1024}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
-      networks:
-        mailcow-network:
-          aliases:
-            - solr
-
     olefy-mailcow:
       image: mailcow/olefy:1.11
       restart: always
@@ -599,7 +584,6 @@ services:
         - netfilter-mailcow
         - watchdog-mailcow
         - dockerapi-mailcow
-        - solr-mailcow
       environment:
         - TZ=${TZ}
       image: robbertkl/ipv6nat
@@ -631,7 +615,6 @@ volumes:
   mysql-socket-vol-1:
   redis-vol-1:
   rspamd-vol-1:
-  solr-vol-1:
   postfix-vol-1:
   crypt-vol-1:
   sogo-web-vol-1:

generate_config.sh

@@ -122,23 +122,23 @@ else
 fi
 
 if [ ${MEM_TOTAL} -le "2097152" ]; then
-  echo "Disabling Solr on low-memory system."
-  SKIP_SOLR=y
+  echo "Disabling Xapian (full text search, build in Dovecot) on low-memory system."
+  SKIP_XAPIAN=y
 elif [ ${MEM_TOTAL} -le "3670016" ]; then
-  echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
-  echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
-  echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
-  read -r -p  "Do you want to disable Solr now? [Y/n] " response
+  echo "Installed memory is <= 3.5 GiB. We suggest you to disable Xapian (full text search, build in Dovecot) to prevent out-of-memory situations."
+  echo "The default Xapian heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
+  echo "Xapian can be re-enabled by setting SKIP_XAPIAN=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
+  read -r -p  "Do you want to disable the FTS Xapian now? [Y/n] " response
   case $response in
     [nN][oO]|[nN])
-      SKIP_SOLR=n
+      SKIP_XAPIAN=n
       ;;
     *)
-      SKIP_SOLR=y
+      SKIP_XAPIAN=y
     ;;
   esac
 else
-  SKIP_SOLR=n
+  SKIP_XAPIAN=n
 fi
 
 if [[ ${SKIP_BRANCH} != y ]]; then
@@ -205,8 +205,8 @@ DBUSER=mailcow
 
 # Please use long, random alphanumeric strings (A-Za-z0-9)
 
-DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
-DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
 # ------------------------------
 # HTTP/S Bindings
@@ -243,7 +243,6 @@ POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
-SOLR_PORT=127.0.0.1:18983
 REDIS_PORT=127.0.0.1:7654
 
 # Your timezone
@@ -329,14 +328,14 @@ SKIP_CLAMD=${SKIP_CLAMD}
 
 SKIP_SOGO=n
 
-# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
+# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.
 
-SKIP_SOLR=${SKIP_SOLR}
+SKIP_XAPIAN=${SKIP_XAPIAN}
 
-# Solr heap size in MB, there is no recommendation, please see Solr docs.
-# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+# Xapian heap size in MB, there is no recommendation, please see Xapians docs.
+# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.
 
-SOLR_HEAP=1024
+XAPIAN_HEAP=1024
 
 # Allow admins to log into SOGo as email user (without any password)
 

helper-scripts/expiry-dates.sh

@@ -3,11 +3,10 @@
 [[ -f mailcow.conf ]] && source mailcow.conf
 [[ -f ../mailcow.conf ]] && source ../mailcow.conf
 
-POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${SMTP_PORT} -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${IMAP_PORT} -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${HTTPS_PORT} 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-
-echo "TLS expiry dates:"
-echo "Postfix: ${POSTFIX}"
-echo "Dovecot: ${DOVECOT}"
-echo "Nginx:   ${NGINX}"
+POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:25 -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:143 -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:443 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+echo TLS expiry dates:
+echo Postfix: ${POSTFIX}
+echo Dovecot: ${DOVECOT}
+echo Nginx: ${NGINX}

helper-scripts/mailcow-reset-admin.sh

@@ -19,7 +19,7 @@ read -r -p "Are you sure you want to reset the mailcow administrator account? [y
 response=${response,,}    # tolower
 if [[ "$response" =~ ^(yes|y)$ ]]; then
 	echo -e "\nWorking, please wait..."
-  random=$(</dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c${1:-16})
+  random=$(</dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16})
   password=$(docker exec -it $(docker ps -qf name=dovecot-mailcow) doveadm pw -s SSHA256 -p ${random} | tr -d '\r')
 	docker exec -it $(docker ps -qf name=mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin WHERE username='admin';"
   docker exec -it $(docker ps -qf name=mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"

helper-scripts/nextcloud.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=26.0.0
+NEXTCLOUD_VERSION=25.0.3
 
 echo -ne "Checking prerequisites..."
 sleep 1
@@ -97,12 +97,8 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
     echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
     exit 1
   fi
-  if grep -q 'This version of Nextcloud is not compatible with PHP>=8.2.' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: This version of Nextcloud is not compatible with PHP>=8.2, we'll fix it\033[0m"
-    wget -q https://raw.githubusercontent.com/nextcloud/server/v26.0.0/lib/versioncheck.php -O ./data/web/nextcloud/lib/versioncheck.php
-	echo -e "\e[33mPlease restart the update again.\e[0m"
-  elif ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: Nextcloud seems not to be installed.\033[0m"
+  if ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
+    echo "Nextcloud seems not to be installed."
     exit 1
   else
     docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
@@ -126,7 +122,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     && chmod +x ./data/web/nextcloud/occ
 
   echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
-  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
   NC_DBUSER=nextcloud
   NC_DBNAME=nextcloud
 
@@ -142,7 +138,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
 
   echo ""
   echo -e "\033[33mInstalling Nextcloud...\033[0m"
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
   echo -ne "[1/4] Setting correct permissions for www-data"
   docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"

update.sh

@@ -176,19 +176,18 @@ remove_obsolete_nginx_ports() {
 }
 
 detect_docker_compose_command(){
-if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
+if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
   if docker compose > /dev/null 2>&1; then
       if docker compose version --short | grep "2." > /dev/null 2>&1; then
         DOCKER_COMPOSE_VERSION=native
         COMPOSE_COMMAND="docker compose"
         echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
         sleep 2
         echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
   elif docker-compose > /dev/null 2>&1; then
@@ -198,60 +197,26 @@ if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
         COMPOSE_COMMAND="docker-compose"
         echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
         echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf
         sleep 2
         echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
       else
         echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
         exit 1
       fi
     fi
 
   else
     echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
     exit 1
   fi
 
 elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
   COMPOSE_COMMAND="docker compose"
-  # Check if Native Compose works and has not been deleted  
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker-compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1 || ! $COMPOSE_COMMAND --version | grep "^2." > /dev/null 2>&1; then
-      # IF it cannot find Standalone in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
-      exit 1
-    fi
-      # If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf 
-      sleep 2
-  fi
-
 
 elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
   COMPOSE_COMMAND="docker-compose"
-  # Check if Standalone Compose works and has not been deleted  
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 | grep "^2." > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-      # IF it cannot find Native in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
-      exit 1
-    fi
-      # If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
-      sleep 2
-  fi
 fi
 }
 
@@ -361,12 +326,8 @@ while (($#)); do
       echo -e "\e[32mRunning in forced mode...\e[0m"
       FORCE=y
     ;;
-    -d|--dev)
-      echo -e "\e[32mRunning in Developer mode...\e[0m"
-      DEV=y
-    ;;
     --help|-h)
-    echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -d|--dev, -h|--help]
+    echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -h|--help]
 
   -c|--check           -   Check for updates and exit (exit codes => 0: update available, 3: no updates)
   --ours               -   Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended!
@@ -377,7 +338,6 @@ while (($#)); do
   --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine)
   --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
   -f|--force           -   Force update, do not ask questions
-  -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)
 '
     exit 1
   esac
@@ -428,8 +388,8 @@ CONFIG_ARRAY=(
   "MAILDIR_GC_TIME"
   "MAILDIR_SUB"
   "ACL_ANYONE"
-  "SOLR_HEAP"
-  "SKIP_SOLR"
+  "XAPIAN_HEAP"
+  "SKIP_XAPIAN"
   "ENABLE_SSL_SNI"
   "ALLOW_ADMIN_EMAIL_LOGIN"
   "SKIP_HTTP_VERIFICATION"
@@ -550,20 +510,20 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
       echo 'ACL_ANYONE=disallow' >> mailcow.conf
     fi
-  elif [[ ${option} == "SOLR_HEAP" ]]; then
+  elif [[ ${option} == "XAPIAN_HEAP" ]]; then
     if ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
-      echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
-      echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
-      echo "SOLR_HEAP=1024" >> mailcow.conf
+      echo "Replacing SOLR_HEAP with \"${option}\" in mailcow.conf"
+      sed -i '/# Solr heap size in MB, there is no recommendation, please see Solr docs./c\# Xapian heap size in MB, there is no recommendation, please see Xapians docs.' mailcow.conf
+      sed -i '/# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended./c\# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.'  mailcow.conf
+      sed -i '/SOLR_HEAP=/c\XAPIAN_HEAP=' mailcow.conf
     fi
-  elif [[ ${option} == "SKIP_SOLR" ]]; then
+  elif [[ ${option} == "SKIP_XAPIAN" ]]; then
     if ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
-      echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
-      echo "SKIP_SOLR=y" >> mailcow.conf
+      echo "Replacing SKIP_SOLR with \"${option}\" in mailcow.conf"
+      sed -i '/# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1./c\# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.' mailcow.conf
+      sed -i '/SKIP_SOLR=/c\SKIP_XAPIAN=' mailcow.conf
+      echo "Removing Solr-Port Binding from mailcow.conf"
+      sed -i '/SOLR_PORT=/d' mailcow.conf
     fi
   elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
     if ! grep -q ${option} mailcow.conf; then
@@ -637,7 +597,7 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Password hash algorithm' >> mailcow.conf
       echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-      echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
+      echo '# see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/' >> mailcow.conf
       echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
     fi
   elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
@@ -657,7 +617,7 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Optional: Leave empty for none' >> mailcow.conf
       echo '# This value is only used on first order!' >> mailcow.conf
       echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-      echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
+      echo '# https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/' >> mailcow.conf
       echo 'ACME_CONTACT=' >> mailcow.conf
   fi
   elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
@@ -767,17 +727,15 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then
   git checkout -f ${BRANCH}
 fi
 
-if [ ! $DEV ]; then
-  echo -e "\e[32mChecking for newer update script...\e[0m"
-  SHA1_1=$(sha1sum update.sh)
-  git fetch origin #${BRANCH}
-  git checkout origin/${BRANCH} update.sh
-  SHA1_2=$(sha1sum update.sh)
-  if [[ ${SHA1_1} != ${SHA1_2} ]]; then
-    echo "update.sh changed, please run this script again, exiting."
-    chmod +x update.sh
-    exit 2
-  fi
+echo -e "\e[32mChecking for newer update script...\e[0m"
+SHA1_1=$(sha1sum update.sh)
+git fetch origin #${BRANCH}
+git checkout origin/${BRANCH} update.sh
+SHA1_2=$(sha1sum update.sh)
+if [[ ${SHA1_1} != ${SHA1_2} ]]; then
+  echo "update.sh changed, please run this script again, exiting."
+  chmod +x update.sh
+  exit 2
 fi
 
 if [ ! $FORCE ]; then
@@ -944,6 +902,9 @@ else
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi
 
+# Set DOCKER_COMPOSE_VERSION
+sed -i 's/^DOCKER_COMPOSE_VERSION=$/DOCKER_COMPOSE_VERSION='$DOCKER_COMPOSE_VERSION'/g' mailcow.conf
+
 if [[ ${SKIP_START} == "y" ]]; then
   echo -e "\e[33mNot starting mailcow, please run \"$COMPOSE_COMMAND up -d --remove-orphans\" to start mailcow.\e[0m"
 else