Merge branch 'master' into feature/fts-xapian

Merge branch 'feature/bootstrap5' into feature/fts-xapian
Implemented current state of UI (BS5)
2023-03-15 16:13:51 +01:00 · 2022-11-23 12:00:15 +01:00 · 2022-10-19 13:41:33 +02:00 · 2022-10-07 17:19:15 +02:00 · 2022-10-07 17:06:12 +02:00 · 2022-10-07 17:03:28 +02:00
34 changed files with 325 additions and 341 deletions
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v8.0.0
+        uses: actions/stale@v7.0.0
        with:
          repo-token: ${{ secrets.STALE_ACTION_PAT }}
          days-before-stale: 60
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ data/conf/dovecot/acl_anyone
 data/conf/dovecot/dovecot-master.passwd
 data/conf/dovecot/dovecot-master.userdb
 data/conf/dovecot/extra.conf
+data/conf/dovecot/dovecot-fts-flatcurve.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -380,12 +380,7 @@ class DockerUtils:
    if 'maildir' in request_json:
      for container in self.docker_client.containers.list(filters={"id": container_id}):
        sane_name = re.sub(r'\W+', '', request_json['maildir'])
-        vmail_name = request_json['maildir'].replace("'", "'\\''")
-        index_name = request_json['maildir'].split("/")
-        index_name = index_name[1].replace("'", "'\\''") + "@" + index_name[0].replace("'", "'\\''")
-        cmd_vmail = "if [[ -d '/var/vmail/" + vmail_name + "' ]]; then /bin/mv '/var/vmail/" + vmail_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"
-        cmd_vmail_index = "if [[ -d '/var/vmail_index/" + index_name + "' ]]; then /bin/mv '/var/vmail_index/" + index_name + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "_index'; fi"
-        cmd = ["/bin/bash", "-c", cmd_vmail + " && " + cmd_vmail_index]
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
        maildir_cleanup = container.exec_run(cmd, user='vmail')
        return exec_run_handler('generic', maildir_cleanup)
  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,27 +1,17 @@
-FROM debian:bullseye-slim
+FROM debian:bullseye-slim as build
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

 ARG DEBIAN_FRONTEND=noninteractive
-# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
-ARG DOVECOT=2.3.20
-# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
-ARG GOSU_VERSION=1.16
+ARG DOVECOT=2.3.19.1
+ARG FLATCURVE=v0.3.2
+ARG XAPIAN=1.4.21
 ENV LC_ALL C


 # Add groups and users before installing Dovecot to not break compatibility
-RUN groupadd -g 5000 vmail \
-  && groupadd -g 401 dovecot \
-  && groupadd -g 402 dovenull \
-  && groupadd -g 999 sogo \
-  && usermod -a -G sogo nobody \
-  && useradd -g vmail -u 5000 vmail -d /var/vmail \
-  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
-  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
-  && touch /etc/default/locale \
+RUN touch /etc/default/locale \
  && apt-get update \
  && apt-get -y --no-install-recommends install \
-  build-essential \
  apt-transport-https \
  ca-certificates \
  cpanminus \
@@ -62,7 +52,6 @@ RUN groupadd -g 5000 vmail \
  libproc-processtable-perl \
  libreadonly-perl \
  libregexp-common-perl \
-  libssl-dev \
  libsys-meminfo-perl \
  libterm-readkey-perl \
  libtest-deep-perl \
@@ -78,7 +67,13 @@ RUN groupadd -g 5000 vmail \
  libunicode-string-perl \
  liburi-perl \
  libwww-perl \
+  libstemmer-dev \
+  libexttextcat-dev \
+  libldap-dev \
+  libghc-bzlib-dev \
  lua-sql-mysql \
+  liblz4-dev \
+  libzstd-dev \
  lua-socket \
  mariadb-client \
  procps \
@@ -89,32 +84,152 @@ RUN groupadd -g 5000 vmail \
  syslog-ng-core \
  syslog-ng-mod-redis \
  wget \
+  git \
+  bison \
+  flex \
+  build-essential \
+  autoconf \
+  automake \
+  libtool \
+  make \
+  libxapian-dev \
+  default-libmysqlclient-dev \
+  libicu-dev \
+  zlib1g-dev \
+  pkg-config \
+  libsqlite3-dev \
+  liblua5.3-dev \
  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
  && chmod +x /usr/local/bin/gosu \
-  && gosu nobody true \
-  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
-  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
-  && apt-get update \
-  && apt-get -y --no-install-recommends install \
-  dovecot-lua \
-  dovecot-managesieved \
-  dovecot-sieve \
-  dovecot-lmtpd \
-  dovecot-ldap \
-  dovecot-mysql \
-  dovecot-core \
-  dovecot-pop3d \
-  dovecot-imapd \
-  dovecot-solr \
-  && pip3 install mysql-connector-python html2text jinja2 redis \
-  && apt-get autoremove --purge -y \
-  && apt-get autoclean \
-  && rm -rf /var/lib/apt/lists/* \
-  && rm -rf /tmp/* /var/tmp/* /root/.cache/
-# imapsync dependencies
-RUN cpan Crypt::OpenSSL::PKCS12
+  && gosu nobody true
+#  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
+#  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
+#  && apt-get update \
+#  && apt-get -y --no-install-recommends install \
+#  dovecot-lua \
+#  dovecot-managesieved \
+#  dovecot-sieve \
+#  dovecot-lmtpd \
+#  dovecot-ldap \
+#  dovecot-mysql \
+#  dovecot-core \
+#  dovecot-pop3d \
+#  dovecot-imapd \
+#  dovecot-dev

+RUN cd /tmp && git clone --depth 1 --branch ${DOVECOT} https://github.com/dovecot/core.git dovecot/core && cd dovecot/core \
+  && ./autogen.sh \
+  && PANDOC=false ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl --enable-maintainer-mode --with-sql=yes --with-lua=yes --with-mysql --with-ldap --with-zstd --with-lz4 --with-ssl=openssl --with-notify=inotify --with-bzlib --with-zlib --enable-hardening --with-stemmer --with-textcat --with-icu \
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN cd /tmp && git clone --depth 1 --branch release-0.5 https://github.com/dovecot/pigeonhole dovecot/pigeonhole && cd dovecot/pigeonhole \
+  && ./autogen.sh \
+  && ./configure --with-dovecot=/usr/lib/dovecot --with-managesieve\ 
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN  cd /tmp && wget https://oligarchy.co.uk/xapian/${XAPIAN}/xapian-core-${XAPIAN}.tar.xz && tar xf xapian-core-${XAPIAN}.tar.xz && cd xapian-core-${XAPIAN} \
+  && ./configure --prefix=/usr/local/xapian \
+  && make -j6 \
+  && make install \
+  && make clean
+
+RUN cd /tmp && git clone --depth 1 --branch ${FLATCURVE} https://github.com/slusarz/dovecot-fts-flatcurve.git dovecot/flatcurve && cd dovecot/flatcurve \
+  && ./autogen.sh \
+  && ./configure --with-dovecot=/usr/lib/dovecot \
+  && make -j6 \
+  && make install \
+  && make clean
+
+FROM debian:bullseye-slim
+RUN groupadd -g 5000 vmail \
+  && groupadd -g 401 dovecot \
+  && groupadd -g 402 dovenull \
+  && groupadd -g 999 sogo \
+  && usermod -a -G sogo nobody \
+  && useradd -g vmail -u 5000 vmail -d /var/vmail \
+  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
+  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
+  && apt update && apt install lua-socket \
+  mariadb-client \
+  libstemmer-dev \
+  libexttextcat-dev \
+  libicu-dev \
+  libxapian-dev \
+  libsqlite3-dev \
+  liblua5.3-dev \
+  lua-sql-mysql \
+  libldap-dev \
+  procps \
+  python3-pip \
+  redis-server \
+  supervisor \
+  syslog-ng \
+  syslog-ng-core \
+  syslog-ng-mod-redis \
+  cpanminus \
+  curl \
+  libauthen-ntlm-perl \
+  libcgi-pm-perl \
+  libcrypt-openssl-rsa-perl \
+  libcrypt-ssleay-perl \
+  libdata-uniqid-perl \
+  libdbd-mysql-perl \
+  libdbi-perl \
+  libdigest-hmac-perl \
+  libdist-checkconflicts-perl \
+  libencode-imaputf7-perl \
+  libfile-copy-recursive-perl \
+  libfile-tail-perl \
+  libhtml-parser-perl \
+  libio-compress-perl \
+  libio-socket-inet6-perl \
+  libio-socket-ssl-perl \
+  libio-tee-perl \
+  libipc-run-perl \
+  libjson-webtoken-perl \
+  liblockfile-simple-perl \
+  libmail-imapclient-perl \
+  libmodule-implementation-perl \
+  libmodule-scandeps-perl \
+  libnet-ssleay-perl \
+  libpackage-stash-perl \
+  libpackage-stash-xs-perl \
+  libpar-packer-perl \
+  libparse-recdescent-perl \
+  libproc-processtable-perl \
+  libreadonly-perl \
+  libregexp-common-perl \
+  libsys-meminfo-perl \
+  libterm-readkey-perl \
+  libtest-deep-perl \
+  libtest-fatal-perl \
+  libtest-mock-guard-perl \
+  libtest-mockobject-perl \
+  libtest-nowarnings-perl \
+  libtest-pod-perl \
+  libtest-requires-perl \
+  libtest-simple-perl \
+  libtest-warn-perl \
+  libtry-tiny-perl \
+  libunicode-string-perl \
+  liburi-perl \
+  libwww-perl \
+  dnsutils \
+  gettext-base -y --no-install-recommends \
+  && pip3 install mysql-connector-python html2text jinja2 redis
+COPY --from=build /usr/lib/dovecot /usr/lib/dovecot
+COPY --from=build /usr/bin/doveconf /usr/bin/doveconf
+COPY --from=build /usr/bin/doveadm /usr/bin/doveadm
+COPY --from=build /usr/bin/dovecot-sysreport /usr/bin/dovecot-sysreport
+COPY --from=build /usr/sbin/dovecot /usr/sbin/dovecot
+COPY --from=build /usr/libexec/dovecot/ /usr/libexec/dovecot/
+COPY --from=build /usr/local/bin /usr/local/bin
+COPY --from=build /usr/local/xapian/ /usr/local/xapian
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -109,17 +109,19 @@ EOF

 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone

-if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${SKIP_XAPIAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl

+sed -i 's/vsz_limit.*/vsz_limit = '${XAPIAN_HEAP}m/g /etc/dovecot/dovecot-fts-flatcurve.conf
+
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 # Autogenerated by mailcow
 driver = mysql
--- a/data/Dockerfiles/dovecot/imapsync
+++ b/data/Dockerfiles/dovecot/imapsync
@@ -8492,7 +8492,6 @@ sub xoauth2
        require HTML::Entities ;
        require JSON ;
        require JSON::WebToken::Crypt::RSA ;
-        require Crypt::OpenSSL::PKCS12;
        require Crypt::OpenSSL::RSA ;
        require Encode::Byte ;
        require IO::Socket::SSL ;
@@ -8533,9 +8532,8 @@ sub xoauth2

            $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");

-            # Get private key from p12 file
-            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
-            $key = $pkcs12->private_key($keypass);
+            # Get private key from p12 file (would be better in perl...)
+            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;

            $sync->{ debug } and myprint( "Private key:\n$key\n");
        }
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -64,40 +64,28 @@ def refreshF2boptions():
  global f2boptions
  global quit_now
  global exit_code
-
-  f2boptions = {}
-
  if not r.get('F2B_OPTIONS'):
-    f2boptions['ban_time'] = r.get('F2B_BAN_TIME')
-    f2boptions['max_ban_time'] = r.get('F2B_MAX_BAN_TIME')
-    f2boptions['ban_time_increment'] = r.get('F2B_BAN_TIME_INCREMENT')
-    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS')
-    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW')
-    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4')
-    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6')
+    f2boptions = {}
+    f2boptions['ban_time'] = int
+    f2boptions['max_attempts'] = int
+    f2boptions['retry_window'] = int
+    f2boptions['netban_ipv4'] = int
+    f2boptions['netban_ipv6'] = int
+    f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
+    f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
+    f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
+    f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 32
+    f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 128
+    r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
  else:
    try:
+      f2boptions = {}
      f2boptions = json.loads(r.get('F2B_OPTIONS'))
    except ValueError:
      print('Error loading F2B options: F2B_OPTIONS is not json')
      quit_now = True
      exit_code = 2

-  verifyF2boptions(f2boptions)
-  r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
-
-def verifyF2boptions(f2boptions):
-  verifyF2boption(f2boptions,'ban_time', 1800)
-  verifyF2boption(f2boptions,'max_ban_time', 10000)
-  verifyF2boption(f2boptions,'ban_time_increment', True)
-  verifyF2boption(f2boptions,'max_attempts', 10)
-  verifyF2boption(f2boptions,'retry_window', 600)
-  verifyF2boption(f2boptions,'netban_ipv4', 32)
-  verifyF2boption(f2boptions,'netban_ipv6', 128)
-
-def verifyF2boption(f2boptions, f2boption, f2bdefault):
-  f2boptions[f2boption] = f2boptions[f2boption] if f2boption in f2boptions and f2boptions[f2boption] is not None else f2bdefault
-
 def refreshF2bregex():
  global f2bregex
  global quit_now
@@ -159,7 +147,6 @@ def ban(address):
  global lock
  refreshF2boptions()
  BAN_TIME = int(f2boptions['ban_time'])
-  BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
  MAX_ATTEMPTS = int(f2boptions['max_attempts'])
  RETRY_WINDOW = int(f2boptions['retry_window'])
  NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
@@ -187,16 +174,20 @@ def ban(address):
  net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)), strict=False)
  net = str(net)

-  if not net in bans:
-    bans[net] = {'attempts': 0, 'last_attempt': 0, 'ban_counter': 0}
+  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
+    bans[net] = { 'attempts': 0 }
+    active_window = RETRY_WINDOW
+  else:
+    active_window = time.time() - bans[net]['last_attempt']

  bans[net]['attempts'] += 1
  bans[net]['last_attempt'] = time.time()

+  active_window = time.time() - bans[net]['last_attempt']
+
  if bans[net]['attempts'] >= MAX_ATTEMPTS:
    cur_time = int(round(time.time()))
-    NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
-    logCrit('Banning %s for %d minutes' % (net, NET_BAN_TIME / 60 ))
+    logCrit('Banning %s for %d minutes' % (net, BAN_TIME / 60))
    if type(ip) is ipaddress.IPv4Address:
      with lock:
        chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), 'MAILCOW')
@@ -215,7 +206,7 @@ def ban(address):
        rule.target = target
        if rule not in chain.rules:
          chain.insert_rule(rule)
-    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + NET_BAN_TIME)
+    r.hset('F2B_ACTIVE_BANS', '%s' % net, cur_time + BAN_TIME)
  else:
    logWarn('%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net))

@@ -247,8 +238,7 @@ def unban(net):
  r.hdel('F2B_ACTIVE_BANS', '%s' % net)
  r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
  if net in bans:
-    bans[net]['attempts'] = 0
-    bans[net]['ban_counter'] += 1
+    del bans[net]

 def permBan(net, unban=False):
  global lock
@@ -342,7 +332,7 @@ def watch():
              logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
              ban(addr)
    except Exception as ex:
-      logWarn('Error reading log line from pubsub: %s' % ex)
+      logWarn('Error reading log line from pubsub')
      quit_now = True
      exit_code = 2

@@ -376,8 +366,6 @@ def snat4(snat_target):
          chain.insert_rule(new_rule)
        else:
          for position, rule in enumerate(chain.rules):
-            if not hasattr(rule.target, 'parameter'):
-                continue
            match = all((
              new_rule.get_src() == rule.get_src(),
              new_rule.get_dst() == rule.get_dst(),
@@ -437,8 +425,6 @@ def autopurge():
    time.sleep(10)
    refreshF2boptions()
    BAN_TIME = int(f2boptions['ban_time'])
-    MAX_BAN_TIME = int(f2boptions['max_ban_time'])
-    BAN_TIME_INCREMENT = bool(f2boptions['ban_time_increment'])
    MAX_ATTEMPTS = int(f2boptions['max_attempts'])
    QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
    if QUEUE_UNBAN:
@@ -446,9 +432,7 @@ def autopurge():
        unban(str(net))
    for net in bans.copy():
      if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        NET_BAN_TIME = BAN_TIME if not BAN_TIME_INCREMENT else BAN_TIME * 2 ** bans[net]['ban_counter']
-        TIME_SINCE_LAST_ATTEMPT = time.time() - bans[net]['last_attempt']
-        if TIME_SINCE_LAST_ATTEMPT > NET_BAN_TIME or TIME_SINCE_LAST_ATTEMPT > MAX_BAN_TIME:
+        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
          unban(net)

 def isIpNetwork(address):
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.17
+FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
@@ -12,7 +12,7 @@ ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
-ARG COMPOSER_VERSION=2.5.5
+ARG COMPOSER_VERSION=2.5.4

 RUN apk add -U --no-cache autoconf \
  aspell-dev \
@@ -52,7 +52,6 @@ RUN apk add -U --no-cache autoconf \
  libxpm-dev \
  libzip \
  libzip-dev \
-  linux-headers \
  make \
  mysql-client \
  openldap-dev \
@@ -76,7 +75,7 @@ RUN apk add -U --no-cache autoconf \
    --with-webp \
    --with-xpm \
    --with-avif \
-  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets sysvsem zip bcmath gmp \
+  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
  && docker-php-ext-configure imap --with-imap --with-imap-ssl \
  && docker-php-ext-install -j 4 imap \
  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
@@ -100,7 +99,6 @@ RUN apk add -U --no-cache autoconf \
    libxml2-dev \
    libxpm-dev \
    libzip-dev \
-    linux-headers \
    make \
    openldap-dev \
    pcre-dev \
--- a/data/assets/nextcloud/nextcloud.conf
+++ b/data/assets/nextcloud/nextcloud.conf
@@ -24,7 +24,7 @@ server {
  add_header X-Download-Options "noopen" always;
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-Permitted-Cross-Domain-Policies "none" always;
-  add_header X-Robots-Tag "noindex, nofollow" always;
+  add_header X-Robots-Tag "none" always;
  add_header X-XSS-Protection "1; mode=block" always;

  fastcgi_hide_header X-Powered-By;
--- a/data/conf/dovecot/dovecot-fts-flatcurve.conf
+++ b/data/conf/dovecot/dovecot-fts-flatcurve.conf
@@ -0,0 +1,23 @@
+plugin {
+  fts = flatcurve
+  fts_autoindex = yes
+
+  fts_languages = en de  
+
+  fts_tokenizers = generic email-address
+  fts_tokenizer_generic = algorithm=simple
+  # All of these are optional, and indicate the default values.
+  # They are listed here for documentation purposes; most people should
+  # not need to define/override in their config.
+  fts_flatcurve_commit_limit = 500
+  fts_flatcurve_max_term_size = 30
+  fts_flatcurve_min_term_size = 2
+  fts_flatcurve_optimize_limit = 10
+  fts_flatcurve_rotate_size = 5000
+  fts_flatcurve_rotate_time = 5000
+  fts_flatcurve_substring_search = yes
+}
+
+service indexer-worker {
+    vsz_limit = 1024m
+}
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -11,6 +11,7 @@ auth_mechanisms = plain login
 #mail_debug = yes
 #auth_debug = yes
 log_path = syslog
+log_debug = category=fts-flatcurve
 disable_plaintext_auth = yes
 # Uncomment on NFS share
 #mmap_disable = yes
@@ -189,9 +190,6 @@ plugin {
  acl_shared_dict = file:/var/vmail/shared-mailboxes.db
  acl = vfile
  acl_user = %u
-  fts = solr
-  fts_autoindex = yes
-  fts_solr = url=http://solr:8983/solr/dovecot-fts/
  quota = dict:Userquota::proxy::sqlquota
  quota_rule2 = Trash:storage=+100%%
  sieve = /var/vmail/sieve/%u.sieve
@@ -242,6 +240,7 @@ plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_log_cached_only = yes
+
 }
 service quota-warning {
  executable = script /usr/local/bin/quota_notify.py
@@ -297,6 +296,7 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
 !include_try /etc/dovecot/extra.conf
 !include_try /etc/dovecot/sogo-sso.conf
 !include_try /etc/dovecot/shared_namespace.conf
+!include_try /etc/dovecot/dovecot-fts-flatcurve.conf
 # </Includes>
 default_client_limit = 10400
 default_vsz_limit = 1024 M
--- a/data/conf/rspamd/local.d/composites.conf
+++ b/data/conf/rspamd/local.d/composites.conf
@@ -8,7 +8,7 @@ VIRUS_FOUND {
 }
 # Bad policy from free mail providers
 FREEMAIL_POLICY_FAILURE {
-  expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies";
+  expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
  score = 16.0;
 }
 # Applies to freemail with undisclosed recipients
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }

 URLHAUS_ABUSE_CH {
-  type = "selector";
-  selector = "urls";
+  type = "url";
+  filter = "full";
  map = "https://urlhaus.abuse.ch/downloads/text_online/";
  score = 10.0;
 }
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -62,7 +62,7 @@
    SOGoFirstDayOfWeek = "1";

    SOGoSieveFolderEncoding = "UTF-8";
-    SOGoPasswordChangeEnabled = NO;
+    SOGoPasswordChangeEnabled = YES;
    SOGoSentFolderName = "Sent";
    SOGoMailShowSubscribedFoldersOnly = NO;
    NGImap4ConnectionStringSeparator = "/";
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -3176,10 +3176,8 @@ paths:
              example:
                attr:
                  ban_time: "86400"
-                  ban_time_increment: "1"
                  blacklist: "10.100.6.5/32,10.100.8.4/32"
                  max_attempts: "5"
-                  max_ban_time: "86400"
                  netban_ipv4: "24"
                  netban_ipv6: "64"
                  retry_window: "600"
@@ -3193,17 +3191,11 @@ paths:
                      description: the backlisted ips or hostnames separated by comma
                      type: string
                    ban_time:
-                      description: the time an ip should be banned
+                      description: the time a ip should be banned
                      type: number
-                    ban_time_increment:
-                      description: if the time of the ban should increase each time
-                      type: boolean
                    max_attempts:
                      description: the maximum numbe of wrong logins before a ip is banned
                      type: number
-                    max_ban_time:
-                      description: the maximum time an ip should be banned
-                      type: number
                    netban_ipv4:
                      description: the networks mask to ban for ipv4
                      type: number
@@ -4121,12 +4113,10 @@ paths:
                response:
                  value:
                    ban_time: 604800
-                    ban_time_increment: 1
                    blacklist: |-
                      45.82.153.37/32
                      92.118.38.52/32
                    max_attempts: 1
-                    max_ban_time: 604800
                    netban_ipv4: 32
                    netban_ipv6: 128
                    perm_bans:
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -239,9 +239,7 @@ function fail2ban($_action, $_data = null) {
      $is_now = fail2ban('get');
      if (!empty($is_now)) {
        $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
-        $ban_time_increment = (isset($_data['ban_time_increment']) && $_data['ban_time_increment'] == "1") ? 1 : 0;
        $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['max_attempts']);
-        $max_ban_time = intval((isset($_data['max_ban_time'])) ? $_data['max_ban_time'] : $is_now['max_ban_time']);
        $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
        $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']);
        $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']);
@@ -258,8 +256,6 @@ function fail2ban($_action, $_data = null) {
      }
      $f2b_options = array();
      $f2b_options['ban_time'] = ($ban_time < 60) ? 60 : $ban_time;
-      $f2b_options['ban_time_increment'] = ($ban_time_increment == 1) ? true : false;
-      $f2b_options['max_ban_time'] = ($max_ban_time < 60) ? 60 : $max_ban_time;
      $f2b_options['netban_ipv4'] = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
      $f2b_options['netban_ipv6'] = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
      $f2b_options['netban_ipv4'] = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -1181,7 +1181,7 @@ jQuery(function($){

    if (table = $('#' + log_table).DataTable()) {
      var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows)
+      var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows)

      $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
        if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }
--- a/data/web/lang/lang.da-dk.json
+++ b/data/web/lang/lang.da-dk.json
@@ -4,14 +4,14 @@
        "app_passwds": "Administrer app-adgangskoder",
        "bcc_maps": "BCC kort",
        "delimiter_action": "Afgrænsning handling",
-        "eas_reset": "Nulstil EAS enheder",
+        "eas_reset": "Nulstil EAS endheder",
        "extend_sender_acl": "Tillad at udvide afsenderens ACL med eksterne adresser",
        "filters": "Filtre",
        "login_as": "Login som mailboks bruger",
-        "prohibited": "Nægtet af ACL",
-        "protocol_access": "Skift protokol adgang",
+        "prohibited": "Forbudt af ACL",
+        "protocol_access": "Ændre protokol adgang",
        "pushover": "Pushover",
-        "quarantine": "Karantænehandlinger",
+        "quarantine": "Karantæneaktioner",
        "quarantine_attachments": "Karantæne vedhæftede filer",
        "quarantine_notification": "Skift karantænemeddelelser",
        "ratelimit": "Satsgrænse",
@@ -25,10 +25,7 @@
        "syncjobs": "Synkroniserings job",
        "tls_policy": "TLS politik",
        "unlimited_quota": "Ubegrænset plads for mailbokse",
-        "domain_desc": "Skift domæne beskrivelse",
-        "domain_relayhost": "Skift relæ host for et domæne",
-        "mailbox_relayhost": "Skift relæ-host for en postkasse",
-        "quarantine_category": "Skift kategorien for karantænemeddelelse"
+        "domain_desc": "Skift domæne beskrivelse"
    },
    "add": {
        "activate_filter_warn": "Alle andre filtre deaktiveres, når aktiv er markeret.",
@@ -62,7 +59,7 @@
        "gal": "Global adresseliste",
        "gal_info": "GAL indeholder alle objekter i et domæne og kan ikke redigeres af nogen bruger. Information om ledig / optaget i SOGo mangler, hvis deaktiveret! <b> Genstart SOGo for at anvende ændringer. </b>",
        "generate": "generere",
-        "goto_ham": "Lær som <span class=\"text-success\"><b>ønsket</b></span>",
+        "goto_ham": "Lær som <span class=\"text-success\"><b>ham</b></span>",
        "goto_null": "Kassér e-mail i stilhed",
        "goto_spam": "Lær som <span class=\"text-danger\"><b>spam</b></span>",
        "hostname": "Vært",
@@ -83,7 +80,7 @@
        "private_comment": "Privat kommentar",
        "public_comment": "Offentlig kommentar",
        "quota_mb": "Kvota (Mb)",
-        "relay_all": "Besvar alle modtager",
+        "relay_all": "Send alle modtagere videre",
        "relay_all_info": "↪ Hvis du vælger <b> ikke </b> at videresende alle modtagere, skal du tilføje et (\"blind\") postkasse til hver enkelt modtager, der skal videresendes.",
        "relay_domain": "Send dette domæne videre",
        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Du kan definere transportkort til en tilpasset destination for dette domæne. Hvis ikke indstillet, foretages der et MX-opslag.",
@@ -104,10 +101,7 @@
        "timeout2": "Timeout for forbindelse til lokal vært",
        "username": "Brugernavn",
        "validate": "Bekræft",
-        "validation_success": "Valideret med succes",
-        "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.<br>Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.",
-        "app_passwd_protocols": "Tilladte protokoller for app adgangskode",
-        "tags": "Tag's"
+        "validation_success": "Valideret med succes"
    },
    "admin": {
        "access": "Adgang",
@@ -314,10 +308,7 @@
        "username": "Brugernavn",
        "validate_license_now": "Valider GUID mod licensserver",
        "verify": "Verificere",
-        "yes": "&#10003;",
-        "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
-        "queue_unban": "unban",
-        "admins": "Administratorer"
+        "yes": "&#10003;"
    },
    "danger": {
        "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -434,8 +425,7 @@
        "username_invalid": "Brugernavn %s kan ikke bruges",
        "validity_missing": "Tildel venligst en gyldighedsperiode",
        "value_missing": "Angiv alle værdier",
-        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
-        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
+        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s"
    },
    "debug": {
        "chart_this_server": "Diagram (denne server)",
@@ -452,8 +442,7 @@
        "solr_status": "Solr-status",
        "started_on": "Startede den",
        "static_logs": "Statiske logfiler",
-        "system_containers": "System og Beholdere",
-        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
+        "system_containers": "System og Beholdere"
    },
    "diagnostics": {
        "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -564,11 +553,7 @@
        "title": "Rediger objekt",
        "unchanged_if_empty": "Lad være tomt, hvis uændret",
        "username": "Brugernavn",
-        "validate_save": "Valider og gem",
-        "admin": "Rediger administrator",
-        "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
-        "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
-        "quota_warning_bcc": "Kvoteadvarsel BCC"
+        "validate_save": "Valider og gem"
    },
    "footer": {
        "cancel": "Afbestille",
@@ -586,7 +571,7 @@
    "header": {
        "administration": "Konfiguration og detailer",
        "apps": "Apps",
-        "debug": "Information",
+        "debug": "Systemoplysninger",
        "email": "E-Mail",
        "mailcow_config": "Konfiguration",
        "quarantine": "Karantæne",
@@ -754,10 +739,7 @@
        "username": "Brugernavn",
        "waiting": "Venter",
        "weekly": "Ugentlig",
-        "yes": "&#10003;",
-        "goto_ham": "Lær som <b>ønsket</b>",
-        "catch_all": "Fang-alt",
-        "open_logs": "Åben logfiler"
+        "yes": "&#10003;"
    },
    "oauth2": {
        "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -1048,7 +1030,7 @@
        "spamfilter_table_empty": "Intet data at vise",
        "spamfilter_table_remove": "slet",
        "spamfilter_table_rule": "Regl",
-        "spamfilter_wl": "Hvidliste",
+        "spamfilter_wl": "Hvisliste",
        "spamfilter_wl_desc": "Hvidlistede e-mail-adresser til <b>aldrig</b> at klassificeres som spam. Wildcards kan bruges. Et filter anvendes kun på direkte aliaser (aliaser med en enkelt målpostkasse) eksklusive catch-aliaser og selve en postkasse.",
        "spamfilter_yellow": "Gul: denne besked kan være spam, vil blive tagget som spam og flyttes til din junk-mappe",
        "status": "Status",
@@ -1084,11 +1066,5 @@
        "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
        "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
        "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
-    },
-    "datatables": {
-        "lengthMenu": "Vis _MENU_ poster",
-        "paginate": {
-            "first": "Først"
-        }
    }
 }
--- a/data/web/lang/lang.de-de.json
+++ b/data/web/lang/lang.de-de.json
@@ -175,12 +175,10 @@
        "empty": "Keine Einträge vorhanden",
        "excludes": "Diese Empfänger ausschließen",
        "f2b_ban_time": "Bannzeit in Sekunden",
-        "f2b_ban_time_increment": "Bannzeit erhöht sich mit jedem Bann",
        "f2b_blacklist": "Blacklist für Netzwerke und Hosts",
        "f2b_filter": "Regex-Filter",
        "f2b_list_info": "Ein Host oder Netzwerk auf der Blacklist wird immer eine Whitelist-Einheit überwiegen. <b>Die Aktualisierung der Liste dauert einige Sekunden.</b>",
        "f2b_max_attempts": "Max. Versuche",
-        "f2b_max_ban_time": "Maximale Bannzeit in Sekunden",
        "f2b_netban_ipv4": "Netzbereich für IPv4-Banns (8-32)",
        "f2b_netban_ipv6": "Netzbereich für IPv6-Banns (8-128)",
        "f2b_parameters": "Fail2ban-Parameter",
--- a/data/web/lang/lang.en-gb.json
+++ b/data/web/lang/lang.en-gb.json
@@ -177,12 +177,10 @@
        "empty": "No results",
        "excludes": "Excludes these recipients",
        "f2b_ban_time": "Ban time (s)",
-        "f2b_ban_time_increment": "Ban time is incremented with each ban",
        "f2b_blacklist": "Blacklisted networks/hosts",
        "f2b_filter": "Regex filters",
        "f2b_list_info": "A blacklisted host or network will always outweigh a whitelist entity. <b>List updates will take a few seconds to be applied.</b>",
        "f2b_max_attempts": "Max. attempts",
-        "f2b_max_ban_time": "Max. ban time (s)",
        "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
        "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
        "f2b_parameters": "Fail2ban parameters",
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -141,11 +141,9 @@
        "empty": "Sin resultados",
        "excludes": "Excluye a estos destinatarios",
        "f2b_ban_time": "Tiempo de restricción (s)",
-        "f2b_ban_time_increment": "Tiempo de restricción se incrementa con cada restricción",
        "f2b_blacklist": "Redes y hosts en lista negra",
        "f2b_list_info": "Un host o red en lista negra siempre superará a una entidad de la lista blanca. <b>Las actualizaciones de la lista tardarán unos segundos en aplicarse.</b>",
        "f2b_max_attempts": "Max num. de intentos",
-        "f2b_max_ban_time": "Max tiempo de restricción (s)",
        "f2b_netban_ipv4": "Tamaño de subred IPv4 para aplicar la restricción (8-32)",
        "f2b_netban_ipv6": "Tamaño de subred IPv6 para aplicar la restricción (8-128)",
        "f2b_parameters": "Parametros Fail2ban",
--- a/data/web/lang/lang.fr-fr.json
+++ b/data/web/lang/lang.fr-fr.json
@@ -24,7 +24,7 @@
        "spam_policy": "Liste Noire/Liste Blanche",
        "spam_score": "Score SPAM",
        "syncjobs": "Tâches de synchronisation",
-        "tls_policy": "Politique TLS",
+        "tls_policy": "Police TLS",
        "unlimited_quota": "Quota illimité pour les boites de courriel",
        "domain_desc": "Modifier la description du domaine",
        "domain_relayhost": "Changer le relais pour un domaine",
@@ -106,8 +106,7 @@
        "validate": "Valider",
        "validation_success": "Validation réussie",
        "bcc_dest_format": "La destination Cci doit être une seule adresse e-mail valide.<br>Si vous avez besoin d'envoyer une copie à plusieurs adresses, créez un alias et utilisez-le ici.",
-        "tags": "Etiquettes",
-        "app_passwd_protocols": "Protocoles autorisés pour le mot de passe de l'application"
+        "tags": "Etiquettes"
    },
    "admin": {
        "access": "Accès",
@@ -173,12 +172,10 @@
        "empty": "Aucun résultat",
        "excludes": "Exclure ces destinataires",
        "f2b_ban_time": "Durée du bannissement(s)",
-        "f2b_ban_time_increment": "Durée du bannissement est augmentée à chaque bannissement",
        "f2b_blacklist": "Réseaux/Domaines sur Liste Noire",
        "f2b_filter": "Filtre(s) Regex",
        "f2b_list_info": "Un hôte ou un réseau sur liste noire l'emportera toujours sur une entité de liste blanche. <b>L'application des mises à jour de liste prendra quelques secondes.</b>",
        "f2b_max_attempts": "Nb max. de tentatives",
-        "f2b_max_ban_time": "Max. durée du bannissement (s)",
        "f2b_netban_ipv4": "Taille du sous-réseau IPv4 pour l'application du bannissement (8-32)",
        "f2b_netban_ipv6": "Taille du sous-réseau IPv6 pour l'application du bannissement (8-128)",
        "f2b_parameters": "Paramètres Fail2ban",
@@ -324,9 +321,7 @@
        "admins": "Administrateurs",
        "api_read_only": "Accès lecture-seule",
        "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules",
-        "password_policy_numbers": "Doit contenir au moins un chiffre",
-        "ip_check": "Vérification IP",
-        "ip_check_disabled": "La vérification IP est désactivée. Vous pouvez l'activer sous<br> <strong>Système > Configuration > Options > Personnaliser</strong>"
+        "password_policy_numbers": "Doit contenir au moins un chiffre"
    },
    "danger": {
        "access_denied": "Accès refusé ou données de formulaire non valides",
@@ -445,12 +440,7 @@
        "username_invalid": "Le nom d'utilisateur %s ne peut pas être utilisé",
        "validity_missing": "Veuillez attribuer une période de validité",
        "value_missing": "Veuillez fournir toutes les valeurs",
-        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s",
-        "webauthn_authenticator_failed": "L'authentificateur selectionné est introuvable",
-        "demo_mode_enabled": "Le mode de démonstration est activé",
-        "template_exists": "La template %s existe déja",
-        "template_id_invalid": "Le numéro de template %s est invalide",
-        "template_name_invalid": "Le nom de la template est invalide"
+        "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s"
    },
    "debug": {
        "chart_this_server": "Graphique (ce serveur)",
@@ -588,7 +578,7 @@
        "unchanged_if_empty": "Si non modifié, laisser en blanc",
        "username": "Nom d'utilisateur",
        "validate_save": "Valider et sauver",
-        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut)",
+        "lookup_mx": "La destination est une expression régulière qui doit correspondre avec le nom du MX (<code>.*google\\.com</code> pour acheminer tout le courrier destiné à un MX se terminant par google.com via ce saut).",
        "mailbox_relayhost_info": "S'applique uniquement à la boîte aux lettres et aux alias directs, remplace le relayhost du domaine."
    },
    "footer": {
@@ -1091,12 +1081,9 @@
        "username": "Nom d'utilisateur",
        "verify": "Vérification",
        "waiting": "En attente",
-        "week": "semaine",
+        "week": "Semaine",
        "weekly": "Hebdomadaire",
-        "weeks": "semaines",
-        "months": "mois",
-        "year": "année",
-        "years": "années"
+        "weeks": "semaines"
    },
    "warning": {
        "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",
--- a/data/web/lang/lang.it-it.json
+++ b/data/web/lang/lang.it-it.json
@@ -175,12 +175,10 @@
        "empty": "Nessun risultato",
        "excludes": "Esclude questi destinatari",
        "f2b_ban_time": "Tempo di blocco (s)",
-        "f2b_ban_time_increment": "Tempo di blocco aumenta ad ogni blocco",
        "f2b_blacklist": "Host/reti in blacklist",
        "f2b_filter": "Filtri Regex",
        "f2b_list_info": "Un host oppure una rete in blacklist, avrà sempre un peso maggiore rispetto ad una in whitelist. <b>L'aggiornamento della lista richiede alcuni secondi per la sua entrata in azione.</b>",
        "f2b_max_attempts": "Tentativi massimi",
-        "f2b_max_ban_time": "Tempo massimo di blocco (s)",
        "f2b_netban_ipv4": "IPv4 subnet size to apply ban on (8-32)",
        "f2b_netban_ipv6": "IPv6 subnet size to apply ban on (8-128)",
        "f2b_parameters": "Parametri Fail2ban",
--- a/data/web/lang/lang.nl-nl.json
+++ b/data/web/lang/lang.nl-nl.json
@@ -168,12 +168,10 @@
        "empty": "Geen resultaten",
        "excludes": "Exclusief",
        "f2b_ban_time": "Verbanningstijd (s)",
-        "f2b_ban_time_increment": "Verbanningstijd wordt verhoogd met elk verbanning",
        "f2b_blacklist": "Netwerken/hosts op de blacklist",
        "f2b_filter": "Regex-filters",
        "f2b_list_info": "Een host of netwerk op de blacklist staat altijd boven eenzelfde op de whitelist. <b>Het doorvoeren van wijzigingen kan enkele seconden in beslag nemen.</b>",
        "f2b_max_attempts": "Maximaal aantal pogingen",
-        "f2b_max_ban_time": "Maximaal verbanningstijd (s)",
        "f2b_netban_ipv4": "Voer de IPv4-subnetgrootte in waar de verbanning van kracht moet zijn (8-32)",
        "f2b_netban_ipv6": "Voer de IPv6-subnetgrootte in waar de verbanning van kracht moet zijn (8-128)",
        "f2b_parameters": "Fail2ban",
--- a/data/web/lang/lang.pl-pl.json
+++ b/data/web/lang/lang.pl-pl.json
@@ -1,8 +1,7 @@
 {
    "acl": {
        "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "syncjobs": "Polecenie synchronizacji",
-        "alias_domains": "Dodaj aliasy domen"
+        "syncjobs": "Polecenie synchronizacji"
    },
    "add": {
        "active": "Aktywny",
--- a/data/web/templates/admin/tab-config-f2b.twig
+++ b/data/web/templates/admin/tab-config-f2b.twig
@@ -12,14 +12,6 @@
          <label for="f2b_ban_time">{{ lang.admin.f2b_ban_time }}:</label>
          <input type="number" class="form-control" id="f2b_ban_time" name="ban_time" value="{{ f2b_data.ban_time }}" required>
        </div>
-        <div class="mb-4">
-          <label for="f2b_max_ban_time">{{ lang.admin.f2b_max_ban_time }}:</label>
-          <input type="number" class="form-control" id="f2b_max_ban_time" name="max_ban_time" value="{{ f2b_data.max_ban_time }}" required>
-        </div>
-        <div class="mb-4">
-          <input class="form-check-input" type="checkbox" value="1" name="ban_time_increment" id="f2b_ban_time_increment" {% if f2b_data.ban_time_increment == 1 %}checked{% endif %}>
-          <label class="form-check-label" for="f2b_ban_time_increment">{{ lang.admin.f2b_ban_time_increment }}</label>
-        </div>
        <div class="mb-4">
          <label for="f2b_max_attempts">{{ lang.admin.f2b_max_attempts }}:</label>
          <input type="number" class="form-control" id="f2b_max_attempts" name="max_attempts" value="{{ f2b_data.max_attempts }}" required>
--- a/data/web/templates/debug.twig
+++ b/data/web/templates/debug.twig
@@ -612,7 +612,7 @@
              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
              <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
            </ul>
-            <p class="text-muted">{{ lang.admin.hash_remove_info|raw }}</p>
+            <p class="text-muted">{{ lang.admin.hash_remove_info }}</p>
            <table id="rl_log" class="table table-striped dt-responsive w-100"></table>
          </div>
        </div>
--- a/data/web/templates/mailbox.twig
+++ b/data/web/templates/mailbox.twig
@@ -19,7 +19,7 @@
    </li>
    <li class="nav-item" role="presentation"><button class="nav-link" aria-controls="tab-resources" role="tab" data-bs-toggle="tab" data-bs-target="#tab-resources">{{ lang.mailbox.resources }}</button></li>
    <li class="nav-item dropdown">
-      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.aliases }}</a>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" data-bs-target="#">{{ lang.mailbox.aliases }}</a>
      <ul class="dropdown-menu">
        <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-mbox-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mbox-aliases">{{ lang.mailbox.aliases }}</button></li>
        <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-domain-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domain-aliases">{{ lang.mailbox.domain_aliases }}</button></li>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -76,7 +76,7 @@ services:
            - clamd

    rspamd-mailcow:
-      image: mailcow/rspamd:1.93
+      image: mailcow/rspamd:1.92
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
@@ -106,7 +106,7 @@ services:
            - rspamd

    php-fpm-mailcow:
-      image: mailcow/phpfpm:1.83
+      image: mailcow/phpfpm:1.82
      command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
      depends_on:
        - redis-mailcow
@@ -154,7 +154,7 @@ services:
        - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
        - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
        - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
        - SKIP_CLAMD=${SKIP_CLAMD:-n}
        - SKIP_SOGO=${SKIP_SOGO:-n}
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
@@ -169,7 +169,7 @@ services:
            - phpfpm

    sogo-mailcow:
-      image: mailcow/sogo:1.116
+      image: mailcow/sogo:1.115
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
@@ -191,7 +191,7 @@ services:
      volumes:
        - ./data/hooks/sogo:/hooks:Z
        - ./data/conf/sogo/:/etc/sogo/:z
-        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
+        - ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
        - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
        - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
        - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
@@ -216,7 +216,7 @@ services:
            - sogo

    dovecot-mailcow:
-      image: mailcow/dovecot:1.23
+      image: mailcow/dovecot:1.20-xapian
      depends_on:
        - mysql-mailcow
      dns:
@@ -250,7 +250,8 @@ services:
        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
        - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
+        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
+        - XAPIAN_HEAP=${XAPIAN_HEAP:-1024}
        - MAILDIR_SUB=${MAILDIR_SUB:-}
        - MASTER=${MASTER:-y}
        - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
@@ -281,7 +282,7 @@ services:
        ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
        ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
        ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
-        ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
+        ofelia.job-exec.dovecot_fts.command: "doveadm fts optimize -A"
        ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
        ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
      ulimits:
@@ -425,7 +426,7 @@ services:
            - acme

    netfilter-mailcow:
-      image: mailcow/netfilter:1.52
+      image: mailcow/netfilter:1.51
      stop_grace_period: 30s
      depends_on:
        - dovecot-mailcow
@@ -510,7 +511,7 @@ services:
            - watchdog

    dockerapi-mailcow:
-      image: mailcow/dockerapi:2.02
+      image: mailcow/dockerapi:2.01
      security_opt:
        - label=disable
      restart: always
@@ -528,22 +529,6 @@ services:
          aliases:
            - dockerapi

-    solr-mailcow:
-      image: mailcow/solr:1.8.1
-      restart: always
-      volumes:
-        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
-      ports:
-        - "${SOLR_PORT:-127.0.0.1:18983}:8983"
-      environment:
-        - TZ=${TZ}
-        - SOLR_HEAP=${SOLR_HEAP:-1024}
-        - SKIP_SOLR=${SKIP_SOLR:-y}
-      networks:
-        mailcow-network:
-          aliases:
-            - solr
-
    olefy-mailcow:
      image: mailcow/olefy:1.11
      restart: always
@@ -599,7 +584,6 @@ services:
        - netfilter-mailcow
        - watchdog-mailcow
        - dockerapi-mailcow
-        - solr-mailcow
      environment:
        - TZ=${TZ}
      image: robbertkl/ipv6nat
@@ -631,7 +615,6 @@ volumes:
  mysql-socket-vol-1:
  redis-vol-1:
  rspamd-vol-1:
-  solr-vol-1:
  postfix-vol-1:
  crypt-vol-1:
  sogo-web-vol-1:
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -122,23 +122,23 @@ else
 fi

 if [ ${MEM_TOTAL} -le "2097152" ]; then
-  echo "Disabling Solr on low-memory system."
-  SKIP_SOLR=y
+  echo "Disabling Xapian (full text search, build in Dovecot) on low-memory system."
+  SKIP_XAPIAN=y
 elif [ ${MEM_TOTAL} -le "3670016" ]; then
-  echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
-  echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
-  echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
-  read -r -p  "Do you want to disable Solr now? [Y/n] " response
+  echo "Installed memory is <= 3.5 GiB. We suggest you to disable Xapian (full text search, build in Dovecot) to prevent out-of-memory situations."
+  echo "The default Xapian heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
+  echo "Xapian can be re-enabled by setting SKIP_XAPIAN=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
+  read -r -p  "Do you want to disable the FTS Xapian now? [Y/n] " response
  case $response in
    [nN][oO]|[nN])
-      SKIP_SOLR=n
+      SKIP_XAPIAN=n
      ;;
    *)
-      SKIP_SOLR=y
+      SKIP_XAPIAN=y
    ;;
  esac
 else
-  SKIP_SOLR=n
+  SKIP_XAPIAN=n
 fi

 if [[ ${SKIP_BRANCH} != y ]]; then
@@ -205,8 +205,8 @@ DBUSER=mailcow

 # Please use long, random alphanumeric strings (A-Za-z0-9)

-DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
-DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)

 # ------------------------------
 # HTTP/S Bindings
@@ -243,7 +243,6 @@ POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
-SOLR_PORT=127.0.0.1:18983
 REDIS_PORT=127.0.0.1:7654

 # Your timezone
@@ -329,14 +328,14 @@ SKIP_CLAMD=${SKIP_CLAMD}

 SKIP_SOGO=n

-# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
+# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.

-SKIP_SOLR=${SKIP_SOLR}
+SKIP_XAPIAN=${SKIP_XAPIAN}

-# Solr heap size in MB, there is no recommendation, please see Solr docs.
-# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+# Xapian heap size in MB, there is no recommendation, please see Xapians docs.
+# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.

-SOLR_HEAP=1024
+XAPIAN_HEAP=1024

 # Allow admins to log into SOGo as email user (without any password)

--- a/helper-scripts/expiry-dates.sh
+++ b/helper-scripts/expiry-dates.sh
@@ -3,11 +3,10 @@
 [[ -f mailcow.conf ]] && source mailcow.conf
 [[ -f ../mailcow.conf ]] && source ../mailcow.conf

-POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${SMTP_PORT} -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${IMAP_PORT} -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${HTTPS_PORT} 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-
-echo "TLS expiry dates:"
-echo "Postfix: ${POSTFIX}"
-echo "Dovecot: ${DOVECOT}"
-echo "Nginx:   ${NGINX}"
+POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:25 -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:143 -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:443 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+echo TLS expiry dates:
+echo Postfix: ${POSTFIX}
+echo Dovecot: ${DOVECOT}
+echo Nginx: ${NGINX}
--- a/helper-scripts/mailcow-reset-admin.sh
+++ b/helper-scripts/mailcow-reset-admin.sh
@@ -19,7 +19,7 @@ read -r -p "Are you sure you want to reset the mailcow administrator account? [y
 response=${response,,}    # tolower
 if [[ "$response" =~ ^(yes|y)$ ]]; then
 	echo -e "\nWorking, please wait..."
-  random=$(</dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c${1:-16})
+  random=$(</dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16})
  password=$(docker exec -it $(docker ps -qf name=dovecot-mailcow) doveadm pw -s SSHA256 -p ${random} | tr -d '\r')
 	docker exec -it $(docker ps -qf name=mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin WHERE username='admin';"
  docker exec -it $(docker ps -qf name=mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=26.0.0
+NEXTCLOUD_VERSION=25.0.3

 echo -ne "Checking prerequisites..."
 sleep 1
@@ -97,12 +97,8 @@ elif [[ ${NC_UPDATE} == "y" ]]; then
    echo -e "\033[31mError: Nextcloud occ not found. Is Nextcloud installed?\033[0m"
    exit 1
  fi
-  if grep -q 'This version of Nextcloud is not compatible with PHP>=8.2.' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: This version of Nextcloud is not compatible with PHP>=8.2, we'll fix it\033[0m"
-    wget -q https://raw.githubusercontent.com/nextcloud/server/v26.0.0/lib/versioncheck.php -O ./data/web/nextcloud/lib/versioncheck.php
-	echo -e "\e[33mPlease restart the update again.\e[0m"
-  elif ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
-    echo -e "\033[31mError: Nextcloud seems not to be installed.\033[0m"
+  if ! grep -q 'installed: true' <<<$(docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ --no-warnings status"); then
+    echo "Nextcloud seems not to be installed."
    exit 1
  else
    docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/updater/updater.phar"
@@ -126,7 +122,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
    && chmod +x ./data/web/nextcloud/occ

  echo -e "\033[33mCreating 'nextcloud' database...\033[0m"
-  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+  NC_DBPASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
  NC_DBUSER=nextcloud
  NC_DBNAME=nextcloud

@@ -142,7 +138,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then

  echo ""
  echo -e "\033[33mInstalling Nextcloud...\033[0m"
-  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+  ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)

  echo -ne "[1/4] Setting correct permissions for www-data"
  docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud"
--- a/update.sh
+++ b/update.sh
@@ -176,19 +176,18 @@ remove_obsolete_nginx_ports() {
 }

 detect_docker_compose_command(){
-if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
+if ! [ "${DOCKER_COMPOSE_VERSION}" == "native" ] && ! [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
  if docker compose > /dev/null 2>&1; then
      if docker compose version --short | grep "2." > /dev/null 2>&1; then
        DOCKER_COMPOSE_VERSION=native
        COMPOSE_COMMAND="docker compose"
        echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
        echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
        sleep 2
        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
      else
        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
        exit 1
      fi
  elif docker-compose > /dev/null 2>&1; then
@@ -198,60 +197,26 @@ if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
        COMPOSE_COMMAND="docker-compose"
        echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
        echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf
        sleep 2
        echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
      else
        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-        echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+        echo -e "\e[31mPlease update/install regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
        exit 1
      fi
    fi

  else
    echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+    echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
    exit 1
  fi

 elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
  COMPOSE_COMMAND="docker compose"
-  # Check if Native Compose works and has not been deleted  
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker-compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1 || ! $COMPOSE_COMMAND --version | grep "^2." > /dev/null 2>&1; then
-      # IF it cannot find Standalone in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
-      exit 1
-    fi
-      # If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' $SCRIPT_DIR/mailcow.conf 
-      sleep 2
-  fi
-

 elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
  COMPOSE_COMMAND="docker-compose"
-  # Check if Standalone Compose works and has not been deleted  
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 | grep "^2." > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-      # IF it cannot find Native in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
-      exit 1
-    fi
-      # If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' $SCRIPT_DIR/mailcow.conf 
-      sleep 2
-  fi
 fi
 }

@@ -361,12 +326,8 @@ while (($#)); do
      echo -e "\e[32mRunning in forced mode...\e[0m"
      FORCE=y
    ;;
-    -d|--dev)
-      echo -e "\e[32mRunning in Developer mode...\e[0m"
-      DEV=y
-    ;;
    --help|-h)
-    echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -d|--dev, -h|--help]
+    echo './update.sh [-c|--check, --ours, --gc, --nightly, --prefetch, --skip-start, --skip-ping-check, --stable, -f|--force, -h|--help]

  -c|--check           -   Check for updates and exit (exit codes => 0: update available, 3: no updates)
  --ours               -   Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended!
@@ -377,7 +338,6 @@ while (($#)); do
  --skip-ping-check    -   Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine)
  --stable             -   Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
  -f|--force           -   Force update, do not ask questions
-  -d|--dev             -   Enables Developer Mode (No Checkout of update.sh for tests)
 '
    exit 1
  esac
@@ -428,8 +388,8 @@ CONFIG_ARRAY=(
  "MAILDIR_GC_TIME"
  "MAILDIR_SUB"
  "ACL_ANYONE"
-  "SOLR_HEAP"
-  "SKIP_SOLR"
+  "XAPIAN_HEAP"
+  "SKIP_XAPIAN"
  "ENABLE_SSL_SNI"
  "ALLOW_ADMIN_EMAIL_LOGIN"
  "SKIP_HTTP_VERIFICATION"
@@ -550,20 +510,20 @@ for option in ${CONFIG_ARRAY[@]}; do
      echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
      echo 'ACL_ANYONE=disallow' >> mailcow.conf
    fi
-  elif [[ ${option} == "SOLR_HEAP" ]]; then
+  elif [[ ${option} == "XAPIAN_HEAP" ]]; then
    if ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
-      echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
-      echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
-      echo "SOLR_HEAP=1024" >> mailcow.conf
+      echo "Replacing SOLR_HEAP with \"${option}\" in mailcow.conf"
+      sed -i '/# Solr heap size in MB, there is no recommendation, please see Solr docs./c\# Xapian heap size in MB, there is no recommendation, please see Xapians docs.' mailcow.conf
+      sed -i '/# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended./c\# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.'  mailcow.conf
+      sed -i '/SOLR_HEAP=/c\XAPIAN_HEAP=' mailcow.conf
    fi
-  elif [[ ${option} == "SKIP_SOLR" ]]; then
+  elif [[ ${option} == "SKIP_XAPIAN" ]]; then
    if ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
-      echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
-      echo "SKIP_SOLR=y" >> mailcow.conf
+      echo "Replacing SKIP_SOLR with \"${option}\" in mailcow.conf"
+      sed -i '/# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1./c\# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.' mailcow.conf
+      sed -i '/SKIP_SOLR=/c\SKIP_XAPIAN=' mailcow.conf
+      echo "Removing Solr-Port Binding from mailcow.conf"
+      sed -i '/SOLR_PORT=/d' mailcow.conf
    fi
  elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
    if ! grep -q ${option} mailcow.conf; then
@@ -637,7 +597,7 @@ for option in ${CONFIG_ARRAY[@]}; do
      echo "Adding new option \"${option}\" to mailcow.conf"
      echo '# Password hash algorithm' >> mailcow.conf
      echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-      echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
+      echo '# see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/' >> mailcow.conf
      echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
    fi
  elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
@@ -657,7 +617,7 @@ for option in ${CONFIG_ARRAY[@]}; do
      echo '# Optional: Leave empty for none' >> mailcow.conf
      echo '# This value is only used on first order!' >> mailcow.conf
      echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
-      echo '# https://docs.mailcow.email/troubleshooting/debug-reset_tls/' >> mailcow.conf
+      echo '# https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/' >> mailcow.conf
      echo 'ACME_CONTACT=' >> mailcow.conf
  fi
  elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
@@ -767,7 +727,6 @@ elif [ $NEW_BRANCH == "nightly" ] && [ $CURRENT_BRANCH != "nightly" ]; then
  git checkout -f ${BRANCH}
 fi

-if [ ! $DEV ]; then
 echo -e "\e[32mChecking for newer update script...\e[0m"
 SHA1_1=$(sha1sum update.sh)
 git fetch origin #${BRANCH}
@@ -778,7 +737,6 @@ if [ ! $DEV ]; then
  chmod +x update.sh
  exit 2
 fi
-fi

 if [ ! $FORCE ]; then
  read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response
@@ -944,6 +902,9 @@ else
  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi

+# Set DOCKER_COMPOSE_VERSION
+sed -i 's/^DOCKER_COMPOSE_VERSION=$/DOCKER_COMPOSE_VERSION='$DOCKER_COMPOSE_VERSION'/g' mailcow.conf
+
 if [[ ${SKIP_START} == "y" ]]; then
  echo -e "\e[33mNot starting mailcow, please run \"$COMPOSE_COMMAND up -d --remove-orphans\" to start mailcow.\e[0m"
 else
Author	SHA1	Message	Date
DerLinkman	f09c8534f5	Merge branch 'master' into feature/fts-xapian	2023-03-15 16:13:51 +01:00
DerLinkman	0408bbf57f	Merge branch 'feature/bootstrap5' into feature/fts-xapian	2022-11-23 12:00:15 +01:00
DerLinkman	eb4a33dc27	Implemented current state of UI (BS5)	2022-10-19 13:41:33 +02:00
DerLinkman	a0ae59f8bf	Added 1.20-Xapian Image	2022-10-07 17:19:15 +02:00
DerLinkman	60871fa7d0	Merge remote-tracking branch 'origin/staging' into feature/fts-xapian	2022-10-07 17:06:12 +02:00
DerLinkman	59a4031e24	Merge branch 'staging' into feature/fts-xapian	2022-10-07 17:03:28 +02:00
DerLinkman	04f55fc748	Updated newer Compenent Versions	2022-10-07 17:01:32 +02:00
DerLinkman	3ba3f1c2bd	Updated Dovecot Configs to be up to date	2022-09-30 20:37:48 +02:00
DerLinkman	b0fd9787b5	Enabled Substring Search for flatcurve	2022-07-20 15:49:43 +02:00
DerLinkman	df3de09050	Multi Build Dovecot Building + Config Optimizations	2022-07-18 18:35:22 +02:00
DerLinkman	86079429b3	Using Stable Dovecot Builds for flatcurve	2022-07-18 14:24:46 +02:00
DerLinkman	ed476aae6b	Removed Solr Leftovers + renamed flatcurve conf	2022-07-18 11:15:40 +02:00
moo	f0e27312f9	Restored manual Dovecot Build	2022-05-12 11:11:13 +02:00
moo	3425bcfbf0	Renamed, reconfigured needed Xapian files for Flatcurve	2022-04-29 14:35:54 +02:00
moo	bfa81b318d	Changed Build process to fts-flatcurve Version of Xapian FTS	2022-04-29 14:28:49 +02:00
Niklas Meyer	8dba0ca7dd	Merge branch 'staging' into feature/fts-xapian	2022-03-02 17:07:18 +01:00
Niklas Meyer	5bd3394ed9	Delete decode2text.sh	2022-02-23 16:12:15 +01:00
Niklas Meyer	c0e66254b9	Cleanup Dockerfile + Added new dependencies	2022-02-23 09:45:28 +01:00
Niklas Meyer	aec2dd1252	Merge pull request #4455 from DerLinkman/Dovecot-FTS-XAPIAN [XAPIAN] Added Solr Replacement [BETA]	2022-02-07 08:39:17 +01:00
Niklas Meyer	d86e9a22f4	Fetch Staging from orig Repo (#3 ) * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag error handling * [Web] add github version tag error handling * Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php. * [Web] add github version tag - adjust css * [Compose] Update SOGo Autoreply Schedule to 5m Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436 * [Web] add github version tag - move twig globals * [Web] add github version tag - missing </div> * Passwordless SOGo auth: improvements for when accessing other users * [WebAuthn] fido2 passwordless auth - fix (#4440) * [WebAuthn] fido2 revert * [WebAuthn] set UV flags to 'discouraged' * [WebAuthn] revert - set UV flags to 'discouraged' * Update clamav to 0.104.2 * Update clamav to 0.104.2 * Update dovecot to 2.3.18 Update gosu to 1.14 Use debian bullseye as base * [Web] Updated lang.es.json [CI SKIP] (#4453) Co-authored-by: Fijxu <fijxu@zzls.xyz> Co-authored-by: milkmaker <milkmaker@mailcow.de> Co-authored-by: Fijxu <fijxu@zzls.xyz> Co-authored-by: FreddleSpl0it <patschul@posteo.de> Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com> Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com> Co-authored-by: Peter <magic@kthx.at> Co-authored-by: milkmaker <milkmaker@mailcow.de> Co-authored-by: Fijxu <fijxu@zzls.xyz>	2022-02-07 08:28:10 +01:00
Niklas Meyer	db73f83c4e	Merge pull request #2 from mailcow/master Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)	2022-02-07 08:21:31 +01:00
Niklas Meyer	28582c5842	[Compose] Changed Ofelia CMD for fts optimize	2022-02-01 14:50:19 +01:00
Niklas Meyer	3d637aca25	[Dovecot] Added Xapian Parameters from mailcow.conf	2022-02-01 14:48:46 +01:00
Niklas Meyer	d079ff49c6	Update syslog-ng.conf	2022-01-28 17:21:20 +01:00
Niklas Meyer	2d6ce926e1	Update syslog-ng-redis_slave.conf	2022-01-28 17:21:07 +01:00
Niklas Meyer	60ddfe3be2	[Dovecot] Added Xapian include	2022-01-28 17:07:12 +01:00
Niklas Meyer	30e2d944cd	[Dovecot] Removed Xapian from dovecot.conf This added a include try pointing on the file instead.	2022-01-28 16:51:33 +01:00
Niklas Meyer	99ea569288	[Dovecot] Added seperate XAPIAN Conf	2022-01-28 16:49:58 +01:00
Niklas Meyer	c98ef0d0c5	Delete FTS-Xapian.conf	2022-01-28 16:49:30 +01:00
Niklas Meyer	f09ca0a36a	[Dovecot] Added seperate XAPIAN Conf	2022-01-28 16:48:51 +01:00
Niklas Meyer	cdce97bd59	[Dovecot] Changed Xapian default to 1024m instead of 2G	2022-01-28 15:03:23 +01:00
Niklas Meyer	ed8941440a	[Dovecot] Added Xapian default config	2022-01-28 12:27:57 +01:00
Niklas Meyer	570170a5b1	[Compose] Remove solr from ipv6-nat dependencies	2022-01-28 12:24:51 +01:00
Niklas Meyer	df2c33d323	[Compose] Replace solr to Xapian (in dovecot) First revision. Waiting on: https://github.com/grosjo/fts-xapian/issues/115	2022-01-28 11:19:38 +01:00
Niklas Meyer	f2e0e50f87	[Config] Readded default Value for Xapian Heap	2022-01-28 11:01:31 +01:00
Niklas Meyer	26c5ed73e2	[Config] Replace Solr with Xapian (Remove Solr Binds)	2022-01-28 10:45:33 +01:00
Niklas Meyer	148b511f9d	[Update.sh] Replace Solr with Xapian	2022-01-28 10:44:08 +01:00
Niklas Meyer	311007700b	[Dovecot] Add decode2text.sh	2022-01-27 15:36:03 +01:00
Niklas Meyer	3a9177bd4c	Merge branch 'mailcow:master' into Dovecot-FTS-XAPIAN	2022-01-27 08:24:43 +01:00
Niklas Meyer	bca09e3afa	[Dovecot] Rebase on Bullseye + Xapian Compile This Push adds the bullseye rebase + the compilation of the XAPIAN Core + Plugin to run with Dovecot 2.3.17	2022-01-27 08:24:28 +01:00
Peter	cfba96f7e0	[GH-Actions][stale] Add neverstale label to exempt list	2022-01-22 17:41:46 +01:00
ntimo	c82f38a025	[API] Fix minor issue in api docs	2022-01-21 21:29:16 +00:00