Restructured main.cf

* [Web] Updated lang.de-de.json

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.es-es.json

Co-authored-by: Marco Truffat <truffatmarco@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.hu-hu.json

[Web] Updated lang.hu-hu.json

[Web] Updated lang.hu-hu.json

Co-authored-by: 0xAndrewBlack <0xandrewblack@gmail.com>
Co-authored-by: Kántor Attila <attilalaci300@gmail.com>
Co-authored-by: Mihály Szilágyi <szimih90@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.ro-ro.json

Co-authored-by: Vlad M <vlad+mailcow@manoila.co.uk>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.ru-ru.json

Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.gr-gr.json

[Web] Added lang.gr-gr.json

Co-authored-by: Nik Beaver <nik@beavers.forsale>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.fr-fr.json

Co-authored-by: Adrien Kara <mailcow-translate@iglou.eu>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.en-gb.json

Co-authored-by: Philipp E <ph.ecker@philipp-dev.info>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.ca-es.json

Co-authored-by: Marco Truffat <truffatmarco@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.it-it.json

Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.uk-ua.json

Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.si-si.json

[Web] Updated lang.si-si.json

[Web] Updated lang.si-si.json

[Web] Added lang.si-si.json

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: gomiunik <boris@gomiunik.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* Add Greek + Slovenian

---------

Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: Marco Truffat <truffatmarco@gmail.com>
Co-authored-by: 0xAndrewBlack <0xandrewblack@gmail.com>
Co-authored-by: Kántor Attila <attilalaci300@gmail.com>
Co-authored-by: Mihály Szilágyi <szimih90@gmail.com>
Co-authored-by: Vlad M <vlad+mailcow@manoila.co.uk>
Co-authored-by: Oleksii Kruhlenko <a.kruglenko@gmail.com>
Co-authored-by: Nik Beaver <nik@beavers.forsale>
Co-authored-by: Adrien Kara <mailcow-translate@iglou.eu>
Co-authored-by: Philipp E <ph.ecker@philipp-dev.info>
Co-authored-by: Michele Caputo <michele@caputoweb.xyz>
Co-authored-by: gomiunik <boris@gomiunik.net>

.github/workflows/check_prs_if_on_staging.yml

@@ -10,7 +10,7 @@ jobs:
     if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
     steps:
       - name: Send message
-        uses: thollander/actions-comment-pull-request@v2.3.1
+        uses: thollander/actions-comment-pull-request@v2.4.2
         with:
           GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |

.gitignore

@@ -36,6 +36,8 @@ data/conf/postfix/extra.cf
 data/conf/postfix/sni.map
 data/conf/postfix/sni.map.db
 data/conf/postfix/sql
+data/conf/postfix/dns_blocklists.cf
+data/conf/postfix/dnsbl_reply.map
 data/conf/rspamd/custom/*
 data/conf/rspamd/local.d/*
 data/conf/rspamd/override.d/*

data/Dockerfiles/dockerapi/modules/DockerApi.py

@@ -1,5 +1,6 @@
 import psutil
 import sys
+import os
 import re
 import time
 import json

data/Dockerfiles/postfix/postfix.sh

@@ -393,12 +393,122 @@ query = SELECT goto FROM spamalias
     AND validity >= UNIX_TIMESTAMP()
 EOF
 
-sed -i '/User overrides/q' /opt/postfix/conf/main.cf
+if [ ! -f /opt/postfix/conf/dns_blocklists.cf ]; then
+  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
+# This file can be edited. 
+# Delete this file and restart postfix container to revert any changes.
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  dnsbl.sorbs.net=127.0.0.10*8
+  dnsbl.sorbs.net=127.0.0.5*6
+  dnsbl.sorbs.net=127.0.0.7*3
+  dnsbl.sorbs.net=127.0.0.8*2
+  dnsbl.sorbs.net=127.0.0.6*2
+  dnsbl.sorbs.net=127.0.0.9*2
+EOF
+fi
+DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
+
+if [ ! -z "$DNSBL_CONFIG" ]; then
+  echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
+  if [ -n "$SPAMHAUS_DQS_KEY" ]; then
+    echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m"
+    echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m"
+    SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[2..255]
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+
+smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
+  permit_sasl_authenticated,
+  permit_mynetworks,
+  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
+  reject_invalid_helo_hostname,
+  reject_unauth_destination,
+  reject_rhsbl_sender ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
+  reject_rhsbl_helo ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
+  reject_rhsbl_reverse_client ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.1.[2..99],
+  reject_rhsbl_sender ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
+  reject_rhsbl_helo ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
+  reject_rhsbl_reverse_client ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.2.[2..24],
+  reject_rbl_client ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[2..255]
+EOF
+
+  cat <<EOF > /opt/postfix/conf/dnsbl_reply.map
+# Autogenerated by mailcow, using Spamhaus DQS reply domains
+${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net     sbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.xbl.dq.spamhaus.net     xbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.pbl.dq.spamhaus.net     pbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net     zen.spamhaus.org
+${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net     dbl.spamhaus.org
+${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net     zrd.spamhaus.org
+EOF
+    )
+  else
+    if [ -f "/opt/postfix/conf/dnsbl_reply.map" ]; then
+      rm /opt/postfix/conf/dnsbl_reply.map
+    fi
+    response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+    if [ "$response" -eq 503 ]; then
+      echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m"
+      echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=""
+    elif [ "$response" -eq 200 ]; then
+      echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m"
+      echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=$(cat <<EOF
+  zen.spamhaus.org=127.0.0.[2..11]
+
+smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
+  permit_sasl_authenticated,
+  permit_mynetworks,
+  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
+  reject_invalid_helo_hostname,
+  reject_unauth_destination,
+  reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
+  reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],
+  reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],
+  reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99],
+  warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255]
+
+EOF
+      )
+
+    else
+      echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m"
+      echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m"
+      SPAMHAUS_DNSBL_CONFIG=""
+    fi
+  fi
+fi
+
+# Reset main.cf
+sed -i '/Overrides/q' /opt/postfix/conf/main.cf
 echo >> /opt/postfix/conf/main.cf
+# Append postscreen dnsbl sites to main.cf
+if [ ! -z "$DNSBL_CONFIG" ]; then
+  echo -e "${DNSBL_CONFIG}\n${SPAMHAUS_DNSBL_CONFIG}" >> /opt/postfix/conf/main.cf
+fi
+# Append user overrides
+echo -e "\n# User Overrides" >> /opt/postfix/conf/main.cf
 touch /opt/postfix/conf/extra.cf
 sed -i '/myhostname/d' /opt/postfix/conf/extra.cf
 echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > /opt/postfix/conf/extra.cf
-
 cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
 
 if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then

data/conf/nginx/includes/site-defaults.conf

@@ -114,7 +114,7 @@
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_redirect off;
-      error_page 403 /_rspamderror.php;
+      error_page 401 /_rspamderror.php;
     }
     proxy_pass       http://rspamd:11334/;
     proxy_set_header Host      $http_host;

data/conf/postfix/main.cf

@@ -40,34 +40,6 @@ postscreen_blacklist_action = drop
 postscreen_cache_cleanup_interval = 24h
 postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
 postscreen_dnsbl_action = enforce
-postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-  hostkarma.junkemailfilter.com=127.0.0.1*-2
-  list.dnswl.org=127.0.[0..255].0*-2
-  list.dnswl.org=127.0.[0..255].1*-4
-  list.dnswl.org=127.0.[0..255].2*-6
-  list.dnswl.org=127.0.[0..255].3*-8
-  ix.dnsbl.manitu.net*2
-  bl.spamcop.net*2
-  bl.suomispam.net*2
-  hostkarma.junkemailfilter.com=127.0.0.2*3
-  hostkarma.junkemailfilter.com=127.0.0.4*2
-  hostkarma.junkemailfilter.com=127.0.1.2*1
-  backscatter.spameatingmonkey.net*2
-  bl.ipv6.spameatingmonkey.net*2
-  bl.spameatingmonkey.net*2
-  b.barracudacentral.org=127.0.0.2*7
-  bl.mailspike.net=127.0.0.2*5
-  bl.mailspike.net=127.0.0.[10;11;12]*4
-  dnsbl.sorbs.net=127.0.0.10*8
-  dnsbl.sorbs.net=127.0.0.5*6
-  dnsbl.sorbs.net=127.0.0.7*3
-  dnsbl.sorbs.net=127.0.0.8*2
-  dnsbl.sorbs.net=127.0.0.6*2
-  dnsbl.sorbs.net=127.0.0.9*2
-  zen.spamhaus.org=127.0.0.[10;11]*8
-  zen.spamhaus.org=127.0.0.[4..7]*6
-  zen.spamhaus.org=127.0.0.3*4
-  zen.spamhaus.org=127.0.0.2*3
 postscreen_dnsbl_threshold = 6
 postscreen_dnsbl_ttl = 5m
 postscreen_greet_action = enforce
@@ -115,12 +87,6 @@ smtpd_error_sleep_time = 10s
 smtpd_hard_error_limit = ${stress?1}${stress:5}
 smtpd_helo_required = yes
 smtpd_proxy_timeout = 600s
-smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
-  permit_sasl_authenticated,
-  permit_mynetworks,
-  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
-  reject_invalid_helo_hostname,
-  reject_unauth_destination
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_sasl_path = inet:dovecot:10001
@@ -197,4 +163,4 @@ smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
 
 # DO NOT EDIT ANYTHING BELOW #
-# User overrides #
+# Overrides #

data/conf/postfix/postscreen_access.cidr

@@ -1,15 +1,20 @@
-# Whitelist generated by Postwhite v3.4 on Mon 21 Mar 2022 06:50:26 PM CET
+# Whitelist generated by Postwhite v3.4 on Mon Jul 31 10:06:06 UTC 2023
 # https://github.com/stevejenkins/postwhite/
-# 1898 total rules
+# 2043 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
-2a01:111:f403::/48	permit
-2a01:4180:4050:0400::/64	permit
-2a01:4180:4050:0800::/64	permit
-2a01:4180:4051:0400::/64	permit
-2a01:4180:4051:0800::/64	permit
+2a01:111:f403:8000::/50	permit
+2a01:111:f403::/49	permit
+2a01:111:f403:c000::/51	permit
+2a01:111:f403:f000::/52	permit
 2a02:a60:0:5::/64	permit
 2c0f:fb50:4000::/36	permit
+2.207.151.53	permit
+3.14.230.16	permit
+3.70.123.177	permit
+3.93.157.0/24	permit
+3.129.120.190	permit
+3.210.190.0/24	permit
 8.20.114.31	permit
 8.25.194.0/23	permit
 8.25.196.0/23	permit
@@ -19,41 +24,53 @@
 13.70.32.43	permit
 13.72.50.45	permit
 13.74.143.28	permit
-13.77.161.179	permit
 13.78.233.182	permit
 13.92.31.129	permit
 13.110.208.0/21	permit
+13.110.209.0/24	permit
 13.110.216.0/22	permit
 13.110.224.0/20	permit
 13.111.0.0/16	permit
-17.41.0.0/16	permit
+15.200.21.50	permit
+15.200.44.248	permit
+15.200.201.185	permit
 17.57.155.0/24	permit
 17.57.156.0/24	permit
 17.58.0.0/16	permit
-17.110.0.0/15	permit
-17.142.0.0/15	permit
-17.162.0.0/15	permit
-17.164.0.0/16	permit
-17.171.37.0/24	permit
-17.172.0.0/16	permit
-17.179.168.0/23	permit
+18.156.89.250	permit
+18.157.243.190	permit
 18.194.95.56	permit
 18.198.96.88	permit
-20.47.149.138	permit
-20.48.0.0/12	permit
+18.208.124.128/25	permit
+18.216.232.154	permit
+18.234.1.244	permit
+18.236.40.242	permit
+20.51.6.32/30	permit
 20.52.52.2	permit
 20.52.128.133	permit
+20.59.80.4/30	permit
 20.63.210.192/28	permit
-20.64.0.0/10	permit
+20.69.8.108/30	permit
+20.70.246.20	permit
+20.76.201.171	permit
+20.83.222.104/30	permit
+20.88.157.184/30	permit
 20.94.180.64/28	permit
+20.97.34.220/30	permit
+20.98.148.156/30	permit
+20.98.194.68/30	permit
+20.105.209.76/30	permit
+20.107.239.64/30	permit
+20.112.250.133	permit
+20.118.139.208/30	permit
 20.185.213.160/27	permit
 20.185.213.224/27	permit
 20.185.214.0/27	permit
 20.185.214.2	permit
 20.185.214.32/27	permit
 20.185.214.64/27	permit
-20.192.0.0/10	permit
-23.100.85.1	permit
+20.231.239.246	permit
+20.236.44.162	permit
 23.103.224.0/19	permit
 23.249.208.0/20	permit
 23.251.224.0/19	permit
@@ -78,46 +95,38 @@
 27.123.206.56/29	permit
 27.123.206.76/30	permit
 27.123.206.80/28	permit
-34.194.25.167	permit
-34.194.144.120	permit
+31.25.48.222	permit
+34.195.217.107	permit
+34.202.239.6	permit
 34.212.163.75	permit
+34.215.104.144	permit
 34.225.212.172	permit
 34.247.168.44	permit
+35.161.32.253	permit
+35.167.93.243	permit
 35.176.132.251	permit
 35.190.247.0/24	permit
 35.191.0.0/16	permit
-37.188.97.188	permit
 37.218.248.47	permit
 37.218.249.47	permit
 37.218.251.62	permit
 39.156.163.64/29	permit
 40.71.187.0/24	permit
-40.76.4.15	permit
-40.77.102.222	permit
 40.92.0.0/15	permit
-40.97.116.82	permit
-40.97.128.194	permit
-40.97.148.226	permit
-40.97.153.146	permit
-40.97.156.114	permit
-40.97.160.2	permit
-40.97.161.50	permit
-40.97.164.146	permit
 40.107.0.0/16	permit
 40.112.65.63	permit
-40.112.72.205	permit
-40.113.200.201	permit
 40.117.80.0/24	permit
-40.121.71.46	permit
 41.74.192.0/22	permit
 41.74.196.0/22	permit
 41.74.200.0/23	permit
 41.74.204.0/23	permit
 41.74.206.0/24	permit
-42.159.163.81	permit
-42.159.163.82	permit
-42.159.163.83	permit
 43.228.184.0/22	permit
+44.206.138.57	permit
+44.209.42.157	permit
+44.236.56.93	permit
+44.238.220.251	permit
+46.19.168.0/23	permit
 46.226.48.0/21	permit
 46.228.36.37	permit
 46.228.36.38/31	permit
@@ -167,6 +176,8 @@
 46.243.88.175	permit
 46.243.88.176	permit
 46.243.88.177	permit
+46.243.95.179	permit
+46.243.95.180	permit
 50.18.45.249	permit
 50.18.121.236	permit
 50.18.121.248	permit
@@ -178,11 +189,6 @@
 50.31.32.0/19	permit
 50.31.156.96/27	permit
 50.31.205.0/24	permit
-51.4.71.62	permit
-51.4.72.0/24	permit
-51.4.80.0/27	permit
-51.5.72.0/24	permit
-51.5.80.0/27	permit
 51.137.58.21	permit
 51.140.75.55	permit
 51.144.100.179	permit
@@ -191,17 +197,28 @@
 52.5.230.59	permit
 52.27.5.72	permit
 52.27.28.47	permit
-52.33.191.91	permit
+52.28.63.81	permit
 52.36.138.31	permit
 52.37.142.146	permit
-52.38.191.253	permit
-52.41.64.145	permit
+52.58.216.183	permit
+52.59.143.3	permit
 52.60.41.5	permit
 52.60.115.116	permit
+52.61.91.9	permit
+52.71.0.205	permit
 52.82.172.0/22	permit
 52.94.124.0/28	permit
 52.95.48.152/29	permit
 52.95.49.88/29	permit
+52.96.91.34	permit
+52.96.111.82	permit
+52.96.172.98	permit
+52.96.214.50	permit
+52.96.222.194	permit
+52.96.222.226	permit
+52.96.223.2	permit
+52.96.228.130	permit
+52.96.229.242	permit
 52.100.0.0/14	permit
 52.119.213.144/28	permit
 52.160.39.140	permit
@@ -214,23 +231,29 @@
 52.222.73.83	permit
 52.222.73.120	permit
 52.222.75.85	permit
+52.222.89.228	permit
 52.234.172.96/28	permit
 52.236.28.240/28	permit
-52.237.141.173	permit
 52.244.206.214	permit
 52.247.53.144	permit
 52.250.107.196	permit
 52.250.126.174	permit
-52.251.55.143	permit
 54.90.148.255	permit
-54.156.255.69	permit
 54.172.97.247	permit
+54.174.52.0/24	permit
+54.174.53.128/30	permit
+54.174.57.0/24	permit
+54.174.59.0/24	permit
+54.174.60.0/23	permit
+54.174.63.0/24	permit
 54.186.193.102	permit
-54.191.223.5	permit
+54.191.223.56	permit
 54.194.61.95	permit
 54.195.113.45	permit
+54.213.20.246	permit
 54.214.39.184	permit
 54.216.77.168	permit
+54.221.227.204	permit
 54.240.0.0/18	permit
 54.240.64.0/19	permit
 54.240.96.0/19	permit
@@ -238,7 +261,9 @@
 54.244.54.130	permit
 54.244.242.0/24	permit
 54.246.232.180	permit
+54.255.61.23	permit
 62.13.128.0/24	permit
+62.13.128.150	permit
 62.13.129.128/25	permit
 62.13.136.0/22	permit
 62.13.140.0/22	permit
@@ -249,22 +274,29 @@
 62.17.146.128/26	permit
 62.140.7.0/24	permit
 62.140.10.21	permit
+62.179.121.0/24	permit
+62.201.172.0/27	permit
+62.201.172.32/27	permit
+62.253.227.114	permit
 63.32.13.159	permit
 63.80.14.0/23	permit
+63.111.28.137	permit
 63.128.21.0/24	permit
 63.143.57.128/25	permit
 63.143.59.128/25	permit
 64.18.0.0/20	permit
 64.20.241.45	permit
-64.34.47.128/27	permit
-64.34.57.192/26	permit
+64.69.212.0/24	permit
 64.71.149.160/28	permit
 64.79.155.0/24	permit
+64.79.155.192	permit
+64.79.155.193	permit
+64.79.155.205	permit
+64.79.155.206	permit
 64.89.44.85	permit
 64.89.45.80	permit
 64.89.45.194	permit
 64.89.45.196	permit
-64.95.144.196	permit
 64.127.115.252	permit
 64.132.88.0/23	permit
 64.132.92.0/24	permit
@@ -290,6 +322,7 @@
 64.207.219.71	permit
 64.207.219.72	permit
 64.207.219.73	permit
+64.207.219.75	permit
 64.207.219.77	permit
 64.207.219.78	permit
 64.207.219.79	permit
@@ -300,9 +333,6 @@
 64.207.219.142	permit
 64.207.219.143	permit
 64.233.160.0/19	permit
-65.38.115.76	permit
-65.38.115.84	permit
-65.39.215.0/24	permit
 65.52.80.137	permit
 65.54.51.64/26	permit
 65.54.61.64/26	permit
@@ -342,6 +372,10 @@
 66.111.4.225	permit
 66.111.4.229	permit
 66.111.4.230	permit
+66.119.150.192/26	permit
+66.135.202.0/27	permit
+66.135.215.0/24	permit
+66.135.222.1	permit
 66.162.193.226/31	permit
 66.163.184.0/21	permit
 66.163.184.0/24	permit
@@ -373,7 +407,8 @@
 66.196.81.234	permit
 66.211.168.230/31	permit
 66.211.170.86/31	permit
-66.211.170.88/30	permit
+66.211.170.88/29	permit
+66.211.184.0/23	permit
 66.218.74.64/30	permit
 66.218.74.68/31	permit
 66.218.75.112/30	permit
@@ -445,6 +480,8 @@
 68.142.230.72/30	permit
 68.142.230.76/31	permit
 68.142.230.78	permit
+68.232.140.138	permit
+68.232.157.143	permit
 68.232.192.0/20	permit
 69.63.178.128/25	permit
 69.63.181.0/24	permit
@@ -452,6 +489,10 @@
 69.65.42.195	permit
 69.65.49.192/29	permit
 69.72.32.0/20	permit
+69.72.40.93	permit
+69.72.40.94/31	permit
+69.72.40.96/30	permit
+69.72.47.205	permit
 69.147.84.227	permit
 69.162.98.0/24	permit
 69.169.224.0/20	permit
@@ -460,7 +501,7 @@
 70.37.151.128/25	permit
 70.42.149.0/24	permit
 70.42.149.35	permit
-72.3.185.0/24	permit
+72.3.237.64/28	permit
 72.14.192.0/18	permit
 72.21.192.0/19	permit
 72.21.217.142	permit
@@ -522,15 +563,11 @@
 72.30.239.228/31	permit
 72.30.239.244/30	permit
 72.30.239.248/31	permit
-72.32.154.0/24	permit
-72.32.217.0/24	permit
-72.32.243.0/24	permit
 72.34.168.76	permit
 72.34.168.80	permit
 72.34.168.85	permit
 72.34.168.86	permit
 72.52.72.32/28	permit
-72.52.72.36	permit
 74.6.128.0/21	permit
 74.6.128.0/24	permit
 74.6.129.0/24	permit
@@ -558,8 +595,11 @@
 74.112.67.243	permit
 74.125.0.0/16	permit
 74.202.227.40	permit
+74.208.4.192/26	permit
+74.208.5.64/26	permit
+74.208.122.0/26	permit
 74.209.250.0/24	permit
-74.209.250.12	permit
+76.223.128.0/19	permit
 76.223.176.0/20	permit
 77.238.176.0/22	permit
 77.238.176.0/24	permit
@@ -583,7 +623,13 @@
 77.238.189.146/31	permit
 77.238.189.148/30	permit
 81.223.46.0/27	permit
-84.16.77.1	permit
+82.165.159.0/24	permit
+82.165.159.0/26	permit
+82.165.229.31	permit
+82.165.229.130	permit
+82.165.230.21	permit
+82.165.230.22	permit
+84.116.36.0/24	permit
 85.158.136.0/21	permit
 86.61.88.25	permit
 87.198.219.130	permit
@@ -624,11 +670,11 @@
 87.248.117.201	permit
 87.248.117.202	permit
 87.248.117.205	permit
-87.252.219.254	permit
 87.253.232.0/21	permit
 89.22.108.0/24	permit
+91.194.248.0/23	permit
+91.211.240.0/22	permit
 91.220.42.0/24	permit
-94.236.119.0/26	permit
 94.245.112.0/27	permit
 94.245.112.10/31	permit
 95.131.104.0/21	permit
@@ -638,6 +684,7 @@
 96.43.148.64/28	permit
 96.43.148.64/31	permit
 96.43.151.64/28	permit
+98.97.248.0/21	permit
 98.136.44.181	permit
 98.136.44.182/31	permit
 98.136.44.184	permit
@@ -1142,23 +1189,21 @@
 98.139.245.212/31	permit
 99.78.197.208/28	permit
 103.2.140.0/22	permit
-103.9.8.121	permit
-103.9.8.122	permit
-103.9.8.123	permit
 103.9.96.0/22	permit
 103.13.69.0/24	permit
+103.28.42.0/24	permit
 103.47.204.0/22	permit
 103.96.21.0/24	permit
+103.96.22.0/24	permit
 103.96.23.0/24	permit
 103.151.192.0/23	permit
-103.237.104.0/22	permit
+103.168.172.128/27	permit
 104.43.243.237	permit
+104.44.112.128/25	permit
 104.47.0.0/17	permit
 104.130.96.0/28	permit
 104.130.122.0/23	permit
 104.214.25.77	permit
-104.215.148.63	permit
-104.215.186.3	permit
 104.245.209.192/26	permit
 106.10.144.64/27	permit
 106.10.144.100/31	permit
@@ -1320,6 +1365,8 @@
 117.120.16.0/21	permit
 119.42.242.52/31	permit
 119.42.242.156	permit
+121.244.91.48	permit
+122.15.156.182	permit
 123.126.78.64/29	permit
 124.47.150.0/24	permit
 124.47.189.0/24	permit
@@ -1335,20 +1382,35 @@
 128.127.70.0/26	permit
 128.245.0.0/20	permit
 128.245.64.0/20	permit
+128.245.176.0/20	permit
+128.245.242.0/24	permit
+128.245.242.16	permit
+128.245.242.17	permit
+128.245.242.18	permit
+128.245.243.0/24	permit
+128.245.244.0/24	permit
+128.245.245.0/24	permit
+128.245.246.0/24	permit
+128.245.247.0/24	permit
 129.41.77.70	permit
 129.41.169.249	permit
+129.80.5.164	permit
+129.80.67.121	permit
+129.146.88.28	permit
+129.146.147.105	permit
 129.146.236.58	permit
+129.151.67.221	permit
+129.153.62.216	permit
+129.153.104.71	permit
+129.153.168.146	permit
+129.153.190.200	permit
 129.153.194.228	permit
 129.159.87.137	permit
+129.213.195.191	permit
 130.61.9.72	permit
 130.211.0.0/22	permit
-130.248.172.0/24	permit
-130.248.173.0/24	permit
-131.107.0.0/16	permit
 131.253.30.0/24	permit
 131.253.121.0/26	permit
-131.253.121.20	permit
-131.253.121.52	permit
 132.145.13.209	permit
 132.226.26.225	permit
 132.226.49.32	permit
@@ -1358,9 +1420,13 @@
 134.170.141.64/26	permit
 134.170.143.0/24	permit
 134.170.174.0/24	permit
-135.84.80.192/26	permit
+135.84.80.0/24	permit
+135.84.81.0/24	permit
 135.84.82.0/24	permit
+135.84.83.0/24	permit
 135.84.216.0/22	permit
+136.143.160.0/24	permit
+136.143.161.0/24	permit
 136.143.182.0/23	permit
 136.143.184.0/24	permit
 136.143.188.0/24	permit
@@ -1369,34 +1435,53 @@
 136.147.176.0/20	permit
 136.147.176.0/24	permit
 136.147.182.0/24	permit
+136.179.50.206	permit
 138.91.172.26	permit
 139.60.152.0/22	permit
-139.178.64.159	permit
-139.178.64.195	permit
+139.138.35.44	permit
+139.138.46.121	permit
+139.138.46.176	permit
+139.138.46.219	permit
+139.138.57.55	permit
+139.138.58.119	permit
+139.180.17.0/24	permit
+141.148.159.229	permit
 141.193.32.0/23	permit
 143.55.224.0/21	permit
 143.55.232.0/22	permit
 143.55.236.0/22	permit
+143.244.80.0/20	permit
+144.24.6.140	permit
+144.34.8.247	permit
+144.34.9.247	permit
+144.34.32.247	permit
+144.34.33.247	permit
 144.178.36.0/24	permit
 144.178.38.0/24	permit
+145.253.228.160/29	permit
+145.253.239.128/29	permit
 146.20.112.0/26	permit
 146.20.113.0/24	permit
 146.20.191.0/24	permit
 146.20.215.0/24	permit
+146.20.215.182	permit
+146.88.28.0/24	permit
 146.101.78.0/24	permit
-147.75.65.173	permit
-147.75.65.174	permit
-147.75.98.190	permit
+147.28.36.0/24	permit
 147.160.158.0/24	permit
 147.243.1.47	permit
 147.243.1.48	permit
 147.243.1.153	permit
 147.243.128.24	permit
 147.243.128.26	permit
-148.105.0.14	permit
+148.105.0.0/16	permit
 148.105.8.0/21	permit
 149.72.0.0/16	permit
+149.97.173.180	permit
+150.230.98.160	permit
 152.67.105.195	permit
+152.69.200.236	permit
+155.248.208.51	permit
 157.55.0.192/26	permit
 157.55.1.128/26	permit
 157.55.2.0/25	permit
@@ -1412,32 +1497,43 @@
 157.56.232.0/21	permit
 157.56.240.0/20	permit
 157.56.248.0/21	permit
+157.58.30.128/25	permit
 157.58.196.96/29	permit
 157.58.249.3	permit
 157.151.208.65	permit
 157.255.1.64/29	permit
+158.101.211.207	permit
+158.120.80.0/21	permit
+158.247.16.0/20	permit
 159.92.157.0/24	permit
+159.92.157.16	permit
+159.92.157.17	permit
+159.92.157.18	permit
 159.92.158.0/24	permit
 159.92.159.0/24	permit
 159.92.160.0/24	permit
 159.92.161.0/24	permit
 159.92.162.0/24	permit
+159.112.240.0/20	permit
+159.112.242.162	permit
 159.135.132.128/25	permit
 159.135.140.80/29	permit
 159.135.224.0/20	permit
+159.135.228.10	permit
 159.183.0.0/16	permit
+160.1.62.192	permit
 161.38.192.0/20	permit
 161.38.204.0/22	permit
 161.71.32.0/19	permit
 161.71.64.0/20	permit
-162.208.119.181	permit
 162.247.216.0/22	permit
+163.47.180.0/22	permit
 163.47.180.0/23	permit
 163.114.130.16	permit
 163.114.132.120	permit
+165.173.128.0/24	permit
 166.78.68.0/22	permit
 166.78.68.221	permit
-166.78.69.146	permit
 166.78.69.169	permit
 166.78.69.170	permit
 166.78.71.131	permit
@@ -1457,10 +1553,13 @@
 167.216.129.210	permit
 167.216.131.180	permit
 167.220.67.232/29	permit
-167.220.67.238	permit
 168.138.5.36	permit
+168.138.73.51	permit
 168.245.0.0/17	permit
+169.148.129.0/24	permit
+169.148.131.0/24	permit
 170.10.68.0/22	permit
+170.10.128.0/24	permit
 170.10.129.0/24	permit
 170.10.133.0/24	permit
 172.217.0.0/19	permit
@@ -1475,10 +1574,8 @@
 173.194.0.0/16	permit
 173.203.79.182	permit
 173.203.81.39	permit
-173.224.160.128/25	permit
-173.224.160.188	permit
 173.224.161.128/25	permit
-173.228.155.0/24	permit
+173.224.165.0/26	permit
 174.36.84.8/29	permit
 174.36.84.16/29	permit
 174.36.84.32/29	permit
@@ -1491,6 +1588,7 @@
 174.36.114.152/29	permit
 174.37.67.28/30	permit
 174.129.203.189	permit
+175.41.215.51	permit
 176.32.105.0/24	permit
 176.32.127.0/24	permit
 178.236.10.128/26	permit
@@ -1498,8 +1596,9 @@
 182.50.76.0/22	permit
 182.50.78.64/28	permit
 183.240.219.64/29	permit
+185.4.120.0/23	permit
+185.4.122.0/24	permit
 185.12.80.0/22	permit
-185.28.196.0/22	permit
 185.58.84.93	permit
 185.58.85.0/24	permit
 185.58.86.0/24	permit
@@ -1509,9 +1608,13 @@
 185.80.93.204	permit
 185.80.93.227	permit
 185.80.95.31	permit
+185.90.20.0/22	permit
 185.189.236.0/22	permit
 185.211.120.0/22	permit
 185.250.236.0/22	permit
+185.250.239.148	permit
+185.250.239.168	permit
+185.250.239.190	permit
 188.125.68.132	permit
 188.125.68.152/31	permit
 188.125.68.156	permit
@@ -1563,7 +1666,7 @@
 188.125.85.238	permit
 188.172.128.0/20	permit
 192.0.64.0/18	permit
-192.28.128.0/18	permit
+192.18.139.154	permit
 192.30.252.0/22	permit
 192.64.236.0/24	permit
 192.64.237.0/24	permit
@@ -1579,16 +1682,21 @@
 192.254.113.10	permit
 192.254.113.101	permit
 192.254.114.176	permit
-192.254.118.63	permit
 193.7.206.0/25	permit
 193.7.207.0/25	permit
 193.109.254.0/23	permit
 193.122.128.100	permit
+194.64.234.128/27	permit
 194.64.234.129	permit
 194.104.109.0/24	permit
+194.104.110.21	permit
+194.104.110.240/28	permit
 194.104.111.0/24	permit
 194.106.220.0/23	permit
+194.113.24.0/22	permit
 194.154.193.192/27	permit
+195.4.92.0/23	permit
+195.54.172.0/23	permit
 195.130.217.0/24	permit
 195.234.109.226	permit
 195.245.230.0/23	permit
@@ -1605,19 +1713,23 @@
 198.37.144.0/20	permit
 198.37.152.186	permit
 198.61.254.0/23	permit
+198.61.254.21	permit
 198.61.254.231	permit
-198.74.56.28	permit
 198.178.234.57	permit
+198.244.48.0/20	permit
+198.244.60.0/22	permit
 198.245.80.0/20	permit
 198.245.81.0/24	permit
 199.15.176.173	permit
-199.15.212.0/22	permit
 199.15.213.187	permit
 199.15.226.37	permit
 199.16.156.0/22	permit
 199.33.145.1	permit
 199.33.145.32	permit
 199.59.148.0/22	permit
+199.67.84.0/24	permit
+199.67.86.0/24	permit
+199.67.88.0/24	permit
 199.101.161.130	permit
 199.101.162.0/25	permit
 199.122.120.0/21	permit
@@ -1630,8 +1742,10 @@
 202.177.148.110	permit
 203.31.36.0/22	permit
 203.32.4.25	permit
+203.55.21.0/24	permit
 203.81.17.0/24	permit
 203.122.32.250	permit
+203.145.57.160/27	permit
 203.188.194.32	permit
 203.188.194.151	permit
 203.188.194.203	permit
@@ -1666,28 +1780,31 @@
 203.209.230.76/31	permit
 204.11.168.0/21	permit
 204.13.11.48/29	permit
+204.13.11.48/30	permit
 204.14.232.0/21	permit
 204.14.232.64/28	permit
 204.14.234.64/28	permit
 204.29.186.0/23	permit
+204.75.142.0/24	permit
 204.79.197.212	permit
 204.92.114.187	permit
 204.92.114.203	permit
 204.92.114.204/31	permit
 204.141.32.0/23	permit
 204.141.42.0/23	permit
-204.153.121.0/24	permit
 204.232.168.0/24	permit
 205.139.110.0/24	permit
 205.201.128.0/20	permit
 205.201.131.128/25	permit
 205.201.134.128/25	permit
 205.201.136.0/23	permit
+205.201.137.229	permit
 205.201.139.0/24	permit
 205.207.104.0/22	permit
-205.207.104.108	permit
 205.220.167.17	permit
+205.220.167.98	permit
 205.220.179.17	permit
+205.220.179.98	permit
 205.251.233.32	permit
 205.251.233.36	permit
 206.25.247.143	permit
@@ -1723,6 +1840,7 @@
 207.211.31.0/25	permit
 207.211.41.113	permit
 207.218.90.0/24	permit
+207.218.90.122	permit
 207.250.68.0/24	permit
 208.40.232.70	permit
 208.43.21.28/30	permit
@@ -1758,8 +1876,10 @@
 208.71.42.212/31	permit
 208.71.42.214	permit
 208.72.249.240/29	permit
+208.74.204.0/22	permit
 208.74.204.9	permit
 208.75.120.0/22	permit
+208.75.121.246	permit
 208.75.122.246	permit
 208.82.237.96/29	permit
 208.82.237.104/31	permit
@@ -1773,14 +1893,13 @@
 209.46.117.168	permit
 209.46.117.179	permit
 209.61.151.0/24	permit
+209.61.151.236	permit
+209.61.151.249	permit
+209.61.151.251	permit
 209.67.98.46	permit
 209.67.98.59	permit
 209.85.128.0/17	permit
 212.4.136.0/26	permit
-212.25.240.80	permit
-212.25.240.83	permit
-212.25.240.84/31	permit
-212.25.240.88	permit
 212.82.96.0/24	permit
 212.82.96.32/27	permit
 212.82.96.64/29	permit
@@ -1821,6 +1940,12 @@
 212.82.111.228/31	permit
 212.82.111.230	permit
 212.123.28.40	permit
+212.227.15.0/24	permit
+212.227.15.0/25	permit
+212.227.17.0/27	permit
+212.227.126.128/25	permit
+213.46.255.0/24	permit
+213.165.64.0/23	permit
 213.167.75.0/25	permit
 213.167.81.0/25	permit
 213.199.128.139	permit
@@ -1861,6 +1986,10 @@
 216.46.168.0/24	permit
 216.58.192.0/19	permit
 216.66.217.240/29	permit
+216.71.138.33	permit
+216.71.152.207	permit
+216.71.154.29	permit
+216.71.155.89	permit
 216.74.162.13	permit
 216.74.162.14	permit
 216.82.240.0/20	permit
@@ -1870,33 +1999,49 @@
 216.109.114.0/24	permit
 216.109.114.32/27	permit
 216.109.114.64/29	permit
+216.113.160.0/24	permit
+216.113.172.0/25	permit
+216.113.175.0/24	permit
 216.128.126.97	permit
 216.136.162.65	permit
 216.136.162.120/29	permit
 216.136.168.80/28	permit
+216.145.217.0/24	permit
+216.145.221.0/24	permit
 216.198.0.0/18	permit
 216.203.30.55	permit
 216.203.33.178/31	permit
 216.205.24.0/24	permit
 216.239.32.0/19	permit
+217.72.192.64/26	permit
+217.72.192.248/29	permit
+217.72.207.0/27	permit
 217.77.141.52	permit
 217.77.141.59	permit
+217.175.194.0/24	permit
 222.73.195.64/29	permit
 223.165.113.0/24	permit
 223.165.115.0/24	permit
 223.165.118.0/23	permit
 223.165.120.0/23	permit
+2001:0868:0100:0600::/64	permit
 2001:4860:4000::/36	permit
+2001:748:100:40::2:0/112	permit
 2404:6800:4000::/36	permit
+2603:1010:3:3::5b	permit
+2603:1020:201:10::10f	permit
+2603:1030:20e:3::23c	permit
+2603:1030:b:3::152	permit
+2603:1030:c02:8::14	permit
 2607:f8b0:4000::/36	permit
-2620:109:c003:104::215	permit
 2620:109:c003:104::/64	permit
-2620:109:c006:104::215	permit
+2620:109:c003:104::215	permit
 2620:109:c006:104::/64	permit
+2620:109:c006:104::215	permit
 2620:109:c00d:104::/64	permit
 2620:10d:c090:450::120	permit
-2620:10d:c091:450::16	permit
-2620:119:50c0:207::215	permit
+2620:10d:c091:400::8:1	permit
 2620:119:50c0:207::/64	permit
+2620:119:50c0:207::215	permit
 2800:3f0:4000::/36	permit
 194.25.134.0/24 permit # t-online.de

data/conf/rspamd/local.d/composites.conf

@@ -68,3 +68,39 @@ WL_FWD_HOST {
 ENCRYPTED_CHAT {
   expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
 }
+
+CLAMD_SPAM_FOUND {
+  expression = "CLAM_SECI_SPAM & !MAILCOW_WHITE";
+  description = "Probably Spam, Securite Spam Flag set through ClamAV";
+  score = 5;
+}
+
+CLAMD_BAD_PDF {
+  expression = "CLAM_SECI_PDF & !MAILCOW_WHITE";
+  description = "Bad PDF Found, Securite bad PDF Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_BAD_JPG {
+  expression = "CLAM_SECI_JPG & !MAILCOW_WHITE";
+  description = "Bad JPG Found, Securite bad JPG Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_ASCII_MALWARE {
+  expression = "CLAM_SECI_ASCII & !MAILCOW_WHITE";
+  description = "ASCII malware found, Securite ASCII malware Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_HTML_MALWARE {
+  expression = "CLAM_SECI_HTML & !MAILCOW_WHITE";
+  description = "HTML malware found, Securite HTML malware Flag set through ClamAV";
+  score = 8;
+}
+
+CLAMD_JS_MALWARE {
+  expression = "CLAM_SECI_JS & !MAILCOW_WHITE";
+  description = "JS malware found, Securite JS malware Flag set through ClamAV";
+  score = 8;
+}

data/conf/rspamd/lua/rspamd.local.lua

@@ -221,6 +221,16 @@ rspamd_config:register_symbol({
     local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
     local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")
 
+    local function remove_moo_tag()
+      local moo_tag_header = task:get_header('X-Moo-Tag', false)
+      if moo_tag_header then
+        task:set_milter_reply({
+          remove_headers = {['X-Moo-Tag'] = 0},
+        })
+      end
+      return true
+    end
+
     if tagged_rcpt and tagged_rcpt[1].options and mailcow_domain then
       local tag = tagged_rcpt[1].options[1]
       rspamd_logger.infox("found tag: %s", tag)
@@ -229,6 +239,7 @@ rspamd_config:register_symbol({
 
       if action ~= 'no action' and action ~= 'greylist' then
         rspamd_logger.infox("skipping tag handler for action: %s", action)
+        remove_moo_tag()
         return true
       end
 
@@ -243,6 +254,7 @@ rspamd_config:register_symbol({
               local function tag_callback_subfolder(err, data)
                 if err or type(data) ~= 'string' then
                   rspamd_logger.infox(rspamd_config, "subfolder tag handler for rcpt %s returned invalid or empty data (\"%s\") or error (\"%s\")", body, data, err)
+                  remove_moo_tag()
                 else
                   rspamd_logger.infox("Add X-Moo-Tag header")
                   task:set_milter_reply({
@@ -261,6 +273,7 @@ rspamd_config:register_symbol({
               )
               if not redis_ret_subfolder then
                 rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
+                remove_moo_tag()
               end
 
             else
@@ -268,7 +281,10 @@ rspamd_config:register_symbol({
               local sbj = task:get_header('Subject')
               new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
               task:set_milter_reply({
-                remove_headers = {['Subject'] = 1},
+                remove_headers = {
+                  ['Subject'] = 1,
+                  ['X-Moo-Tag'] = 0
+                },
                 add_headers = {['Subject'] = new_sbj}
               })
             end
@@ -284,6 +300,7 @@ rspamd_config:register_symbol({
           )
           if not redis_ret_subject then
             rspamd_logger.infox(rspamd_config, "cannot make request to load tag handler for rcpt")
+            remove_moo_tag()
           end
 
         end
@@ -295,6 +312,7 @@ rspamd_config:register_symbol({
           if #rcpt_split == 2 then
             if rcpt_split[1] == 'postmaster' then
               rspamd_logger.infox(rspamd_config, "not expanding postmaster alias")
+              remove_moo_tag()
             else
               rspamd_http.request({
                 task=task,
@@ -307,7 +325,8 @@ rspamd_config:register_symbol({
           end
         end
       end
-
+    else
+      remove_moo_tag()
     end
   end,
   priority = 19
@@ -340,6 +359,10 @@ rspamd_config:register_symbol({
       if not bcc_dest then
         return -- stop
       end
+      -- dot stuff content before sending
+      local email_content = tostring(task:get_content())
+      email_content = string.gsub(email_content, "\r\n%.", "\r\n..")
+      -- send mail
       lua_smtp.sendmail({
         task = task,
         host = os.getenv("IPV4_NETWORK") .. '.253',
@@ -347,8 +370,8 @@ rspamd_config:register_symbol({
         from = task:get_from(stp)[1].addr,
         recipients = bcc_dest,
         helo = 'bcc',
-        timeout = 10,
-      }, task:get_content(), sendmail_cb)
+        timeout = 20,
+      }, email_content, sendmail_cb)
     end
 
     -- determine from

data/web/admin.php

@@ -80,6 +80,11 @@ foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map) {
   ];
 }
 
+// cors settings
+$cors_settings = cors('get');
+$cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allowed_origins']);
+$cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
+
 $template = 'admin.twig';
 $template_data = [
   'tfa_data' => $tfa_data,
@@ -106,6 +111,7 @@ $template_data = [
   'ip_check' => customize('get', 'ip_check'),
   'password_complexity' => password_complexity('get'),
   'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
+  'cors_settings' => $cors_settings,
   'lang_admin' => json_encode($lang['admin']),
   'lang_datatables' => json_encode($lang['datatables'])
 ];

data/web/api/openapi.yaml

@@ -1,4 +1,4 @@
-openapi: 3.0.0
+openapi: 3.1.0
 info:
   description: >-
     mailcow is complete e-mailing solution with advanced antispam, antivirus,
@@ -5602,6 +5602,50 @@ paths:
       description: You can list all mailboxes existing in system for a specific domain.
       operationId: Get mailboxes of a domain
       summary: Get mailboxes of a domain
+  /api/v1/edit/cors:
+    post:
+      responses:
+        "401":
+          $ref: "#/components/responses/Unauthorized"
+        "200":
+          content:
+            application/json:
+              examples:
+                response:
+                  value:
+                    - type: "success"
+                      log: ["cors", "edit", {"allowed_origins": ["*", "mail.mailcow.tld"], "allowed_methods": ["POST", "GET", "DELETE", "PUT"]}]
+                      msg: "cors_headers_edited"
+          description: OK
+          headers: { }
+      tags:
+        - Cross-Origin Resource Sharing (CORS)
+      description: >-
+        This endpoint allows you to manage Cross-Origin Resource Sharing (CORS) settings for the API. 
+        CORS is a security feature implemented by web browsers to prevent unauthorized cross-origin requests. 
+        By editing the CORS settings, you can specify which domains and which methods are permitted to access the API resources from outside the mailcow domain.
+      operationId: Edit Cross-Origin Resource Sharing (CORS) settings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              example:
+                attr:
+                  allowed_origins: ["*", "mail.mailcow.tld"]
+                  allowed_methods: ["POST", "GET", "DELETE", "PUT"]
+              properties:
+                attr:
+                  type: object
+                  properties:
+                    allowed_origins:
+                      type: array
+                      items:
+                        type: string
+                    allowed_methods:
+                      type: array
+                      items:
+                        type: string
+      summary: Edit Cross-Origin Resource Sharing (CORS) settings
 
 tags:
   - name: Domains
@@ -5646,3 +5690,5 @@ tags:
     description: Get the status of your cow
   - name: Ratelimits
     description: Edit domain ratelimits
+  - name: Cross-Origin Resource Sharing (CORS)
+    description: Manage Cross-Origin Resource Sharing (CORS) settings

data/web/api/swagger-initializer.js

@@ -1,6 +1,6 @@
 window.onload = function() {
   // Begin Swagger UI call region
-  const ui = SwaggerUIBundle({
+  window.ui = SwaggerUIBundle({
     urls: [{url: "/api/openapi.yaml", name: "mailcow API"}],
     dom_id: '#swagger-ui',
     deepLinking: true,
@@ -15,5 +15,4 @@ window.onload = function() {
   });
   // End Swagger UI call region
 
-  window.ui = ui;
 };

data/web/inc/functions.inc.php

@@ -526,8 +526,9 @@ function logger($_data = false) {
           ':remote' => get_remote_ip()
         ));
       }
-      catch (Exception $e) {
-        // Do nothing
+      catch (PDOException $e) {
+        # handle the exception here, as the exception handler function results in a white page
+        error_log($e->getMessage(), 0);
       }
     }
   }
@@ -2131,6 +2132,120 @@ function rspamd_ui($action, $data = null) {
     break;
   }
 }
+function cors($action, $data = null) {
+  global $redis;
+
+  switch ($action) {
+    case "edit":
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
+        $_SESSION['return'][] =  array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => 'access_denied'
+        );
+        return false;
+      }    
+
+      $allowed_origins = isset($data['allowed_origins']) ? $data['allowed_origins'] : array($_SERVER['SERVER_NAME']);
+      $allowed_origins = !is_array($allowed_origins) ? array_filter(array_map('trim', explode("\n", $allowed_origins))) : $allowed_origins;
+      foreach ($allowed_origins as $origin) {
+        if (!filter_var($origin, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) && $origin != '*') {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $action, $data),
+            'msg' => 'cors_invalid_origin'
+          );
+          return false;
+        }
+      }
+
+      $allowed_methods = isset($data['allowed_methods']) ? $data['allowed_methods'] : array('GET', 'POST', 'PUT', 'DELETE');
+      $allowed_methods  = !is_array($allowed_methods) ? array_map('trim', preg_split( "/( |,|;|\n)/", $allowed_methods)) : $allowed_methods;
+      $available_methods = array('GET', 'POST', 'PUT', 'DELETE');
+      foreach ($allowed_methods as $method) {
+        if (!in_array($method, $available_methods)) {
+          $_SESSION['return'][] = array(
+            'type' => 'danger',
+            'log' => array(__FUNCTION__, $action, $data),
+            'msg' => 'cors_invalid_method'
+          );
+          return false;
+        }
+      }
+
+      try {
+        $redis->hMSet('CORS_SETTINGS', array(
+          'allowed_origins' => implode(', ', $allowed_origins),
+          'allowed_methods' => implode(', ', $allowed_methods)
+        ));   
+      } catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => array('redis_error', $e)
+        );
+        return false;
+      }
+
+      $_SESSION['return'][] = array(
+        'type' => 'success',
+        'log' => array(__FUNCTION__, $action, $data),
+        'msg' => 'cors_headers_edited'
+      );
+      return true;
+    break;
+    case "get":
+      try {
+        $cors_settings                  = $redis->hMGet('CORS_SETTINGS', array('allowed_origins', 'allowed_methods'));
+      } catch (RedisException $e) {
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $action, $data),
+          'msg' => array('redis_error', $e)
+        );
+      }
+
+      $cors_settings                    = !$cors_settings ? array('allowed_origins' => $_SERVER['SERVER_NAME'], 'allowed_methods' => 'GET, POST, PUT, DELETE') : $cors_settings;
+      $cors_settings['allowed_origins'] = empty($cors_settings['allowed_origins']) ? $_SERVER['SERVER_NAME'] : $cors_settings['allowed_origins'];
+      $cors_settings['allowed_methods'] = empty($cors_settings['allowed_methods']) ? 'GET, POST, PUT, DELETE, OPTION' : $cors_settings['allowed_methods'];
+
+      return $cors_settings;
+    break;
+    case "set_headers":
+      $cors_settings = cors('get');
+      // check if requested origin is in allowed origins
+      $allowed_origins = explode(', ', $cors_settings['allowed_origins']);
+      $cors_settings['allowed_origins'] = $allowed_origins[0];
+      if (in_array('*', $allowed_origins)){
+        $cors_settings['allowed_origins'] = '*';
+      } else if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) {
+        $cors_settings['allowed_origins'] = $_SERVER['HTTP_ORIGIN'];
+      }
+      // always allow OPTIONS for preflight request
+      $cors_settings["allowed_methods"] = empty($cors_settings["allowed_methods"]) ? 'OPTIONS' : $cors_settings["allowed_methods"] . ', ' . 'OPTIONS';
+
+      header('Access-Control-Allow-Origin: ' . $cors_settings['allowed_origins']);
+      header('Access-Control-Allow-Methods: '. $cors_settings['allowed_methods']);
+      header('Access-Control-Allow-Headers: Accept, Content-Type, X-Api-Key, Origin');
+
+      // Access-Control settings requested, this is just a preflight request
+      if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && 
+        isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
+        isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
+  
+        $allowed_methods = explode(', ', $cors_settings["allowed_methods"]);
+        if (in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], $allowed_methods, true))
+          // method allowed send 200 OK
+          http_response_code(200);
+        else
+          // method not allowed send 405 METHOD NOT ALLOWED
+          http_response_code(405);
+
+        exit;
+      }
+    break;
+  }
+}
 
 function get_logs($application, $lines = false) {
   if ($lines === false) {

data/web/inc/functions.mailbox.inc.php

@@ -4930,7 +4930,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             if (!empty($mailbox_details['domain']) && !empty($mailbox_details['local_part'])) {
               $maildir = $mailbox_details['domain'] . '/' . $mailbox_details['local_part'];
               $exec_fields = array('cmd' => 'maildir', 'task' => 'cleanup', 'maildir' => $maildir);
+
+              if (getenv("CLUSTERMODE") == "replication") {
+                // broadcast to each dovecot container
                 docker('broadcast', 'dovecot-mailcow', 'exec', $exec_fields);
+              } else {
+                $maildir_gc = json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true);
+                if ($maildir_gc['type'] != 'success') {
+                  $_SESSION['return'][] = array(
+                    'type' => 'warning',
+                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                    'msg' => 'Could not move maildir to garbage collector: ' . $maildir_gc['msg']
+                  );
+                }
+              }
             }
             else {
               $_SESSION['return'][] = array(

data/web/inc/vars.inc.php

@@ -90,6 +90,7 @@ $AVAILABLE_LANGUAGES = array(
   'es-es' => 'Español (Spanish)',
   'fi-fi' => 'Suomi (Finish)',
   'fr-fr' => 'Français (French)',
+  'gr-gr' => 'Ελληνικά (Greek)',
   'hu-hu' => 'Magyar (Hungarian)',
   'it-it' => 'Italiano (Italian)',
   'ko-kr' => '한국어 (Korean)',
@@ -99,6 +100,7 @@ $AVAILABLE_LANGUAGES = array(
   'pt-pt' => 'Português (Portuguese)',
   'ro-ro' => 'Română (Romanian)',
   'ru-ru' => 'Pусский (Russian)',
+  'si-si' => 'Slovenščina (Slovenian)',
   'sk-sk' => 'Slovenčina (Slovak)',
   'sv-se' => 'Svenska (Swedish)',
   'tr-tr' => 'Türkçe (Turkish)',

data/web/js/site/debug.js

@@ -1173,7 +1173,7 @@ jQuery(function($){
 
     if (table = $('#' + log_table).DataTable()) {
       var heading = $('#' + log_table).closest('.card').find('.card-header');
-      var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows)
+      var load_rows = (table.data().count() + 1) + '-' + (table.data().count() + new_nrows)
 
       $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){
         if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }

data/web/json_api.php

@@ -2,9 +2,9 @@
 /*
    see /api
 */
-
-header('Content-Type: application/json');
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+cors("set_headers");
+header('Content-Type: application/json');
 error_reporting(0);
 
 function api_log($_data) {
@@ -1946,6 +1946,9 @@ if (isset($_GET['query'])) {
             process_edit_return(edit_user_account($attr));
           }
         break;
+        case "cors":
+          process_edit_return(cors('edit', $attr));
+        break;
         // return no route found if no case is matched
         default:
           http_response_code(404);

data/web/lang/lang.ca-es.json

@@ -3,7 +3,23 @@
         "bcc_maps": "BCC maps",
         "filters": "Filtres",
         "recipient_maps": "Recipient maps",
-        "syncjobs": "Feines de sincronització"
+        "syncjobs": "Feines de sincronització",
+        "quarantine_category": "Canvia la categoria de les notificacions de quarantena",
+        "quarantine_notification": "Canvia les notificacions de quarantena",
+        "sogo_profile_reset": "Restableix el prefil SOGo",
+        "alias_domains": "Afegir àlies de domini",
+        "app_passwds": "Gestiona les contrasenyes de les aplicacions",
+        "domain_desc": "Canvia la descripció del domini",
+        "eas_reset": "Restableix els dispositius EAS",
+        "login_as": "Inicia sessió com a usuari de la bústia de correu",
+        "prohibited": "Prohibit per ACL",
+        "protocol_access": "Canvia el protocol d'accés",
+        "quarantine": "Accions de quarantena",
+        "quarantine_attachments": "Fitxers adjunts en quarantena",
+        "spam_alias": "Àlies temporals",
+        "spam_score": "Puntuació de correu brossa",
+        "tls_policy": "Política TLS",
+        "unlimited_quota": "Quota ilimitada per bústies de correo"
     },
     "add": {
         "activate_filter_warn": "All other filters will be deactivated, when active is checked.",
@@ -55,7 +71,9 @@
         "target_domain": "Domini destí:",
         "username": "Username",
         "validate": "Validar",
-        "validation_success": "Validated successfully"
+        "validation_success": "Validated successfully",
+        "app_name": "Nom de l'aplicació",
+        "app_password": "Afegir contrasenya a l'aplicació"
     },
     "admin": {
         "access": "Accés",

data/web/lang/lang.de-de.json

@@ -147,6 +147,7 @@
         "change_logo": "Logo ändern",
         "configuration": "Konfiguration",
         "convert_html_to_text": "Konvertiere HTML zu reinem Text",
+        "cors_settings": "CORS Einstellungen",
         "credentials_transport_warning": "<b>Warnung</b>: Das Hinzufügen einer neuen Regel bewirkt die Aktualisierung der Authentifizierungsdaten aller vorhandenen Einträge mit identischem Next Hop.",
         "customer_id": "Kunde",
         "customize": "UI-Anpassung",
@@ -342,7 +343,9 @@
         "api_read_only": "Schreibgeschützter Zugriff",
         "api_read_write": "Lese-Schreib-Zugriff",
         "oauth2_apps": "OAuth2 Apps",
-        "queue_unban": "entsperren"
+        "queue_unban": "entsperren",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin"
     },
     "danger": {
         "access_denied": "Zugriff verweigert oder unvollständige/ungültige Daten",
@@ -358,6 +361,8 @@
         "bcc_exists": "Ein BCC-Map-Eintrag %s existiert bereits als Typ %s",
         "bcc_must_be_email": "BCC-Ziel %s ist keine gültige E-Mail-Adresse",
         "comment_too_long": "Kommentarfeld darf maximal 160 Zeichen enthalten",
+        "cors_invalid_method": "Allow-Methods enthält eine ungültige Methode",
+        "cors_invalid_origin": "Allow-Origins enthält eine ungültige Origin",
         "defquota_empty": "Standard-Quota darf nicht 0 sein",
         "demo_mode_enabled": "Demo Mode ist aktiviert",
         "description_invalid": "Ressourcenbeschreibung für %s ist ungültig",
@@ -479,7 +484,7 @@
         "info": "_START_ bis _END_ von _TOTAL_ Einträgen",
         "infoEmpty": "0 bis 0 von 0 Einträgen",
         "infoFiltered": "(gefiltert von _MAX_ Einträgen)",
-        "infoPostFix": "",
+        "infoPostFix": "datatables.infoPostFix",
         "thousands": ".",
         "lengthMenu": "_MENU_ Einträge anzeigen",
         "loadingRecords": "Wird geladen...",
@@ -998,6 +1003,7 @@
         "bcc_deleted": "BCC-Map-Einträge gelöscht: %s",
         "bcc_edited": "BCC-Map-Eintrag %s wurde geändert",
         "bcc_saved": "BCC- Map-Eintrag wurde gespeichert",
+        "cors_headers_edited": "CORS Einstellungen wurden erfolgreich gespeichert",
         "db_init_complete": "Datenbankinitialisierung abgeschlossen",
         "delete_filter": "Filter-ID %s wurde gelöscht",
         "delete_filters": "Filter gelöscht: %s",

data/web/lang/lang.en-gb.json

@@ -133,6 +133,8 @@
         "admins": "Administrators",
         "admins_ldap": "LDAP Administrators",
         "advanced_settings": "Advanced settings",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "allowed_origins": "Access-Control-Allow-Origin",
         "api_allow_from": "Allow API access from these IPs/CIDR network notations",
         "api_info": "The API is a work in progress. The documentation can be found at <a href=\"/api\">/api</a>",
         "api_key": "API key",
@@ -149,6 +151,7 @@
         "change_logo": "Change logo",
         "configuration": "Configuration",
         "convert_html_to_text": "Convert HTML to plain text",
+        "cors_settings": "CORS Settings",
         "credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching next hop column.",
         "customer_id": "Customer ID",
         "customize": "Customize",
@@ -358,6 +361,8 @@
         "bcc_exists": "A BCC map %s exists for type %s",
         "bcc_must_be_email": "BCC destination %s is not a valid email address",
         "comment_too_long": "Comment too long, max 160 chars allowed",
+        "cors_invalid_method": "Invalid Allow-Method specified",
+        "cors_invalid_origin": "Invalid Allow-Origin specified",
         "defquota_empty": "Default quota per mailbox must not be 0.",
         "demo_mode_enabled": "Demo Mode is enabled",
         "description_invalid": "Resource description for %s is invalid",
@@ -479,7 +484,7 @@
         "info": "Showing _START_ to _END_ of _TOTAL_ entries",
         "infoEmpty": "Showing 0 to 0 of 0 entries",
         "infoFiltered": "(filtered from _MAX_ total entries)",
-        "infoPostFix": "",
+        "infoPostFix": "datatables.infoPostFix",
         "thousands": ",",
         "lengthMenu": "Show _MENU_ entries",
         "loadingRecords": "Loading...",
@@ -1005,6 +1010,7 @@
         "bcc_deleted": "BCC map entries deleted: %s",
         "bcc_edited": "BCC map entry %s edited",
         "bcc_saved": "BCC map entry saved",
+        "cors_headers_edited": "CORS settings have been saved",
         "db_init_complete": "Database initialization completed",
         "delete_filter": "Deleted filters ID %s",
         "delete_filters": "Deleted filters: %s",

data/web/lang/lang.es-es.json

@@ -20,7 +20,9 @@
         "tls_policy": "Póliza de TLS",
         "unlimited_quota": "Cuota ilimitada para buzones",
         "app_passwds": "Gestionar las contraseñas de aplicaciones",
-        "domain_desc": "Cambiar descripción del dominio"
+        "domain_desc": "Cambiar descripción del dominio",
+        "protocol_access": "Cambiar protocolo de acceso",
+        "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -85,7 +87,13 @@
         "timeout2": "Tiempo de espera para la conexión al host local",
         "username": "Usuario",
         "validate": "Validar",
-        "validation_success": "Validado exitosamente"
+        "validation_success": "Validado exitosamente",
+        "inactive": "Inactivo",
+        "app_name": "Nombre de la App",
+        "app_password": "Añadir contraseña para la app",
+        "public_comment": "Comentarios públicos",
+        "disable_login": "Desactivar login (el correo entrante seguirá activo)",
+        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario"
     },
     "admin": {
         "access": "Acceso",
@@ -114,7 +122,7 @@
         "app_name": "Nombre de la app",
         "apps_name": "Nombre \"mailcow Apps\"",
         "arrival_time": "Tiempo de llegada (hora del servidor)",
-        "ban_list_info": "La lista de IPs bloqueadas sigue a continuación: <b> red (tiempo de prohibición restante) - [acciones]</b>.<br/> Las IPs en cola para ser desbloquadas se eliminarán de la lista de bloqueos en unos pocos segundos. <br/> Las etiquetas rojas indican bloqueos permanentes permanentes mediante la inclusión en una lista negra.",
+        "ban_list_info": "Lista de IPs bloqueadas: <b>red (tiempo de prohibición restante) - [acciones]</b>.<br />Las IPs en cola para ser desbloqueadas se eliminarán de la lista de bloqueos en unos pocos segundos.<br />Las etiquetas rojas indican bloqueos permanentes mediante la inclusión en la lista negra.",
         "change_logo": "Cambiar logo",
         "configuration": "Configuración",
         "credentials_transport_warning": "<b>Advertencia</b>: al agregar una nueva entrada de ruta de transporte se actualizarán las credenciales para todas las entradas con una columna de \"siguiente destino\" coincidente.",
@@ -432,7 +440,7 @@
     },
     "header": {
         "administration": "Administración",
-        "debug": "Información del sistema",
+        "debug": "Información",
         "email": "E-Mail",
         "mailcow_config": "Configuración",
         "quarantine": "Cuarentena",

data/web/lang/lang.fr-fr.json

@@ -1096,7 +1096,8 @@
         "weeks": "semaines",
         "months": "mois",
         "year": "année",
-        "years": "années"
+        "years": "années",
+        "with_app_password": "avec le mot de passe de l'application"
     },
     "warning": {
         "cannot_delete_self": "Impossible de supprimer l’utilisateur connecté",

data/web/lang/lang.gr-gr.json

@@ -0,0 +1,20 @@
+{
+    "user": {
+        "verify": "Επαλήθευση",
+        "week": "εβδομάδα",
+        "weekly": "Εβδομαδιαία",
+        "weeks": "Εβδομάδες",
+        "with_app_password": "με κωδικό εφαρμογής",
+        "year": "χρόνος",
+        "years": "χρόνια"
+    },
+    "warning": {
+        "cannot_delete_self": "Αδυναμία διαγραφής συνδεδεμένου χρήστη",
+        "dovecot_restart_failed": "Απέτυχε η επανεκκίνηση του Dovecot, παρακαλώ ελέγξτε τα αρχεία καταγραφής.",
+        "no_active_admin": "Αδυναμία απενεργοποίησης του τελευταίου ενεργού διαχειριστή",
+        "domain_added_sogo_failed": "Προστέθηκε το όνομα χώρου αλλά απέτυχε η επανεκκίνηση του SOGo.",
+        "hash_not_found": "Η κατακερματισμένη τιμή (hash value) δεν βρέθηκε ή έχει είδη διαγραφεί.",
+        "ip_invalid": "Παραλείφθηκε μη έγκυρη διεύθυνση IP: %s",
+        "is_not_primary_alias": "Παραλείφθηκε μη πρωτεύον ψευδώνυμο %s"
+    }
+}

data/web/lang/lang.hu-hu.json

@@ -18,7 +18,11 @@
         "transport_dest_format": "Szintaxis: pelda.hu, .pelda.hu, *, fiok@pelda.hu (több érték esetén vesszővel elválasztva)",
         "upload": "Feltöltés",
         "username": "Felhasználónév",
-        "verify": "Ellenőrzés"
+        "verify": "Ellenőrzés",
+        "activate_api": "API aktiválása",
+        "activate_send": "Küldés gomb aktiválása",
+        "add": "Hozzáad",
+        "active": "Aktív"
     },
     "edit": {
         "active": "Aktív",
@@ -385,9 +389,18 @@
     "acl": {
         "delimiter_action": "Elhatárolás",
         "alias_domains": "Alias domainek hozzáadása",
-        "app_passwds": "Alkalmazás jelszavak kezelése"
+        "app_passwds": "Alkalmazás jelszavak kezelése",
+        "domain_desc": "Domain leírás módosítása",
+        "filters": "Szűrők",
+        "login_as": "Bejelentkezés mint",
+        "quarantine": "Karantén műveletek",
+        "bcc_maps": "BCC címek"
     },
     "diagnostics": {
         "dns_records": "DNS bejegyzések"
+    },
+    "add": {
+        "username": "Felhasználónév",
+        "validation_success": "Sikeres ellenőrzés"
     }
 }

data/web/lang/lang.it-it.json

@@ -134,10 +134,10 @@
         "admins_ldap": "Amministratori LDAP",
         "advanced_settings": "Impostazioni avanzate",
         "api_allow_from": "Allow API access from these IPs/CIDR network notations",
-        "api_info": "The API is a work in progress. The documentation can be found at <a href=\"/api\">/api</a>",
+        "api_info": "Questa API è in modifica. La documentazione può essere trovata su <a href=\"/api\">/api</a>",
         "api_key": "Chiave API",
         "api_skip_ip_check": "Salta il controllo dell'IP per l'API",
-        "app_links": "App links",
+        "app_links": "Link dell'app",
         "app_name": "Nome dell'app",
         "apps_name": "Nome \"mailcow Apps\"",
         "arrival_time": "Ora di arrivo (ora del server)",
@@ -338,7 +338,8 @@
         "oauth2_apps": "App OAuth2",
         "oauth2_add_client": "Aggiungere il client OAuth2",
         "rsettings_preset_4": "Disattivare Rspamd per un dominio",
-        "options": "Opzioni"
+        "options": "Opzioni",
+        "cors_settings": "Impostazioni CORS"
     },
     "danger": {
         "access_denied": "Accesso negato o form di login non corretto",

data/web/lang/lang.ro-ro.json

@@ -106,7 +106,8 @@
         "timeout2": "Timeout pentru conectarea la gazda locală",
         "username": "Nume de utilizator",
         "validate": "Validează",
-        "validation_success": "Validat cu succes"
+        "validation_success": "Validat cu succes",
+        "tags": "Etichete"
     },
     "admin": {
         "access": "Acces",
@@ -334,7 +335,15 @@
         "username": "Nume de utilizator",
         "validate_license_now": "Validează GUID cu serverul de licență",
         "verify": "Verifică",
-        "yes": "✓"
+        "yes": "✓",
+        "cors_settings": "Setări CORS",
+        "f2b_ban_time_increment": "Timpul de blocare creşte cu fiecare blocare",
+        "f2b_max_ban_time": "Max. timp de blocare (s)",
+        "ip_check": "Verificaţie IP",
+        "ip_check_disabled": "Verificarea IP este dezactivată. Puteţi activa la<br> <strong>Sistem > Configuraţie > Opţiuni > Personalizează</strong>",
+        "ip_check_opt_in": "Alegeţi să folosiţi servicile <strong>ipv4.mailcow.email</strong> şi <strong>ipv6.mailcow.email</strong> să rezolvaţi addrese IP externale.",
+        "options": "Opţiuni",
+        "queue_unban": "retractează interzicere"
     },
     "danger": {
         "access_denied": "Accesul a fost respins sau datele formularului sunt invalide",
@@ -453,7 +462,16 @@
         "username_invalid": "Numele de utilizator %s nu poate fi utilizat",
         "validity_missing": "Atribuie o perioadă de valabilitate",
         "value_missing": "Furnizează toate valorile",
-        "yotp_verification_failed": "Verificarea Yubico OTP a eșuat: %s"
+        "yotp_verification_failed": "Verificarea Yubico OTP a eșuat: %s",
+        "cors_invalid_method": "Aveţi specificaţi 'Allow-Method' invalid",
+        "webauthn_authenticator_failed": "Authentificator selectat nu a fost găsit",
+        "webauthn_publickey_failed": "Nici-o cheie publică a fost salvată pentru authenticatorul selectat",
+        "webauthn_username_failed": "Authenticatorul selectat aparţine la alt cont",
+        "demo_mode_enabled": "Mod de demonstraţie este activ",
+        "extended_sender_acl_denied": "lipseşte ACL pentru setarea adrese externe",
+        "template_exists": "Şablon %s deja există",
+        "template_id_invalid": "Şablon ID %s este invalid",
+        "template_name_invalid": "Nume de şablon este invalid"
     },
     "debug": {
         "chart_this_server": "Grafic (acest server)",
@@ -641,7 +659,7 @@
     "header": {
         "administration": "Configurație și detalii",
         "apps": "Aplicații",
-        "debug": "Informații Sistem",
+        "debug": "Informaţie",
         "email": "E-Mail",
         "mailcow_config": "Configurație",
         "quarantine": "Carantină",
@@ -1187,5 +1205,9 @@
         "quota_exceeded_scope": "Cota de spațiu a domeniului depășită: Numai căsuțe poștale nelimitate pot fi create pe acest domeniu.",
         "session_token": "Token formular invalid: Nepotrivire token",
         "session_ua": "Token formular invalid: Eroare validare utilizator-agent"
+    },
+    "datatables": {
+        "expand_all": "Expandează tot",
+        "decimal": ","
     }
 }

data/web/lang/lang.ru-ru.json

@@ -338,7 +338,13 @@
         "yes": "✓",
         "queue_unban": "разблокировать",
         "f2b_ban_time_increment": "Время бана увеличивается с каждым баном",
-        "f2b_max_ban_time": "Максимальное время блокировки"
+        "f2b_max_ban_time": "Максимальное время блокировки",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "cors_settings": "Настройки CORS",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "ip_check": "Проверить IP",
+        "ip_check_disabled": "Проверка IP отключена. Вы можете включить его в разделе <br> <strong>Система > Конфигурация > Параметры > Настроить</strong>.",
+        "ip_check_opt_in": "Согласие на использование сторонних служб <strong>ipv4.mailcow.email</strong> и <strong>ipv6.mailcow.email</strong> для разрешения внешних IP-адресов."
     },
     "danger": {
         "access_denied": "Доступ запрещён, или указаны неверные данные",
@@ -457,7 +463,10 @@
         "username_invalid": "Имя пользователя %s нельзя использовать",
         "validity_missing": "Пожалуйста, назначьте срок действия",
         "value_missing": "Пожалуйста заполните все поля",
-        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s"
+        "yotp_verification_failed": "Ошибка валидации Yubico OTP: %s",
+        "cors_invalid_method": "Указан недопустимый метод разрешения",
+        "demo_mode_enabled": "Демонстрационный режим включен",
+        "cors_invalid_origin": "Указан неверный Allow-Origin"
     },
     "debug": {
         "chart_this_server": "Диаграмма (текущий сервер)",
@@ -542,7 +551,7 @@
         "inactive": "Неактивный",
         "kind": "Тип",
         "last_modified": "Последние изменения",
-        "lookup_mx": "Назначение на основе резовинга MX записи по регулярному выражению (<code>.*\\.example\\.com$</code> для маршрутизации всей почты через этот хост, если MX заканчивающийся на example.com)",
+        "lookup_mx": "Назначение на основе резолвинга MX записи по регулярному выражению (<code>.*\\.example\\.com$</code> для маршрутизации всей почты через этот хост, если MX заканчивающийся на example.com)",
         "mailbox": "Изменение почтового аккаунта",
         "mailbox_quota_def": "Квота по умолчанию",
         "mailbox_relayhost_info": "Применяется только к почтовому ящику и личным псевдонимам, вне зависимости от настроек маршрутизации на уровне домена.",
@@ -607,7 +616,9 @@
         "title": "Изменение объекта",
         "unchanged_if_empty": "Если без изменений - оставьте пустым",
         "username": "Имя пользователя",
-        "validate_save": "Подтвердить и сохранить"
+        "validate_save": "Подтвердить и сохранить",
+        "sogo_access_info": "Единый вход из интерфейса почты продолжает работать. Эта настройка не влияет на доступ ко всем другим службам, а также не удаляет или изменяет существующий профиль пользователя SOGo.",
+        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения"
     },
     "fido2": {
         "confirm": "Подтвердить",
@@ -987,7 +998,8 @@
         "verified_fido2_login": "Авторизация FIDO2 пройдена",
         "verified_totp_login": "Авторизация TOTP пройдена",
         "verified_webauthn_login": "Авторизация WebAuthn пройдена",
-        "verified_yotp_login": "Авторизация Yubico OTP пройдена"
+        "verified_yotp_login": "Авторизация Yubico OTP пройдена",
+        "cors_headers_edited": "Настройки CORS сохранены"
     },
     "tfa": {
         "api_register": "%s использует Yubico Cloud API. Пожалуйста, получите ключ API для вашего ключа <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">здесь</a>",
@@ -1169,7 +1181,12 @@
         "weekly": "Раз в неделю",
         "weeks": "недели",
         "year": "год",
-        "years": "лет"
+        "years": "лет",
+        "allowed_protocols": "Разрешенные протоколы",
+        "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
+        "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
+        "with_app_password": "с паролем приложения",
+        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\"."
     },
     "warning": {
         "cannot_delete_self": "Вы не можете удалить сами себя",
@@ -1183,5 +1200,8 @@
         "quota_exceeded_scope": "Квота домена превышена: могут быть созданы только почтовые ящики без лимита.",
         "session_token": "Неверный токен формы: несоответствие токена",
         "session_ua": "Неверный токен формы: ошибка проверки User-Agent"
+    },
+    "datatables": {
+        "infoPostFix": "datatables.infoPostFix"
     }
 }

data/web/lang/lang.si-si.json

@@ -0,0 +1,396 @@
+{
+    "acl": {
+        "app_passwds": "Upravljaj gesla aplikacij",
+        "bcc_maps": "Preslikave SKP (BCC)",
+        "delimiter_action": "Dejanje ločila",
+        "domain_relayhost": "Spremeni gostitelja relay za domeno",
+        "eas_reset": "Ponastavi EAS naprave",
+        "filters": "Filtri",
+        "login_as": "Prijavi se kot uporabnik poštnega predala",
+        "mailbox_relayhost": "Spremeni gostitelja relay za poštni predal",
+        "prohibited": "Prepovedano z ACL",
+        "protocol_access": "Spremeni dostop do protokola",
+        "pushover": "Pushover",
+        "quarantine": "Dejanja karantene",
+        "quarantine_attachments": "Priponke v karanteno",
+        "quarantine_notification": "Spremeni obvestila o karanteni",
+        "ratelimit": "Omejitev pošiljanja",
+        "recipient_maps": "Preslikave prejemnikov",
+        "smtp_ip_access": "Spremeni dovoljene gostitelje za SMTP",
+        "sogo_access": "Dovoli upravljanje SOGo dostopov",
+        "sogo_profile_reset": "Ponastavi SOGo profil",
+        "spam_alias": "Začasni aliasi",
+        "spam_policy": "Blacklist/Whitelist",
+        "spam_score": "Ocena neželene pošte",
+        "tls_policy": "Politika TLS",
+        "unlimited_quota": "Neomejena kvota za poštne predale",
+        "alias_domains": "Dodaj alias domene",
+        "domain_desc": "Spremeni opis domene",
+        "extend_sender_acl": "Dovoli razširitev pošiljateljevega ACL z zunanjimi e-poštnimi naslovi",
+        "quarantine_category": "Spremeni kategorijo obvestil o karanteni",
+        "syncjobs": "Opravila sinhronizacije"
+    },
+    "add": {
+        "active": "Aktivno",
+        "add": "Dodaj",
+        "add_domain_only": "Dodaj samo domeno",
+        "add_domain_restart": "Dodaj domeno in ponovno zaženi SOGo",
+        "alias_address": "Alias naslov/i",
+        "alias_domain": "Alias domena",
+        "alias_domain_info": "<small>Samo veljavne domene (ločene z vejico).</small>",
+        "app_name": "Ime aplikacije",
+        "app_password": "Dodaj geslo aplikacije",
+        "app_passwd_protocols": "Dovoljeni protokoli za geslo aplikacije",
+        "automap": "Poskusi samodejno preslikati mape (\"Sent items\", \"Sent\" => \"Poslano\" ipd.)",
+        "backup_mx_options": "Možnosti posredovanja (relay)",
+        "comment_info": "Zasebni komentarji niso vidni uporabnikom, javni komentarji pa so prikazani kot tooltip, ko se z miško postavimo nad uporabnika v pregledu",
+        "custom_params": "Parametri po meri",
+        "custom_params_hint": "Pravilno: --param=xy, napačno: --param xy",
+        "delete1": "Izbriši na viru, ko je končano",
+        "delete2": "Izbriši sporočila na cilju, ki niso na viru",
+        "delete2duplicates": "Izbriši dvojnike na cilju",
+        "description": "Opis",
+        "destination": "Cilj",
+        "domain": "Domena",
+        "domain_matches_hostname": "Domena %s se ujema z nazivom gostitelja (hostname)",
+        "domain_quota_m": "Kvota za celotno domeno (MiB)",
+        "enc_method": "Metoda kriptiranja",
+        "exclude": "Izključi objekte (regex)",
+        "full_name": "Polno ime",
+        "gal": "Globalni seznam stikov (GAL)",
+        "generate": "generiraj",
+        "goto_ham": "Prepoznaj kot <span class=\"text-success\"><b>ham</b></span>",
+        "goto_null": "Odstrani e-poštno sporočilo brez obvestila",
+        "goto_spam": "Prepoznaj kot <span class=\"text-danger\"><b>spam</b></span>",
+        "hostname": "Gostitelj",
+        "inactive": "Neaktivno",
+        "kind": "Tip",
+        "mailbox_quota_def": "Privzeta kvota za poštni predal",
+        "mailbox_username": "Uporabniško ime (levi del e-poštnega naslova)",
+        "max_aliases": "Največje število dovoljenih aliasov",
+        "max_mailboxes": "Največje dovoljeno število poštnih predalov",
+        "mins_interval": "Interval preverjanja (minute)",
+        "multiple_bookings": "Več rezervacij",
+        "nexthop": "Naslednji korak",
+        "password_repeat": "Potrditev gesla (ponovi)",
+        "port": "Vrata (port)",
+        "private_comment": "Zasebni komentar",
+        "public_comment": "Javni komentar",
+        "quota_mb": "Kvota (MiB)",
+        "relay_all": "Posreduj vse prejemnike (relay)",
+        "relay_all_info": "↪ Če izberete da <b>ne</b> posredujete vse prejemnike, morate ustvariti (\"slepi\") poštni predal za vsakega prejemnika, za katerega želite posredovati e-pošto.",
+        "relay_domain": "Posreduj to domeno (relay)",
+        "relay_unknown_only": "Posreduj samo neobstoječe poštne predale. V obstoječe poštne predale bo e-pošta dostavljena lokalno.",
+        "relayhost_wrapped_tls_info": "Prosim <b>ne</b> uporabljajte TLS-wrapped vrata (večinoma uporabljeno na vratih 465).<br>\nUporabite katera koli non-wrapped vrata in ustvarite STARTTLS. TLS politika za obvezno uporabo TLS se lahko ustvari pod \"Preslikave TLS politik\"",
+        "select": "Prosim izberite...",
+        "select_domain": "Prosim najprej izberite domeno",
+        "sieve_desc": "Kratek opis",
+        "sieve_type": "Vrsta filtra",
+        "skipcrossduplicates": "Preskoči podvojena sporočila po mapah (prvi pride, prvi melje)",
+        "subscribeall": "Prijavi vse mape",
+        "syncjob": "Dodaj opravilo sinhronizacije",
+        "tags": "Oznake",
+        "target_address": "Goto naslov",
+        "target_address_info": "<small>Polni e-poštni naslov/i (ločeni z vejico).</small>",
+        "target_domain": "Ciljna domena",
+        "timeout1": "Časovna omejitev za povezavo do oddaljenega gostitelja",
+        "username": "Uporabniško ime",
+        "validate": "Preveri",
+        "validation_success": "Uspešno preverjeno",
+        "activate_filter_warn": "Ko je aktivni izbran, bodo vsi ostali filtri deaktivirani.",
+        "alias_address_info": "<small>Polni email naslov/i oziroma @example.com za zajem vseh sporočil domene (ločeno z vejico), <b>samo domene mailcow</b>.</small>",
+        "bcc_dest_format": "BCC naslov mora biti en veljaven e-poštni naslov.<br>Če morate poslati kopijo na več naslov, ustvarite alias in ga uporabite tukaj.",
+        "disable_login": "Prepovej vpis (vhodna e-pošta je še vedno sprejeta)",
+        "gal_info": "GAL vsebuje vse objekte domene in ga uporabniki ne morejo urejati. Informacija o zasedenosti v SOGo ni na voljo, če je onemogočena! <b>Ponovno zaženi SOGo za uveljavitev sprememb.</b>",
+        "mailbox_quota_m": "Najvišja kvota na poštni predal (MiB)",
+        "password": "Geslo",
+        "post_domain_add": "SOGo container \"sogo-mailcow\" mora biti ponovno zagnan po dodajanju nove domene!<br><br>Dodatno se mora preveriti DNS konfiguracija domene. Ko je DNS konfiguracija domene odobrena, ponovno zaženite \"acme-mailcow\" za samodejno generiranje certifikatov za novo domeno (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Ta korak je opcijski in se ponovno poskuša vsakih 24 ur.",
+        "relay_transport_info": "<div class=\"badge fs-6 bg-info\">Info</div> Definirate lahko preslikave transportov za cilj po meri za to domeno. Če ni nastavljena, se ustvari MX poizvedba.",
+        "syncjob_hint": "Pozor! Gesla se morajo shraniti v plain-text!",
+        "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja"
+    },
+    "admin": {
+        "access": "Dostop",
+        "action": "Dejanje",
+        "activate_api": "Aktiviraj API",
+        "activate_send": "Aktiviraj gumb \"Pošlji\"",
+        "active": "Aktivno",
+        "active_rspamd_settings_map": "Aktivna preslikava nastavitev",
+        "add": "Dodaj",
+        "add_domain_admin": "Dodaj skrbnika domene",
+        "add_forwarding_host": "Dodaj gostitelja za posredovanje",
+        "add_relayhost": "Dodaj transport odvisen od pošiljatelja",
+        "add_row": "Dodaj vrstico",
+        "add_settings_rule": "Dodaj pravilo nastavitev",
+        "add_transport": "Dodaj transport",
+        "add_transports_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v plain text.",
+        "additional_rows": " nove vrstice so bile dodane",
+        "admin_details": "Uredi podrobnosti skrbnika",
+        "admin_domains": "Dodeljene domene",
+        "admins": "Skrbniki",
+        "admins_ldap": "LDAP skrbniki",
+        "advanced_settings": "Napredne nastavitve",
+        "api_info": "API je v razvoju. Dokumentacija je na voljo na naslovu <a href=\"/api\">/api</a>",
+        "api_key": "API ključ",
+        "api_read_only": "Dostop samo za branje",
+        "api_read_write": "Dostop za branje in urejanje",
+        "api_skip_ip_check": "Preskoči preverjanje IP za API",
+        "app_links": "Povezave aplikacij",
+        "app_name": "Ime aplikacije",
+        "arrival_time": "Čas prispetja (strežniški čas)",
+        "authed_user": "Prij. uporabnik",
+        "ays": "Ste prepričani, da želite nadaljevati?",
+        "change_logo": "Zamenjaj logotip",
+        "configuration": "Konfiguracija",
+        "convert_html_to_text": "Pretvori HTML v golo besedilo",
+        "credentials_transport_warning": "<b>Opozorilo</b>: Dodajanje nove preslikave transporta bo posodobilo poverilnice za vse vnose, ki imajo enako vrednost v stolpcu naslednji skok.",
+        "customer_id": "ID stranke",
+        "customize": "Prilagodi",
+        "destination": "Cilj",
+        "dkim_add_key": "Dodaj ARC/DKIM ključ",
+        "dkim_domains_selector": "Izbira",
+        "dkim_domains_wo_keys": "Izberi domene z manjkajočimi ključi",
+        "dkim_from": "Od",
+        "dkim_from_title": "Izvorna domena od katere prekopiram podatke",
+        "dkim_key_missing": "Manjka ključ",
+        "dkim_key_unused": "Ključ ni v rabi",
+        "dkim_key_valid": "Veljaven ključ",
+        "dkim_keys": "ARC/DKIM ključi",
+        "dkim_overwrite_key": "Prepiši obstoječi DKIM ključ",
+        "dkim_private_key": "Zasebni ključ",
+        "dkim_to": "Za",
+        "domain": "Domena",
+        "domain_admin": "Skrbnik domene",
+        "domain_admins": "Skrbniki domene",
+        "domain_s": "Domena/e",
+        "duplicate": "Podvoji",
+        "duplicate_dkim": "Podvoji DKIM zapis",
+        "edit": "Uredi",
+        "empty": "Ni rezultatov",
+        "excludes": "Izključuje te prejemnike",
+        "f2b_ban_time": "Čas blokade (s)",
+        "f2b_ban_time_increment": "Čas blokade se poveča z vsako blokado",
+        "f2b_blacklist": "Mreže/gostitelji na blacklisti",
+        "f2b_filter": "Regex filtri",
+        "f2b_max_attempts": "Največ poskusov",
+        "f2b_max_ban_time": "Maksimalno trajanje blokade (s)",
+        "f2b_netban_ipv4": "velikost subneta IPv4 za blokiranje (8-32)",
+        "f2b_netban_ipv6": "Velikost subneta IPv6 za blokiranje (8-128)",
+        "f2b_parameters": "Fail2ban parametri",
+        "f2b_regex_info": "Upoštevajo se dnevniki SOGo, Postfix, Dovecot, PHP-FPM.",
+        "f2b_retry_window": "Upoštevan čas (s) za največ poskusov",
+        "f2b_whitelist": "Mreže/gostitelji na whitelisti",
+        "filter_table": "Filtriraj tabelo",
+        "from": "Od",
+        "generate": "ustvari",
+        "guid": "GUID - enolični ID instance",
+        "guid_and_license": "GUID & licenca",
+        "hash_remove_info": "Odstranitev hasha za omejitev (če obstaja) bo povsem ponastavilo njen števec.<br>\n  Vsak hash je prikazan z individualno barvo.",
+        "help_text": "Zamenjaj tekst za pomoč pod masko za prijavo (HTML je dovoljen)",
+        "host": "Gostitelj",
+        "html": "HTML",
+        "import": "Uvozi",
+        "import_private_key": "Uvozi zasebni ključ",
+        "in_use_by": "V uporabi",
+        "inactive": "Neaktivno",
+        "include_exclude": "Vključi/Izključi",
+        "include_exclude_info": "Privzeto - če ni izbire - so vključeni <b>vsi poštni predali</b>",
+        "includes": "Vključi te prejemnike",
+        "ip_check": "Kontrola IP",
+        "ip_check_disabled": "Kontrola IP je onemogočena. Lahko jo omogočite pod <br/> <strong>Sistem > Konfiguracija > Možnosti > Prilagodi</strong>",
+        "ip_check_opt_in": "Opt-in za uporabo zunanje storitve <strong>ipv4.mailcow.email</strong> in <strong>ipv6.mailcow.email</strong> za razreševanje zunanjih IP.",
+        "is_mx_based": "Glede na MX",
+        "last_applied": "Nazadnje aplicirano",
+        "link": "Povezava",
+        "loading": "Prosim počakajte...",
+        "login_time": "Čas prijave",
+        "logo_info": "Vaša slika bo pomanjšana na velikost 40px za zgornjo navigacijo in največjo velikost 250px za začetno stran. Zelo priporočena je uporaba grafike brez izgube kakovosti ob spremembi velikosti.",
+        "message": "Sporočilo",
+        "message_size": "Velikost sporočila",
+        "nexthop": "Naslednji skok",
+        "no": "&#10005;",
+        "no_active_bans": "Ni aktivnih blokad",
+        "no_new_rows": "Ni dodatnih vrstic",
+        "no_record": "Ni zapisa",
+        "oauth2_apps": "OAuth2 aplikacije",
+        "oauth2_add_client": "Dodaj OAuth2 klienta",
+        "oauth2_client_id": "ID klienta",
+        "oauth2_client_secret": "Skrivnost (secret)",
+        "oauth2_redirect_uri": "URI za preusmeritev",
+        "oauth2_renew_secret": "Generiraj nov client secret",
+        "oauth2_revoke_tokens": "Zavrni vse tokene klientov",
+        "optional": "opcijsko",
+        "options": "Možnosti",
+        "password": "Geslo",
+        "password_length": "Dolžina gesla",
+        "password_policy": "Politika gesel",
+        "password_policy_chars": "Mora vsebovati vsaj eno črko",
+        "password_policy_length": "Minimalna dolžina gesla je %d",
+        "password_policy_lowerupper": "Mora vsebovati male in velike črke",
+        "password_policy_numbers": "Mora vsebovati vsaj eno številko",
+        "password_policy_special_chars": "Mora vsebovati posebne znake",
+        "password_repeat": "Potrditev gesla (ponovite)",
+        "priority": "Prioriteta",
+        "private_key": "Zasebni ključ",
+        "quarantine": "Karantena",
+        "quarantine_bcc": "Pošlji kopijo vseh obvestil (BCC) temu prejemniku:<br><small>Pustite prazno za izklop te funkcije. <b>Nepodpisana, nepreverjena pošta. Uporabljalo naj bi se samo za interno dostavo.</b></small>",
+        "quarantine_exclude_domains": "Izključi domene in alias-domene",
+        "quarantine_max_age": "Maksimalna starost v dnevnih<br><small>Vrednost mora biti večja ali enaka 1 dnevu</small>",
+        "quarantine_max_score": "Opusti obvestilo, če je ocena spama večja od te vrednosti:<br><small>Privzeto 9999.0</small>",
+        "quarantine_max_size": "Največja velikost v MiB (Večji elementi so zavrženi):<br><small>0 <b>ne</b> pomeni neomejeno.</small>",
+        "quarantine_notification_html": "Predloga sporočila za obvestilo:<br><small>Pustite prazno za obnovitev privzete predloge.</small>",
+        "quarantine_notification_sender": "Pošiljatelj obvestila",
+        "quarantine_notification_subject": "Naslov obvestila",
+        "quarantine_release_format": "Oblika sproščenih elementov",
+        "quarantine_release_format_att": "Kot priponka",
+        "quarantine_release_format_raw": "Nespremenjen original",
+        "quarantine_retention_size": "Število zadržanj na poštni predal: <br><small>0 pomeni <b>neaktivno</b>,</small>",
+        "quota_notification_sender": "Pošiljatelj obvestila",
+        "quota_notification_subject": "Predmet obvestila",
+        "quota_notifications": "Obvestila o omejitvi",
+        "quota_notifications_info": "Obvestila o omejitvi so poslana uporabnikom enkrat, ko presežejo 80% in enkrat ko presežejo 95% zasedenosti.",
+        "queue_unban": "odblokiraj",
+        "r_active": "Aktivne omejitve",
+        "r_inactive": "Neaktivne omejitve",
+        "rate_name": "Ime omejitve",
+        "recipients": "Prejemniki",
+        "refresh": "Osveži",
+        "regen_api_key": "Ponovno generiraj API ključ",
+        "regex_maps": "Regex preslikave",
+        "relay_from": "\"Od:\" naslov",
+        "relay_rcpt": "\"Za:\" naslov",
+        "relay_run": "Izvedi test",
+        "relayhosts": "Transporti glede na pošiljatelja",
+        "remove": "Odstrani",
+        "remove_row": "Odstrani vrstico",
+        "reset_default": "Ponastavi na privzeto",
+        "reset_limit": "Odstrani hash",
+        "routing": "Routing",
+        "rsetting_add_rule": "Dodaj pravilo",
+        "rsetting_content": "Vsebina pravila",
+        "rsetting_desc": "Kratek opis",
+        "rsetting_no_selection": "Prosim izberite pravilo",
+        "rsetting_none": "Ni pravil na voljo",
+        "rsettings_insert_preset": "Vstavi prednastavljen primer \"%s\"",
+        "rsettings_preset_1": "Onemogoči vse razen DKIM in omejitve za prijavljene uporabnike",
+        "rsettings_preset_2": "Postmasterji želijo spam",
+        "rsettings_preset_3": "Dovoli samo specifične pošiljatelje za poštni predal (npr. uporaba samo kot interni poštni predal)",
+        "rsettings_preset_4": "Onemogoči Rspamd za domeno",
+        "rspamd_com_settings": "Ime nastavitve bo samodejno generirano. Prosim oglejte si primere nastavitev spodaj. Za več informacij si oglejte <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">dokumentacijo Rspamd</a>",
+        "rspamd_global_filters": "Globalne preslikave filtrov",
+        "rspamd_global_filters_agree": "Previden bom!",
+        "rspamd_global_filters_info": "Globalne preslikave filtrov vsebujejo različne vrste globalnih blacklist in whitelist.",
+        "add_admin": "Dodaj skrbnika",
+        "add_relayhost_hint": "Prosimo zavedajte se, da se podatki za avtentikacijo, če obstajajo, shranijo v plain text.",
+        "admin": "Skrbnik",
+        "api_allow_from": "Dovoli API dostop s teh IP naslovov / CIDR mrežnih zapisov",
+        "apps_name": "Ime aplikacije v mailcow",
+        "ban_list_info": "Oglejte si seznam blokiranih IP naslovov spodaj: <b>network (remaining ban time) - [actions]</b>.<br />. IPji v vrsti za odstranitev blokade bodo odstranjeni iz aktivnega seznama blokad v nekaj sekundah.<br />Rdeče oznake prikazujejo trajne blokade z blacklisto.",
+        "dkim_key_length": "Dolžina DKIM ključa (v bitih)",
+        "dkim_to_title": "Ciljne domene bodo prepisane",
+        "f2b_list_info": "Gostitelj ali omrežje na blacklisti bo vedno prevladal zapis na whitelisti. <b>Apliciranje sprememb seznama traja nekaj sekund.</b>",
+        "forwarding_hosts": "Gostitelji za posredovanje",
+        "forwarding_hosts_add_hint": "Lahko vpišete IPv4/IPv6 naslove, mreže v CIDR obliki, imena gostiteljev (kateri se prevedejo v IP naslove) ali imena domen (katera se prevedejo v IP naslove glede na poizvedbo po SPF zapisih, v primeru manjkajočih zapisov pa MX zapisih).",
+        "forwarding_hosts_hint": "Dohodna sporočila so brezpogojno sprejeta od katerih koli gostiteljev v tem seznamu. Ti gostitelji se ne bodo preverjali po DNSBL seznamih in ne bodo dodani v greyliste. Prejeti spam s teh gostiteljev ni nikoli zavrnjen, opcijsko pa se lahko premakne v mapo neželene pošte. Najpogostejša uporaba za to je navedba poštnih strežnikov, iz katerih ste nastavili pravilo za posredovanje pošte na vaš mailcow strežnik.",
+        "license_info": "Licenca ni zahtevana, a pomaga pri nadaljnjem razvoju. <br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"Naročilo SAL\">Registrirajte svoj GUID tukaj</a> ali <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Naročilo podpora\">Kupite podporo za svojo namestitev Mailcow.</a>",
+        "lookup_mx": "Cilj je regular expression za ujemanje MX zapisov (<code>.*\\.google\\.com</code> za usmeritev vse pošte na MX, ki se konča z google.com, preko tega skoka)",
+        "main_name": "Naziv \"mailcow UI\"",
+        "merged_vars_hint": "Sive vrstice so združene iz <code>vars.(local.)inc.php</code> in jih ni mogoče spremeniti.",
+        "oauth2_info": "OAuth2 implementacija omogoča grant vrste \"Authorization code\" in izdaja refresh tokene.<br>\nStrežnik prav tako izda nove refresh tokene, ko je bil refresh token uporabljen<br><br>\n&#8226; Privzeti obseg je <i>profile</i>. Samo uporabniki poštnih predalov se lahko prijavijo s pomočjo OAuth2. Če parameter obsega ni vnesen, se nastavi na <i>profile</i>.<br>\n&#8226; Parameter <i>state</i> mora biti poslan s strani klienta kot del zahtevka za avtorizacijo .<br><br>\nPoti za OAuth2 API: <br>\n<ul>\n  <li>Endpoint za avtorizacijo: <code>/oauth/authorize</code></li>\n  <li>Endpoint za tokene: <code>/oauth/token</code></li>\n  <li>Stran vira: <code>/oauth/profile</code></li>\n</ul>\nPonovno generiranje client secret ne bo razveljavilo obstoječih avtorizacijskih kod, ne bodo pa mogle obnoviti svoje tokene.<br><br>\nZavrnitev client tokenov bo povzročilo tekojčno prekinitev aktivnih sej. Vsi klienti se bodo morali ponovno prijaviti.",
+        "quarantine_redirect": "<b>Preusmeri vsa obvestila</b> k temu prejemniku:<br><small>Pustite prazno, da onemogočite. <b>Nepodpisana, nepreverjena pošta. Uporabljalo bi se naj samo za interno dostavo.</b></small>",
+        "quota_notification_html": "Predloga sporočila za obvestilo:<br><small>Pustite prazno za obnovitev privzete predloge.</small>",
+        "quota_notifications_vars": "{{percent}} pomeni trenutna omejitev uporabnika<br>{{username}} je ime poštnega predala",
+        "r_info": "Sivi/onemogočeni elementi v seznamu aktivnih omejitev niso znane kot veljavne omejitve za mailcow in ne morejo biti premaknjene. Neznane omejitve bodo kljub temu nastavljene po vrstnem redu pojavitve. <br>Nove elemente lahko dodate v <code>inc/vars.local.inc.php</code> da jih lahko vklopite ali izklopite.",
+        "relayhosts_hint": "Določite transporte glede na pošiljatelja, da jih lahko izberete v konfiguraciji domene.<br>\nTransportni servis je vedno \"smtp:\" in bo poskušal s TLS ko bo na voljo. Wrapped TLS (SMTPS) ni podprto. Upošteva se uporabnikova politika odhodnega TLS.<br>\nVpliva na izbrane domene vključno z alias domenami.",
+        "transport_dest_format": "Regex ali sintaksa: example.org, .example.org, *, box@example.org (več vrednosti ločite z vejico)",
+        "transport_test_rcpt_info": "&#8226; Uporabite null@hosted.mailcow.de za testiranje relaya na drugo destinacijo.",
+        "rspamd_global_filters_regex": "Njihovi nazivi pojasnijo njihov namen. Vsa vsebina mora imeti veljaven regular expression v obliki \"/pattern/options\" (npr. <code>/.+@domain\\.tld/i</code>).<br>\nČeprav se v vsaki vrstici regexa izvedejo osnovni pregledi, je lahko funkcionalnost programa Rspamd motena, če sintaksa ni pravilna.<br>\nRspamd bo poskušal prebrati vsebino preslikave, ko bo spremenjena. Če imate težave, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">ponovno zaženite Rspamd</a>, da prisilite ponovno nalaganje preslikav.<br> Elementi z Blackliste so izključeni iz karantene.",
+        "rspamd_settings_map": "Preslikava nastavitev Rspamd",
+        "sal_level": "Moo stopnja",
+        "save": "Shrani spremembe",
+        "search_domain_da": "Išči domene",
+        "send": "Pošlji",
+        "sender": "Pošiljatelj",
+        "service": "Servis",
+        "service_id": "ID servisa",
+        "source": "Vir",
+        "spamfilter": "Spam filter",
+        "subject": "Predmet",
+        "success": "Uspešno",
+        "sys_mails": "Sistemska pošta",
+        "text": "Besedilo",
+        "time": "Čas",
+        "title": "Naziv",
+        "title_name": "Naziv spletnega mesta \"mailcow UI\"",
+        "to_top": "Nazaj na vrh",
+        "transport_maps": "Preslikave transportov",
+        "transports_hint": "&#8226; Vpis preslikave transporta <b>nadredi</b> preslikavo transporta odvisno od pošiljatelja.<br>\n&#8226; Preferenčno se uporabljajo transporti glede na MX zapise.<br>\n&#8226; Izhodne TLS politike na uporabnika so ignorirane in se lahko vsilijo samo s preslikavami TLS politik.<br>\n&#8226; Transportni servis za definirane transporte je vedno \"smtp:\" in bo posledično poskušal TLS ko bo ponujeno. Wrapped TLS (SMTPS) ni podprto.<br>\n&#8226; Naslovi, ki se ujemajo z \"/localhost$/\" bodo vedno preneseni preko \"local:\", in zato destinacija \"*\" ne bo vplivala na te naslove.<br>\n&#8226; Za določitev poverilnic za naslednji skok (npr. \"[host]:25\"), Postfix <b>vedno</b> preveri \"host\" preden išče \"[host]:25\". Zaradi takšnega obnašanja je nemogoče hkrati uporabiti \"host\" in \"[host]:25\".",
+        "ui_footer": "Noga (HTML dovoljen)",
+        "ui_header_announcement": "Obvestila",
+        "ui_header_announcement_active": "Nastavi obvestilo kot aktivno",
+        "ui_header_announcement_content": "Besedilo (HTML dovoljen)",
+        "ui_header_announcement_help": "Obvestilo je vidno za vse prijavljene uporabnike in na vmesniku za prijavo.",
+        "ui_header_announcement_select": "Izberite vrsto obvestila",
+        "ui_header_announcement_type": "Vrsta",
+        "ui_header_announcement_type_danger": "Zelo pomembno",
+        "ui_header_announcement_type_info": "Info",
+        "ui_header_announcement_type_warning": "Pomembno",
+        "ui_texts": "Oznake in besedila UI",
+        "unban_pending": "unban v postopku",
+        "unchanged_if_empty": "Če je nespremenjeno, pustite prazno",
+        "upload": "Naloži",
+        "username": "Uporabniško ime",
+        "validate_license_now": "Potrdi GUID z licenčnim strežnikom",
+        "verify": "Preveri",
+        "yes": "&#10003;"
+    },
+    "danger": {
+        "alias_goto_identical": "Alias in goto naslov morata biti identična",
+        "aliasd_targetd_identical": "Alias domena ne sme biti enaka ciljni domeni: %s",
+        "bcc_exists": "BCC preslikava obstaja za vrsto %s",
+        "dkim_domain_or_sel_exists": "DKIM ključ za \"%s\" obstaja in ne bo prepisan.",
+        "domain_quota_m_in_use": "Kvota domene mora biti večja ali enaka %s MiB",
+        "extra_acl_invalid_domain": "Zunanji pošiljatelj \"%s\" uporablja neveljavno domeno",
+        "global_map_write_error": "Ni mogoče zapisati ID globalne preslikave %s: %s",
+        "img_tmp_missing": "Ni mogoče preveriti slikovne datoteke: začasne datoteke ni mogoče najti",
+        "invalid_nexthop": "Oblika naslednjega skoka ni veljavna",
+        "invalid_nexthop_authenticated": "Naslednji skok obstaja z drugačnimi poverilnicami. Prosim najprej posodobite obstoječe poverilnice za ta naslednji skok.",
+        "demo_mode_enabled": "Demo način je omogočen",
+        "access_denied": "Dostop zavrnjen ali pa so podatki obrazca napačni",
+        "alias_domain_invalid": "Alias domena %s ni veljavna",
+        "alias_empty": "Alias naslov ne sme biti prazen",
+        "alias_invalid": "Alias naslov %s ni veljaven",
+        "aliases_in_use": "Max. aliasov mora biti večje ali enako %d",
+        "app_name_empty": "Naziv aplikacije ne more biti prazno",
+        "app_passwd_id_invalid": "ID gesla aplikacije %s je neveljaven",
+        "bcc_empty": "BCC cilj ne more biti prazen",
+        "bcc_must_be_email": "BCC cilj %s ni veljaven e-poštni naslov",
+        "comment_too_long": "Komentar je predolg, dovoljeno je največ 100 znakov.",
+        "defquota_empty": "Privzeta kvota na poštni predal ne more biti 0",
+        "description_invalid": "Opis resursa za %s ni veljaven",
+        "dkim_domain_or_sel_invalid": "Domena ali izbirnik DKIM ni veljaven: %s",
+        "domain_cannot_match_hostname": "Domena se ne more ujemati z imenom gostitelja",
+        "domain_exists": "Domena %s že obstaja",
+        "domain_invalid": "Manjka ali napačno ime domene",
+        "domain_not_empty": "Ne morem odstraniti ne-prazno domeno %s",
+        "domain_not_found": "Domene %s ni bilo mogoče najti",
+        "extended_sender_acl_denied": "manjka ACL za določitev naslovov zunanjih pošiljateljev",
+        "extra_acl_invalid": "Naslov zunanjega pošiljatelja \"%s\" ni veljaven",
+        "fido2_verification_failed": "Preverjanje FIDO2 ni uspelo: %s",
+        "file_open_error": "Datoteka ne more biti odprta za urejanje",
+        "filter_type": "Napačna vrsta filtra",
+        "from_invalid": "Pošiljatelj ne sme biti prazno",
+        "global_filter_write_error": "Ni mogoče zapisati datoteke filtra: %s",
+        "global_map_invalid": "ID globalne preslikave %s ni veljaven",
+        "goto_empty": "Alias naslov mora vsebovati vsaj en veljaven goto naslov",
+        "goto_invalid": "Goto naslov %s ni veljaven",
+        "ham_learn_error": "Napaka pri učenju Ham: %s",
+        "imagick_exception": "Napaka: Imagick napaka pri branju slike",
+        "img_invalid": "Ni možno preveriti slikovne datoteke",
+        "invalid_bcc_map_type": "Neveljavna vrsta preslikave BCC",
+        "invalid_destination": "Ciljna oblika \"%s\" ni veljavna",
+        "invalid_filter_type": "Neveljavna vrsta filtra",
+        "invalid_host": "Naveden je neveljaven gostitelj (host): %s",
+        "invalid_mime_type": "Neveljaven mime type"
+    }
+}

data/web/lang/lang.uk-ua.json

@@ -335,7 +335,17 @@
         "transport_test_rcpt_info": "• Використовуйте null@hosted.mailcow.de для перевірки пересилання на зовнішній пункт призначення.",
         "transports_hint": "&#8226; Глобальні правила маршрутизації <b>переважають</b> над маршрутами на основі відправника.<br>\n&#8226; Переважно використовувати транспорти на основі резолвінгу MX.<br>\n&#8226; Користувацькі політики TLS для вихідної пошти будуть проігноровані та використовуватимуть політику TLS, налаштовану тут.<br>\n&#8226; Протокол для доставки завжди \"smtp:\" і тому намагатиметься використовувати TLS, якщо наступний хост підтримує його. SMTPS (TLS, найчастіше порту 465) не підтримується.<br>\n&#8226; Адреси відповідні \"/localhost$/\" завжди будуть доставлені \"local:\", отже політика \"*\" не поширюється на них.<br>\n&#8226; Щоб визначити облікові дані для наступного вузла \"[host]:25\", Postfix <b>завжди</b> шукає дані для \"host\" перед тим як шукати \"[host]:25\". Така поведінка унеможливлює використання \"host\" and \"[host]:25\" одночасно.",
         "ui_header_announcement_help": "Оголошення видно на екрані входу в mailcow UI і всім користувачам, що ввійшли в систему.",
-        "unchanged_if_empty": "Якщо не змінено, залиште порожнім"
+        "unchanged_if_empty": "Якщо не змінено, залиште порожнім",
+        "allowed_methods": "Access-Control-Allow-Methods",
+        "f2b_max_ban_time": "Максимальний час блокування (с)",
+        "f2b_ban_time_increment": "Час бану збільшується з кожним баном",
+        "allowed_origins": "Access-Control-Allow-Origin",
+        "cors_settings": "Налаштування CORS",
+        "ip_check": "Перевірка IP",
+        "ip_check_disabled": "Перевірка IP вимкнена. Ви можете ввімкнути його в меню<br> <strong>Система > Конфігурація > Параметри > Налаштувати</strong>",
+        "ip_check_opt_in": "Згода на використання сторонніх служб <strong>ipv4.mailcow.email</strong> і <strong>ipv6.mailcow.email</strong> для визначення зовнішніх IP-адрес.",
+        "options": "Параметри",
+        "queue_unban": "розблокувати"
     },
     "danger": {
         "alias_domain_invalid": "Неприпустимий псевдонім домену: %s",
@@ -454,7 +464,17 @@
         "tls_policy_map_dest_invalid": "Неприпустиме значення призначення політики",
         "tls_policy_map_parameter_invalid": "Неприпустиме значення параметра політики",
         "unlimited_quota_acl": "Необмежена квота заборонена політикою доступу",
-        "yotp_verification_failed": "Помилка валідації Yubico OTP: %s"
+        "yotp_verification_failed": "Помилка валідації Yubico OTP: %s",
+        "cors_invalid_method": "Вказано недійсний Allow-Method",
+        "webauthn_authenticator_failed": "Обраний автентифікатор не знайдено",
+        "webauthn_publickey_failed": "Для вибраного автентифікатора не було збережено відкритого ключа",
+        "webauthn_username_failed": "Обраний автентифікатор належить іншому акаунту",
+        "cors_invalid_origin": "Вказано недійсний Allow-Origin",
+        "demo_mode_enabled": "Демонстраційний режим увімкнено",
+        "extended_sender_acl_denied": "відсутній ACL для встановлення зовнішніх адрес відправників",
+        "template_exists": "Шаблон %s вже існує",
+        "template_id_invalid": "Ідентифікатор шаблону %s недійсний",
+        "template_name_invalid": "Ім'я шаблону невірне"
     },
     "debug": {
         "chart_this_server": "Діаграма (цей сервер)",
@@ -481,7 +501,21 @@
         "username": "Ім'я користувача",
         "external_logs": "Зовнішні журнали",
         "jvm_memory_solr": "Використання оперативної пам'яті JVM",
-        "log_info": "<p><b>Журнали контейнерів</b> mailcow зберігаються в Redis, і раз на хвилину рядки журналу за межами <code>LOG_LINES (%d)</code> видаляються, щоб зменшити навантаження на сервер.\n  <br>Самі журнали контейнерів не зберігаються після перезавантаження контейнера. Усі контейнери додатково пишуть логи у службу Docker, і, отже, використовують драйвер логування за промовчанням. Журнали контейнерів призначені лише для налагодження дрібних проблем. Для інших завдань, будь ласка, настройте драйвер логування Docker самостійно.</p>\n  <p><b>Зовнішні журнали</b> збираються через API програм.</p>\n  <p><b>Статичні журнали</b> &ndash; це в основному журнали активності, які не записуються в Dockerd, але все одно повинні бути постійними (за винятком журналів API).</p>"
+        "log_info": "<p><b>Журнали контейнерів</b> mailcow зберігаються в Redis, і раз на хвилину рядки журналу за межами <code>LOG_LINES (%d)</code> видаляються, щоб зменшити навантаження на сервер.\n  <br>Самі журнали контейнерів не зберігаються після перезавантаження контейнера. Усі контейнери додатково пишуть логи у службу Docker, і, отже, використовують драйвер логування за промовчанням. Журнали контейнерів призначені лише для налагодження дрібних проблем. Для інших завдань, будь ласка, настройте драйвер логування Docker самостійно.</p>\n  <p><b>Зовнішні журнали</b> збираються через API програм.</p>\n  <p><b>Статичні журнали</b> &ndash; це в основному журнали активності, які не записуються в Dockerd, але все одно повинні бути постійними (за винятком журналів API).</p>",
+        "error_show_ip": "Не вдалося розпізнати публічні IP-адреси",
+        "no_update_available": "Система працює на останній версії",
+        "architecture": "Архітектура",
+        "container_running": "Працює",
+        "container_disabled": "Контейнер зупинено або вимкнено",
+        "container_stopped": "Зупинено",
+        "cores": "Ядра",
+        "current_time": "Системний час",
+        "memory": "Пам'ять",
+        "show_ip": "Показати загальнодоступну IP-адресу",
+        "timezone": "Часовий пояс",
+        "update_available": "Доступне оновлення",
+        "update_failed": "Не вдалося перевірити наявність оновлень",
+        "wip": "Наразі робота триває"
     },
     "diagnostics": {
         "cname_from_a": "Значення, отримане із запису A/AAAA. Це підтримується, поки запис вказує на правильний ресурс.",
@@ -607,7 +641,8 @@
         "sender_acl_info": "Врахуйте, що якщо користувачеві поштового облікового запису А дозволено відправляти від імені користувача Б, то адреса користувача Б не з'явиться автоматично у списку \"Відправник\" при написанні листів у SOGo.<br>\n  Користувач поштового облікового запису Б повинен створити делегування в SOGo, щоб користувач поштового облікового запису А міг вибрати його адресу як відправника. Делегування знаходиться в меню (три крапки) праворуч від імені поштового облікового запису у вікні пошти SOGo. Ця поведінка не відноситься до псевдонімів.",
         "sogo_visible_info": "Впливає лише на об'єкти, які можуть відображатися в SOGo (персональні або загальні псевдоніми, що вказують щонайменше на один локальний поштовий обліковий запис). Зверніть увагу, що якщо функцію вимкнено, користувач не зможе вибрати адресу псевдоніма як відправника в SOGo.",
         "target_address": "Власники псевдоніма, <small>(розділені комами)</small>",
-        "timeout2": "Тайм-аут для підключення до локального хоста"
+        "timeout2": "Тайм-аут для підключення до локального хоста",
+        "pushover_sound": "Звук"
     },
     "fido2": {
         "confirm": "Підтвердити",
@@ -648,7 +683,8 @@
         "restart_netfilter": "Перезапустити netfilter",
         "restart_sogo": "Перезапустити SOGo",
         "user_settings": "Налаштування користувача",
-        "mailcow_config": "Конфігурація"
+        "mailcow_config": "Конфігурація",
+        "mailcow_system": "Система"
     },
     "info": {
         "no_action": "Дій не передбачено",
@@ -831,7 +867,13 @@
         "target_address": "Власники псевдоніму",
         "tls_map_dest_info": "Приклади: example.org, .example.org, [mail.example.org]:25",
         "tls_map_parameters_info": "Залиште поле порожнім або вкажіть параметри, наприклад: protocols=!SSLv2 ciphers=medium exclude=3DES",
-        "tls_policy_maps_enforced_tls": "Для вихідних повідомлень від користувачів із включеною примусовою політикою шифрування вихідних з'єднань не описані глобальною політикою, будуть застосовані значення за замовчуванням, зазначені в <code>smtp_tls_mandatory_protocols</code> та <code>smtp_tls_mandatory_ciphers</code>."
+        "tls_policy_maps_enforced_tls": "Для вихідних повідомлень від користувачів із включеною примусовою політикою шифрування вихідних з'єднань не описані глобальною політикою, будуть застосовані значення за замовчуванням, зазначені в <code>smtp_tls_mandatory_protocols</code> та <code>smtp_tls_mandatory_ciphers</code>.",
+        "add_template": "Додати шаблон",
+        "domain_templates": "Шаблони доменів",
+        "relay_unknown": "Ретрансляція невідомих поштових скриньок",
+        "mailbox_templates": "Шаблони поштових скриньок",
+        "templates": "Шаблони",
+        "template": "Шаблон"
     },
     "oauth2": {
         "authorize_app": "Авторизація додатка",
@@ -896,7 +938,20 @@
         "table_size_show_n": "Відображати %s полів"
     },
     "queue": {
-        "queue_manager": "Черга на відправлення"
+        "queue_manager": "Черга на відправлення",
+        "delete": "Видалити все",
+        "info": "Поштова черга містить усі електронні листи, які очікують на доставку. Якщо електронний лист застряг у черзі на тривалий час, він автоматично видаляється системою.<br>Повідомлення про помилку відповідного листа містить інформацію про те, чому лист не може бути доставлено.",
+        "unhold_mail": "Зняти утримування",
+        "unhold_mail_legend": "Звільняє вибрані листи для доставки. (Потрібне попереднє утримання)",
+        "flush": "Очистити чергу",
+        "legend": "Функції дій з поштовими чергами:",
+        "ays": "Підтвердьте, що ви хочете видалити всі елементи з поточної черги.",
+        "deliver_mail": "Доставити",
+        "deliver_mail_legend": "проби повторної доставки вибраних листів.",
+        "hold_mail": "Утримати",
+        "hold_mail_legend": "Утримує вибрані листи. (Запобігає подальшим спробам доставки)",
+        "show_message": "Показати повідомлення",
+        "unban": "розблокувати чергу"
     },
     "ratelimit": {
         "disabled": "Вимкнено",
@@ -988,7 +1043,12 @@
         "settings_map_added": "Правило додано",
         "tls_policy_map_entry_deleted": "Політику TLS ID %s видалено",
         "verified_totp_login": "Авторизацію TOTP пройдено",
-        "domain_add_dkim_available": "Ключ DKIM вже існує"
+        "domain_add_dkim_available": "Ключ DKIM вже існує",
+        "template_added": "Додано шаблон %s",
+        "template_modified": "Зміни до шаблону %s збережено",
+        "cors_headers_edited": "Налаштування CORS збережено",
+        "ip_check_opt_in_modified": "Перевірка IP-адреси успішно збережено",
+        "template_removed": "Шаблону із ID %s видалено"
     },
     "tfa": {
         "confirm": "Підтвердьте",
@@ -1176,7 +1236,8 @@
         "tag_help_explain": "Перемістити до підпапки: буде створено нову підпапку в INBOX з ім'ям тега, наприклад: \"INBOX/Facebook\".<br>\n  Додати до теми листа: ім'я тега буде додано до теми листа, наприклад: \"[Facebook] My News\".",
         "tls_policy_warning": "<strong>Попередження:</strong> якщо ви увімкнете примусове шифрування пошти, ви можете зіткнутися з втратою листів.<br>Повідомлення, які не відповідають політиці, будуть відкидатися з повідомленням поштовим сервером про серйозний збій.<br>Цей параметр застосовується до вашої основної адреси електронної пошти (логіну), усім особистим псевдонімам та псевдонімам доменів. Маються на увазі лише псевдоніми <b>з однією поштовою скринькою</b>, як одержувач.",
         "year": "рік",
-        "years": "років"
+        "years": "років",
+        "pushover_sound": "Звук"
     },
     "warning": {
         "domain_added_sogo_failed": "Домен був доданий, але перезавантажити SOGo не вдалося, будь ласка, перевірте журнали сервера.",
@@ -1190,5 +1251,31 @@
         "hash_not_found": "Хеш не знайдено або вже видалено",
         "ip_invalid": "Пропущено недійсний IP: %s",
         "is_not_primary_alias": "Пропущено неосновний псевдонім %s"
+    },
+    "datatables": {
+        "decimal": ".",
+        "infoPostFix": "datatables.infoPostFix",
+        "zeroRecords": "Відповідних записів не знайдено",
+        "aria": {
+            "sortAscending": ": активувати для сортування стовпців за зростанням",
+            "sortDescending": ": активувати для сортування стовпців за спаданням"
+        },
+        "emptyTable": "У таблиці немає даних",
+        "expand_all": "Розгорнути всі",
+        "info": "Показано від _START_ до _END_ of _TOTAL_ записів",
+        "infoEmpty": "Показано від 0 до 0 із 0 записів",
+        "infoFiltered": "(відфільтровано з _MAX_ всіх записів)",
+        "thousands": ",",
+        "lengthMenu": "Показати записи _MENU_",
+        "loadingRecords": "Завантаження...",
+        "processing": "Будь ласка, зачекайте...",
+        "search": "Пошук:",
+        "paginate": {
+            "first": "Перший",
+            "last": "Останній",
+            "next": "Наступний",
+            "previous": "Попередній"
+        },
+        "collapse_all": "Згорнути все"
     }
 }

data/web/templates/admin/tab-config-admins.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show active" id="tab-config-admins" role="tabpanel" aria-labelledby="tab-config-admins">
+<div class="tab-pane fade show active" id="tab-config-admins" role="tabpanel" aria-labelledby="tab-config-admins">
   <div class="card mb-4">
     <div class="card-header bg-danger text-white d-flex fs-5">
       <button class="btn d-md-none text-white flex-grow-1 text-start" data-bs-target="#collapse-tab-config-admins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-admins">
@@ -97,6 +97,39 @@
           <div class="col-lg-12">
             <p class="text-muted">{{ lang.admin.api_info|raw }}</p>
           </div>
+          <div class="col-lg-12">
+            <div class="card mb-3">
+              <div class="card-header">
+                <h4 class="card-title"><i class="bi bi-file-earmark-arrow-down"></i> {{ lang.admin.cors_settings }}</h4>
+              </div>
+              <div class="card-body">
+                <form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" data-id="editcors" method="post">
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2 mb-4" for="allowed_origins">{{ lang.admin.allowed_origins }}</label>
+                    <div class="col-sm-9 mb-4">
+                      <textarea class="form-control textarea-code" rows="7" name="allowed_origins" id="allowed_origins">{{ cors_settings.allowed_origins }}</textarea>
+                    </div>
+                  </div>
+                  <div class="row mb-4">
+                    <label class="control-label col-sm-2" for="allowed_methods">{{ lang.admin.allowed_methods }}</label>
+                    <div class="col-sm-9">
+                      <select name="allowed_methods" id="allowed_methods" multiple class="form-control">
+                        <option value="POST"{% if "POST" in cors_settings.allowed_methods  %} selected{% endif %}>POST</option>
+                        <option value="GET"{% if "GET" in cors_settings.allowed_methods  %} selected{% endif %}>GET</option>
+                        <option value="DELETE"{% if "DELETE" in cors_settings.allowed_methods  %} selected{% endif %}>DELETE</option>
+                        <option value="PUT"{% if "PUT" in cors_settings.allowed_methods %} selected{% endif %}>PUT</option>
+                      </select>
+                    </div>
+                  </div>
+                  <div class="row mb-4">
+                    <div class="offset-sm-2 col-sm-9">
+                      <button class="btn btn-sm visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline btn-success" data-item="cors" data-api-url="edit/cors" data-id="editcors" data-action="edit_selected" href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
+                    </div>
+                  </div>
+                </form>
+              </div>
+            </div>
+          </div>
           <div class="col-lg-6">
             <div class="card mb-3">
               <div class="card-header">
@@ -194,7 +227,7 @@
 
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dadmins" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-dadmins">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dadmins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-dadmins">
         {{ lang.admin.domain_admins }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.domain_admins }}</span>

data/web/templates/admin/tab-config-customize.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-customize" role="tabpanel" aria-labelledby="tab-config-customize">
+<div class="tab-pane fade" id="tab-config-customize" role="tabpanel" aria-labelledby="tab-config-customize">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-customize" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-customize">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-customize" data-bs-toggle="collapse" aria-controls="collapse-tab-config-customize">
         {{ lang.admin.customize }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.customize }}</span>

data/web/templates/admin/tab-config-dkim.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-dkim" role="tabpanel" aria-labelledby="tab-config-dkim">
+<div class="tab-pane fade" id="tab-config-dkim" role="tabpanel" aria-labelledby="tab-config-dkim">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dkim" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-dkim">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-dkim" data-bs-toggle="collapse" aria-controls="collapse-tab-config-dkim">
         {{ lang.admin.dkim_keys }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.dkim_keys }}</span>

data/web/templates/admin/tab-config-f2b.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-f2b" role="tabpanel" aria-labelledby="tab-config-f2b">
+<div class="tab-pane fade" id="tab-config-f2b" role="tabpanel" aria-labelledby="tab-config-f2b">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-f2b" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-f2b">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-f2b" data-bs-toggle="collapse" aria-controls="collapse-tab-config-f2b">
         {{ lang.admin.f2b_parameters }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.f2b_parameters }}</span>
@@ -92,16 +92,16 @@
       {% endif %}
       {% for active_ban in f2b_data.active_bans %}
         <p>
-          <span class="badge fs-5 bg-info" style="padding:4px;font-size:85%;">
+          <span class="badge fs-5 bg-info py-0">
             <i class="bi bi-funnel-fill"></i>
             <a href="https://bgp.he.net/ip/{{ active_ban.ip }}" target="_blank" style="color:white">
               {{ active_ban.network }}
             </a>
             ({{ active_ban.banned_until }}) -
             {% if active_ban.queued_for_unban == 0 %}
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[{{ lang.admin.queue_unban }}]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[{{ lang.admin.queue_unban }}]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
+            <a class="btn btn-lg btn-link p-0 text-info" data-action="edit_selected" data-item="{{ active_ban.network }}" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
             {% else %}
             <i>{{ lang.admin.unban_pending }}</i>
             {% endif %}

data/web/templates/admin/tab-config-fwdhosts.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-fwdhosts" role="tabpanel" aria-labelledby="tab-config-fwdhosts">
+<div class="tab-pane fade" id="tab-config-fwdhosts" role="tabpanel" aria-labelledby="tab-config-fwdhosts">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-fwdhosts" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-fwdhosts">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-fwdhosts" data-bs-toggle="collapse" aria-controls="collapse-tab-config-fwdhosts">
         {{ lang.admin.forwarding_hosts }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.forwarding_hosts }}</span>

data/web/templates/admin/tab-config-oauth2.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-oauth2" role="tabpanel" aria-labelledby="tab-config-oauth2">
+<div class="tab-pane fade" id="tab-config-oauth2" role="tabpanel" aria-labelledby="tab-config-oauth2">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-oauth2" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-oauth2">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-oauth2" data-bs-toggle="collapse" aria-controls="collapse-tab-config-oauth2">
         {{ lang.admin.oauth2_apps }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.oauth2_apps }}</span>

data/web/templates/admin/tab-config-password-policy.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-password-policy" role="tabpanel" aria-labelledby="tab-config-password-policy">
+<div class="tab-pane fade" id="tab-config-password-policy" role="tabpanel" aria-labelledby="tab-config-password-policy">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-policy" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-password-policy">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-password-policy" data-bs-toggle="collapse" aria-controls="collapse-tab-config-password-policy">
         {{ lang.admin.password_policy }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.password_policy }}</span>

data/web/templates/admin/tab-config-quarantine.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-quarantine" role="tabpanel" aria-labelledby="tab-config-quarantine">
+<div class="tab-pane fade" id="tab-config-quarantine" role="tabpanel" aria-labelledby="tab-config-quarantine">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quarantine" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-quarantine">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quarantine" data-bs-toggle="collapse" aria-controls="collapse-tab-config-quarantine">
         {{ lang.admin.quarantine }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.quarantine }}</span>

data/web/templates/admin/tab-config-quota.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-quota" role="tabpanel" aria-labelledby="tab-config-quota">
+<div class="tab-pane fade" id="tab-config-quota" role="tabpanel" aria-labelledby="tab-config-quota">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quota" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-quota">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-quota" data-bs-toggle="collapse" aria-controls="collapse-tab-config-quota">
         {{ lang.admin.quota_notifications }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.quota_notifications }}</span>

data/web/templates/admin/tab-config-rsettings.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-rsettings" role="tabpanel" aria-labelledby="tab-config-rsettings">
+<div class="tab-pane fade" id="tab-config-rsettings" role="tabpanel" aria-labelledby="tab-config-rsettings">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rsettings" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-rsettings">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rsettings" data-bs-toggle="collapse" aria-controls="collapse-tab-config-rsettings">
         {{ lang.admin.rspamd_settings_map }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.rspamd_settings_map }}</span>

data/web/templates/admin/tab-config-rspamd.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-rspamd" role="tabpanel" aria-labelledby="tab-config-rspamd">
+<div class="tab-pane fade" id="tab-config-rspamd" role="tabpanel" aria-labelledby="tab-config-rspamd">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rspamd" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-rspamd">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-rspamd" data-bs-toggle="collapse" aria-controls="collapse-tab-config-rspamd">
         Rspamd UI
       </button>
       <span class="d-none d-md-block">Rspamd UI</span>

data/web/templates/admin/tab-globalfilter-regex.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-globalfilter-regex" role="tabpanel" aria-labelledby="tab-globalfilter-regex">
+<div class="tab-pane fade" id="tab-globalfilter-regex" role="tabpanel" aria-labelledby="tab-globalfilter-regex">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-regex" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-regex">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-regex" data-bs-toggle="collapse" aria-controls="collapse-tab-config-regex">
         {{ lang.admin.rspamd_global_filters }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.rspamd_global_filters }}</span>

data/web/templates/admin/tab-ldap.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-config-ldap-admins" role="tabpanel" aria-labelledby="tab-config-ldap-admins">
+<div class="tab-pane fade" id="tab-config-ldap-admins" role="tabpanel" aria-labelledby="tab-config-ldap-admins">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-ldap-admins" data-bs-toggle="collapse" aria-controls="ollapse-tab-config-ldap-admins">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-config-ldap-admins" data-bs-toggle="collapse" aria-controls="collapse-tab-config-ldap-admins">
         {{ lang.admin.admins_ldap }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.admins_ldap }}</span>

data/web/templates/admin/tab-routing.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-routing" role="tabpanel" aria-labelledby="tab-routing">
+<div class="tab-pane fade" id="tab-routing" role="tabpanel" aria-labelledby="tab-routing">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-routing" data-bs-toggle="collapse" aria-controls="ollapse-tab-routing">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-routing" data-bs-toggle="collapse" aria-controls="collapse-tab-routing">
         {{ lang.admin.relayhosts }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.relayhosts }}</span>
@@ -47,7 +47,7 @@
 
   <div class="card mb-4">
     <div class="card-header d-flex">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-maps" data-bs-toggle="collapse" aria-controls="ollapse-tab-maps">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-maps" data-bs-toggle="collapse" aria-controls="collapse-tab-maps">
         {{ lang.admin.transport_maps }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.transport_maps }}</span>

data/web/templates/admin/tab-sys-mails.twig

@@ -1,7 +1,7 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-sys-mails" role="tabpanel" aria-labelledby="tab-sys-mails">
+<div class="tab-pane fade" id="tab-sys-mails" role="tabpanel" aria-labelledby="tab-sys-mails">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
-      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-sys-mails" data-bs-toggle="collapse" aria-controls="ollapse-tab-sys-mails">
+      <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-sys-mails" data-bs-toggle="collapse" aria-controls="collapse-tab-sys-mails">
         {{ lang.admin.sys_mails }}
       </button>
       <span class="d-none d-md-block">{{ lang.admin.sys_mails }}</span>

data/web/templates/debug.twig

@@ -497,8 +497,8 @@
             <legend>{{ lang.debug.history_all_servers }}</legend><hr />
             <a class="btn btn-sm btn-secondary dropdown-toggle mb-4" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.quick_actions }}</a>
             <ul class="dropdown-menu">
-              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="100" href="#">+ 100</a></li>
-              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd_history" data-nrows="1000" href="#">+ 1000</a></li>
+              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd-history" data-nrows="100" href="#">+ 100</a></li>
+              <li><a class="dropdown-item add_log_lines" data-post-process="rspamd_history" data-table="rspamd_history" data-log-url="rspamd-history" data-nrows="1000" href="#">+ 1000</a></li>
               <li class="table_collapse_option"><hr class="dropdown-divider"></li>
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.expand_all }}</a></li>
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rspamd_history" data-table="rspamd_history" href="#">{{ lang.datatables.collapse_all }}</a></li>

data/web/templates/mailbox/tab-bcc.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-bcc" role="tabpanel" aria-labelledby="tab-bcc">
+<div class="tab-pane fade" id="tab-bcc" role="tabpanel" aria-labelledby="tab-bcc">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-bcc" data-bs-toggle="collapse" aria-controls="collapse-tab-bcc">

data/web/templates/mailbox/tab-domain-aliases.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
+<div class="tab-pane fade" id="tab-domain-aliases" role="tabpanel" aria-labelledby="tab-domain-aliases">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domain-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-domain-aliases">

data/web/templates/mailbox/tab-domains.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show active" id="tab-domains" role="tabpanel" aria-labelledby="tab-domains">
+<div class="tab-pane fade show active" id="tab-domains" role="tabpanel" aria-labelledby="tab-domains">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-domains" data-bs-toggle="collapse" aria-controls="collapse-tab-domains">

data/web/templates/mailbox/tab-filters.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-filters" role="tabpanel" aria-labelledby="tab-filters">
+<div class="tab-pane fade" id="tab-filters" role="tabpanel" aria-labelledby="tab-filters">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-filters" data-bs-toggle="collapse" aria-controls="collapse-tab-filters">

data/web/templates/mailbox/tab-mailboxes.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mailboxes" role="tabpanel" aria-labelledby="tab-mailboxes">
+<div class="tab-pane fade" id="tab-mailboxes" role="tabpanel" aria-labelledby="tab-mailboxes">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mailboxes" data-bs-toggle="collapse" aria-controls="collapse-tab-mailboxes">

data/web/templates/mailbox/tab-mbox-aliases.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-mbox-aliases" role="tabpanel" aria-labelledby="tab-mbox-aliases">
+<div class="tab-pane fade" id="tab-mbox-aliases" role="tabpanel" aria-labelledby="tab-mbox-aliases">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-mbox-aliases" data-bs-toggle="collapse" aria-controls="collapse-tab-mbox-aliases">

data/web/templates/mailbox/tab-resources.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-resources" role="tabpanel" aria-labelledby="tab-resources">
+<div class="tab-pane fade" id="tab-resources" role="tabpanel" aria-labelledby="tab-resources">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-resources" data-bs-toggle="collapse" aria-controls="collapse-tab-resources">

data/web/templates/mailbox/tab-syncjobs.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-syncjobs"  role="tabpanel" aria-labelledby="tab-syncjobs">
+<div class="tab-pane fade" id="tab-syncjobs"  role="tabpanel" aria-labelledby="tab-syncjobs">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-syncjobs" data-bs-toggle="collapse" aria-controls="collapse-tab-syncjobs">

data/web/templates/mailbox/tab-templates-domains.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show" id="tab-templates-domains" role="tabpanel" aria-labelledby="tab-templates-domains">
+<div class="tab-pane fade show" id="tab-templates-domains" role="tabpanel" aria-labelledby="tab-templates-domains">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-templates-domains" data-bs-toggle="collapse" aria-controls="collapse-tab-templates-domains">

data/web/templates/mailbox/tab-templates-mbox.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade show" id="tab-templates-mbox" role="tabpanel" aria-labelledby="tab-templates-mbox">
+<div class="tab-pane fade show" id="tab-templates-mbox" role="tabpanel" aria-labelledby="tab-templates-mbox">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-sm-block d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-templates-mbox" data-bs-toggle="collapse" aria-controls="collapse-tab-templates-mbox">

data/web/templates/mailbox/tab-tls-policy.twig

@@ -1,4 +1,4 @@
-<div role="tabpanel" class="tab-pane fade{% if mailcow_cc_role != 'admin' %} d-none{% endif %}" id="tab-tls-policy" role="tabpanel" aria-labelledby="tab-tls-policy">
+<div class="tab-pane fade{% if mailcow_cc_role != 'admin' %} d-none{% endif %}" id="tab-tls-policy" role="tabpanel" aria-labelledby="tab-tls-policy">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-tls-policy" data-bs-toggle="collapse" aria-controls="collapse-tab-tls-policy">

data/web/templates/user/AppPasswds.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="AppPasswds" role="tabpanel" aria-labelledby="AppPasswds">
+<div class="tab-pane fade" id="AppPasswds" role="tabpanel" aria-labelledby="AppPasswds">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-AppPasswds" data-bs-toggle="collapse" aria-controls="collapse-tab-AppPasswds">
         {{ lang.user.app_passwds }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.app_passwds }}
+      <span class="d-none d-md-block">{{ lang.user.app_passwds }}</span>
     </div>
     <div id="collapse-tab-AppPasswds" class="card-body collapse" data-bs-parent="#user-content">
       <div class="mass-actions-user mb-4">

data/web/templates/user/Pushover.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="Pushover" role="tabpanel" aria-labelledby="Pushover">
+<div class="tab-pane fade" id="Pushover" role="tabpanel" aria-labelledby="Pushover">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-Pushover" data-bs-toggle="collapse" aria-controls="collapse-tab-Pushover">
         Pushover API
       </button>
-      <span class="d-none d-md-block">Pushover API
+      <span class="d-none d-md-block">Pushover API</span>
     </div>
     <div id="collapse-tab-Pushover" class="card-body collapse" data-bs-parent="#user-content">
       <form data-id="pushover" class="form well" method="post">

data/web/templates/user/SpamAliases.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="SpamAliases" role="tabpanel" aria-labelledby="SpamAliases">
+<div class="tab-pane fade" id="SpamAliases" role="tabpanel" aria-labelledby="SpamAliases">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-SpamAliases" data-bs-toggle="collapse" aria-controls="collapse-tab-SpamAliases">
         {{ lang.user.spam_aliases }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.spam_aliases }}
+      <span class="d-none d-md-block">{{ lang.user.spam_aliases }}</span>
     </div>
     <div id="collapse-tab-SpamAliases" class="card-body collapse" data-bs-parent="#user-content">
       <div class="row">

data/web/templates/user/Spamfilter.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="Spamfilter" role="tabpanel" aria-labelledby="Spamfilter">
+<div class="tab-pane fade" id="Spamfilter" role="tabpanel" aria-labelledby="Spamfilter">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-Spamfilter" data-bs-toggle="collapse" aria-controls="collapse-tab-Spamfilter">
         {{ lang.user.spamfilter }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.spamfilter }}
+      <span class="d-none d-md-block">{{ lang.user.spamfilter }}</span>
     </div>
     <div id="collapse-tab-Spamfilter" class="card-body collapse" data-bs-parent="#user-content">
       <h4>{{ lang.user.spamfilter_behavior }}</h4>

data/web/templates/user/Syncjobs.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="Syncjobs" role="tabpanel" aria-labelledby="Syncjobs">
+<div class="tab-pane fade" id="Syncjobs" role="tabpanel" aria-labelledby="Syncjobs">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-Syncjobs" data-bs-toggle="collapse" aria-controls="collapse-tab-Syncjobs">
         {{ lang.user.sync_jobs }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.sync_jobs }}
+      <span class="d-none d-md-block">{{ lang.user.sync_jobs }}</span>
     </div>
     <div id="collapse-tab-Syncjobs" class="card-body collapse" data-bs-parent="#user-content">      
       <div class="mass-actions-user mb-4">

data/web/templates/user/tab-user-auth.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade in active show" id="tab-user-auth" role="tabpanel" aria-labelledby="tab-user-auth">
+<div class="tab-pane fade in active show" id="tab-user-auth" role="tabpanel" aria-labelledby="tab-user-auth">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-user-auth" data-bs-toggle="collapse" aria-controls="collapse-tab-user-auth">
         {{ lang.user.mailbox_general }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.mailbox_general }}
+      <span class="d-none d-md-block">{{ lang.user.mailbox_general }}</span>
     </div>
     <div id="collapse-tab-user-auth" class="card-body collapse" data-bs-parent="#user-content">
       {% if mailboxdata.attributes.force_pw_update == '1' %}

data/web/templates/user/tab-user-details.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-user-details" role="tabpanel" aria-labelledby="tab-user-details">
+<div class="tab-pane fade" id="tab-user-details" role="tabpanel" aria-labelledby="tab-user-details">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-user-details" data-bs-toggle="collapse" aria-controls="collapse-tab-user-details">
         {{ lang.user.mailbox_details }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.mailbox_details }}
+      <span class="d-none d-md-block">{{ lang.user.mailbox_details }}</span>
     </div>
     <div id="collapse-tab-user-details" class="card-body collapse" data-bs-parent="#user-content">
       <div class="row">
@@ -46,7 +46,7 @@
         <div class="col-sm-8 col-md-9 col-12">
           <p>
             {% if user_get_alias_details.aliases_also_send_as == '*' %}
-              {{ lang.user.sender_acl_disabled }}
+              {{ lang.user.sender_acl_disabled | raw }}
             {% elseif user_get_alias_details.aliases_also_send_as %}
               {{ user_get_alias_details.aliases_also_send_as }}
             {% else %}
@@ -58,13 +58,13 @@
       <div class="row">
         <div class="col-sm-4 col-md-3 col-12 text-sm-end text-start mb-4">{{ lang.user.aliases_send_as_all }}:</div>
         <div class="col-sm-8 col-md-9 col-12">
-          <p>{% if not user_get_alias_details.aliases_send_as_all %}<i class="bi bi-x-lg"></i>{% endif %}</p>
+          <p>{% if not user_get_alias_details.aliases_send_as_all %}<i class="bi bi-x-lg"></i>{% else %}{{ user_get_alias_details.aliases_send_as_all }}{% endif %}</p>
         </div>
       </div>
       <div class="row">
         <div class="col-sm-4 col-md-3 col-12 text-sm-end text-start mb-4">{{ lang.user.is_catch_all }}:</div>
         <div class="col-sm-8 col-md-9 col-12">
-          <p>{% if not user_get_alias_details.is_catch_all %}<i class="bi bi-x-lg"></i>{% endif %}</p>
+          <p>{% if not user_get_alias_details.is_catch_all %}<i class="bi bi-x-lg"></i>{% else %}{{ user_get_alias_details.is_catch_all }}{% endif %}</p>
         </div>
       </div>
     </div>

data/web/templates/user/tab-user-settings.twig

@@ -1,10 +1,10 @@
-<div role="tabpanel" class="tab-pane fade" id="tab-user-settings" role="tabpanel" aria-labelledby="tab-user-settings">
+<div class="tab-pane fade" id="tab-user-settings" role="tabpanel" aria-labelledby="tab-user-settings">
   <div class="card mb-4">
     <div class="card-header d-flex fs-5">
       <button class="btn d-md-none flex-grow-1 text-start" data-bs-target="#collapse-tab-user-settings" data-bs-toggle="collapse" aria-controls="collapse-tab-user-settings">
         {{ lang.user.mailbox_settings }}
       </button>
-      <span class="d-none d-md-block">{{ lang.user.mailbox_settings }}
+      <span class="d-none d-md-block">{{ lang.user.mailbox_settings }}</span>
     </div>
     <div id="collapse-tab-user-settings" class="card-body collapse" data-bs-parent="#user-content">
       {# Show tagging options #}

docker-compose.yml

@@ -162,6 +162,7 @@ services:
         - DEV_MODE=${DEV_MODE:-n}
         - DEMO_MODE=${DEMO_MODE:-n}
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
+        - CLUSTERMODE=${CLUSTERMODE:-}
       restart: always
       networks:
         mailcow-network:
@@ -169,7 +170,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.117
+      image: mailcow/sogo:1.118
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -296,7 +297,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.68
+      image: mailcow/postfix:1.72
       depends_on:
         - mysql-mailcow
       volumes:
@@ -316,6 +317,7 @@ services:
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
         - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
+        - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
       cap_add:
         - NET_BIND_SERVICE
       ports:
@@ -510,7 +512,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.04
+      image: mailcow/dockerapi:2.05
       security_opt:
         - label=disable
       restart: always

generate_config.sh

@@ -21,7 +21,7 @@ if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep
 if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
 if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
 
-for bin in openssl curl docker git awk sha1sum; do
+for bin in openssl curl docker git awk sha1sum grep cut; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
@@ -58,6 +58,33 @@ else
   exit 1
 fi
 
+detect_bad_asn() {
+  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
+      sleep 2
+      echo ""
+      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
+      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
+      echo ""
+      sleep 2
+
+    else
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
+    fi
+  elif [ "$response" -eq 200 ]; then
+    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
+  elif [ "$response" -eq 429 ]; then
+    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
+  else
+    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
+  fi
+}
+
 ### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
 if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
   SKIP_BRANCH=y
@@ -162,7 +189,7 @@ if [[ ${SKIP_BRANCH} != y ]]; then
   done
 
   git fetch --all
-  git checkout -f $git_branch
+  git checkout -f $MAILCOW_BRANCH
 
 elif [[ ${SKIP_BRANCH} == y ]]; then
   echo -e "\033[33mEnabled Dev Mode.\033[0m"
@@ -431,6 +458,13 @@ ACME_CONTACT=
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
+# Spamhaus Data Query Service Key
+# Optional: Leave empty for none
+# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist. 
+# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
+# Otherwise it will work normally.
+SPAMHAUS_DQS_KEY=
+
 EOF
 
 mkdir -p data/assets/ssl
@@ -503,3 +537,5 @@ else
   echo '?>' >> data/web/inc/app_info.inc.php
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi
+
+detect_bad_asn

helper-scripts/nextcloud.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=26.0.2
+NEXTCLOUD_VERSION=27.0.2
 
 echo -ne "Checking prerequisites..."
 sleep 1
@@ -178,6 +178,8 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
     /web/nextcloud/occ --no-warnings config:system:set mail_domain --value=${MAILCOW_HOSTNAME}; \
     /web/nextcloud/occ --no-warnings config:system:set mail_smtphost --value=postfix; \
     /web/nextcloud/occ --no-warnings config:system:set mail_smtpport --value=588; \
+    /web/nextcloud/occ --no-warnings config:system:set mail_smtpstreamoptions ssl verify_peer --value=false --type=boolean
+    /web/nextcloud/occ --no-warnings config:system:set mail_smtpstreamoptions ssl verify_peer_name --value=false --type=boolean
     /web/nextcloud/occ --no-warnings db:convert-filecache-bigint -n"
 
     # Not installing by default, broke too often

update.sh

@@ -255,6 +255,33 @@ elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
 fi
 }
 
+detect_bad_asn() {
+  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
+      sleep 2
+      echo ""
+      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
+      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
+      echo ""
+      sleep 2
+
+    else
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
+    fi
+  elif [ "$response" -eq 200 ]; then
+    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
+  elif [ "$response" -eq 429 ]; then
+    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
+  else
+    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
+  fi
+}
+
 ############## End Function Section ##############
 
 # Check permissions
@@ -301,7 +328,7 @@ umask 0022
 unset COMPOSE_COMMAND
 unset DOCKER_COMPOSE_VERSION
 
-for bin in curl docker git awk sha1sum; do
+for bin in curl docker git awk sha1sum grep cut; do
   if [[ -z $(command -v ${bin}) ]]; then 
   echo "Cannot find ${bin}, exiting..." 
   exit 1;
@@ -442,8 +469,11 @@ CONFIG_ARRAY=(
   "ACME_CONTACT"
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
+  "SPAMHAUS_DQS_KEY"
 )
 
+detect_bad_asn
+
 sed -i --follow-symlinks '$a\' mailcow.conf
 for option in ${CONFIG_ARRAY[@]}; do
   if [[ ${option} == "ADDITIONAL_SAN" ]]; then
@@ -642,6 +672,7 @@ for option in ${CONFIG_ARRAY[@]}; do
     fi
   elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
     if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Additional server names for mailcow UI' >> mailcow.conf
       echo '#' >> mailcow.conf
       echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
@@ -653,6 +684,7 @@ for option in ${CONFIG_ARRAY[@]}; do
     fi
   elif [[ ${option} == "ACME_CONTACT" ]]; then
     if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Lets Encrypt registration contact information' >> mailcow.conf
       echo '# Optional: Leave empty for none' >> mailcow.conf
       echo '# This value is only used on first order!' >> mailcow.conf
@@ -662,13 +694,25 @@ for option in ${CONFIG_ARRAY[@]}; do
     fi
   elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
     if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
       echo "# WebAuthn device manufacturer verification" >> mailcow.conf
       echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
       echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
       echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
     fi
+  elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo "# Spamhaus Data Query Service Key" >> mailcow.conf
+      echo '# Optional: Leave empty for none' >> mailcow.conf
+      echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
+      echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
+      echo '# Otherwise it will work as usual.' >> mailcow.conf
+      echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
+    fi
   elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
     if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
       echo '# Enable watchdog verbose logging' >> mailcow.conf
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
     fi
@@ -876,7 +920,7 @@ if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then
   echo '!! IMPORTANT !!'
   echo
   echo 'SYSCTL_IPV6_DISABLED was removed due to complications. IPv6 can be disabled by editing "docker-compose.yml" and setting "enable_ipv6: true" to "enable_ipv6: false".'
-  echo 'This setting will only be active after a complete shutdown of mailcow by running $COMPOSE_COMMAND down followed by $COMPOSE_COMMAND up -d".'
+  echo "This setting will only be active after a complete shutdown of mailcow by running $COMPOSE_COMMAND down followed by $COMPOSE_COMMAND up -d."
   echo
   echo '!! IMPORTANT !!'
   echo