The mailserver suite with the 'moo' – 🐮 + 🐋 = 💕

News and Infos

🌙🐄 Moone Update 2024 | Flatcurve Update Phase 1 - Revision C

2024-06c (Release on 12th July 2024)

  • After some back and forth (sorry about that…), we have decided to keep the affected PHP container on a working version (yes, there was one :D) until we can confirm through deeper tests that it finally works with a patched Alpine… until then, the container will remain “frozen.” The new container caused Roundcube users to experience issues, mainly due to permissions. Since we cannot rule out that this might break more third-party apps, we have reverted the version.
  • We fixed an error in the UI where the version modal was not opening correctly. Although it did open, it redirected you to the release page directly, making the modal unnecessary…

2024-06b (Release on 12th July 2024)

  • Improved regular expression in the backup/restore script, it should now support numbers like 10, 20, etc.
  • The PHP container has been built based on Debian 12. This should (please… the bug is really annoying…) finally fix the issues some of you had regarding blank mailcow UI or incorrect container values within the UI (etc.). We are still working on identifying the problem in the Alpine container so that we can use the Alpine base again in the long term (due to the smaller container size).
  • The WIP warning for ARM64 versions has been removed from the web UI. It is now (actually from the beginning…) stable! Thanks to everyone using it!
  • Postfix’s Postscreen access list has been updated as of July 1, 2024.

2024-06a (Release on 27th June 2024)

  • Rolledback broken Translation links
  • Fixed broken Curl Request at some Hosts inside PHP-FPM Container due to c-ares change

2024-06 (Release on 27th June 2024)

Moohoo everyone!

After our statement, it’s time to bring you an update again.

This time with some additional information:

⚠️ Critical Changes

Postfix TLS 1.1, TLS 1.0 Discontinuation

As part of the 2024-06 update, Postfix was updated to 3.7.10 and Debian 12. At the same time, this update requires communication between SMTP servers to use at least TLS version 1.2. This means we are discontinuing support for the older TLS versions 1.0 and 1.1.

🌟 Important News on the Continued Development of mailcow

Dear mailcow Community, mailcow continues to enjoy increasing popularity, and we are, of course, delighted by this. To continue delivering the necessary quality in the project and always meet the community’s expectations, we have adjusted and extended our update intervals accordingly. This allows us to maintain the high quality of updates for bug and feature requests. Going forward, we will tie the update intervals to the significance of the scope of the requests.

🥚🐄 Moopril Update 2024 | Security Update

2024-04 (Release April 4th, 2024)Moohoo Everyone! With the Moopril update, two security vulnerabilities in mailcow will be closed. CVE-2024-31204: XSS Vulnerability via Exception Handler CVE-2024-30270: Path Traversal and Arbitrary Code Execution Vulnerability Additionally, SOGo has been updated to version 5.10.0, and a bug in the domain-wide footer has been fixed. Changelog chore(deps): update thollander/actions-comment-pull-request action to v2.5.0 by @renovate in https://github.com/mailcow/mailcow-dockerized/pull/5747 Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5762 sogo: upgrade to 5.

🤔🔒🐮 What's up? - LDAP Integration

Moohoo everyone!

As already announced on social media channels, today we are serving you a new edition of our section: What's up?.

Today, we are explicitly discussing a topic of burning interest to all of us: LDAP/OIDC Integration and the associated overhaul of the authentication system.

We have kept you updated in the past that we are feverishly working on integrating LDAP and OIDC. After all, this function is not without reason one of the most requested features for mailcow ever – and rightly so!

However, our plan was to release this whole thing in the first quarter of 2024 or maybe even around Christmas 2023. As you have noticed, both timelines could not be met…

🐥🐄 Febmooary 2024 Update | ClamAV Security Update

2024-02 (Release 15th February 2024)Moohoo Everyone! With Febmooary, further recently released security vulnerabilities in mailcow have been addressed. These are the following security vulnerabilities in the ClamAV service that were fixed with version 1.2.2: CVE-2024-20290: Fixed a possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. CVE-2024-20328: Fixed a possible command injection vulnerability in the “VirusEvent” feature of ClamAV’s ClamD service. In the default configuration, mailcow is not affected by the CVE-2024-20328 vulnerability, as the VirusEvent in the ClamAV configuration is not activated.

🦾6️⃣4️⃣ 🐄 Janmooary 2024 Update | The Multiarch (x86 + ARM64) & Performance Update - Revision E

2024-01e (Release: 08th Februars 2024)Netfilter Enhancements Fixed Isolation Rule for iptables: Addressed an issue regarding the mailcow isolation rule in iptables. Thanks to contributions from @FreddleSpl0it and @tomudding. PR #5700 Relaxed IP Check in NFTables.py: Set a more relaxed IP check in NFTables.py to improve compatibility. Many thanks to @amorfo77 for the contribution. PR #5711 SOGo Fixes Fixed SOGo Crash on Older Kernels: Resolved a SOGo crash occurring on kernels older than 5.

🛷 🐄 Moocember 2023 Update | Netfilter NFTables Support and Banlist Endpoint

2023-12a (Release 29th December 2023)


2023-12 (Release 19th December 2023)

Moo hoo everyone!

We have some new Netfilter features for you before the holidays. In addition, the watchdog can now send notifications via webhooks. To do this, simply configure the variables WATCHDOG_NOTIFY_WEBHOOK and WATCHDOG_NOTIFY_WEBHOOK_BODY in mailcow.conf accordingly.

🏮🐄 Moovember 2023 Update Revision A | Ratelimit Fixes, Domain Wide Footer Fixes

2023-11a (Release 07th December 2023)


2023-11 (Release 21st November 2023)

Moo hoo everyone!

The holiday season is slowly approaching, and here we are with another update at our doorstep.

First things first: It’s advisable to update (especially if using Quarantine) due to a critical security patch.