The mailserver suite with the 'moo' – 🐮 + 🐋 = 💕

News and Infos

🕶️🐄 Moogust Update 2024 | Forgot Password?, SOGo 5.11, Rspamd 3.9.1 and More | Revision A

published on 08-15-2024 included in Updates

2024-08a (Released on 20th August 2024)

Dovecot updated to 2.3.21.1

Warning

This release includes patches for Dovecot (version 2.3.21.1) that address two security vulnerabilities within Dovecot.

Installation is strongly recommended!

See Dovecot Release Notes: https://github.com/dovecot/core/blob/release-2.3.21/NEWS

Other Changes

Fixed issues with parsing the Docker version number in the generate-config.sh and update.sh scripts.
Some Dockerfiles were refactored (this has no impact on operations, it only serves for future development).
An exit condition was added to Dovecot concerning the download of sa-rules. Previously, the download had to be successful; otherwise, Dovecot would not start. Now, if the download fails after several attempts, Dovecot will still start.
In Docker containers that used the mysqladmin tool, the tool has been replaced with the newer mariadb-admin with the same functionality to prevent future compatibility issues.
Several Bash variables in the scripts are now handled correctly (quoting), and some strange non-UTF-8 characters have been replaced.
Due to the Rspamd update to 3.9.1, UTF-8 decoding in the Pushover and quarantine systems was broken, which could have led to unexpected results when emojis were in the header. This has been fixed.

2024-08 (Released on 15th August 2024)

Moohoo everyone!

August is here, and mailcow brings you a major update for this (hopefully not too hot) month.

This time, we have some significant changes on board that we would like to introduce to you:

🔥🐄 Mooly Update 2024 | Security Update

published on 08-05-2024 included in Updates

2024-07 (Release on 5th August 2024)Moohoo everyone! With the Mooly update, three security vulnerabilities in mailcow will be closed. CVE-2024-41958 - Two-Factor Authentication (2FA) Bypass Vulnerability CVE-2024-41959 - XSS Vulnerability via API Logs CVE-2024-41960 - XSS Vulnerability via Relay Hosts Configuration Changelog Do not add MAILCOW_WHITE on failed DMARC [Postfix] update postscreen_access.cidr Security fixes The full changelog, including individual commits, is available on GitHub for those interested: https://github.com/mailcow/mailcow-dockerized/releases/tag/2024-07 Thanks to Julian B.

🌙🐄 Moone Update 2024 | Flatcurve Update Phase 1 - Revision C

published on 06-27-2024 included in Updates

2024-06c (Release on 12th July 2024)

After some back and forth (sorry about that…), we have decided to keep the affected PHP container on a working version (yes, there was one :D) until we can confirm through deeper tests that it finally works with a patched Alpine… until then, the container will remain “frozen.” The new container caused Roundcube users to experience issues, mainly due to permissions. Since we cannot rule out that this might break more third-party apps, we have reverted the version.
We fixed an error in the UI where the version modal was not opening correctly. Although it did open, it redirected you to the release page directly, making the modal unnecessary…

2024-06b (Release on 12th July 2024)

Improved regular expression in the backup/restore script, it should now support numbers like 10, 20, etc.
The PHP container has been built based on Debian 12. This should (please… the bug is really annoying…) finally fix the issues some of you had regarding blank mailcow UI or incorrect container values within the UI (etc.). We are still working on identifying the problem in the Alpine container so that we can use the Alpine base again in the long term (due to the smaller container size).
The WIP warning for ARM64 versions has been removed from the web UI. It is now (actually from the beginning…) stable! Thanks to everyone using it!
Postfix’s Postscreen access list has been updated as of July 1, 2024.

2024-06a (Release on 27th June 2024)

Rolledback broken Translation links
Fixed broken Curl Request at some Hosts inside PHP-FPM Container due to c-ares change

2024-06 (Release on 27th June 2024)

Moohoo everyone!

After our statement, it’s time to bring you an update again.

This time with some additional information:

⚠️ Critical Changes

Postfix TLS 1.1, TLS 1.0 Discontinuation

As part of the 2024-06 update, Postfix was updated to 3.7.10 and Debian 12. At the same time, this update requires communication between SMTP servers to use at least TLS version 1.2. This means we are discontinuing support for the older TLS versions 1.0 and 1.1.

🌟 Important News on the Continued Development of mailcow

published on 06-07-2024 included in News

Dear mailcow Community, mailcow continues to enjoy increasing popularity, and we are, of course, delighted by this. To continue delivering the necessary quality in the project and always meet the community’s expectations, we have adjusted and extended our update intervals accordingly. This allows us to maintain the high quality of updates for bug and feature requests. Going forward, we will tie the update intervals to the significance of the scope of the requests.

🥚🐄 Moopril Update 2024 | Security Update

published on 04-04-2024 included in Updates

2024-04 (Release April 4th, 2024)Moohoo Everyone! With the Moopril update, two security vulnerabilities in mailcow will be closed. CVE-2024-31204: XSS Vulnerability via Exception Handler CVE-2024-30270: Path Traversal and Arbitrary Code Execution Vulnerability Additionally, SOGo has been updated to version 5.10.0, and a bug in the domain-wide footer has been fixed. Changelog chore(deps): update thollander/actions-comment-pull-request action to v2.5.0 by @renovate in https://github.com/mailcow/mailcow-dockerized/pull/5747 Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5762 sogo: upgrade to 5.

🤔🔒🐮 What's up? - LDAP Integration

published on 03-11-2024 included in What's Up? News

Moohoo everyone!

As already announced on social media channels, today we are serving you a new edition of our section: What's up?.

Today, we are explicitly discussing a topic of burning interest to all of us: LDAP/OIDC Integration and the associated overhaul of the authentication system.

We have kept you updated in the past that we are feverishly working on integrating LDAP and OIDC. After all, this function is not without reason one of the most requested features for mailcow ever – and rightly so!

However, our plan was to release this whole thing in the first quarter of 2024 or maybe even around Christmas 2023. As you have noticed, both timelines could not be met…

🐥🐄 Febmooary 2024 Update | ClamAV Security Update

published on 02-15-2024 included in Updates

2024-02 (Release 15th February 2024)Moohoo Everyone! With Febmooary, further recently released security vulnerabilities in mailcow have been addressed. These are the following security vulnerabilities in the ClamAV service that were fixed with version 1.2.2: CVE-2024-20290: Fixed a possible heap overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. CVE-2024-20328: Fixed a possible command injection vulnerability in the “VirusEvent” feature of ClamAV’s ClamD service. In the default configuration, mailcow is not affected by the CVE-2024-20328 vulnerability, as the VirusEvent in the ClamAV configuration is not activated.

🦾6️⃣4️⃣ 🐄 Janmooary 2024 Update | The Multiarch (x86 + ARM64) & Performance Update - Revision E

published on 02-08-2024 included in Updates

2024-01e (Release: 08th Februars 2024)Netfilter Enhancements Fixed Isolation Rule for iptables: Addressed an issue regarding the mailcow isolation rule in iptables. Thanks to contributions from @FreddleSpl0it and @tomudding. PR #5700 Relaxed IP Check in NFTables.py: Set a more relaxed IP check in NFTables.py to improve compatibility. Many thanks to @amorfo77 for the contribution. PR #5711 SOGo Fixes Fixed SOGo Crash on Older Kernels: Resolved a SOGo crash occurring on kernels older than 5.

⚠️ Important change when using mailcow with deactivated IPv6 connectivity ⚠️

published on 02-01-2024 included in Status Information

Moohoo everyone!

In this blog post, we would like to take a look at the major changes in relation to Docker and IPv6 usability for mailcow.

🛷 🐄 Moocember 2023 Update | Netfilter NFTables Support and Banlist Endpoint

published on 12-19-2023 included in Updates

2023-12a (Release 29th December 2023)

Changelog

chore(deps): update dependency nextcloud/server to v28.0.1 by @renovate in https://github.com/mailcow/mailcow-dockerized/pull/5614
Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5617
[Postfix] Do not remove X-Mailer header by @feldsam in https://github.com/mailcow/mailcow-dockerized/pull/5504
Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/5622
[Postfix] set smtpd_forbid_bare_newline = yes

2023-12 (Release 19th December 2023)

Moo hoo everyone!

We have some new Netfilter features for you before the holidays. In addition, the watchdog can now send notifications via webhooks. To do this, simply configure the variables WATCHDOG_NOTIFY_WEBHOOK and WATCHDOG_NOTIFY_WEBHOOK_BODY in mailcow.conf accordingly.