🇺🇸 English:

Hello all,

Yesterday we received an important tip about a critical security vulnerability in mailcow (thanks again for that). It affects IMAPSYNC and gives access to administration rights in the mailcow UI and API.

It is strongly recommended to install the update as soon as possible to prevent exploitation.

As always please take a look at the GitHub Release: https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d

The update does not remove any important functionality from mailcow or IMAPSYNC!

🇩🇪 Deutsch

Hallo zusammen,

wir haben gestern einen wichtigen Hinweis bezüglich einer kritischen Sicherheitslücke in der mailcow zugespielt bekommen (Danke nochmal dafür). Diese betrifft IMAPSYNC und verschafft zugriff auf Administrationsrechte im mailcow UI sowie der API.

Es wird dringend empfohlen das Update so schnell wie möglich zu installieren um so eine Ausnutzung der Lücke auszuschließen.

Schaut euch bitte auch wieder die GitHub Release Page an um genauere Änderungen sehen zu können: https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05d

Das Update entfernt keine wichtigen Funktionen aus der mailcow bzw. dem IMAPSYNC!


It´s us again again!

This time we´ve published the 2022-05c Update which is a very small one.

It changed the API a bit again. This time for security reasons.

Head over to GitHub to see the full changelog:

Stay healthy


It´s us again!

Today we have a small API Fix Update which focus mainly on the UI.

As some of you reported the API Calls for Domains/Mailboxes don´t work anymore if there is no Tag set.

This is now fixed.

Additionaly, we´ve added a small tweak for the UI. Did you know that there was a little plus symbol at the left of a Domain/Mailbox? No? Don´t worry it was a little hard to see… until now 🙂

That´s all basically… oh no wait one more thing!
We´ve now included the mailcow Version to our Bug Reporting Formular on GitHub. So if you want to report a Bug please also fill out the Version row on the Issue form.

Now that´s all!

Thanks again for all of the contributors and mailcow users/admins.

Your mailcow Team


Hello again folks,

we´ve just released the first Hotfix for 2022-05.

It fixes a critical UI Bug which caused a inaccessability for the UI after the Update 2022-05.

The issue was a missing placeholder which caused a important folder to be deleted from the Git Repository, which is needed to display the UI.

Sorry for that.


Here, the new mailcow update 2022-05 is!
Yoda, in a parallel universe

Anyway… this month we have new stuff for your mailcow again.
So let´s get started, shall we?

What is new?


Thanks to the help of @FredleSpl0it the mailcow now has tags. Tags? Yes tags! These can be used for filtering and searching. You can add them either by editing a domain/mailbox or by creating a new one. In both cases the tags section will show itself to you.

SOGo 5.6.0

Heard there is a new SOGo version? Yep, and we already have it on board. For more information please read the official changelogs from inverse (the SOGo developers): https://github.com/inverse-inc/sogo/releases/tag/SOGo-5.6.0

Accessibility (screen readers)

@mkuron has made the mailcow a bit more accessible for blind people. (Respect at this point for all who have fun in the IT world despite this limitation).

Update.sh changed

We have implemented a new parameter for the Update.sh script, which skips the online check at the beginning of the update process. This could not be executed for some people because all ICMP connections to and from the mailcow were blocked. Now just use the –skip-ping-check parameter when you run the Update.sh script (but please only use it if you really don’t allow ICMP connections to and from your mailcow).

New API functions

We or the community has extended the API. Now you can also search domains by tags. Furthermore we added an API interface with the versioning of the mailcow. For more detailed API information just have a look at the extra API page of your mailcow (your.mailcow.domain/api).

Thanks to @lars-net and @FredleSpl0it for that.

For a more detailed or granular structure of the update, feel free to check out the GitHub page: https://github.com/mailcow/mailcow-dockerized/releases/tag/2022-05

That’s it for this month.

See you again in June or earlier (should there be critical bugs…).

Stay healthy


Yesterday we released the 2022-04 update (Moopril) which included a change in the NGINX configuration. During the same day we received a message that SOGo would not work since the update, more precisely the login.

So we released an update yesterday evening around 23:00 (German summertime) which solves this problem in most cases.

Please update your mailcow via the update.sh Script as soon as possible to use SOGo as usual again.

We apologize for this error.

Kind regards
The mailcow team


Gestern haben wir das 2022-04 Update (Moopril) veröffentlicht, welches eine Änderung in der NGINX Konfiguration enthielt. Im Verlauf des selbigen Tages erhielten wir vermehrt Meldungen darüber, dass SOGo seit dem Update nicht mehr funktionieren würde, genauer gesagt der Login.

So wurde am gestrigen Abend gegen 23:00 Uhr (Deutscher Sommerzeit) von uns ein Update veröffentlicht, welcher dieses Problem in den meisten Fällen löst.

Bitte Updated eure mailcow so schnell es geht via dem update.sh Skript um SOGo wieder wie gewohnt nutzen zu können.

Wir entschuldigen uns für diesen Fehler.

Liebe Grüße
Das mailcow Team

If you encounter problems with Nginx, please see the following comment on GitHub.

Moohoo everyone!

The April update is here with a bunch of new stuff for your flawless E-Mail Flow.

This month we have 3 component updates (ClamAV, SOGo and Rspamd) and a few minor fixes which are as follows:

Major Changes

  • We have updated SOGo in the mailcow stack to 5.5.1. Besides the SOGo fixes (see here) the mailcow database structure has been tweaked a bit to be ready for the upcoming 5.5.2 update!
    Note: The 5.5.2 update will be part of the 2022-04a update as soon as it is released by inverse (most likely).

  • We have updated Rspamd to 3.2.1. (More detailed patch notes can be found here).

  • The ClamAV components in mailcow now use the official container of ClamAV itself. For this reason there is now another volume (clamd-db-vol-1) in which the signatures of ClamAV are stored during freshclam. This allows us to roll out future ClamAV versions faster and in a more space efficient way. Note: ClamAV still uses version 0.104.2. Version 0.105 will be part of the mailcow as soon as it is released.

Minor Changes

  • Autodiscover is now compatible with App Passwords.
  • The Postmap Access List has been updated to a newer state.
  • New French translations.

Take a look at the full release page of the Update at Github: Click here

We hope you are all safe and sound.

No matter where you are, take care of yourselves.

Moohoo everyone!

We have released an impromptu bug fix update that fixes a few minor bugs and graphical issues.

These are only minor changes this time, but as the saying goes, "Every little bit helps".

  • We have moved the version footer back to the correct position. Faithful to the motto: Stay were you are!
  • We have improved the release tag handling with the version footer.
  • The backup and restore script now uses Debian Bullseye instead of Buster.
  • We fixed the bug that the spam alias of an alias domain was not deleted.
  • We updated Twig + dependencies to 3.3.8 to close a security hole concerning Twig.

For detailed information please visit: the 2022-03a Release Page.

That’s about it. We hope you are all well and healthy.

See you at the next update!

Stay healthy

Tach zusammen!

Mal kein Update Log sondern eine Empfehlung unsererseits an alle, die neu in die mailcow Welt einsteigen oder ihr Wissen auffrischen wollen.

Solltet ihr eines der Sachen mit Ja beantwortet haben wird die folgende Video Reihe für euch interessant sein:

Schaut generell einfach mal rein, wenn ihr mögt und lasst ein bisschen Liebe da, als dank der Vorstellung unseres mailcow Projektes.

Wir bedanken uns an dieser Stelle noch einmal ganz herzlich bei dir Dennis, wenn du das liest fühl dich gedrückt!
(Ist ja aktuell schwer möglich wegen Corona, aber träumen darf man ja wohl 🥰)

Hinweis: Eure Cookies bezüglich Youtube werden nur dann gespeichert, wenn Ihr das Video hier anschaut, der Youtube Player ist im Datenschutzmodus eingebunden.

Moohoo everyone, March is here and by the end of the month it will be spring again.
Surely the last few days were as scary for you as they were for us.

🇺🇦 Ukraine, we are standing with you!

Let’s move on to the March update of our mailcow.
Spoilers ahead, the March update is not that full and extensive but there are some nice updates included in terms of long term (I’m looking at you ClamAV and Olefy!).

So let’s get to it!

Docker Image Changes:

  • Dovecot has been updated to 1.161 (Imapsync + Dovecot update).
  • Olefy was updated to 1.9 (Olefy Update)
  • Rspamd was updated to 1.80 (Olefy update)
  • ClamAV was updated to 1.44

Important changes:

  • ClamAV has been updated to version 0.104.2, with this version we are secured for the long term (bye bye 0.103.X). Actually only the Docker image process has changed, the rest is running as usual. If not please open an issue on GitHub!
  • Dovecot has been updated to 2.3.18. This also brings us closer to moving from Solr to Xapian, more on that when we get to a viable point.
  • IMAPSync has been updated to version 2.178 (within Dovecot).
  • Oletools have been changed to a new upstream (now uses @decalage2’s repository).

Minor changes:

  • The changed doc paths (internal) were not adjusted in the mailcow UI, so you saw a 404 page. This has been fixed.
  • The WATCHDOG_NOTIFY_EMAIL string had been giving a warning in the console (when starting the stack) if the variable was empty, this has been removed as the string is now set to NULL (if empty).
  • We´ve Updated the nsyslog-ng Version to 3.28 (fixes a warning in console right after Dovecot started)

Currently, the following has never been more important: stay healthy and even more important: take care of you!


Moohoo everyone!
It’s Friday then Then Saturday, Sunday (what?)

We have an exciting news to share with you!

We present you the newly released mailcow: dockerized Docs 2.0!

Not much may have changed at first glance (you would think) but under the hood a lot has changed!

So we present you from today:

  • Multi-language support (English and German are supported and updated by Servercow itself )
  • Light-/Darkmode
  • New organized structure (interesting for contributors)

All in all a remake of the existing docs.

With the possibility to translate the whole document pages we offer the community the possibility to translate the docs into their language.

More detailed information can be found on the documentation page.

Due to the structural changes, we have renamed the previous master branch on GitHub as legacy-1.0 branch and closed all PRs (still existing in the old format).

If you still want to add your changes to the docs you have to use the new docs schema.

P.S.: We are looking forward to your feedback, as there might be some bugs due to the port.

Moohoo everyone.

Today we are releasing the first hotfix for the 2022-01 Update.

This has changed:




To include the latest patches from inverse we updated the SOGo Container to the latest nightly build (2022-02-01). It´ll keep the same Tag as the previous release.

Moohoo everyone!

Our dear mailcow has taken the plunge into social media: Twitter!

There she will provide you with new release information or small hints about possible new features as well as general information about the mailcow project.

Of course you can also tweet about your experiences with mailcow. Just use the Twitter handle: @mailcow_email.

We look forward to getting in touch with you there and keeping you up to date.

Stay healthy!