Sorry for the delay, mailcow was still worked on. Time is running too fast. 🙁

Instead of writing down all commits you can already find on GitHub, I will only mention important changes or fixes dating back from the previous post until today.

Edit: Forgot to say thanks to @irgendwr for fixing XSS!

• The GAL (Global Address List) is now enabled by default. Various actions like availability in calendars depends on it.
• Images are prefetched on ./update.sh (`–prefetch` will only prefetch images and exit)
• Added SOGO_EXPIRE_SESSION variable to mailcow.conf to define when a session in SOGo times out
• Added a whitelist map for IPs in Rspamd (`data/conf/rspamd/custom/ip_wl.map`, CIDR)
• SAL was introduced – an **optional** license with some benefits in the future. Think about basic monitoring etc. 🙂
• Various XSS fixes by @patschi and @irgendwr – thanks!
• Some services were finally ported to Py3 – thank you @zkryakgul! Also thank you for exposing your policyd password in your commit, we will take care of it.
• Added a bad word list, that triggers only, when received from a fishy tld (yes, that’s a new map, too)
• You can now allow a mailbox to send from an external domain or only a defined set of mail addresses (edit a mailbox to find this feature)
• @christianbur forces me to update the images more regulary, thank you.
• Various fixes and changes in mailcow UI
• Solr is now exposed to 127.0.0.1:18389 by default, you can setup a reverse proxy to browse its fancy UI – do not expose it to the internet!
• I broke the anonymize headers, again. @iiegn and @patschi pointed it out, thanks!