By the way: We update the code on a regular basis, you don’t need to wait until we post these overviews. 🙂

Important changes for all moo cows

  • Please contact me, if you want to share your spam with mailcow =>
  • Elements blocked by blacklists via UI will not enter the quarantine
  • WIP and to be considered beta: Disable SOGo via “SKIP_SOGO” in mailcow.conf
  • API access can now be limited to CIDR notations
  • You can now disallow logins for mailboxes (int value 2 instead of 0 for inactive or 1 for active)
  • We do now log the matched string in netfilter-mailcow for bans instead of the regex
  • Allow to relay only non-local mailboxes
  • Rspamd 2.5
  • Remove policy checks from SPOOFED_UNAUTH, since SPF can be valid in envelope from, while forging the header from field
  • Show last IMAP and POP3 logins, toggle via SHOW_LAST_LOGIN

A BIG THANK YOU to all supporters! Thank you so much for keeping mailcow alive. 🙂
Another BIG THANK YOU goes out to all contributors!

Changes (please also see the commit history)

[CI] New prepare-tests job
[CI] Update hmac
[Compose] Update Dovecot to implement #3428 by @feldsam
[Compose] Update PHP and netfilter
[Config] Add hint to not use some ports mentioned in the docs
[Config] Allow to disable SOGo (unsupported, experimental)
[Config] CIDR API_ALLOW_FROM only allowed via API
[Dovecot] Fix imapsync_cron
[Dovecot] Implement disallowed logins
[Dovecot] Quarantine template: added username variable
[Dovecot] Quarantine template: css for mobile devices (#3520)
[Dovecot] Quota template – colored bar based on % (#3525)
[Dovecot] Set repl health on start
[Dovecot] Syslog-ng match fixes
[Dovecot] WIP: Read env vars for cronjobs from prepared file
[Dovecot] fix error redirection at doveconf (#3500)
[Helper] Added name to backup and restore containers (#3477)
[Helper] Create tar archives for SQL backups
[Helper] Fix for numbers in compose project name
[Helper] Remove useless rsync
[Helper] Some minor improvements
[Helper] backup fixes
[Netfilter] Log matching string instead of regex
[Netfilter] Python 3.8 – SyntaxWarning for ‘is not’ (#3537)
[Nextcloud] Update helper
[Nextcloud] Updated site
[Nginx] Drop X-Powered-By via fastcgi_hide_header
[PHP-FPM, Config] API key generated via mailcow.conf has rw access
[PHP-FPM] Add API_KEY_READ_ONLY generation
[PHP-FPM] Increase timeouts
[PHP-FPM] Update some libs
[PHP-FPM] Update to PHP 7.4
[Postfix] Allow to relay only non-local mailboxes
[Postfix] Do not log tls sni maps errors from connections initiated by mailcow checks
[Postfix] Implement disallowed logins
[Rspamd] Add metadata exporter for unauthed mail
[Rspamd] Add more bulk headers
[Rspamd] And even more spam headers
[Rspamd] Block more “Promio” spam crap
[Rspamd] Disable upstream checks for SIEVE_HOST
[Rspamd] Fix quarantine and pushover notifications
[Rspamd] Increase bulk header score
[Rspamd] More spam headers
[Rspamd] Various Pushover fixes
[Rspamd] Quarantine notifications – don’t send if sender is blacklisted (#3428)
[Rspamd] Quarantine notifications – exclude blacklisted sender (#3446)
[Rspamd] Quarantine release – fix when sender is empty (#3445)
[Rspamd] Remove policy checks from SPOOFED_UNAUTH, since SPF can be valid in envelope from, while forging the header from field
[Rspamd] Remove upstream spam check results from mail by fwd hosts
[Rspamd] Restore add header forced action (#3440)
[Rspamd] Score spoofed senders higher
[Rspamd] Set bounce RL to 25 / 1h ; Fix BAZAR (test)
[Rspamd] Slightly reduce BAD REP POL score
[Rspamd] Use empty-env-from@localhost as placeholder for empty env from senders in quarantine
[Rspamd] v2.5
[SOGo] Allow to not spawn SOGo but an idling shell
[Update] Check mulitple IPs in to verify connection
[Update] Validate docker-compose stack config before updating
[Update] added –force mode to update skript (#3453)
[Watchdog] Watch replication, if any (unsupported)
[Web, Dovecot] Show last IMAP and POP3 logins, toggle via SHOW_LAST_LOGIN
[Web] 2-digit dates for @patschi
[Web] Add domain statistics
[Web] Allow CIDR as allowed API networks; other minor fixes
[Web] Allow ratelimit time frame “day”; Allow to create announcements
[Web] Allow to split DKIM every 255 chars via (fixes #3473)
[Web] Always scroll tables
[Web] Async Rspamd graph loading to prevent races (todo: changeme)
[Web] CSS fixes; Add OAUTH2_FORGET_SESSION_AFTER_LOGIN to (wip); Do not run initdb on non-master cow
[Web] Date formats
[Web] Decrease footer top margin
[Web] Disable login for mailbox users, other SKIP_SOGO checks and fixes
[Web] Do not try to update sogo static view with skip_sogo y
[Web] Do not use EAS for Outlook by default
[Web] Encode footer, decode via JS
[Web] Fix U2F authentication, fixes #3468
[Web] Fix logout after oauth2 (if enabled)
[Web] Fix oAuth logout after authentication (if enabled)
[Web] Fix time limited alias creation via API, thanks to @ntimo
[Web] Fix typo and missing Dovecot restart function (fixes #3466)
[Web] Fixed DKIM regex to allow arguments after the public key (#3462)
[Web] Fixed read write API permissions (#3465)
[Web] Fixes blank page and fixes #3502
[Web] Minor change to app buttons, fixes ugly multi-button panel
[Web] Various fixes
[Web] Remove External as standard subfolder for sync jobs
[Web] Disallow a domain admin to set intersecting user ACLs
[Web] Allow Pushover and SOGo EAS cache reset by default, disallow profile reset by default
[Web] Remove sidebars from admin panel, add dropdowns
[Web] Restart Dovecot when changing global sieve filters, add a warning
[Web] Set appointment c_uid to varchar(1000), fixes errors with Caldavsynchronizer
[Web] Show label for relayed domains; Return total bytes and msgs of domain in API (WIP)
[Web] Show warning, when domain exhausted and only an unlimited mailbox could be created
[Web] Translation updates (THANKS!!!)
[Web] Updated Yubico.php to v2.7 (#3535)
[Web] Various language fixes (and sorting), Pushover lang fixes
[Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes