Hello mailcow folks 🐄,

"After update is before update", so always update your cows please, no matter if there is a summary on mailcow.email. 🙂

Before we start I want to remind you of an important change that’s about to happen tomorrow:

mailcow, including me, will be part of "The Infrastructure Company GmbH". No, mailcow will not be discontinued. No, I will not stop to work on mailcow.
You will probably not notice the change at all. Hopefully we will be able to finally implement more features soon as there will be more time to work on mailcow.

We still rely heavily on your support (support contacts, SAL etc.) to continue mailcow as it is. As long as we don’t have a commercial plan or "paid version" of mailcow, that’s the only way for us to finance the work on mailcow.

What’s new?

Many bugs were fixed and existing features were cleaned up.

What’s next?

Disclaimers/signatures with variables to use in a pre-defined template per domain and mailbox. 🙂

Commits

Thank you guys for your amazing support and contributions! Especially language updates/fixes and additions are very welcome!

[ACME] Skip inactive domains
[API docs] Add sogo_visible property to alias endpoints (#3956)
[Alpine] Update Alpine base images to v3.13
[Api docs] Added day ratelimit option to /add/domain endpoint
[Backup Helper] Possible workaround for #3913
[ClamAV] Update to 0.103.1
[Compose] Update ClamAV image
[Config] Add ADDITIONAL_SERVER_NAMES as optional config to define additional server_name parameters for mailcow UI
[Config] Add Wikipedia link for TZ values (#3891)
[Config] Fix binding problems with IPv6 in newer Docker versions
[Config] Remove 0.0.0.0 example
[Docker 20.10 Fix] Fix for moby/moby#39837, fixes #3893
[Dovecot] Add Russian and Ukrainian folders (#3967)
[Dovecot] Add sieve rule to move DeltaChat (https://delta.chat) messages to folder DeltaChat
[Dovecot] Check if quarantine_notify.py holds a lock
[Dovecot] Remove Schaal, remove non-numeric TXT output from dig request
[Dovecot] Replace hostname for quarantine notifications with mailcow hostname (broke after Docker 20.10 fix)
[Dovecot] Set –addheader by default, fixes #4025
[Git] Ignore SSL examples
[Git] Ignore custom SOGo logo
[Git] Ignore custom-themes.js in SOGo
[Git] Sort gitignore
[Helper] Use NC 20
[MariaDB] Update to 10.5
[Netfilter] Further improvements to catch invalid input
[Netfilter] Restart on invalid data via pubsub
[Nginx] Be more explicit with server names
[Olefy] Update container to alpine 3:13 to fix build (#3988)
[PHP-FPM] Add sleep to loop
[PHP-FPM] Fix fastcgi timeouts
[PHP-FPM] Increase PHP memory limit for "cli" to 512M (#4010)
[PHP-FPM] Update image
[Postfix] Add parent_domain_matches_subdomains
[Postfix] Add postscreen whitelist syntax and examples (#3931)
[Postfix] Do not create a TLS SNI map when SKIP_LETS_ENCRYPT=y
[Postfix] Fix HELO name
[Postfix] Unset Postfix smtpd_tls_session_cache_database, reduce disk writes (#3981)
[Postfix] Use tmpfs for watchdog’s /tmp, reduce disk writes (#3923)
[Rspamd] Add FUZZY_SPAM_MISMATCH (#3958)
[Rspamd] Add bulk header
[Rspamd] Block spoofing for free mail domains (#3907)
[Rspamd] Edit RBL
[Rspamd] Fix vanished Rspamd history after restart
[Rspamd] Increase spam symbol weight
[Rspamd] Not trigger FREEMAIL_POLICY for mailig lists (#3918)
[Rspamd] Remove ham symbols if a fuzzy denied hash matched
[Rspamd] Score for freemail from to undisclosed recipients
[Rspamd] Set bounce_to ratelimit to 7 / 1m to hopefully reduce backscatter spam
[Rspamd] Sort & add infos for bad ASN map (#3934)
[SOGo] Add custom favicon (#3957)
[SOGo] Fix comments in custom theme
[SOGo] Remove custom theme, disable debug mode, keep example custom-themes
[Update, Config] Add subject for watchdog emails (#4027)
[Update] Better GLIBC check
[Update] Try to determine GLIBC version
[Watchdog] Longer sleep for open relay check
[Watchdog] Return score with Rspamd check
[Watchdog] Revert to Alpine 3.11, needs fixes
[Watchdog] Temp. disable query check
[Web] Changed type of items parameter to list
[Web] Accept prehashes password on both edit and add mailbox
[Web] Accept raw SSHA hashes as passwords
[Web] Add SSHA
[Web] Add Trustkey CA for WebAuthn
[Web] Add information about extended DNS config
[Web] Add nevondo.com ip check source, thank you!
[Web] Added missing french parts, based on the english file
[Web] Allow to specify transport test rcpt
[Web] Danish lang. 🇩🇰 (#3971)
[Web] Do not cache content of Rspamd global filter maps
[Web] Do not create 2M session file when saving large Rspamd global filter maps (thanks @Drago)
[Web] Do not print invalid date
[Web] Feature: Expand alias over alias domains
[Web] Feature: Expand alias over alias domains
[Web] Fix SSO for SOGo when authen with FIDO2, thanks to Drago!
[Web] Fix U2F file
[Web] Fix attachment download, thanks to Drago
[Web] Fix duplicate file extension on shortened filenames
[Web] Fix for listing mailboxes and aliases from multiple domains (#3996)
[Web] Fix more ACL-disabled buttons
[Web] Fix quota-left calculations when editing a mailbox (respect max domain quota)
[Web] Fix textarea number width > 999
[Web] Implement all supported dovecot password schemas (#3974)
[Web] Keep state of quarantine table in session
[Web] Missing capital letters on some buttons (#4000)
[Web] Move white/blacklist form above the table (#3975)
[Web] Remove 36f296d9d63112db4218cef39f1eebc8a61c785d, fixes #3926
[Web] Remove breakpoints for small screens for "Recipient" and "Action" columns (#3938)
[Web] Show JID example when editing a domain
[Web] Show quarantine settings in /quarantine
[Web] Temp remove ip6.korves.net
[Web] Update libs
[Web] Update russian translation (lang.ru.json)
[Web] Uppercase "rename" in en and de
[Web] Use api/v1/get/mailbox/reduced for faster loading of mailbox table
[Web] Various small fixes and enhancements
[mailcow] Fix C22 -> C2S

Thanks to Andreas we recently discovered something great…

DeltaChat

…and its name is Delta Chat!

Before you move away: No, it is not yet another messenger. Or is it?

It is something in between. Delta Chat uses email to transport its messages. Your email server.

  • Delta Chat does work with "autoconfig". Enter your mailcow email address and password and your are ready!
  • Delta Chat automatically encrypts messages using Autocrypt – no setup needed!
  • mailcow comes with a sieve prefilter to move all chats to the preconfigured DeltaChat folder (since commit 3dece1)
  • Communicate with any email recipient, every client uses their own email server.

So what do I need?

  • The app, get it here
  • A mailcow or basically any other email account

…and 2021 is just around the corner! 🎆

It’s an understatement to say that 2020 was a strange year and, for sure, challenging for many of us in so many different aspects. I hope you’re fine and enjoyed your recent days with your loved ones.

If you don’t want to read further:
We wish you a very happy New Year! 🎉

😻 To focus on the positive things from a mailcow point-of-view, there were indeed quite some highlights in 2020:

  • Early this year external open relay checks were implemented for SAL users (supporting the development) was introduced. (see news)
  • In February 2020 our own fuzzy storage was launched, improving spam detection for all mailcow users and allowing to contribute spam emails. (see news)
  • In March 2020 we’ve started a official community forum with great success.
  • In July 2020 our sponsored improvements for the new identity management to SOGo made it into the public release: check it out!
  • Access to IMAP, POP3 and SMTP can now be controlled on a per-user level, also last logins for each service can be seen in the webinterface. (see news)
  • FIDO2/WebAuthn support was added to mailcow in November 2020. (see news)
  • You can easily integrate your mailpiler instance – open-source-based email archiving solution – with mailcow: see docs.
  • Also good to know: Deprecated TLS versions TLSv1.0 and TLSv1.1 were disabled, mailcow can now speak Romanian and Chinese.

📝 Two more things I want to note…

✍️ First… Telegram.
In July 2019 we’ve started with a Telegram group for mailcow, where – to date – joined over 920 individual, awesome people! The positive feedback, how people help each other and the new friendships found this way… It’s unbelievable!

Thanks for being part of this community. This is what makes our community that great: It’s made up by awesome people – like YOU.

❤️ Second… Contributors.
THANKS for every contribution – and it doesn’t matter if it’s helping other people, sharing the mooo, contributing code or simply silently using mailcow somewhere.

Also there’s something what we might often take for granted: mailcow consists out of so many different components, where people invest their valuable time in and provide it for free to everyone.

Thanks for all the good work from people behind Postfix, Dovecot, rspamd, Docker, SOGo, unbound, clamav, LetsEncrypt and so many more. Mailcow wouldn’t exist without you.

That being said…
Thanks for all, stay healthy and Happy New Year. 😘

Thankfully,
Patrik and Andre

Welcome FIDO2 to mailcow!

We recently pushed a change to integrate FIDO2/WebAuthn support for administrators and domain administrators to mailcow.

mailcow FIDO2

Please see our docs for further information.

We are working to be listed on Works with Yubi in the near feature.

Quick note: A single SMTP recipient "postmaster@…" is now whitelisted by default.

Previously we included a settings map template to manually enable this behavior. This template is now dropped. It does not hurt to keep the old settings map, it will just never be applied.

Same for outbound: No matter the authentication, a SMTP FROM postmaster@… will be score -2500.00. No prefilter is applied to keep signatures.

-2500.0 will also skip ClamAV-positives, please keep that in mind, do not forward viruses.

Hi,

It’s been a long time since I wrote other posts than updates.

My daughter was born almost a year ago. My life changed quite a lot, I still don’t feel like I reached my goals and that there is going to be more fantastic changes to come. Thank you guys for contributing to mailcow and enlighten my day – every day.

InterServer started contributing fuzzy hashes to mailcow. If you have a spam trap by hand and feel like sharing, please contact me. Thank you, InterServer; thank you, John.

What could be next?

  • I will try to add hooks to mailcow UI. I want to implement individual hooks that can run after adding a domain, mailbox or other elements. The "push" hook like we already have with Pushover will be moved to that logic. Users will be able to control push hooks, domain admins as well as admins will be able to add hooks to other logics like adding a mailbox, domain or alias etc.

  • I will add a HTTP map to resolve aliases to their final recipients. This way we can finally fix the tag handling for alias recipients and make black/whitelistings more granular.

Please join us on Telegram, if you have ideas to share or just want to hang out. 🙂

André

By the way: We update the code on a regular basis, you do not need to wait until we post these overviews. 🙂

Notable changes for all cows

  • Please contact me, if you want to share your spam with mailcow => info@servercow.de
  • We sponsored a better identity management in SOGo
  • .doc and .xls are now only rejected when they contain macros
  • mailcow speaks Chinese! Thanks to @EHfive!
  • You can now limit access to IMAP, POP3 and SMTP per user
  • Rspamd 2.6 with new neural logic
  • A vmail-index-vol-1 volume was created. The mail index will be recreated on the fly when accessing a mailbox. You can move this volume to fast disk and keep vmail-vol-1 on slower/spinning disks.
  • Show last SMTP login
  • We do now fully encrypt connections to the fuzzy storage
  • iso/img are now bad attachments
  • Disable extension cloaking detection (i.e. "doc.exe") due to false positives and other checks catching these bad extensions
  • rspamd-stats are available via mailcow API (/api/v1/get/logs/rspamd-stats)
  • Watchdog is enabled by default now when installing mailcow
  • New ACL to allow or disallow a domain administrator to change the domain description
  • Update MariaDB to 10.4

There are many more useful changes, please see the list below. I could not decide between important and less important this time. Many changes are quite useful or simply important bug fixes. So: update time!

A BIG THANK YOU to all supporters! Thank you so much for keeping mailcow alive. 🙂
Another BIG THANK YOU goes out to all contributors!

Changes since last post

We are now on commit 79802a9d1d0eaf583bcb55c96f6ff011b22a2cca

2020-10-10 – [Web] Do not expand IPv6 as found by SPF lookup
2020-10-10 – [Rspamd] Rebuilt 2.6-156\~buster
2020-10-09 – [Watchdog] Watch milter status with a dirty workaround, waiting for proxy ping pong event to implement a better check
2020-10-09 – [Update] Show commits on update check
2020-10-09 – [Rspamd] Delete deprecated reputation files
2020-10-08 – [Web] Update lang.sk.json + small typos (#3797)
2020-10-08 – [Rspamd] Add reputation plugin, remove deprecated plugins
2020-10-08 – [Rspamd] Use reputation plugin instead of ip_ and url_reputation
2020-10-08 – [Helper] Install Nextcloud 20
2020-10-08 – [Web] Higher timeout for long delays in transport checks
2020-10-08 – [Config] Change order of generate_config watchdog values
2020-10-06 – [Compose] Added SELinux support / volume labeling (#3766)
2020-10-04 – [API docs] Fixed spelling mistakes
2020-10-03 – [Rspamd] 2.6 stable, switched repo back to release
2020-10-03 – [Helper] Allow to run backup script everywhere
2020-10-02 – [Update] Add new args to update.sh -h output (#3787)
2020-10-02 – [Web] Add simplified Chinese language translations (#3784)
2020-09-29 – [Dovecot] Quota template – better compatibility (#3783)
2020-09-28 – [Compose] Update Rspamd to latest 2.6, update ACME image
2020-09-28 – [ACME] Add more checks, avoid cert/key mismatch on some installations, fix some output
2020-09-28 – [Compose] Update Postfix and Watchdog images
2020-09-28 – [Postfix] Fix smtp last login on replicated setups
2020-09-27 – [Web] lang.fr.json to reflect 6da5ee8
2020-09-27 – [Web] lang.sv.json (#3781)
2020-09-27 – [Nginx] Update site-defaults.conf (TLS cipher fixes) (#3780)
2020-09-27 – [Compose] Fix Postfix version
2020-09-27 – [Watchdog] Increase threshold for cert check
2020-09-27 – [Watchdog] Add certificate check for primary certificate; Add mail delay
2020-09-27 – [SOGo] SOGo 5.0.0.20200927-1, Sope 4.9.r1664.20200927
2020-09-26 – [ACME] Do check for restart of Postfix and Dovecot service more thoroughly
2020-09-26 – [Compose] Update SOGo image
2020-09-26 – [Web] Minor DB schema update
2020-09-26 – [Web] Some language additions for new functions and minor changes
2020-09-26 – [Web] Compatibility: Re-add _int vars
2020-09-26 – [Web] Allow to overwrite DKIM keys while importing a new key
2020-09-26 – [Web] Add TLS policy toggle to edit/mailbox; Add WIP smtp_ip_access (hidden)
2020-09-26 – [Web] Add toggle to overwrite DKIM key while importing
2020-09-26 – [Rspamd] Quarantine, Pushover: Respect active = 2 while processing
2020-09-26 – [Rspamd] Pushover, quarantine: also process
2020-09-26 – [Postfix] Update alias map;
2020-09-26 – [SOGo] SOGo 5.0.0.20200926-1, Sope 4.9.r1664.20200926
2020-09-25 – [Rspamd] 2.6-0~git32~1c3e0910b~buster
2020-09-25 – [SOGo] Update to 5.0.0.20200925-1
2020-09-24 – [SOGo] Re-enable TLS for internal IMAP connections, enable TLS for internal SMTP connections
2020-09-24 – [Web] Minor fix in quarantine view
2020-09-24 – [Rspamd] Fix prio for includes in overrides
2020-09-24 – [Nginx] Refresh cipher suites (#3669)
2020-09-23 – [Dovecot] IMPORTANT: New volume for mail index
2020-09-23 – [Config] New defaults: MAILDIR_GC_TIME=7200, WATCHDOG_NOTIFY_BAN=n
2020-09-23 – [Rspamd] Prepare SMTP ip restriction, WIP
2020-09-23 – [Dovecot] Move mail index to new volume
2020-09-23 – [Web] Add autocomplete to OTP (#3774)
2020-09-20 – [Web] Replace JSON_EXTRACT by JSON_VALUE in init script
2020-09-20 – [Dovecot] Remove like from query
2020-09-20 – [SOGo, Dovecot] Remove unnecessary likes from sql queries
2020-09-20 – [Web] Filter transport destinations to prevent empty destinations
2020-09-20 – [Config] Support mailcow.conf being a symlink (#3770)
2020-09-20 – [Web] lang.sv.json, lang.de.json, lang.en.json (#3771)
2020-09-19 – [Dovecot] Fix sieve with new protocol toggling implementation, fixes #3769
2020-09-18 – [Web] Add quick toggle for imap/pop3/smtp access; small rework of buttons on /mailbox; Minor fixes and changes
2020-09-17 – [ClamAV] Set to ConcurrentDatabaseReload and (todo:) add note to docs
2020-09-17 – [API docs] Removed all occurrences of _int
2020-09-17 – [API docs] Removed active_int
2020-09-17 – [Web] Important: Removed unnecessary *_int attributes from GET elements, _only_ returning int values now (same for all attributes which were provided as html char and int)
2020-09-17 – [Web] Feature: Allow to toggle protocols (imap, pop3, smtp) per user (defaults can be configured using vars.local.inc.php, see vars.inc.php)
2020-09-17 – [Compose] Update Dovecot and Postfix images
2020-09-17 – [Postfix] Merge syslog filters
2020-09-17 – [Postfix] Create sasl_access map; Use JSON_VALUE and remove unnecessary like command
2020-09-17 – [Dovecot] For future use: pass used protocol; Check if user has protocol access while authenticating
2020-09-17 – [Postfix] Add sasl check to deny specific users from using smtp relay
2020-09-17 – [Dovecot] Postlogin socket owned by vmail
2020-09-15 – [Rspamd] Latest 2.5
2020-09-15 – [ClamAV] Update to 0.103.0
2020-09-15 – [Compose] Update Rspamd and Postfix
2020-09-15 – [Postfix, Web] Feature: Show last SMTP login
2020-09-15 – [Rspamd] Encrypt fuzzy communication, switch to Rspamd 2.6
2020-09-13 – [Rspamd] Add open-relay-check@mailcow.email to monitoring_nolog.map (#3757)
2020-09-12 – [Rspamd] Add filter to global mime black- and whitelists to only match addr
2020-09-12 – [Web] Update lang.ru.json
2020-09-12 – [Rspamd] Add iso/img to bad extensions (#3753)
2020-09-12 – [Rspamd] Disable extension cloaking (#3754)
2020-09-10 – [SOGo] Update to 5.0.0.20200910-1, fixes #3719
2020-09-09 – [Rspamd] Macro check was fixed, remove doc and xls ban for now…
2020-09-09 – [Compose] Update olefy-mailcow
2020-09-09 – [Rspamd] Minor: Fix text
2020-09-09 – [Oletools] Fix olevba.py manually until fix is merged
2020-09-07 – [Web] Removed typo when adding a row (#3741)
2020-09-06 – [Web] Return json array when mailq empty, fixes #3738
2020-09-06 – [Rspamd] Meta exporter and settings map: read vars.local.inc.php
2020-09-06 – [Web] Add rspamd-stats route to API
2020-09-03 – [Config] Watchdog is stable
2020-09-03 – [Rspamd] doc and xls are blocked
2020-09-02 – [Web] Disable API regen button when key empty
2020-08-27 – [Netfilter] Skip invalid regex
2020-08-27 – [Web] Fail2ban: Only write regex filters if not empty
2020-08-27 – [Netfilter] Replace query by resolve (deprecated)
2020-08-27 – [Compose] Update images: PHP-FPM, Dovecot, ACME, Netfilter, Watchdog
2020-08-27 – [Web] Sync jobs: Use STARTTLS instead of TLS; Feature: Allow to edit fail2ban-like regex filters in UI
2020-08-27 – [Config] Better safe than sorry: Add a hint to use lowercase project names
2020-08-27 – [Netfilter] Reload regex filters from Redis
2020-08-27 – [Various] Always use lowercase for COMPOSE_PROJECT_NAME
2020-08-25 – [Web] Added new options to API docs
2020-08-23 – [Web] oAuth: Fix content type in profile reply, thanks to @this-user – fixes #3716
2020-08-22 – [Web] Allow to set force_pw_update, tls_enforce_in, tls_enforce_out, sogo_access and quarantine_notification when adding a domain (via API)
2020-08-19 – [Web] Create ACL to toggle permission of a domain administrator to change a domain desc
2020-08-19 – [Web] Fix da_acl when adding DA without domain
2020-08-18 – [Web] update lang.sk.json (#3714)
2020-08-16 – [Web] Fix checkbox for announcements
2020-08-16 – [SOGo] Update to 5.0.0.20200816-1
2020-08-16 – [Web] Rot announcements
2020-08-15 – [Web] Always display app_links (#3664)
2020-08-14 – [API docs] Added request body for sync job creation endpoint
2020-08-13 – [Web] MAILCOW_HOSTNAME should not be a CNAME
2020-08-13 – [Dovecot] Update to 2.3.11.3
2020-08-07 – [Compose] Update MariaDB to 10.4; Update PHP-FPM image to include fix
2020-08-07 – [PHP-FPM] Fix lookup of Postfix container when SQL applied an update