The mailserver suite with the 'moo' โ€“ ๐Ÿฎ + ๐Ÿ‹ = ๐Ÿ’•

News and Infos

๐Ÿ”’๐Ÿ”‘ External Identity Providers for User authentication

Moohoo - Good News, everyone! With the Nightly Branch, it is now possible to use an external Identity Provider as an additional authentication source. mailcow utilizes the OIDC (OpenID Connect) protocol to authenticate only mailbox users. To enable this, we have made some changes to the way authentication works. Let’s talk about what has changed, what we had in mind, and what we plan to add in the future. Of course, we will also show you how to use the new feature.

๐ŸŒป ๐Ÿ„ Moogust Update 2023 - Spamhaus DQS Hotfixes

2023-08 (Release 3rd August 2023)Moohoo everyone! I hope you are not tired yet of performing updates. The 2023-08 Release is here, and it contains some hotfixes for the new Spamhaus DQS feature. If you are not using Spamhaus DQS and haven’t experienced any issues with the 2023-07 update, you don’t have to install this update. As this release only contains hotfixes, there is not much to say about it, except for one thing.

๐Ÿ’ ๐Ÿ„ Mooly Update 2023 (a) - Manageable CORS Settings and UI Improvements

2023-07a (Release 31th July 2023)There are some fixes for the 2023-07 update. Most of the fixes are related to the latest changes regarding the DNS blocklists of the postscreen in Postfix: Changelog dns_blocklists.cf isn’t appended to main.cf and therefore ineffectiveโ€ฆ Fix Reponse Code for ASN Checks [Postfix] Reimplemented option for custom dnsbls [Postfix] Added dns_blocklists.cf for customizations [Postfix] update postscreen_access.cidr Update SOGo to 5.8.4 Fix spamhaus query domains (.net only) As always, the full changelog with the individual commits is available on GitHub: https://github.

๐Ÿค”๐Ÿฎ What's up? - ARM64 Integration

Moohoo everyone! It has been more than a month since you heard from us and today we have a shadowdrop as an update. Since we have a few things to discuss and want to communicate directly in the future, we came up with a section called What’s up?. Today we start with the first topic, namely ARM64: Originally we announced to have mailcow ARM64 ready by June 2023. Obviously that didn’t work out so well.

โš ๏ธ CVE-2023-34108 : Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords โš ๏ธ

Moohoo everyone!

As announced in the last blog entry (dated 30.05.2023), here is the detailed CVE for security patch 2023-05a.

If you have not yet updated, you should do so as soon as possible, because an exploit is now publicly available on the Internet that could be exploited by authenticated users on your mail server.

๐ŸŒท๐Ÿ„ Mooai Update 2023 - IMAP Performance + general Tweaks Update

Moohoo everyone! It’s on with our updates for mailcow, this time (once again) mainly to improve the overall stability and usability of the stack, but also to improve IMAP performance. Let’s go: Changelog For Dovecot, the maildir_very_dirty_syncs option has been enabled by default. This allows much faster IMAP retrieval than before. In the mailcow docs we have created a new page about this. This describes the exact reasons for the performance boost as well as cases where the feature should be disabled: https://docs.