I would love to get some feedback on the ACL implementation. If you find bugs etc., please let us know @ GitHub.
There is some info in the docs => https://mailcow.github.io/mailcow-dockerized-docs/model-acl/ – they still need more updates.
One improvement I see is to hide the divs completely and/or deny access to the functions ‘get’ methods. Let us know on Freenode, #mailcow.
Thanks for the idea to integrate haveibeenpwned.com, I like it! Sorry to haveibeenpwned.com for playing with it and trying a bunch of old passwords, I hope I didn’t hammer your API too much. 🙂
For your information: Your password is never sent to their API!
We only query the API with the first 5 characters of the SHA1 hash of the current input fields value (generated in your browser, not server-side) and check the response for matches of the full hash, still stored in your browser.
We just fixed SOGo theme switching again. There is a chance we did it, I promise…
Knight1 made us aware of a critical bug, that led to mailcow accepting custom X-FORWARDED-FOR headers. This bug was introduced with the last update.
Important change: We disabled “any” and “all authenticated” ACL settings in Dovecot and removed the box in SOGos ACL editor (big thanks to the SOGo devs, please help them, buy a subscription!).
You can find information about how to re-enable it here.
We will add an easy way to enable your SOGo subscription soon.
Please don’t forget to support mailcow. 🙂
Some updates, primarily aimed at mailcow UI, were pushed today.
Most improvements were made to the logging interface.
Please consider supporting mailcow. 🙂
Learning methods for bayes and fuzzy hashes (new) changed on todays update, I recommend to run…
…to start over with a clean hash database.
Spam/ham is no more auto-learned, please move mails into/out of the junk folder to train the filter or use the new spam/ham alias target.The logging method changed slightly, some more changes will follow.
A new section “mailcow UI” was added to the logs panel. IPs are logged but anonymized by default, please see ANONYMIZE_IPS in “vars.inc.php”.
Users now see their last login.
Redis logs are now trimmed by a cronjob in “dovecot-mailcow”, that will move to “watchdog-mailcow” in the future => much less hammering.
SYSCTL_IPV6_DISABLED was removed, please see the docs about how to disable IPv6.
Sync jobs are now unlocked when the job was abruptly interrupted.
Sync jobs in mailcow UI can now contain custom parameters.
Some previously hard-coded parameters were removed!
“subscribeall”, “timeout1” and “timeout2” can now be defined in the job details.
“buffersize”, “split1”, “split2”, “fastio1”, “fastio2” were removed and can be used in custom parameters.
The SOGo theme switching bug is hopefully fixed. I will probably find a better way to fix it than using “sed” to replace the hard-coded colors.
PS: If you like to, please consider supporting us. 🙂