For commercially used mailcows, please consider buying a support subscription or help to keep mailcow alive by donating. 🙂

BIGGEST THANKS TO ALL CONTRIBUTORS! I think you guys fixed more bugs than I could add… seriously, you guys did a great job, thanks!

Important changes

  • Quota is no more recalculated in a daily cronjob. If you need to recalc the quota, run “docker-compose exec dovecot-mailcow doveadm quota recalc -A”
  • White and blacklists (IP) are read every minute. You don’t need to restart netfilter-mailcow after adding blacklist records anymore, but you will need to wait about a minute for new entries to apply.
  • A lot of scripts are now compatible with Py3, thank you guys!!!


[ACME] acme-tiny with python3 (thanks to @christianbur)
[ACME] Add 0 byte check for cert.pem
[ACME] Allow to skip all names but MAILCOW_HOSTNAME
[ACME] Changed the threshold for certificate renewal
[ACME] Register error when no hostname could be validated
[ClamAV] Increase watchdog clamd-mailcow thresholds
[Compose] Remove oom check for compatibility
[Config] Clarification about mailcow_hostname
[DockerAPI] Python3 (big thanks to @christianbur, again)
[Dovecot] Added domain alias handling to quarantine function; Add recipients row to quarantine overview (thanks to @franz.reiter)
[Dovecot] Auto-generate shared namespace
[Dovecot] (Dirty/Workaround) Fix memory leak when quarantine sender has non-ascii chars in mail address
[Dovecot] Fix processing imapsync custom parameters (big thanks to @hunter-nl)
[Dovecot] Removed nightly quota recalc job (too intensive on larger systems)
[Dovecot] Remove shared namespace
[Dovecot] Revert to previous imapsync cron script
[Dovecot] Set default_vsz_limit = 1024 M
[Dovecot] Trim watchdog logs (thanks to @HorayNarea for fixing this commit)
[Dovecot] Update Dovecot to v2.3.6 and Pigeonhole to v0.5.6
[Dovecot] Update imapsync script to 1.937 and added noreleasecheck parameter
[GitHub Templates] Added funding template (thanks to @ntimo)
[Git] Ignore shared namespace file
[Helper] Update Nextcloud helper – todo: fix upgrade…
[Netfilter] Reworked by @Kraeutergarten – thanks! –
[Nextcloud] Always install under subdomain, minor changes to site config and install script
[Postfix] Do not allow DSN for postscreen
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs
[rspamd] Allow to easily use custom rspamd lua plugins
[Rspamd] Auto-generate SIEVE_HOST map and add dnsutils
[Rspamd] Change spoofed mail handling
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
[Dovecot] Set sieve_redirect_envelope_from to rcpt
[Rspamd] Fix spoofing detection
[Rspamd] Improve spoofing detection
[Rspamd] meta_exporter: return false if not matched
[Rspamd] Much higher scores for DMARC failures
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s
[Rspamd] Update to 1.9.2, minor entrypoint changes
[Solr] Make entrypoint executable
[Update] Increase docker-compose timeout
[Update] Prefetch images, big thanks to everyone in #2637!
[Watchdog] Change error message for acme-mailcow
[Watchdog] Send mail when starting
[Web] Add function to read F2B data via API
[Web] Add only existing domains in table to the filter and removes additional ajax request (thanks to @Kraeutergarten)
[Web] Allow aliases as send-as
[Web] Allow to rename “alias” to “Alias”
[Web] API reads JSON body, big thanks to @feldsam
[Web] Change session timeout handling
[Rspamd] Add missing spamassassin.conf
[Web] Disable refresh button on reload, re-enable after table init
[Web] Fix class for full mailbox
[Web] Fix null ua in debug.js – fixes #2615
[Web] Fix showing domain with disabled sender check (thanks to @foutrelis)
[Web] Fix some breakpoints
[Web] Form cache for user passwd change modal disabled
[Web] Handle mobileconfig display names with special characters (thanks to @emericklaw)
[Web] Minor fixes
[Web] More minor css fixes
[Web] Show error when connection to redis fails (instead of 5xx)
[Web] Updated php-mime-mail-parser library to 5.1 to fix webui html preview (thanks to @Howaner)
[Web] Various UI fixes
[Web] Write API logs when format is data binary

For commercially used mailcows, please consider buying a support subscription or help to keep mailcow alive by donating. 🙂

I really, really miss working on mailcow full time. Only because of all amazing contributors, mailcow is still growing and gaining new features. Thanks!!!

Greetings to!

Important changes

  • Thanks to @mhofer117 we can now add “ALLOW_ADMIN_EMAIL_LOGIN=y” to mailcow.conf to allow an administrator to login as a mailbox user to SOGo!
  • New setups will now use ~/Maildir as default mail path.
  • A spamassassin.conf for Rspamd was missing, so Peer Heinleins SA rules were not enabled – damn! Thanks, Peer!
  • We added a name for mailcows Docker bridge: br-mailcow


[ACME] Allow to skip http verification
[ACME] Set mode 600 for key files
[ACME] Write redis key on non-empty exit code
[ClamAV] Increase watchdog clamd-mailcow thresholds
[Compose] Add named volume sogo-web-vol-1 for static web content
[Compose] Add SKIP_HTTP_VERIFICATION defaulting to n
[Compose] IMPORTANT: Added name for mailcow Docker bridge
[Compose] Update Dovecot, PHP-FPM, Solr, watchdog, Rspamd, ClamAV, SOGo and ACME images
[Config] Add MAILDIR_SUB, “Maildir” for new setups by default
[Dovcot] Cleanup random user maildirs
[Dovecot] Read MAILDIR_SUB for mail_home
[Dovecot] Remove auth cache
[Dovecot] Update Dovecot to v2.3.5.1
[Helper] Do not delete updater for Nextcloud
[Helper] Fix nc script, fixes #2484
[Helper] Remove custom_apps from Nextcloud
[Nextcloud] Always install under subdomain, minor changes to site config and install script
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489
[PHP-FPM] Fix SQL upgrade script
[Rspamd] Add missing spamassassin.conf
[Rspamd] Improve spoofing detection
[Rspamd] Update to 1.9 stable repository
[SOGo] Adjust sync parameters, revert if you run into problems!
[SOGo] Remove unnamed volume and rsync web content to named volume
[SOGo] Revert to previous settings
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
[Solr] Change default configset before bootstrapping
[Solr] Keep EdgeNGramFilterFactory out of query
[Solr] Make entrypoint executable
[Update] Add MAILDIR_SUB= for updated mailcows
[Update, Config] Set mode 600 for mailcow.conf
[Update] Fix MAILDIR_SUB
[Update] Make the update check in readonly
[Update] Remove obsolete check/replace command
[Watchdog] Check for ACME failures
[Watchdog] Send mail when starting
[Web] Add ACL for unlimited quota (default 0)
[Web] Allow logout with broken session
[Web] Change session timeout handling
[Web] Continue when a check in add_alias fails
[Web, Dovecot] Allow empty/unlimited quota
[Web] Fix class for full mailbox
[Web] Fix js when adding resource
[Web] Fix “null” output in mailbox table when comments are missing
[Web] Fix rejected mails not being quarantized properly if they are tagged
[Web] Fix slow UI by switching QR provider and only generating qr image on demand
[Web] Fix totp qr code, fixes #2490
[Web] Quarantine – Enhanced JS + Show btn fix event binding
[Web] Reload view and memcached when changing a resource
[Web] Show unlimited quota in user view
[Web] Try to set aria hidden to false when a modal opens
[Web] Update bootstrap slider

Updated on March 10, 2019: Moooore!

For commercially used mailcows, please consider buying a support subscription or help to keep mailcow alive by donating. 🙂

Many under-the-hood changes since Foobruary updates.

Important changes

  • Updated on March 10, 2019: Due to changes in Solr, you should trigger a rescan (not a full reindex!) for all users: docker-compose exec dovecot-mailcow doveadm fts rescan -A – yes, again – sorry!
  • TLSv1.2 is now the min. required protocol for mandatory encryption in Postfix.
    This affects per-user TLS encryption (when a user enforces TLS) or any TLS policy created with “encrypt” policy or higher.
    We only make an exception for authenticated connections over port 587 and 465, where we accept TLSv1 and higher.
    Dovecot remains at TLSv1+ for IMAP, while we require TLSv1.2+ for LMTP connections now.
  • “vacation-seconds” can now be used in sieve filters
  • The IPv6 NAT check in watchdog-mailcow is less CPU intensive
  • A Postfix transport destination “*” now excludes hosts matching /localhost$/
  • Rspamd settings map is checked for changes instead of always re-applying it in Rspamd – saves CPU time


Added on March 10

[Web] Change core to dovecot-fts
[Dovecot] Use dovecot-fts core
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory
[Compose] Update Rspamd, Postfix, Dovecot and Solr images
[Dovecot] v2.3.5 (PH 0.5.5)
[Dovecot] Change Solr cronjob to fit dovecot-fts
[Postfix] Fix sasl_passwd query from alias domain, fixes #2410
[Rspamd] Remove buggy last-modified check

[ClamAV] Create directory before handling whitelist
[ClamAV] More checks and permission fixes
[Compose] Update ClamAV, watchdog, SOGo and Rspamd images
[Dovecot] Add flags and notify to sieve_extensions
[Dovecot] Enable sieve vacation seconds not just for global scripts
[Dovecot] Fix very stupid error in – thanks to @DevTek314
[Dovecot] Remove vacation-seconds from global-only
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+
[Postfix] Force route localhost$ over local:
[Postfix] Remove sasl requiring policies from port 25
[Rspamd] Add fuzzy worker with
[Rspamd] Drop rspamd.conf.local
[Rspamd] Make upstream an object
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime instead of “header { XY }”
[Rspamd] Reduce SOGO_CONTACT score to -99
[Rspamd] Use almost-stable unstable 🙂
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly
[Update] Add /opt/bin to PATH, fixes #2391
[Watchdog] Do not hammer API too much when running Ipv6 NAT check
[Watchdog] Run IPv6 NAT check more often (300s sleep instead of 3600s)
[Watchdog] Minor fixes, print last log lines on error
[Watchdog] Use ipv6nat-mailcow instead of ipv6nat
[Web] Fix bootstrap pathes
[Web] Fix transport_check over port 465, fixes #2386
[Web] Strip < and > from start/end of full name
[Web] Update bootstrap to 3.4.1, fixes #2381

Info: We will do a prize draw for those who submitted or will submit a documentation update. More info soon ™.

For commercially used mailcows, please consider buying a support subscription or help to keep mailcow alive by donating. 🙂

Updated on Foobruary 16, 2019: Moooore!

Important changes

  • Updated on Foobruary 16, 2019: Due to changes in Solr, you should trigger a rescan (not a full reindex!) for all users: docker-compose exec dovecot-mailcow doveadm fts rescan -A
  • Doc updates still outstanding… sorry.
  • The default quarantine template was updated. It now contains links to quick release/delete elements from quarantine. You may want to update your overriding templates.
  • Overquota notifications at 80% and 95% – meta data and text can be set in the UI, please report bugs
  • You can bulk-set some attributes in the mailbox table now.
  • PHP 7.3
  • SASL on port 25 is now disabled
  • Please check your certificates, we switched to acme-tiny.


Added on Foobruary 16

[Web] Changes to user interface (using tabs now)
[Solr] Changes to schema – field types are updated
[Compose] New Solr image
[Rspamd] Lower history nrows
[Assets] Fix Nextcloud site
[ClamAV] Set AlertOLE2Macros to no
Other minor fixes and changes…

[Assets] Add default quota template
[Assets] Nextcloud: add plain listener
[Compose] New images: dockerapi, watchdog, netfilter, acme, dovecot, php, unbound
[Dovecot] Add quota_notify script
[Dovecot] Derive text part in quota/quarantine notification mails from html
[Dovecot] Enable quota notifications
[Dovecot] Extend quarantine template: add score and release/delete buttons – depending on acl
[Dovecot] Some minor changes to quarantine notification script to catch more errors
[Nginx] Add qhandler rewrite
[Nginx] Enable TLSv1.3 (thanks to @Knight1 !)
[PHP-FPM] PHP 7.3, mailparse from Git as long as no releas exists
[Postfix] Disable auth on port 25
Push image base to Alpine 3.9
[Rspamd] Set history lines to 10000
[Web] Add quick actions handler for quarantine, add trigger
[Web] Add quick release/delete functions
[Web] Add quota notification tools
[Web] Add woff2 PT Sans font file
[Web] Allow to mass-change TLS policy and quarantine notifications in /mailbox
[Web] Delete from quarantine and user_acl when deleting mailbox
[Web] Fix minor font issues
[Web] Fix return for unban/ban actions via API
[Web] Lang updates
[Web] Minor alias overview fix
[Web] Minor fixes
[Web] Minor JS changes and fixes
[Web] Move theme header include, fixes #2267
[Web] Remove broken logger examples
[Web] Some PHP fixes (warnings, notices)
[Web] Update bootstrap slider
[Web] Update bootstrap slider javascript
[Web] Update languages
[Web] Use INTL_IDNA_VARIANT_UTS46 in idn_to_ascii (thanks to @Knight1 !)
[Web] Various session fixes

Updated on January 30, 2019: More updates!

Here we go again. Thank you so much for your help, contributions and donations!

Important changes

  • Doc updates outstanding!
  • It is now possible to create quarantine notification templates. Notifications can be sent hourly/daily/weekly. You can disable this feature by setting the ACL accordingly. Default behavior can be controlled via MAILBOX_DEFAULT_ATTRIBUTES (default: never).
  • UI loading speed should be much faster (at least in Firefox)
  • Solr is here, thanks to evilstiefel. Please also check the docs.
  • We now include some Sanesecurity signatures to improve spam detection (hopefully). We had to switch to a Debian base and hope to decrease its size a bit in the future.
  • The default add_header score (move mail to “Junk”) is now 8 (7 for greylisting).
  • Blacklist/Whitelist can now contain “.*” and will be read as “\..*”.
  • Redis 5
  • Thanks to @feldsam we can now have multiple profiles on Apple devices.
  • “ipv6nat” will be restarted if it was not the last container to start (this is a work-in-progress, we hope to move a lot of this from Watchdog to Netfilter)


Added on January 30

[Web] Remote SourceSansPro, remove css style
[Compose] Update PHP-FPM image
[Web] Minify css and js via PHP
[Web] Use PT Sans
[Web] Update some libs
[PHP] Drop pear modules
[Config] Add hint to disable Solr if you do not want a readable index in solr-vol-1
[Dovecot] Fix last_notification in
[Update] Check if run as root
[Rspamd] Split global wl from to mime-from and smtp-from
[Compose] New watchdog and Dovecot images
[Compose] Add SKIP_SOLR to Dovecot to dynamically load fts plugin
[Compose] Mount default quarantine notification template
[Asset] Add default template for quarantine notifications
[Watchdog] Use for DNS check
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? 🙁 )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
[Dovecot] Simplify Docker image
[Dovecot] Set Dovecot plugins dynamically via file and exclude Solr if not enabled
[Dovecot] Add new quarantine notification script
[Update] Check internet connection via
[Config] Use #!/usr/bin/env bash for scritps, fixes #2226, thanks to @cptMikky
[Config] Add ACL_ANYONE to
[Web] Update lang
[Update] Disable Solr when upgrading from non-Solr mailcows
[Web] Lang updates
[Web] Fixed typo in
[Web] Remember FooTable settings by using state plugin, fixes #2122
[Dovecot] imapsync: Log imapsync cronjob errors
[Dovecot] imapsync: Connect to database via socket
[Compose] Fix hard-coded SKIP_CLAMD

Added on January 18

[ClamAV] Add more signatures
[ClamAV] Fix whitelist permission error
[ClamAV] Set prio of clamd parent to 10, fixes #2174
[Compose] New image for ClamAV
[Compose] Update ClamAV and SOGo images
[Compose] Update Rspamd image
[Config] Change some texts, lower RAM req. to 3.5 GB for Solr
[Config/Update] Set limits and change descriptions for Solr
[DockerAPI] Add unused FTS endpoints…
[Dovecot] Add Czech folder names to namespace
[Dovecot] Allow setting ACL_ANYONE in mailcow.conf
[Dovecot] Use Solr for LMTP
[Dovecot] Add Solr
[Rspamd] Do not apply SOGO_CONTACT for hard SPF failures
[Rspamd] Fix metadata_exporter
[rspamd] increased values for SPF, DKIM reject
[Rspamd] Set higher/lower scores for local fuzzy matches
[Rspamd] Set max_size for AV
[SOGo] Allow to turn off GAL for each domain
[Solr] Refuse to start with RAM lt 2 GB
[Web] Allow to turn off GAL for each domain
[Web] Delete index data from Solr when deleting mailbox
[Web] Minor fix in return
[Web] Show subjet in quarantine
[Web] Update lang strings

Added on January 12

[ClamAV] Improve logging
[Nextcloud] Download Nextcloud 15
[Web] Delete network from whitelist when adding it to the blacklist
[Web] Revert password policy, fixes #2163

[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
[Rspamd] Increase add_header and greylist score
[Web] Save filter objects 1:1 to database
[Rspamd] preg_quote filter objects, only translate * to .* – fixes #2152
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
[ClamAV] Include some junk signatures from Sanesecurity
[ClamAV] Some config values are deprecated and were replaced
[ClamAV] Scan whole file
[Backup] Made backup container mounts read only
[Web] Apple mobileconfig enhancements by @feldsam
[Config] Fix misleading typo in generated mailcow.conf
[SOGo] Fix ealarms, again, fixes #2136
[Web] Hide self-edit passwords of domain admins, fixes #2135
[Web] Various minor fixes
[Compose] Update to Redis 5
[Compose] New images for ClamAV, Watchdog, SOGo, Postfix and PHP-FPM
[Watchdog] Run IPv6 NAT check hourly
[PHP-FPM] Update PHP and libs
[Watchdog] Add check for IPv6 NAT: Make sure IPv6 NAT container was started at least 30s after other containers
[Compose] Make ipv6nat depend on all containers
[Postfix] Fix transport map authentication with multiple identical nexthops
[SOGo] Remove old js file
[Web] Fix for the fix of transport map checks
[Web] Remove unnecessary check for transport maps
[SOGo] Fix file path of sogo-full.svg
[Update] Add and for local git config if missing
[Web] Update languages (cs, en)
[Web] Add more details for transport maps
[Web] More checks and fixes for transport maps

Thank you very, very much @lazyfrosch!

I already ate two or three packages. 🙁


Yes, there have been a few pushes, but enotime to update the website, sorry.

BIG thanks to Radek Tříška for his Czech translation of mailcow!


Important changes

Added on December 21
  • You can now add transport maps in mailcow. Transport service is always “smtp:”. Please see the hints added to mailcow UI.
  • Relayhosts are renamed to sender-dependent transport maps.

  • Watchdog now sends a mail when the ratelimit log table changed (does not send a mail for each triggered ratelimit to prevent hammering)
  • A ratelimit log was added to the UI, hashes are identified by color and can be removed (which resets the limit)
  • We speak Czech!
  • SOGos email reminders are enabled and working (thanks to!)
  • Please check your mysql-mailcow and php-fpm-mailcow logs, when mysql-mailcow fails to start. We added a routine to automatically run mysql_upgrade via API.
  • Quarantine items are now released as they were received, this can be changed in mailcow UI.



Added on December 21

[Web] Fix some language strings
[SOGo] Copy logo from config dir, no need to rebuild image
[Web] Allow to set transport maps, rename relayhosts to sender-dependent transports
[Compose] Fix custom-sogo.js mount
[Compose] Update Postfix and SOGo images
[Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
[Postfix] Split sasl passwd maps to not lookup sender_dependent_default_transport_maps auth info when querying for transport_maps
[SOGo] Remove custom colors, there were various broken styles especially for indicators of freebusy states

Added on December 15

[Web] Show ratelimited messages, allow to delete Redis hash to reset status of a bucket
[Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis
[Rspamd] Updated values of default ratelimit settings, add info_symbol
[Rspamd] Add ratelimit.lua (to be removed from Dockerfile with next Rspamd release)
[Compose] Update Watchdog, Dovecot, PHP, Rspamd images
[Watchdog] Alert when ratelimit log changed (does NOT send one mail per triggered ratelimit)
[PHP-FPM] Try SQL once, prevent loops (todo: fix view before upgrade)
[Dovecot] Give master user a uid and gid, fixes #2093
[Dovecot] Trim more logs
[Nextcloud] Fix headers (fixes duplicate frame origin header)
[Nextcloud] Use db 10 for Redis cache
[Postfix] Add missing regexp map, fixes #2083
[Git] Add allow_mailcow_local.regexp and dovecot-master.userdb

[Git] Add allow_mailcow_local.regexp and dovecot-master.userdb
[SOGo] Enable EMailAlarms
[SOGo] Use sieve.creds to authenticate against Dovecot and send email reminders
[SOGo] Wait for updated db schema before bootstrapping
[Compose] Additional SOGo mount for future use
[Compose] Update images: Rspamd, PHP, Dovecot, Netfilter, SOGo, DockerAPI
[Dovecot] Split imapsync cron by —
[Dovecot] Add master user to userdb (to be used in SOGo)
[Dovecot] passdb query ignored active attribute in mailbox table
[Dovecot] Increate proc limit and default client limit
[Dovecot] Update Dovecot to 2.3.4, update Pigeonhole to 0.5.4
[Dovecot] Remove UTF-8 attribute
[Dovecot] Fix maildir_gc, build with ldap support
[DockerAPI] Add mysql_upgrade task
[MySQL] Remove deprecated values for future use of MariaDB 10.3
[PHP-FPM] Trigger mysql_upgrade
[PHP-FPM] Add default release format for spam
[Netfilter] Disable aborted login without auth as fail2ban trigger
[Web] Remove a divider
[Web] Small css fixes
[Web] Fix missing string in modal dialog
[Web] Allow to toggle release format of quarantine msgs
[Web] Update
[Web] Rename configuration menu
[Web] Show warning when configuration disabled quarantine
[Web] Fix init_db, init json when attributes are null
[Web] Do not fail when _sogo_static_view fails to update
[Web] Fix init_db, init json when attributes are null
[Web] Allow actions in quarantine modal, fixes #1991
[Web] Fixes for Source Sans Pro font
[Web] Czech localization
[Web] Edit domain, allow set max mailboxes to 0, fixes #2021
[Web] Fix settings_map_removed, fixes #2018
[Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host
[Rspamd] Remove SOGO_CONTACT for header from
[Rspamd] Use boolean for one_shot, fixes #2066
[Rspamd] Add global rcpt blacklist and whitelist
[Rspamd] Globel whitelist/blacklist from via multimap
[Postfix] Important fix for mailbox maps, fixes #2013
[Postfix] Security: Prefer server-side ciphers

Updated on Moovember 14, 2018: More updates!

Important changes

  • You can now add a subdomain for all existing domains by using ADDITINAL_SAN like ADDITINAL_SAN=mail.* – thanks to @markusg on GitHub!
  • mail_log is enabled, if it is heavy on resources, let us know.
  • There is a new mailbox_format attribute in, that CAN be changed to mdbox, but you most likely break existing ACLs on mixed-setups (also change dovecot.conf to use mdbox for shared namespace) – unsupported.
  • We use a /var/volatile directory for files that can cause trouble on NFS shares (e.g. locking files)
  • A custom-sogo.js file is now included to SOGo by default. This allows, for example, to set CKEditor attributes.


Added on 15th Oct

[Web] Add “alias_domains” ACL to prevent alias domains to add alias domains (by default!)
[Web] Edit alias domains: use select menu
[Web] Minor fixes

[Compose] Remove dedicated index (wip)
[Web] mailbox_format maildir
[Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
[Dovecot] Remove dedicated index (wip)
[SOGo] Fix sogo_view
[Config] Add info for sub.* records to
[Compose] New images for Rspamd, SOGo, Dovecot, Postfix, ACME
[Compose] New volume for deduplicated attachments <- only on mdbox; encrypted [Web] Adjust mailbox format
[Web] Include IMAP lib for future use
[Web] Fix default exception handler
[Web] Fix sync job edit forms
[Web] Other minor fixes
[Web] Fix _sogo_static_view creation when parent tables changed order of cols
[Web] Fix details for blind DKIM keys
[SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default
[Rspamd] Add fuzzy hash to msg
[Rspamd] Add SOGo contacts to whitelist
[SOGo] Adjust SOGo view
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
[Rspamd] Add stopsignal (testing)
[Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
[Dovecot] Shared location to “auto:” to auto-detect legacy mailbox formats across shared mailboxes <- reverted, wip [Dovecot] Create config service for crypted mail_attachment_fs
[Postfix] Adjust mailbox query
[Dovecot] Dovecot 2.3.3, Pigeonhole 0.5.3
[Dovecot] Use “–enable-hardening” flag
[Dovecot] Fix cronjobs
[Dovecot] Use /var/volatile to prevent locking files from being written to NFS storage (if vmail is on NFS)
[Dovecot] Change userdb query
[Dovecot] Use /var/attachments for mdbox attachment deduplication and /var/index for index files <- index reverted, deduplication only with mdbox [Dovecot] Fix sieve user creation
[Dovecot] Make console writable
[Dovecot] Fix
[ACME] Allow for sub.* values in ADDITIONAL_SAN
[Rspamd] Reduce rspamd DNS timeout
[Web] Fix init_db for older mailcow installations, fixes #1961

Important changes

  • We do now try to reload a service instead of restarting it, when a certificate changed. When reloading fails, we restart the container.
  • A supervisord controlled container will now die when a program it started exits.


[Web] More mailq fixes
[Compose] Update SOGo, Dovecot and Postfix images
[Web] Fix mailq styles in /admin
[Web] Move ‘get’ method to mailq functions file
[Web] Add overflows in /admin for small devices
[Web] Fix maildir cleanup after deleting mailbox
[Postfix] Use events to kill supervisord when main proc dies
[SOGo] Use events to kill supervisord when main proc dies
[Dockerapi] Some minor changes
[Web] Cleanup _sogo_static_view and memcached
[Compose] Update Docker API and ACME images
[ACME] Try to reload services after certificate changes instead of restarting
[DockerAPI] Add service reload commands
[Postfix] Do not remove user agent

Updated on 27 Oct:

[Rspamd] Change log level to silent (see docs)
[Rspamd] Adjust default values for (perm) failures of DKIM and SPF
[Compose] Update ClamAV, watchdog and Docker API images
[Compose] Remove whitelist mount in ClamAV service
[DockerAPI] Add top and stats
[ClamAV] Do not try to modify cross-mounted file, copy whitelist from conf to lib directory
[ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated)
[Watchdog] Check if initdb is running and if true skip killing php-fpm-mailcow
[Watchdog] Allow multiple rcpts separated by comma
[Postfix] Add tls_preempt_cipherlist to SMTPS
[Update] Remove obsolete parameters

Updated on 28 Oct:

[Web] Fix sieve validation, fixes #1960
[Update] Change umask for update to ensure its 0022
[Watchdog] Skip container restart if running for less than 120 seconds

Important changes

  • No breaking changes, don’t worry… 🙂
  • New: Postqueue manager
  • New: Grant/Disallow SOGo access
  • New: Reset SOGo profiles


[Compose] Update SOGo and Docker API images
[Web] Queue manager for Postfix
[Web] Add sogo_access mail attribute
[Web] Allow to wipe SOGo profiles
[SOGo] Read .sogo_access attribute when bootstrapping view
[DockerAPI] WIP: change of structure, add some more commands to control mail queue
[Helper] Do not use full network name for MySQL backup