diff --git a/data/Dockerfiles/clamav/Dockerfile b/data/Dockerfiles/clamav/Dockerfile
index 5fc44d9a..170b7d8f 100755
--- a/data/Dockerfiles/clamav/Dockerfile
+++ b/data/Dockerfiles/clamav/Dockerfile
@@ -1,8 +1,8 @@
-FROM debian:latest
+FROM debian:stretch-slim
 MAINTAINER https://m-ko.de Markus Kosmal <code@cnfg.io>
 
 # Debian Base to use
-ENV DEBIAN_VERSION jessie
+ENV DEBIAN_VERSION stretch
 
 # initial install of av daemon
 RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
@@ -13,15 +13,14 @@ RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-fr
         clamav-daemon \
         clamav-freshclam \
         libclamunrar7 \
-        wget && \
+        curl && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
 # initial update of av databases
-RUN wget -O /var/lib/clamav/main.cvd http://db.local.clamav.net/main.cvd && \
-    wget -O /var/lib/clamav/daily.cvd http://db.local.clamav.net/daily.cvd && \
-    wget -O /var/lib/clamav/bytecode.cvd http://db.local.clamav.net/bytecode.cvd && \
-    chown clamav:clamav /var/lib/clamav/*.cvd
+COPY dl_files.sh /dl_files.sh
+RUN chmod +x /dl_files.sh
+RUN /dl_files.sh
 
 # permission juggling
 RUN mkdir /var/run/clamav && \
@@ -33,9 +32,6 @@ RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \
     echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
     sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf
 
-# volume provision
-VOLUME ["/var/lib/clamav"]
-
 # port provision
 EXPOSE 3310
 
diff --git a/data/Dockerfiles/clamav/bootstrap.sh b/data/Dockerfiles/clamav/bootstrap.sh
index 635e93ea..bc5d1b32 100755
--- a/data/Dockerfiles/clamav/bootstrap.sh
+++ b/data/Dockerfiles/clamav/bootstrap.sh
@@ -1,35 +1,7 @@
 #!/bin/bash
-# bootstrap clam av service and clam av database updater shell script
-# presented by mko (Markus Kosmal<code@cnfg.io>)
-set -m
+trap "kill 0" SIGINT
 
-# start clam service itself and the updater in background as daemon
 freshclam -d &
 clamd &
 
-# recognize PIDs
-pidlist=`jobs -p`
-
-# initialize latest result var
-latest_exit=0
-
-# define shutdown helper
-function shutdown() {
-    trap "" SUBS
-
-    for single in $pidlist; do
-        if ! kill -0 $pidlist 2>/dev/null; then
-            wait $pidlist
-            exitcode=$?
-        fi
-    done
-
-    kill $pidlist 2>/dev/null
-}
-
-# run shutdown
-trap terminate SUBS
-wait
-
-# return received result
-exit $latest_exit
+sleep inf
diff --git a/data/Dockerfiles/clamav/dl_files.sh b/data/Dockerfiles/clamav/dl_files.sh
new file mode 100755
index 00000000..09d61241
--- /dev/null
+++ b/data/Dockerfiles/clamav/dl_files.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare -a DB_MIRRORS=(
+  "switch.clamav.net"
+  "clamavdb.heanet.ie"
+  "clamav.iol.cz"
+  "clamav.univ-nantes.fr"
+  "clamav.easynet.fr"
+  "clamav.begi.net"
+)
+declare -a DB_MIRRORS=( $(shuf -e "${DB_MIRRORS[@]}") )
+
+DB_FILES=(
+  "bytecode.cvd"
+  "daily.cvd"
+  "main.cvd"
+)
+
+for i in "${DB_MIRRORS[@]}"; do
+  for j in "${DB_FILES[@]}"; do
+  [[ -f "/var/lib/clamav/${j}" && -s "/var/lib/clamav/${j}" ]] && continue;
+  if [[ $(curl -o /dev/null --connect-timeout 1 \
+    --max-time 1 \
+    --silent \
+    --head \
+    --write-out "%{http_code}\n" "${i}/${j}") == 200 ]]; then
+    curl "${i}/${j}" -o "/var/lib/clamav/${j}" -#
+  fi
+  done
+done
+
+chown clamav:clamav /var/lib/clamav/*.cvd
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 90f7352d..1d3bfbef 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -4,8 +4,8 @@ MAINTAINER Andre Peters <andre.peters@servercow.de>
 
 ENV DEBIAN_FRONTEND noninteractive
 ENV LC_ALL C
-ENV DOVECOT_VERSION 2.2.28
-ENV PIGEONHOLE_VERSION 0.4.17
+ENV DOVECOT_VERSION 2.2.29.1
+ENV PIGEONHOLE_VERSION 0.4.18
 
 RUN apt-get update \
 	&& apt-get -y install libpam-dev \
diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index 0fcdc893..9da92ad6 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -23,6 +23,7 @@ RUN apt-get install -y --no-install-recommends supervisor \
 	gnupg \
 	python-gpgme \
 	sudo \
+	curl \
 	dirmngr
 
 RUN addgroup --system --gid 600 zeyple
@@ -34,6 +35,7 @@ COPY zeyple.py /usr/local/bin/zeyple.py
 COPY zeyple.conf /etc/zeyple.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 COPY postfix.sh /opt/postfix.sh
+COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
 
 EXPOSE 588
 
diff --git a/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh b/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
new file mode 100755
index 00000000..4ad5ab32
--- /dev/null
+++ b/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+while read QUERY; do
+	QUERY=($QUERY)
+	if [ "${QUERY[0]}" != "get" ]; then
+		echo "500 dunno"
+		continue
+	fi
+	result=$(curl -s http://nginx:8081/forwardinghosts.php?host=${QUERY[1]})
+	logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
+	echo ${result}
+done
diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index a78c483f..685e1fc7 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -18,10 +18,9 @@ server {
   access_log /var/log/nginx/access.log;
   root /web;
 
-  location /api/v1/ {
-    try_files $uri $uri/ /json_api.php?$args;
+  location ~ ^/api/v1/(.*)$ {
+    try_files $uri $uri/ /json_api.php?query=$1;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&object=$2? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
@@ -64,10 +63,6 @@ server {
     add_header X-XSS-Protection "1; mode=block";
   }
 
-  location ^~ /inc/init.sql {
-    deny all;
-  }
-
   location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
 		fastcgi_pass phpfpm:9000;
@@ -171,10 +166,9 @@ server {
   access_log /var/log/nginx/access.log;
   root /web;
 
-  location /api/v1/ {
-    try_files $uri $uri/ /json_api.php?$args;
+  location ~ ^/api/v1/(.*)$ {
+    try_files $uri $uri/ /json_api.php?query=$1;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&object=$2? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index b28f6eb9..52e86681 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -24,7 +24,7 @@ milter_default_action = accept
 milter_protocol = 6
 minimal_backoff_time = 300s
 plaintext_reject_code = 550
-postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr
+postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr, tcp:127.0.0.1:10027
 postscreen_bare_newline_enable = no
 postscreen_blacklist_action = drop
 postscreen_cache_cleanup_interval = 24h
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 3802c9a0..955728d1 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -55,3 +55,5 @@ zeyple    unix  -       n       n       -       -       pipe
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+
+127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
diff --git a/data/conf/rmilter/rmilter.conf b/data/conf/rmilter/rmilter.conf
index f84408cd..d957935c 100644
--- a/data/conf/rmilter/rmilter.conf
+++ b/data/conf/rmilter/rmilter.conf
@@ -28,7 +28,6 @@ redis {
 };
 tempdir = /tmp;
 tempfiles_mode = 00600;
-max_size = 20M;
 strict_auth = yes;
 use_dcc = no;
 limits {
diff --git a/data/conf/rspamd/dynmaps/forwardinghosts.php b/data/conf/rspamd/dynmaps/forwardinghosts.php
new file mode 100644
index 00000000..377c5e7e
--- /dev/null
+++ b/data/conf/rspamd/dynmaps/forwardinghosts.php
@@ -0,0 +1,56 @@
+<?php
+header('Content-Type: text/plain');
+require_once "vars.inc.php";
+
+ini_set('error_reporting', 0);
+
+function in_net($addr, $net)
+{
+	$net = explode('/', $net);
+	if (count($net) > 1)
+		$mask = $net[1];
+	$net = inet_pton($net[0]);
+	$addr = inet_pton($addr);
+
+	$length = strlen($net); // 4 for IPv4, 16 for IPv6
+	if (strlen($net) != strlen($addr))
+		return FALSE;
+	if (!isset($mask))
+		$mask = $length * 8;
+
+	$addr_bin = '';
+	$net_bin = '';
+	for ($i = 0; $i < $length; ++$i)
+	{
+		$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+		$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+	}
+
+	return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
+}
+
+$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+try {
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+  $stmt = $pdo->query("SELECT host FROM `forwarding_hosts`");
+  $networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
+  foreach ($networks as $network)
+  {
+    if (in_net($_GET['host'], $network))
+    {
+      echo '200 permit';
+      exit;
+    }
+  }
+  echo '200 dunno';
+}
+catch (PDOException $e) {
+  echo '200 dunno';
+  exit;
+}
+?>
diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 9be1f696..098ffbd9 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -32,6 +32,35 @@ catch (PDOException $e) {
 ?>
 settings {
 <?php
+try {
+	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts`");
+	$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
+}
+catch (PDOException $e) {
+	$rows = array();
+}
+
+if ($rows)
+{
+?>
+	whitelist_forwarding_hosts {
+		priority = high;
+<?php
+foreach ($rows as $host) {
+	echo "\t\t" . 'ip = "' . $host . '";' . "\n";
+}
+?>
+		apply "default" {
+			actions {
+				reject = 999.9;
+			}
+		}
+		symbols [
+			"WHITELIST_FORWARDING_HOST"
+		]
+	}
+<?php
+}
 $stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
 $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
@@ -207,8 +236,11 @@ while ($row = array_shift($rows)) {
 	}
 ?>
 		apply "default" {
-			MAILCOW_MOO = -999.0;
+			MAILCOW_WHITE = -999.0;
 		}
+		symbols [
+			"MAILCOW_WHITE"
+		]
 	}
 <?php
 }
@@ -302,10 +334,13 @@ while ($row = array_shift($rows)) {
 	}
 ?>
 		apply "default" {
-			MAILCOW_MOO = 999.0;
+			MAILCOW_BLACK = 999.0;
 		}
+		symbols [
+			"MAILCOW_BLACK"
+		]
 	}
 <?php
 }
 ?>
-}
\ No newline at end of file
+}
diff --git a/data/conf/rspamd/local.d/antivirus.conf b/data/conf/rspamd/local.d/antivirus.conf
new file mode 100644
index 00000000..92ba684c
--- /dev/null
+++ b/data/conf/rspamd/local.d/antivirus.conf
@@ -0,0 +1,7 @@
+clamav {
+  attachments_only = false;
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  log_clean = true;
+  servers = "clamd:3310";
+}
diff --git a/data/conf/rspamd/local.d/dkim.conf b/data/conf/rspamd/local.d/dkim.conf
deleted file mode 100644
index c199c6ae..00000000
--- a/data/conf/rspamd/local.d/dkim.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-sign_condition =<<EOD
-return function(task)
-  local smtp_from = task:get_from('smtp')
-  local mime_from = task:get_from('mime')
-  local rspamd_logger = require "rspamd_logger"
-  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
-    domain = smtp_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
-    if not task:get_user() then
-      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
-      return false
-    end
-  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
-    domain = mime_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
-  else
-    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
-    return false
-  end
-  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
-  if keyfile then
-    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
-    keyfile:close()
-    return {
-      key = "/data/dkim/keys/" .. domain .. ".dkim",
-      domain = domain,
-      selector = "dkim"
-    }
-  else
-    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
-  end
-  return false
-end
-EOD;
diff --git a/data/conf/rspamd/local.d/dkim_signing.conf b/data/conf/rspamd/local.d/dkim_signing.conf
new file mode 100644
index 00000000..fb718b69
--- /dev/null
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@@ -0,0 +1,28 @@
+# If false, messages with empty envelope from are not signed
+allow_envfrom_empty = false;
+# If true, envelope/header domain mismatch is ignored
+allow_hdrfrom_mismatch = true;
+# If true, multiple from headers are allowed (but only first is used)
+allow_hdrfrom_multiple = true;
+# If true, username does not need to contain matching domain
+allow_username_mismatch = true;
+# If false, messages from authenticated users are not selected for signing
+auth_only = true;
+# Default path to key, can include '$domain' and '$selector' variables
+path = "/data/dkim/keys/$domain.dkim";
+# Default selector to use
+selector = "dkim";
+# If false, messages from local networks are not selected for signing
+sign_local = true;
+# Symbol to add when message is signed
+symbol = "DKIM_SIGNED";
+# Whether to fallback to global config
+try_fallback = true;
+# Domain to use for DKIM signing: can be "header" or "envelope"
+use_domain = "envelope";
+# Whether to normalise domains to eSLD
+use_esld = true;
+# Whether to get keys from Redis
+use_redis = false;
+# Hash for DKIM keys in Redis
+hash_key = "DKIM_KEYS";
diff --git a/data/conf/rspamd/local.d/force_actions.conf b/data/conf/rspamd/local.d/force_actions.conf
new file mode 100644
index 00000000..1aa10659
--- /dev/null
+++ b/data/conf/rspamd/local.d/force_actions.conf
@@ -0,0 +1,12 @@
+rules {
+  DKIM_FAIL {
+    action = "add header";
+    expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
+    require_action = ["no action", "greylist"];
+  }
+  VIRUS_FOUND {
+    action = "reject";
+    expression = "CLAM_VIRUS & !MAILCOW_WHITE";
+    honor_action = ["reject"];
+  }
+}
diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 7d6aaa20..09cf9d10 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -7,10 +7,6 @@ rspamd_config.MAILCOW_AUTH = {
 	end
 }
 
-rspamd_config.MAILCOW_MOO = function (task)
-	return true
-end
-
 modify_subject_map = rspamd_config:add_map({
   url = 'http://172.22.1.251:8081/tags.php',
   type = 'map',
diff --git a/data/web/add.php b/data/web/add.php
index 39017e98..5f1aa0d6 100644
--- a/data/web/add.php
+++ b/data/web/add.php
@@ -353,7 +353,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete1" checked> <?=$lang['add']['delete1'];?></label>
+							<label><input type="checkbox" name="delete1"> <?=$lang['add']['delete1'];?></label>
 							</div>
 						</div>
 					</div>
diff --git a/data/web/admin.php b/data/web/admin.php
index e0e04aee..ca20af8a 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -183,9 +183,11 @@ $tfa_data = get_tfa();
   </div>
 
   <h4><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> <?=$lang['admin']['configuration'];?></h4>
+
+  <div class="panel-group" id="accordion_access">
+
   <div class="panel panel-default">
   <div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
-  <div id="collapseDKIM" class="panel-collapse">
   <div class="panel-body">
     <p style="margin-bottom:40px"><?=$lang['admin']['dkim_key_hint'];?></p>
     <?php
@@ -297,7 +299,72 @@ $tfa_data = get_tfa();
     </form>
   </div>
   </div>
+  
+  <div class="panel panel-default">
+    <div class="panel-heading"><?=$lang['admin']['forwarding_hosts'];?></div>
+    <div class="panel-body">
+      <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
+      <form method="post">
+        <div class="table-responsive">
+        <table class="table table-striped" id="forwardinghoststable">
+          <thead>
+          <tr>
+            <th style="min-width: 100px;"><?=$lang['edit']['host'];?></th>
+            <th style="min-width: 100px;"><?=$lang['edit']['source'];?></th>
+            <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
+          </tr>
+          </thead>
+          <tbody>
+            <?php
+            $forwarding_hosts = get_forwarding_hosts();
+            if ($forwarding_hosts) {
+              foreach ($forwarding_hosts as $host) {
+                $source = $host->source;
+                $host = $host->host;
+              ?>
+              <tr id="data">
+                <td><?=htmlspecialchars(strtolower($host));?></td>
+                <td><?=htmlspecialchars(strtolower($source));?></td>
+                <td style="text-align: right;">
+                  <div class="btn-group">
+                    <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
+                  </div>
+                </td>
+                </td>
+              </tr>
+
+              <?php
+              }
+            } else {
+            ?>
+              <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
+            <?php
+            }
+            ?>
+          </tbody>
+        </table>
+        </div>
+      </form>
+      <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
+      <p class="help-block"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
+      <form class="form-horizontal" role="form" method="post">
+        <div class="form-group">
+          <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['host'];?>:</label>
+          <div class="col-sm-10">
+            <input type="text" class="form-control" name="hostname" id="hostname" required>
+          </div>
+        </div>
+        <div class="form-group">
+          <div class="col-sm-offset-2 col-sm-10">
+            <button type="submit" name="add_forwarding_host" class="btn btn-default"><?=$lang['admin']['add'];?></button>
+          </div>
+        </div>
+      </form>
+    </div>
   </div>
+
+  </div>
+
 </div> <!-- /container -->
 <script type='text/javascript'>
 <?php
diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index 23f5ad84..4a110ba1 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -12,8 +12,25 @@ table.footable>tbody>tr.footable-empty>td {
   overflow: visible !important;
 }
 .footer-add-item {
-  text-align:center;
-  font-style: italic;
   display:block;
   padding: 10px;
-}
\ No newline at end of file
+  background: #F5F5F5;
+}
+.mass-each-action {
+  padding: 0 3px 0 3px;
+  user-select: none;
+}
+.mass-actions {
+  user-select: none;
+  padding:10px;
+}
+.mass-select-all {
+  cursor:pointer;
+  color:#555;
+}
+#alias_table {
+  cursor:pointer;
+}
+#alias_table .footable-paging {
+  cursor:	auto;
+}
diff --git a/data/web/css/mailcow.css b/data/web/css/mailcow.css
index 1b3a691c..f7db5296 100644
--- a/data/web/css/mailcow.css
+++ b/data/web/css/mailcow.css
@@ -50,3 +50,8 @@ pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-s
   -ms-user-select: none;      
   user-select: none;
 }
+/* Fix modal moving content left */
+body.modal-open {
+  overflow: inherit;
+  padding-right: inherit !important;
+}
diff --git a/data/web/delete.php b/data/web/delete.php
index 6ba93d31..bfeff0f3 100644
--- a/data/web/delete.php
+++ b/data/web/delete.php
@@ -105,6 +105,23 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				</form>
 				<?php
 		}
+		// DELETE FORWARDING HOST
+		elseif (isset($_GET["forwardinghost"]) &&
+			!empty($_GET["forwardinghost"]) &&
+        $_SESSION['mailcow_cc_role'] == "admin") {
+				$host = $_GET["forwardinghost"];
+				?>
+				<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_forwardinghost_warning'], htmlspecialchars($_GET["forwardinghost"]));?></div>
+				<form class="form-horizontal" role="form" method="post" action="/admin.php">
+				<input type="hidden" name="forwardinghost" value="<?=htmlspecialchars($host);?>">
+					<div class="form-group">
+						<div class="col-sm-offset-1 col-sm-10">
+							<button type="submit" name="delete_forwarding_host" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
+						</div>
+					</div>
+				</form>
+				<?php
+		}
 		// DELETE MAILBOX
 		elseif (isset($_GET["mailbox"]) &&
 			filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) &&
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 580c457f..6cf48242 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -19,6 +19,23 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 		</div>
 	</div>
 </div>
+<div id="ConfirmDeleteModal" class="modal fade" role="dialog">
+	<div class="modal-dialog">
+		<div class="modal-content">
+		<div class="modal-header">
+			<button type="button" class="close" data-dismiss="modal">&times;</button>
+			<h4 class="modal-title"><?=$lang['footer']['confirm_delete'];?></h4>
+		</div>
+		<div class="modal-body">
+			<p><?=$lang['footer']['delete_these_items'];?></p>
+      <ul id="ItemsToDelete"></ul>
+			<hr />
+			<button class="btn btn-sm btn-danger" id="IsConfirmed"><?=$lang['footer']['delete_now'];?></button>
+			<button class="btn btn-sm btn-default" id="isCanceled"><?=$lang['footer']['cancel'];?></button>
+		</div>
+		</div>
+	</div>
+</div>
 <?php
 endif;
 ?>
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 465ab2ac..091b3623 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -62,69 +62,6 @@ function hasMailboxObjectAccess($username, $role, $object) {
 	}
 	return false;
 }
-function init_db_schema() {
-  // This will be much better in future releases...
-	global $pdo;
-	try {
-		$stmt = $pdo->prepare("SELECT NULL FROM `admin`, `imapsync`, `tfa`");
-		$stmt->execute();
-	}
-	catch (Exception $e) {
-		$lines = file('/web/inc/init.sql');
-		$data = '';
-		foreach ($lines as $line) {
-			if (substr($line, 0, 2) == '--' || $line == '') {
-				continue;
-			}
-			$data .= $line;
-			if (substr(trim($line), -1, 1) == ';') {
-				$pdo->query($data);
-				$data = '';
-			}
-		}
-    // Create index if not exists
-		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_folder_id_idx'");
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		if ($num_results == 0) {
-			$pdo->query("CREATE INDEX sogo_acl_c_folder_id_idx ON sogo_acl(c_folder_id)");
-		}
-		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_uid_idx'");
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		if ($num_results == 0) {
-			$pdo->query("CREATE INDEX sogo_acl_c_uid_idx ON sogo_acl(c_uid)");
-		}
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => 'Database initialization completed.'
-		);
-	}
-  // Add newly added columns
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'kind'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `kind` VARCHAR(100) NOT NULL DEFAULT ''");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'multiple_bookings'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `multiple_bookings` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `imapsync` LIKE 'delete1'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `imapsync` ADD `delete1` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'wants_tagged_subject'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `wants_tagged_subject` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `tfa` LIKE 'key_id'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `tfa` ADD `key_id` VARCHAR(255) DEFAULT 'unidentified'");
-  }
-}
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
 	$hash = ltrim($hash, '{SSHA256}');
@@ -287,13 +224,11 @@ function edit_admin_account($postarray) {
 		$password_hashed = hash_password($password);
 		try {
 			$stmt = $pdo->prepare("UPDATE `admin` SET 
-				`modified` = :modified,
 				`password` = :password_hashed,
 				`username` = :username1
 					WHERE `username` = :username2");
 			$stmt->execute(array(
 				':password_hashed' => $password_hashed,
-				':modified' => date('Y-m-d H:i:s'),
 				':username1' => $username,
 				':username2' => $username_now
 			));
@@ -309,12 +244,10 @@ function edit_admin_account($postarray) {
 	else {
 		try {
 			$stmt = $pdo->prepare("UPDATE `admin` SET 
-				`modified` = :modified,
 				`username` = :username1
 					WHERE `username` = :username2");
 			$stmt->execute(array(
 				':username1' => $username,
-				':modified' => date('Y-m-d H:i:s'),
 				':username2' => $username_now
 			));
 		}
@@ -608,10 +541,9 @@ function edit_user_account($postarray) {
 			}
 			$password_hashed = hash_password($password_new);
 			try {
-				$stmt = $pdo->prepare("UPDATE `mailbox` SET `modified` = :modified, `password` = :password_hashed WHERE `username` = :username");
+				$stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed WHERE `username` = :username");
 				$stmt->execute(array(
 					':password_hashed' => $password_hashed,
-					':modified' => date('Y-m-d H:i:s'),
 					':username' => $username
 				));
 			}
@@ -1633,13 +1565,11 @@ function add_domain_admin($postarray) {
 			}
 		}
 		try {
-			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-				VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
+			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+				VALUES (:username, :password_hashed, '0', :active)");
 			$stmt->execute(array(
 				':username' => $username,
 				':password_hashed' => $password_hashed,
-				':created' => date('Y-m-d H:i:s'),
-				':modified' => date('Y-m-d H:i:s'),
 				':active' => $active
 			));
 		}
@@ -2228,12 +2158,11 @@ function edit_domain_admin($postarray) {
       }
       $password_hashed = hash_password($password);
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username2");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `active` = :active, `password` = :password_hashed WHERE `username` = :username2");
         $stmt->execute(array(
           ':password_hashed' => $password_hashed,
           ':username1' => $username,
           ':username2' => $username_now,
-          ':modified' => date('Y-m-d H:i:s'),
           ':active' => $active
         ));
         if (isset($postarray['disable_tfa'])) {
@@ -2255,11 +2184,10 @@ function edit_domain_admin($postarray) {
     }
     else {
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `modified` = :modified, `active` = :active WHERE `username` = :username2");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `active` = :active WHERE `username` = :username2");
         $stmt->execute(array(
           ':username1' => $username,
           ':username2' => $username_now,
-          ':modified' => date('Y-m-d H:i:s'),
           ':active' => $active
         ));
         if (isset($postarray['disable_tfa'])) {
@@ -2321,10 +2249,9 @@ function edit_domain_admin($postarray) {
       }
       $password_hashed = hash_password($password_new);
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `password` = :password_hashed WHERE `username` = :username");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
         $stmt->execute(array(
           ':password_hashed' => $password_hashed,
-          ':modified' => date('Y-m-d H:i:s'),
           ':username' => $username
         ));
       }
@@ -2356,7 +2283,7 @@ function get_admin_details() {
     return false;
   }
   try {
-    $stmt = $pdo->prepare("SELECT `username`, `modified`, `created` FROM `admin`WHERE `superadmin`='1' AND active='1'");
+    $stmt = $pdo->prepare("SELECT `username`, `modified`, `created` FROM `admin` WHERE `superadmin`='1' AND active='1'");
     $stmt->execute();
     $data = $stmt->fetch(PDO::FETCH_ASSOC);
   }
@@ -2601,8 +2528,8 @@ function mailbox_add_domain($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `created`, `modified`, `active`, `relay_all_recipients`)
-			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :created, :modified, :active, :relay_all_recipients)");
+		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `active`, `relay_all_recipients`)
+			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :active, :relay_all_recipients)");
 		$stmt->execute(array(
 			':domain' => $domain,
 			':description' => $description,
@@ -2612,8 +2539,6 @@ function mailbox_add_domain($postarray) {
 			':quota' => $quota,
 			':backupmx' => $backupmx,
 			':active' => $active,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':relay_all_recipients' => $relay_all_recipients
 		));
 		$_SESSION['return'] = array(
@@ -2678,7 +2603,7 @@ function mailbox_add_alias($postarray) {
 		$address      = $local_part.'@'.$domain;
 
     $domaindata = mailbox_get_domain_details($domain);
-    if ($domaindata['aliases_left'] == 0) {
+    if (is_array($domaindata) && $domaindata['aliases_left'] == "0") {
       $_SESSION['return'] = array(
         'type' => 'danger',
         'msg' => sprintf($lang['danger']['max_alias_exceeded'])
@@ -2789,16 +2714,14 @@ function mailbox_add_alias($postarray) {
 		$goto = implode(",", $gotos);
 
 		try {
-			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-				VALUES (:address, :goto, :domain, :created, :modified, :active)");
+			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`)
+				VALUES (:address, :goto, :domain, :active)");
 
 			if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
 				$stmt->execute(array(
 					':address' => '@'.$domain,
 					':goto' => $goto,
 					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
 					':active' => $active
 				));
 			}
@@ -2807,8 +2730,6 @@ function mailbox_add_alias($postarray) {
 					':address' => $address,
 					':goto' => $goto,
 					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
 					':active' => $active
 				));
 			}
@@ -2909,13 +2830,11 @@ function mailbox_add_alias_domain($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`)
-			VALUES (:alias_domain, :target_domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `active`)
+			VALUES (:alias_domain, :target_domain, :active)");
 		$stmt->execute(array(
 			':alias_domain' => $alias_domain,
 			':target_domain' => $target_domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 		$_SESSION['return'] = array(
@@ -3118,8 +3037,8 @@ function mailbox_add_mailbox($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) 
-			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`) 
+			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :active)");
 		$stmt->execute(array(
 			':username' => $username,
 			':password_hashed' => $password_hashed,
@@ -3128,8 +3047,6 @@ function mailbox_add_mailbox($postarray) {
 			':quota_b' => $quota_b,
 			':local_part' => $local_part,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 
@@ -3137,14 +3054,12 @@ function mailbox_add_mailbox($postarray) {
 			VALUES (:username, '0', '0')");
 		$stmt->execute(array(':username' => $username));
 
-		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-			VALUES (:username1, :username2, :domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`)
+			VALUES (:username1, :username2, :domain, :active)");
 		$stmt->execute(array(
 			':username1' => $username,
 			':username2' => $username,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 
@@ -3274,15 +3189,13 @@ function mailbox_add_resource($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`, `multiple_bookings`, `kind`) 
-			VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :created, :modified, :active, :multiple_bookings, :kind)");
+		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`, `multiple_bookings`, `kind`) 
+			VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :active, :multiple_bookings, :kind)");
 		$stmt->execute(array(
 			':name' => $name,
 			':description' => $description,
 			':local_part' => $local_part,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active,
 			':kind' => $kind,
 			':multiple_bookings' => $multiple_bookings
@@ -3373,12 +3286,10 @@ function mailbox_edit_alias_domain($postarray) {
 	try {
 		$stmt = $pdo->prepare("UPDATE `alias_domain` SET
       `alias_domain` = :alias_domain,
-      `active` = :active,
-      `modified` = :modified
+      `active` = :active
         WHERE `alias_domain` = :alias_domain_now");
 		$stmt->execute(array(
 			':alias_domain' => $alias_domain,
-      ':modified' => date('Y-m-d H:i:s'),
 			':alias_domain_now' => $alias_domain_now,
 			':active' => $active
 		));
@@ -3397,84 +3308,95 @@ function mailbox_edit_alias_domain($postarray) {
 	);
 }
 function mailbox_edit_alias($postarray) {
-  // Array elements
-  // address            string
-  // goto               string    (separated by " ", "," ";" "\n") - email address or domain
-  // active             int
+  // We can edit multiple addresses at once, but only set one "goto" and/or "active" attribute for all
+  // address    string or array containing strings | email | required
+  // goto       string | separated by " ", "," ";" "\n", email or domain | optional
+  // active     set (active) or unset (inactive)
 	global $lang;
 	global $pdo;
-	$address      = $postarray['address'];
-	$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
-	$local_part   = strstr($address, '@', true);
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (empty($postarray['goto'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['goto_empty'])
-		);
-		return false;
-	}
-	$gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
-	foreach ($gotos as &$goto) {
-		if (empty($goto)) {
-			continue;
-		}
-		if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' =>sprintf($lang['danger']['goto_invalid'])
-			);
-			return false;
-		}
-		if ($goto == $address) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['alias_goto_identical'])
-			);
-			return false;
-		}
-	}
-	$gotos = array_filter($gotos);
-	$goto = implode(",", $gotos);
+  if (!is_array($postarray['address'])) {
+    $address_array = array();
+    $address_array[] = $postarray['address'];
+  }
+  else {
+    $address_array = $postarray['address'];
+  }
+	if (isset($postarray['goto']) || !empty($postarray['goto'])) {
+    $gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
+    foreach ($gotos as &$goto) {
+      if (empty($goto)) {
+        continue;
+      }
+      if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' =>sprintf($lang['danger']['goto_invalid'])
+        );
+        return false;
+      }
+      if ($goto == $address) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['alias_goto_identical'])
+        );
+        return false;
+      }
+    }
+    $gotos = array_filter($gotos);
+    $goto = implode(",", $gotos);
+  }
 	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_invalid'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("UPDATE `alias` SET
-      `goto` = :goto,
-      `active`= :active,
-      `modified` = :modified
-        WHERE `address` = :address");
-		$stmt->execute(array(
-			':goto' => $goto,
-			':active' => $active,
-			':address' => $address,
-      ':modified' => date('Y-m-d H:i:s'),
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars($address))
-		);
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
+  foreach ($address_array as $address) {
+    $domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
+    $local_part   = strstr($address, '@', true);
+    if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['alias_invalid'])
+      );
+      return false;
+    }
+    try {
+      if (isset($goto) && !empty($goto)) {
+        $stmt = $pdo->prepare("UPDATE `alias` SET
+          `goto` = :goto,
+          `active`= :active
+            WHERE `address` = :address");
+        $stmt->execute(array(
+          ':goto' => $goto,
+          ':active' => $active,
+          ':address' => $address
+        ));
+      }
+      else {
+        $stmt = $pdo->prepare("UPDATE `alias` SET
+          `active`= :active
+            WHERE `address` = :address");
+        $stmt->execute(array(
+          ':active' => $active,
+          ':address' => $address
+        ));
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
 	}
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars(implode(', ', $address_array)))
+  );
 }
 function mailbox_edit_domain($postarray) {
   // Array elements
@@ -3506,11 +3428,9 @@ function mailbox_edit_domain($postarray) {
     isset($postarray['active']) ? $active = '1' : $active = '0';
     try {
       $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
       `description` = :description
         WHERE `domain` = :domain");
       $stmt->execute(array(
-        ':modified' => date('Y-m-d H:i:s'),
         ':description' => $description,
         ':domain' => $domain
       ));
@@ -3614,7 +3534,6 @@ function mailbox_edit_domain($postarray) {
     }
     try {
       $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
       `relay_all_recipients` = :relay_all_recipients,
       `backupmx` = :backupmx,
       `active` = :active,
@@ -3632,7 +3551,6 @@ function mailbox_edit_domain($postarray) {
         ':maxquota' => $maxquota,
         ':mailboxes' => $mailboxes,
         ':aliases' => $aliases,
-        ':modified' => date('Y-m-d H:i:s'),
         ':description' => $description,
         ':domain' => $domain
       ));
@@ -3844,23 +3762,19 @@ function mailbox_edit_mailbox($postarray) {
 		$password_hashed = hash_password($password);
 		try {
 			$stmt = $pdo->prepare("UPDATE `alias` SET
-					`modified` = :modified,
 					`active` = :active
 						WHERE `address` = :address");
 			$stmt->execute(array(
 				':address' => $username,
-				':modified' => date('Y-m-d H:i:s'),
 				':active' => $active
 			));
 			$stmt = $pdo->prepare("UPDATE `mailbox` SET
-					`modified` = :modified,
 					`active` = :active,
 					`password` = :password_hashed,
 					`name`= :name,
 					`quota` = :quota_b
 						WHERE `username` = :username");
 			$stmt->execute(array(
-				':modified' => date('Y-m-d H:i:s'),
 				':password_hashed' => $password_hashed,
 				':active' => $active,
 				':name' => $name,
@@ -3883,23 +3797,19 @@ function mailbox_edit_mailbox($postarray) {
 	}
 	try {
 		$stmt = $pdo->prepare("UPDATE `alias` SET
-				`modified` = :modified,
 				`active` = :active
 					WHERE `address` = :address");
 		$stmt->execute(array(
 			':address' => $username,
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 		$stmt = $pdo->prepare("UPDATE `mailbox` SET
-				`modified` = :modified,
 				`active` = :active,
 				`name`= :name,
 				`quota` = :quota_b
 					WHERE `username` = :username");
 		$stmt->execute(array(
 			':active' => $active,
-			':modified' => date('Y-m-d H:i:s'),
 			':name' => $name,
 			':quota_b' => $quota_b,
 			':username' => $username
@@ -3962,7 +3872,6 @@ function mailbox_edit_resource($postarray) {
 
 	try {
 		$stmt = $pdo->prepare("UPDATE `mailbox` SET
-				`modified` = :modified,
 				`active` = :active,
 				`name`= :description,
 				`kind`= :kind,
@@ -3970,7 +3879,6 @@ function mailbox_edit_resource($postarray) {
           WHERE `username` = :name");
 		$stmt->execute(array(
 			':active' => $active,
-			':modified' => date('Y-m-d H:i:s'),
 			':description' => $description,
 			':multiple_bookings' => $multiple_bookings,
 			':kind' => $kind,
@@ -4199,6 +4107,17 @@ function mailbox_get_alias_details($address) {
       ':address' => $address,
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain");
+    $stmt->execute(array(
+      ':domain' => $row['domain'],
+    ));
+    $row_alias_domain = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (isset($row_alias_domain['target_domain']) && !empty($row_alias_domain['target_domain'])) {
+      $aliasdata['in_primary_domain'] = $row_alias_domain['target_domain'];
+    }
+    else {
+      $aliasdata['in_primary_domain'] = "";
+    }
     $aliasdata['domain'] = $row['domain'];
     $aliasdata['goto'] = $row['goto'];
     $aliasdata['address'] = $row['address'];
@@ -4315,6 +4234,15 @@ function mailbox_get_domain_details($domain) {
 	}
 
   try {
+    $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` =  :domain");
+    $stmt->execute(array(
+      ':domain' => $domain
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (!empty($row)) { 
+      $domain = $row['target_domain'];
+    }
+
     $stmt = $pdo->prepare("SELECT 
         `domain`,
         `description`,
@@ -4330,14 +4258,18 @@ function mailbox_get_domain_details($domain) {
         CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
           FROM `domain` WHERE `domain`= :domain");
     $stmt->execute(array(
-      ':domain' => $domain,
+      ':domain' => $domain
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if (empty($row)) { 
       return false;
     }
 
-    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain");
+    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`,
+      COALESCE(SUM(`quota`), 0) AS `in_use`
+        FROM `mailbox`
+          WHERE `kind` NOT REGEXP 'location|thing|group'
+            AND `domain` = :domain");
     $stmt->execute(array(':domain' => $row['domain']));
     $MailboxDataDomain	= $stmt->fetch(PDO::FETCH_ASSOC);
 
@@ -4362,12 +4294,13 @@ function mailbox_get_domain_details($domain) {
     $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int'];
 
     $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
-      WHERE `domain`= :domain
+      WHERE (`domain`= :domain OR `domain` = (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2))
         AND `address` NOT IN (
           SELECT `username` FROM `mailbox`
         )");
     $stmt->execute(array(
       ':domain' => $domain,
+      ':domain2' => $domain
     ));
     $AliasDataDomain = $stmt->fetch(PDO::FETCH_ASSOC);
     (isset($AliasDataDomain['alias_count'])) ? $domaindata['aliases_in_domain'] = $AliasDataDomain['alias_count'] : $domaindata['aliases_in_domain'] = "0";
@@ -4607,48 +4540,57 @@ function mailbox_delete_domain($postarray) {
 	return true;
 }
 function mailbox_delete_alias($postarray) {
+  // $postarray['address'] can be a single element or an array
 	global $lang;
 	global $pdo;
-	$address		= $postarray['address'];
-	$local_part		= strstr($address, '@', true);
-  $domain = mailbox_get_alias_details($address)['domain'];
-	try {
-		$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
-		$stmt->execute(array(':address' => $address));
-		$gotos = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$goto_array = explode(',', $gotos['goto']);
+  if (!is_array($postarray['address'])) {
+    $address_array = array();
+    $address_array[] = $postarray['address'];
+  }
+  else {
+    $address_array = $postarray['address'];
+  }
+  foreach ($address_array as $address) {
+    $local_part		= strstr($address, '@', true);
+    $domain = mailbox_get_alias_details($address)['domain'];
+    try {
+      $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
+      $stmt->execute(array(':address' => $address));
+      $gotos = $stmt->fetch(PDO::FETCH_ASSOC);
+    }
+    catch(PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+    $goto_array = explode(',', $gotos['goto']);
 
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
-		$stmt->execute(array(
-			':address' => $address
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
+    if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    try {
+      $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
+      $stmt->execute(array(
+        ':address' => $address
+      ));
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
 	$_SESSION['return'] = array(
 		'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars($address))
+		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars(implode(', ', $address_array)))
 	);
 
 }
@@ -4796,12 +4738,10 @@ function mailbox_delete_mailbox($postarray) {
 			}
 			$gotos_rebuild = implode(',', $goto_exploded);
 			$stmt = $pdo->prepare("UPDATE `alias` SET
-        `goto` = :goto,
-        `modified` = :modified,
+        `goto` = :goto
           WHERE `address` = :address");
 			$stmt->execute(array(
 				':goto' => $gotos_rebuild,
-        ':modified' => date('Y-m-d H:i:s'),
 				':address' => $gotos['address']
 			));
 		}
@@ -5039,4 +4979,93 @@ function get_u2f_registrations($username) {
   $sel->execute(array($username));
   return $sel->fetchAll(PDO::FETCH_OBJ);
 }
+function get_forwarding_hosts() {
+	global $pdo;
+  $sel = $pdo->prepare("SELECT host, source FROM `forwarding_hosts`");
+  $sel->execute();
+  return $sel->fetchAll(PDO::FETCH_OBJ);
+}
+function add_forwarding_host($postarray) {
+	require_once 'spf.inc.php';
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$source = $postarray['hostname'];
+	$host = $postarray['hostname'];
+	$hosts = array();
+	if (preg_match('/^[0-9a-fA-F:\/]+$/', $host)) { // IPv6 address
+		$hosts = array($host);
+	}
+	elseif (preg_match('/^[0-9\.\/]+$/', $host)) { // IPv4 address
+		$hosts = array($host);
+	}
+	else {
+		$hosts = get_outgoing_hosts_best_guess($host);
+	}
+	if (!$hosts)
+	{
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'Invalid host specified: '. htmlspecialchars($host)
+		);
+		return false;
+	}
+	foreach ($hosts as $host) {
+		if ($source == $host)
+			$source = '';
+		try {
+			$stmt = $pdo->prepare("INSERT IGNORE INTO `forwarding_hosts` (`host`, `source`) VALUES (:host, :source)");
+			$stmt->execute(array(
+				':host' => $host,
+				':source' => $source,
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars(implode(', ', $hosts)))
+	);
+}
+function delete_forwarding_host($postarray) {
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$host = $postarray['forwardinghost'];
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `forwarding_hosts` WHERE `host` = :host");
+		$stmt->execute(array(
+			':host' => $host,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['forwarding_host_removed'], htmlspecialchars($host))
+	);
+}
 ?>
diff --git a/data/web/inc/init.sql b/data/web/inc/init.sql
deleted file mode 100644
index 84e19f74..00000000
--- a/data/web/inc/init.sql
+++ /dev/null
@@ -1,281 +0,0 @@
-CREATE TABLE IF NOT EXISTS `admin` (
-	`username` VARCHAR(255) NOT NULL,
-	`password` VARCHAR(255) NOT NULL,
-	`superadmin` TINYINT(1) NOT NULL DEFAULT '0',
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `alias` (
-	`address` VARCHAR(255) NOT NULL,
-	`goto` TEXT NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`address`),
-	KEY `domain` (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `sender_acl` (
-	`logged_in_as` VARCHAR(255) NOT NULL,
-	`send_as` VARCHAR(255) NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `spamalias` (
-	`address` VARCHAR(255) NOT NULL,
-	`goto` TEXT NOT NULL,
-	`validity` INT(11) NOT NULL,
-	PRIMARY KEY (`address`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `alias_domain` (
-	`alias_domain` VARCHAR(255) NOT NULL,
-	`target_domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`alias_domain`),
-	KEY `active` (`active`),
-	KEY `target_domain` (`target_domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `domain` (
-	`domain` VARCHAR(255) NOT NULL,
-	`description` VARCHAR(255),
-	`aliases` INT(10) NOT NULL DEFAULT '0',
-	`mailboxes` INT(10) NOT NULL DEFAULT '0',
-	`maxquota` BIGINT(20) NOT NULL DEFAULT '0',
-	`quota` BIGINT(20) NOT NULL DEFAULT '0',
-	`transport` VARCHAR(255) NOT NULL,
-	`backupmx` TINYINT(1) NOT NULL DEFAULT '0',
-	`relay_all_recipients` TINYINT(1) NOT NULL DEFAULT '0',
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `domain_admins` (
-	`username` VARCHAR(255) NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	KEY `username` (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `mailbox` (
-	`username` VARCHAR(255) NOT NULL,
-	`password` VARCHAR(255) NOT NULL,
-	`name` VARCHAR(255),
-	`maildir` VARCHAR(255) NOT NULL,
-	`quota` BIGINT(20) NOT NULL DEFAULT '0',
-	`local_part` VARCHAR(255) NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`tls_enforce_in` TINYINT(1) NOT NULL DEFAULT '0',
-	`tls_enforce_out` TINYINT(1) NOT NULL DEFAULT '0',
-	`kind` VARCHAR(100) NOT NULL DEFAULT '',
-	`multiple_bookings` TINYINT(1) NOT NULL DEFAULT '0',
-	`wants_tagged_subject` TINYINT(1) NOT NULL DEFAULT '0',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`username`),
-	KEY `domain` (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `quota2` (
-	`username` VARCHAR(100) NOT NULL,
-	`bytes` BIGINT(20) NOT NULL DEFAULT '0',
-	`messages` INT(11) NOT NULL DEFAULT '0',
-	PRIMARY KEY (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `filterconf` (
-	`object` VARCHAR(100) NOT NULL DEFAULT '',
-	`option` VARCHAR(50) NOT NULL DEFAULT '',
-	`value` VARCHAR(100) NOT NULL DEFAULT '',
-	`prefid` INT(11) NOT NULL AUTO_INCREMENT,
-	PRIMARY KEY (`prefid`),
-	KEY `object` (`object`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `imapsync` (
-  `id` INT NOT NULL AUTO_INCREMENT,
-  `user2` VARCHAR(255) NOT NULL,
-  `host1` VARCHAR(255) NOT NULL,
-  `authmech1` ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN',
-  `regextrans2` VARCHAR(255) DEFAULT '',
-  `authmd51` TINYINT(1) NOT NULL DEFAULT 0,
-  `domain2` VARCHAR(255) NOT NULL DEFAULT '',
-  `subfolder2` VARCHAR(255) NOT NULL DEFAULT '',
-  `user1` VARCHAR(255) NOT NULL,
-  `password1` VARCHAR(255) NOT NULL,
-  `exclude` VARCHAR(500) NOT NULL DEFAULT '',
-  `maxage` SMALLINT NOT NULL DEFAULT '0',
-  `mins_interval` VARCHAR(50) NOT NULL,
-  `port1` SMALLINT NOT NULL,
-  `enc1` ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS',
-  `delete2duplicates` TINYINT(1) NOT NULL DEFAULT '1',
-  `returned_text` TEXT,
-  `last_run` TIMESTAMP NULL DEFAULT NULL,
-  `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `active` TINYINT(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `tfa` (
-  `id` INT NOT NULL AUTO_INCREMENT,
-  `username` VARCHAR(255) NOT NULL,
-  `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp'),
-  `secret` VARCHAR(255) DEFAULT NULL,
-  `keyHandle` VARCHAR(255) DEFAULT NULL,
-  `publicKey` VARCHAR(255) DEFAULT NULL,
-  `counter` INT NOT NULL DEFAULT '0',
-  `certificate` TEXT,
-  `active` TINYINT(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-DROP VIEW IF EXISTS grouped_mail_aliases;
-DROP VIEW IF EXISTS grouped_sender_acl;
-DROP VIEW IF EXISTS grouped_domain_alias_address;
-
-CREATE VIEW grouped_mail_aliases (username, aliases) AS
-SELECT goto, IFNULL(GROUP_CONCAT(address SEPARATOR ' '), '') AS address FROM alias
-WHERE address!=goto
-AND active = '1'
-AND address NOT LIKE '@%'
-GROUP BY goto;
-
-CREATE VIEW grouped_sender_acl (username, send_as) AS
-SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as FROM sender_acl
-WHERE send_as NOT LIKE '@%'
-GROUP BY logged_in_as;
-
-CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
-SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
-LEFT OUTER JOIN alias_domain on target_domain=domain GROUP BY username;
-
-CREATE TABLE IF NOT EXISTS sogo_acl (
-	c_folder_id INTEGER NOT NULL,
-	c_object character varying(255) NOT NULL,
-	c_uid character varying(255) NOT NULL,
-	c_role character varying(80) NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_alarms_folder (
-	c_path          VARCHAR(255) NOT NULL,
-	c_name          VARCHAR(255) NOT NULL,
-	c_uid           VARCHAR(255) NOT NULL,
-	c_recurrence_id INT(11)      DEFAULT NULL,
-	c_alarm_number  INT(11)      NOT NULL,
-	c_alarm_date    INT(11)      NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_cache_folder (
-	c_uid          VARCHAR(255) NOT NULL,
-	c_path         VARCHAR(255) NOT NULL,
-	c_parent_path  VARCHAR(255) DEFAULT NULL,
-	c_type         TINYINT(3)   unsigned NOT NULL,
-	c_creationdate INT(11)      NOT NULL,
-	c_lastmodified INT(11)      NOT NULL,
-	c_version      INT(11)      NOT NULL DEFAULT '0',
-	c_deleted      TINYINT(4)   NOT NULL DEFAULT '0',
-	c_content      longTEXT,
-	PRIMARY KEY (c_uid,c_path)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_folder_info (
-	c_folder_id      BIGINT(20)    unsigned NOT NULL AUTO_INCREMENT,
-	c_path           VARCHAR(255)  NOT NULL,
-	c_path1          VARCHAR(255)  NOT NULL,
-	c_path2          VARCHAR(255)  DEFAULT NULL,
-	c_path3          VARCHAR(255)  DEFAULT NULL,
-	c_path4          VARCHAR(255)  DEFAULT NULL,
-	c_foldername     VARCHAR(255)  NOT NULL,
-	c_location       INTeger NULL,
-	c_quick_location VARCHAR(2048) DEFAULT NULL,
-	c_acl_location   VARCHAR(2048) DEFAULT NULL,
-	c_folder_type    VARCHAR(255)  NOT NULL,
-	PRIMARY KEY (c_path),
-	UNIQUE KEY c_folder_id (c_folder_id)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_quick_appointment (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_uid character varying(255) NOT NULL,
-	c_startdate INTeger,
-	c_enddate INTeger,
-	c_cycleenddate INTeger,
-	c_title character varying(1000) NOT NULL,
-	c_participants TEXT,
-	c_isallday INTeger,
-	c_iscycle INTeger,
-	c_cycleinfo TEXT,
-	c_classification INTeger NOT NULL,
-	c_isopaque INTeger NOT NULL,
-	c_status INTeger NOT NULL,
-	c_priority INTeger,
-	c_location character varying(255),
-	c_orgmail character varying(255),
-	c_partmails TEXT,
-	c_partstates TEXT,
-	c_category character varying(255),
-	c_sequence INTeger,
-	c_component character varying(10) NOT NULL,
-	c_nextalarm INTeger,
-	c_description TEXT,
-	CONSTRAINT sogo_quick_appointment_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_quick_contact (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_givenname character varying(255),
-	c_cn character varying(255),
-	c_sn character varying(255),
-	c_screenname character varying(255),
-	c_l character varying(255),
-	c_mail character varying(255),
-	c_o character varying(255),
-	c_ou character varying(255),
-	c_telephonenumber character varying(255),
-	c_categories character varying(255),
-	c_component character varying(10) NOT NULL,
-	CONSTRAINT sogo_quick_contact_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_sessions_folder (
-	c_id           VARCHAR(255) NOT NULL,
-	c_value        VARCHAR(255) NOT NULL,
-	c_creationdate INT(11)      NOT NULL,
-	c_lastseen     INT(11)      NOT NULL,
-	PRIMARY KEY (c_id)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_store (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_content mediumTEXT NOT NULL,
-	c_creationdate INTeger NOT NULL,
-	c_lastmodified INTeger NOT NULL,
-	c_version INTeger NOT NULL,
-	c_deleted INTeger,
-	CONSTRAINT sogo_store_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_user_profile (
-	c_uid      VARCHAR(255) NOT NULL,
-	c_defaults TEXT,
-	c_settings TEXT,
-	PRIMARY KEY (c_uid)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-INSERT INTO `admin` (username, password, superadmin, created, modified, active) SELECT 'admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1 WHERE NOT EXISTS (SELECT * FROM `admin`);
-DELETE FROM `domain_admins`;
-INSERT INTO `domain_admins` (username, domain, created, active) SELECT `username`, 'ALL', NOW(), 1 FROM `admin` WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
new file mode 100644
index 00000000..3064bd8a
--- /dev/null
+++ b/data/web/inc/init_db.inc.php
@@ -0,0 +1,596 @@
+<?php
+function init_db_schema() {
+  try {
+    global $pdo;
+
+    $db_version = "23042017_1807";
+
+    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); 
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $stmt = $pdo->query("SELECT `version` FROM `versions`");
+      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
+        return true;
+      }
+    }
+
+    $views = array(
+    "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
+      SELECT goto, IFNULL(GROUP_CONCAT(address SEPARATOR ' '), '') AS address FROM alias
+      WHERE address!=goto
+      AND active = '1'
+      AND address NOT LIKE '@%'
+      GROUP BY goto;",
+    "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as) AS
+      SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as FROM sender_acl
+      WHERE send_as NOT LIKE '@%'
+      GROUP BY logged_in_as;",
+    "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
+      SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
+      LEFT OUTER JOIN alias_domain on target_domain=domain GROUP BY username;"
+    );
+
+    $tables = array(
+      "versions" => array(
+        "cols" => array(
+          "application" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(100) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("application")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "admin" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sender_acl" => array(
+        "cols" => array(
+          "logged_in_as" => "VARCHAR(255) NOT NULL",
+          "send_as" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain" => array(
+        "cols" => array(
+          "domain" => "VARCHAR(255) NOT NULL",
+          "description" => "VARCHAR(255)",
+          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
+          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
+          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "transport" => "VARCHAR(255) NOT NULL",
+          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias_domain" => array(
+        "cols" => array(
+          "alias_domain" => "VARCHAR(255) NOT NULL",
+          "target_domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("alias_domain")
+          ),
+          "key" => array(
+            "active" => array("active"),
+            "target_domain" => array("target_domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "spamalias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "validity" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "filterconf" => array(
+        "cols" => array(
+          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
+          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("prefid")
+          ),
+          "key" => array(
+            "object" => array("object")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "mailbox" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "name" => "VARCHAR(255)",
+          "maildir" => "VARCHAR(255) NOT NULL",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "local_part" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "wants_tagged_subject" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain_admins" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "key" => array(
+            "username" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "imapsync" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "user2" => "VARCHAR(255) NOT NULL",
+          "host1" => "VARCHAR(255) NOT NULL",
+          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
+          "regextrans2" => "VARCHAR(255) DEFAULT ''",
+          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
+          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "user1" => "VARCHAR(255) NOT NULL",
+          "password1" => "VARCHAR(255) NOT NULL",
+          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
+          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
+          "mins_interval" => "VARCHAR(50) NOT NULL",
+          "port1" => "SMALLINT NOT NULL",
+          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
+          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "returned_text" => "TEXT",
+          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tfa" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp')",
+          "secret" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(255) DEFAULT NULL",
+          "publicKey" => "VARCHAR(255) DEFAULT NULL",
+          "counter" => "INT NOT NULL DEFAULT '0'",
+          "certificate" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "forwarding_hosts" => array(
+        "cols" => array(
+          "host" => "VARCHAR(255) NOT NULL",
+          "source" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("host")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_acl" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_object" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_role" => "VARCHAR(80) NOT NULL"
+        ),
+        "keys" => array(
+          "key" => array(
+            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
+            "sogo_acl_c_uid_idx" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_alarms_folder" => array(
+        "cols" => array(
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_recurrence_id" => "INT(11) DEFAULT NULL",
+          "c_alarm_number" => "INT(11) NOT NULL",
+          "c_alarm_date" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_cache_folder" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
+          "c_type" => "TINYINT(3) unsigned NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastmodified" => "INT(11) NOT NULL",
+          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
+          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
+          "c_content" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid", "c_path")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_folder_info" => array(
+        "cols" => array(
+          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_path1" => "VARCHAR(255) NOT NULL",
+          "c_path2" => "VARCHAR(255) DEFAULT NULL",
+          "c_path3" => "VARCHAR(255) DEFAULT NULL",
+          "c_path4" => "VARCHAR(255) DEFAULT NULL",
+          "c_foldername" => "VARCHAR(255) NOT NULL",
+          "c_location" => "INT NULL",
+          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_folder_type" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_path")
+          ),
+          "unique" => array(
+            "c_folder_id" => array("c_folder_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_appointment" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_startdate" => "INT",
+          "c_enddate" => "INT",
+          "c_cycleenddate" => "INT",
+          "c_title" => "VARCHAR(1000) NOT NULL",
+          "c_participants" => "TEXT",
+          "c_isallday" => "INT",
+          "c_iscycle" => "INT",
+          "c_cycleinfo" => "TEXT",
+          "c_classification" => "INT NOT NULL",
+          "c_isopaque" => "INT NOT NULL",
+          "c_status" => "INT NOT NULL",
+          "c_priority" => "INT",
+          "c_location" => "VARCHAR(255)",
+          "c_orgmail" => "VARCHAR(255)",
+          "c_partmails" => "TEXT",
+          "c_partstates" => "TEXT",
+          "c_category" => "VARCHAR(255)",
+          "c_sequence" => "INT",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_nextalarm" => "INT",
+          "c_description" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_contact" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_givenname" => "VARCHAR(255)",
+          "c_cn" => "VARCHAR(255)",
+          "c_sn" => "VARCHAR(255)",
+          "c_screenname" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_mail" => "VARCHAR(255)",
+          "c_o" => "VARCHAR(255)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
+          "c_categories" => "VARCHAR(255)",
+          "c_component" => "VARCHAR(10) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_sessions_folder" => array(
+        "cols" => array(
+          "c_id" => "VARCHAR(255) NOT NULL",
+          "c_value" => "VARCHAR(255) NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastseen" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_store" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_content" => "MEDIUMTEXT NOT NULL",
+          "c_creationdate" => "INT NOT NULL",
+          "c_lastmodified" => "INT NOT NULL",
+          "c_version" => "INT NOT NULL",
+          "c_deleted" => "INT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_user_profile" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_defaults" => "TEXT",
+          "c_settings" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      )
+    );
+
+    foreach ($tables as $table => $properties) {
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        foreach($properties['cols'] as $column => $type) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
+          }
+          else {
+            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
+          }
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+        }
+        // Drop all vanished columns
+        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`"); 
+        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
+        while ($row = array_shift($cols_in_table)) {
+          if (!array_key_exists($row['Field'], $properties['cols'])) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
+          }
+        }
+
+        // Step 1: Get all non-primary keys, that currently exist and those that should exist
+        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'"); 
+        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
+        $keys_to_exist = array();
+        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
+          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
+          foreach ($properties['keys']['key'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Step 2: Drop all vanished indexes
+        while ($row = array_shift($keys_in_table)) {
+          if (!in_array($row['Key_name'], $keys_to_exist)) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
+          }
+        }
+        // Step 3: Drop all vanished primary keys
+        if (!isset($properties['keys']['primary'])) {
+          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+          }
+        }
+      }
+      else {
+        // Create table if it is missing
+        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
+        foreach($properties['cols'] as $column => $type) {
+          $sql .= $column . " " . $type . ",";
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+        }
+        $sql = rtrim($sql, ",");
+        $sql .= ") " . $properties['attr'];
+        $pdo->query($sql);
+      }
+      // Reset table attributes
+      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+    }
+
+    // Recreate SQL views
+    foreach ($views as $view => $create) {
+      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
+      $pdo->query($create);
+    }
+
+    // Inject admin if not exists
+    $stmt = $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      SELECT 'admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1
+        WHERE NOT EXISTS (SELECT * FROM `admin`);");
+    $stmt = $pdo->query("DELETE FROM `domain_admins`;");
+    $stmt = $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
+          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);"); 
+
+    // Insert new DB schema version
+    $stmt = $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');"); 
+
+    $_SESSION['return'] = array(
+      'type' => 'success',
+      'msg' => 'Database initialisation completed'
+    );
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'Database initialisation failed: ' . $e->getMessage()
+    );
+  }
+}
+?>
\ No newline at end of file
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 1959ae18..c766e780 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -29,18 +29,28 @@ require_once 'inc/lib/U2F.php';
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['SERVER_NAME']);
 
 // PDO
-$dsn = "$database_type:host=$database_host;dbname=$database_name";
+// Calculate offset
+$now = new DateTime();
+$mins = $now->getOffset() / 60;
+$sgn = ($mins < 0 ? -1 : 1);
+$mins = abs($mins);
+$hrs = floor($mins / 60);
+$mins -= $hrs * 60;
+$offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
+
+$dsn = $database_type . ":host=" . $database_host . ";dbname=" . $database_name;
 $opt = [
     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
     PDO::ATTR_EMULATE_PREPARES   => false,
+    PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "'",
 ];
 try {
 	$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
 ?>
-<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>🐮 Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/>  <?=$e->getMessage();?></center>
+<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>?? Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/>  <?=$e->getMessage();?></center>
 <?php
 exit;
 }
@@ -106,5 +116,6 @@ if (isset($_GET['lang'])) {
 require_once 'lang/lang.en.php';
 include 'lang/lang.'.$_SESSION['mailcow_locale'].'.php';
 require_once 'inc/functions.inc.php';
+require_once 'inc/init_db.inc.php';
 require_once 'inc/triggers.inc.php';
-(!isset($_SESSION['mailcow_cc_username'])) ? init_db_schema() : null;
+init_db_schema();
diff --git a/data/web/inc/spf.inc.php b/data/web/inc/spf.inc.php
new file mode 100644
index 00000000..0e584b40
--- /dev/null
+++ b/data/web/inc/spf.inc.php
@@ -0,0 +1,127 @@
+<?php
+function get_spf_allowed_hosts($domain)
+{
+	$hosts = array();
+	
+	$records = dns_get_record($domain, DNS_TXT);
+	foreach ($records as $record)
+	{
+		$txt = explode(' ', $record['entries'][0]);
+		if (array_shift($txt) != 'v=spf1') // only handle SPF records
+			continue;
+		
+		foreach ($txt as $mech)
+		{
+			$qual = substr($mech, 0, 1);
+			if ($qual == '-' || $qual == '~') // only handle pass or neutral records
+				continue(2);
+			
+			if ($qual == '+' || $qual == '?')
+				$mech = substr($mech, 1); // remove the qualifier
+			
+			if (strpos($mech, '=') !== FALSE) // handle a modifier
+			{
+				$mod = explode('=', $mech);
+				if ($mod[0] == 'redirect') // handle a redirect
+				{
+					$hosts = get_spf_allowed_hosts($mod[1]);
+					return $hosts;
+				}
+			}
+			else
+			{
+				unset($cidr);
+				if (strpos($mech, ':') !== FALSE) // handle a domain specification
+				{
+					$split = explode(':', $mech);
+					$mech = array_shift($split);
+					$domain = implode(':', $split);
+					if (strpos($domain, '/') !== FALSE) // remove CIDR specification
+					{
+						$split = explode('/', $domain);
+						$domain = $split[0];
+						$cidr = $split[1];
+					}
+				}
+				
+				$new_hosts = array();
+				if ($mech == 'include') // handle an inclusion
+				{
+					$new_hosts = get_spf_allowed_hosts($domain);
+				}
+				elseif ($mech == 'a') // handle a mechanism
+				{
+					$new_hosts = get_a_hosts($domain);
+				}
+				elseif ($mech == 'mx') // handle mx mechanism
+				{
+					$new_hosts = get_mx_hosts($domain);
+				}
+				elseif ($mech == 'ip4' || $mech == 'ip6') // handle ip mechanism
+				{
+					$new_hosts = array($domain);
+				}
+				
+				if (isset($cidr)) // add CIDR specification if present
+				{
+					foreach ($new_hosts as &$host)
+					{
+						$host .= '/' . $cidr;
+					}
+					unset($host);
+				}
+				
+				$hosts = array_unique(array_merge($hosts,$new_hosts), SORT_REGULAR);
+			}
+		}
+	}
+	
+	return $hosts;
+}
+
+function get_mx_hosts($domain)
+{
+	$hosts = array();
+	
+	$mx_records = dns_get_record($domain, DNS_MX);
+	foreach ($mx_records as $mx_record)
+	{
+		$new_hosts = get_a_hosts($mx_record['target']);
+		$hosts = array_unique(array_merge($hosts,$new_hosts), SORT_REGULAR);
+	}
+	
+	return $hosts;
+}
+
+function get_a_hosts($domain)
+{
+	$hosts = array();
+	
+	$a_records = dns_get_record($domain, DNS_A);
+	foreach ($a_records as $a_record)
+	{
+		$hosts[] = $a_record['ip'];
+	}
+	$a_records = dns_get_record($domain, DNS_AAAA);
+	foreach ($a_records as $a_record)
+	{
+		$hosts[] = $a_record['ipv6'];
+	}
+	
+	return $hosts;
+}
+
+function get_outgoing_hosts_best_guess($domain)
+{
+	// try the SPF record to get hosts that are allowed to send outgoing mails for this domain
+	$hosts = get_spf_allowed_hosts($domain);
+	if ($hosts) return $hosts;
+	
+	// try the MX record to get mail servers for this domain
+	$hosts = get_mx_hosts($domain);
+	if ($hosts) return $hosts;
+	
+	// fall back to the A record to get the host name for this domain
+	return get_a_hosts($domain);
+}
+?>
\ No newline at end of file
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 2895420d..5d8e7b7d 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -72,6 +72,12 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 	if (isset($_POST["delete_domain_admin"])) {
 		delete_domain_admin($_POST);
 	}
+	if (isset($_POST["add_forwarding_host"])) {
+		add_forwarding_host($_POST);
+	}
+	if (isset($_POST["delete_forwarding_host"])) {
+		delete_forwarding_host($_POST);
+	}
 }
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user") {
 	if (isset($_POST["edit_user_account"])) {
diff --git a/data/web/js/add.js b/data/web/js/add.js
index 54a70500..e7a3fd90 100644
--- a/data/web/js/add.js
+++ b/data/web/js/add.js
@@ -2,7 +2,7 @@ $(document).ready(function() {
 	// add.php
 	// Get max. possible quota for a domain when domain field changes
 	$('#addSelectDomain').on('change', function() {
-		$.get("/api/v1/domain/" + this.value, function(data){
+		$.get("/api/v1/get/domain/" + this.value, function(data){
       var result = jQuery.parseJSON( data );
       max_new_mailbox_quota = ( result.max_new_mailbox_quota / 1048576);
 			if (max_new_mailbox_quota != '0') {
diff --git a/data/web/js/admin.js b/data/web/js/admin.js
index feaf3907..647dba9a 100644
--- a/data/web/js/admin.js
+++ b/data/web/js/admin.js
@@ -1,7 +1,7 @@
 $(document).ready(function() {
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/domain-admin/all',
+    url: '/api/v1/get/domain-admin/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw domain administrator table');
diff --git a/data/web/js/bootstrap-select.min.js b/data/web/js/bootstrap-select.min.js
index d2a33149..9e20a22e 100644
--- a/data/web/js/bootstrap-select.min.js
+++ b/data/web/js/bootstrap-select.min.js
@@ -6,4 +6,3 @@
  */
 !function(a,b){"function"==typeof define&&define.amd?define(["jquery"],function(a){return b(a)}):"object"==typeof module&&module.exports?module.exports=b(require("jquery")):b(a.jQuery)}(this,function(a){!function(a){"use strict";function b(b){var c=[{re:/[\xC0-\xC6]/g,ch:"A"},{re:/[\xE0-\xE6]/g,ch:"a"},{re:/[\xC8-\xCB]/g,ch:"E"},{re:/[\xE8-\xEB]/g,ch:"e"},{re:/[\xCC-\xCF]/g,ch:"I"},{re:/[\xEC-\xEF]/g,ch:"i"},{re:/[\xD2-\xD6]/g,ch:"O"},{re:/[\xF2-\xF6]/g,ch:"o"},{re:/[\xD9-\xDC]/g,ch:"U"},{re:/[\xF9-\xFC]/g,ch:"u"},{re:/[\xC7-\xE7]/g,ch:"c"},{re:/[\xD1]/g,ch:"N"},{re:/[\xF1]/g,ch:"n"}];return a.each(c,function(){b=b?b.replace(this.re,this.ch):""}),b}function c(b){var c=arguments,d=b;[].shift.apply(c);var e,f=this.each(function(){var b=a(this);if(b.is("select")){var f=b.data("selectpicker"),g="object"==typeof d&&d;if(f){if(g)for(var h in g)g.hasOwnProperty(h)&&(f.options[h]=g[h])}else{var i=a.extend({},k.DEFAULTS,a.fn.selectpicker.defaults||{},b.data(),g);i.template=a.extend({},k.DEFAULTS.template,a.fn.selectpicker.defaults?a.fn.selectpicker.defaults.template:{},b.data().template,g.template),b.data("selectpicker",f=new k(this,i))}"string"==typeof d&&(e=f[d]instanceof Function?f[d].apply(f,c):f.options[d])}});return"undefined"!=typeof e?e:f}String.prototype.includes||!function(){var a={}.toString,b=function(){try{var a={},b=Object.defineProperty,c=b(a,a,a)&&b}catch(a){}return c}(),c="".indexOf,d=function(b){if(null==this)throw new TypeError;var d=String(this);if(b&&"[object RegExp]"==a.call(b))throw new TypeError;var e=d.length,f=String(b),g=f.length,h=arguments.length>1?arguments[1]:void 0,i=h?Number(h):0;i!=i&&(i=0);var j=Math.min(Math.max(i,0),e);return!(g+j>e)&&c.call(d,f,i)!=-1};b?b(String.prototype,"includes",{value:d,configurable:!0,writable:!0}):String.prototype.includes=d}(),String.prototype.startsWith||!function(){var a=function(){try{var a={},b=Object.defineProperty,c=b(a,a,a)&&b}catch(a){}return c}(),b={}.toString,c=function(a){if(null==this)throw new TypeError;var c=String(this);if(a&&"[object RegExp]"==b.call(a))throw new TypeError;var d=c.length,e=String(a),f=e.length,g=arguments.length>1?arguments[1]:void 0,h=g?Number(g):0;h!=h&&(h=0);var i=Math.min(Math.max(h,0),d);if(f+i>d)return!1;for(var j=-1;++j<f;)if(c.charCodeAt(i+j)!=e.charCodeAt(j))return!1;return!0};a?a(String.prototype,"startsWith",{value:c,configurable:!0,writable:!0}):String.prototype.startsWith=c}(),Object.keys||(Object.keys=function(a,b,c){c=[];for(b in a)c.hasOwnProperty.call(a,b)&&c.push(b);return c});var d={useDefault:!1,_set:a.valHooks.select.set};a.valHooks.select.set=function(b,c){return c&&!d.useDefault&&a(b).data("selected",!0),d._set.apply(this,arguments)};var e=null;a.fn.triggerNative=function(a){var b,c=this[0];c.dispatchEvent?("function"==typeof Event?b=new Event(a,{bubbles:!0}):(b=document.createEvent("Event"),b.initEvent(a,!0,!1)),c.dispatchEvent(b)):c.fireEvent?(b=document.createEventObject(),b.eventType=a,c.fireEvent("on"+a,b)):this.trigger(a)},a.expr.pseudos.icontains=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.text()).toString().toUpperCase();return f.includes(d[3].toUpperCase())},a.expr.pseudos.ibegins=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.text()).toString().toUpperCase();return f.startsWith(d[3].toUpperCase())},a.expr.pseudos.aicontains=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.data("normalizedText")||e.text()).toString().toUpperCase();return f.includes(d[3].toUpperCase())},a.expr.pseudos.aibegins=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.data("normalizedText")||e.text()).toString().toUpperCase();return f.startsWith(d[3].toUpperCase())};var f={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","`":"&#x60;"},g={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#x27;":"'","&#x60;":"`"},h=function(a){var b=function(b){return a[b]},c="(?:"+Object.keys(a).join("|")+")",d=RegExp(c),e=RegExp(c,"g");return function(a){return a=null==a?"":""+a,d.test(a)?a.replace(e,b):a}},i=h(f),j=h(g),k=function(b,c){d.useDefault||(a.valHooks.select.set=d._set,d.useDefault=!0),this.$element=a(b),this.$newElement=null,this.$button=null,this.$menu=null,this.$lis=null,this.options=c,null===this.options.title&&(this.options.title=this.$element.attr("title"));var e=this.options.windowPadding;"number"==typeof e&&(this.options.windowPadding=[e,e,e,e]),this.val=k.prototype.val,this.render=k.prototype.render,this.refresh=k.prototype.refresh,this.setStyle=k.prototype.setStyle,this.selectAll=k.prototype.selectAll,this.deselectAll=k.prototype.deselectAll,this.destroy=k.prototype.destroy,this.remove=k.prototype.remove,this.show=k.prototype.show,this.hide=k.prototype.hide,this.init()};k.VERSION="1.12.2",k.DEFAULTS={noneSelectedText:"Nothing selected",noneResultsText:"No results matched {0}",countSelectedText:function(a,b){return 1==a?"{0} item selected":"{0} items selected"},maxOptionsText:function(a,b){return[1==a?"Limit reached ({n} item max)":"Limit reached ({n} items max)",1==b?"Group limit reached ({n} item max)":"Group limit reached ({n} items max)"]},selectAllText:"Select All",deselectAllText:"Deselect All",doneButton:!1,doneButtonText:"Close",multipleSeparator:", ",styleBase:"btn",style:"btn-default",size:"auto",title:null,selectedTextFormat:"values",width:!1,container:!1,hideDisabled:!1,showSubtext:!1,showIcon:!0,showContent:!0,dropupAuto:!0,header:!1,liveSearch:!1,liveSearchPlaceholder:null,liveSearchNormalize:!1,liveSearchStyle:"contains",actionsBox:!1,iconBase:"glyphicon",tickIcon:"glyphicon-ok",showTick:!1,template:{caret:'<span class="caret"></span>'},maxOptions:!1,mobile:!1,selectOnTab:!1,dropdownAlignRight:!1,windowPadding:0},k.prototype={constructor:k,init:function(){var b=this,c=this.$element.attr("id");this.$element.addClass("bs-select-hidden"),this.liObj={},this.multiple=this.$element.prop("multiple"),this.autofocus=this.$element.prop("autofocus"),this.$newElement=this.createView(),this.$element.after(this.$newElement).appendTo(this.$newElement),this.$button=this.$newElement.children("button"),this.$menu=this.$newElement.children(".dropdown-menu"),this.$menuInner=this.$menu.children(".inner"),this.$searchbox=this.$menu.find("input"),this.$element.removeClass("bs-select-hidden"),this.options.dropdownAlignRight===!0&&this.$menu.addClass("dropdown-menu-right"),"undefined"!=typeof c&&(this.$button.attr("data-id",c),a('label[for="'+c+'"]').click(function(a){a.preventDefault(),b.$button.focus()})),this.checkDisabled(),this.clickListener(),this.options.liveSearch&&this.liveSearchListener(),this.render(),this.setStyle(),this.setWidth(),this.options.container&&this.selectPosition(),this.$menu.data("this",this),this.$newElement.data("this",this),this.options.mobile&&this.mobile(),this.$newElement.on({"hide.bs.dropdown":function(a){b.$menuInner.attr("aria-expanded",!1),b.$element.trigger("hide.bs.select",a)},"hidden.bs.dropdown":function(a){b.$element.trigger("hidden.bs.select",a)},"show.bs.dropdown":function(a){b.$menuInner.attr("aria-expanded",!0),b.$element.trigger("show.bs.select",a)},"shown.bs.dropdown":function(a){b.$element.trigger("shown.bs.select",a)}}),b.$element[0].hasAttribute("required")&&this.$element.on("invalid",function(){b.$button.addClass("bs-invalid").focus(),b.$element.on({"focus.bs.select":function(){b.$button.focus(),b.$element.off("focus.bs.select")},"shown.bs.select":function(){b.$element.val(b.$element.val()).off("shown.bs.select")},"rendered.bs.select":function(){this.validity.valid&&b.$button.removeClass("bs-invalid"),b.$element.off("rendered.bs.select")}})}),setTimeout(function(){b.$element.trigger("loaded.bs.select")})},createDropdown:function(){var b=this.multiple||this.options.showTick?" show-tick":"",c=this.$element.parent().hasClass("input-group")?" input-group-btn":"",d=this.autofocus?" autofocus":"",e=this.options.header?'<div class="popover-title"><button type="button" class="close" aria-hidden="true">&times;</button>'+this.options.header+"</div>":"",f=this.options.liveSearch?'<div class="bs-searchbox"><input type="text" class="form-control" autocomplete="off"'+(null===this.options.liveSearchPlaceholder?"":' placeholder="'+i(this.options.liveSearchPlaceholder)+'"')+' role="textbox" aria-label="Search"></div>':"",g=this.multiple&&this.options.actionsBox?'<div class="bs-actionsbox"><div class="btn-group btn-group-sm btn-block"><button type="button" class="actions-btn bs-select-all btn btn-default">'+this.options.selectAllText+'</button><button type="button" class="actions-btn bs-deselect-all btn btn-default">'+this.options.deselectAllText+"</button></div></div>":"",h=this.multiple&&this.options.doneButton?'<div class="bs-donebutton"><div class="btn-group btn-block"><button type="button" class="btn btn-sm btn-default">'+this.options.doneButtonText+"</button></div></div>":"",j='<div class="btn-group bootstrap-select'+b+c+'"><button type="button" class="'+this.options.styleBase+' dropdown-toggle" data-toggle="dropdown"'+d+' role="button"><span class="filter-option pull-left"></span>&nbsp;<span class="bs-caret">'+this.options.template.caret+'</span></button><div class="dropdown-menu open" role="combobox">'+e+f+g+'<ul class="dropdown-menu inner" role="listbox" aria-expanded="false"></ul>'+h+"</div></div>";return a(j)},createView:function(){var a=this.createDropdown(),b=this.createLi();return a.find("ul")[0].innerHTML=b,a},reloadLi:function(){var a=this.createLi();this.$menuInner[0].innerHTML=a},createLi:function(){var c=this,d=[],e=0,f=document.createElement("option"),g=-1,h=function(a,b,c,d){return"<li"+("undefined"!=typeof c&""!==c?' class="'+c+'"':"")+("undefined"!=typeof b&null!==b?' data-original-index="'+b+'"':"")+("undefined"!=typeof d&null!==d?'data-optgroup="'+d+'"':"")+">"+a+"</li>"},j=function(d,e,f,g){return'<a tabindex="0"'+("undefined"!=typeof e?' class="'+e+'"':"")+(f?' style="'+f+'"':"")+(c.options.liveSearchNormalize?' data-normalized-text="'+b(i(a(d).html()))+'"':"")+("undefined"!=typeof g||null!==g?' data-tokens="'+g+'"':"")+' role="option">'+d+'<span class="'+c.options.iconBase+" "+c.options.tickIcon+' check-mark"></span></a>'};if(this.options.title&&!this.multiple&&(g--,!this.$element.find(".bs-title-option").length)){var k=this.$element[0];f.className="bs-title-option",f.innerHTML=this.options.title,f.value="",k.insertBefore(f,k.firstChild);var l=a(k.options[k.selectedIndex]);void 0===l.attr("selected")&&void 0===this.$element.data("selected")&&(f.selected=!0)}return this.$element.find("option").each(function(b){var f=a(this);if(g++,!f.hasClass("bs-title-option")){var k=this.className||"",l=this.style.cssText,m=f.data("content")?f.data("content"):f.html(),n=f.data("tokens")?f.data("tokens"):null,o="undefined"!=typeof f.data("subtext")?'<small class="text-muted">'+f.data("subtext")+"</small>":"",p="undefined"!=typeof f.data("icon")?'<span class="'+c.options.iconBase+" "+f.data("icon")+'"></span> ':"",q=f.parent(),r="OPTGROUP"===q[0].tagName,s=r&&q[0].disabled,t=this.disabled||s;if(""!==p&&t&&(p="<span>"+p+"</span>"),c.options.hideDisabled&&(t&&!r||s))return void g--;if(f.data("content")||(m=p+'<span class="text">'+m+o+"</span>"),r&&f.data("divider")!==!0){if(c.options.hideDisabled&&t){if(void 0===q.data("allOptionsDisabled")){var u=q.children();q.data("allOptionsDisabled",u.filter(":disabled").length===u.length)}if(q.data("allOptionsDisabled"))return void g--}var v=" "+q[0].className||"";if(0===f.index()){e+=1;var w=q[0].label,x="undefined"!=typeof q.data("subtext")?'<small class="text-muted">'+q.data("subtext")+"</small>":"",y=q.data("icon")?'<span class="'+c.options.iconBase+" "+q.data("icon")+'"></span> ':"";w=y+'<span class="text">'+i(w)+x+"</span>",0!==b&&d.length>0&&(g++,d.push(h("",null,"divider",e+"div"))),g++,d.push(h(w,null,"dropdown-header"+v,e))}if(c.options.hideDisabled&&t)return void g--;d.push(h(j(m,"opt "+k+v,l,n),b,"",e))}else if(f.data("divider")===!0)d.push(h("",b,"divider"));else if(f.data("hidden")===!0)d.push(h(j(m,k,l,n),b,"hidden is-hidden"));else{var z=this.previousElementSibling&&"OPTGROUP"===this.previousElementSibling.tagName;if(!z&&c.options.hideDisabled)for(var A=a(this).prevAll(),B=0;B<A.length;B++)if("OPTGROUP"===A[B].tagName){for(var C=0,D=0;D<B;D++){var E=A[D];(E.disabled||a(E).data("hidden")===!0)&&C++}C===B&&(z=!0);break}z&&(g++,d.push(h("",null,"divider",e+"div"))),d.push(h(j(m,k,l,n),b))}c.liObj[b]=g}}),this.multiple||0!==this.$element.find("option:selected").length||this.options.title||this.$element.find("option").eq(0).prop("selected",!0).attr("selected","selected"),d.join("")},findLis:function(){return null==this.$lis&&(this.$lis=this.$menu.find("li")),this.$lis},render:function(b){var c,d=this;b!==!1&&this.$element.find("option").each(function(a){var b=d.findLis().eq(d.liObj[a]);d.setDisabled(a,this.disabled||"OPTGROUP"===this.parentNode.tagName&&this.parentNode.disabled,b),d.setSelected(a,this.selected,b)}),this.togglePlaceholder(),this.tabIndex();var e=this.$element.find("option").map(function(){if(this.selected){if(d.options.hideDisabled&&(this.disabled||"OPTGROUP"===this.parentNode.tagName&&this.parentNode.disabled))return;var b,c=a(this),e=c.data("icon")&&d.options.showIcon?'<i class="'+d.options.iconBase+" "+c.data("icon")+'"></i> ':"";return b=d.options.showSubtext&&c.data("subtext")&&!d.multiple?' <small class="text-muted">'+c.data("subtext")+"</small>":"","undefined"!=typeof c.attr("title")?c.attr("title"):c.data("content")&&d.options.showContent?c.data("content").toString():e+c.html()+b}}).toArray(),f=this.multiple?e.join(this.options.multipleSeparator):e[0];if(this.multiple&&this.options.selectedTextFormat.indexOf("count")>-1){var g=this.options.selectedTextFormat.split(">");if(g.length>1&&e.length>g[1]||1==g.length&&e.length>=2){c=this.options.hideDisabled?", [disabled]":"";var h=this.$element.find("option").not('[data-divider="true"], [data-hidden="true"]'+c).length,i="function"==typeof this.options.countSelectedText?this.options.countSelectedText(e.length,h):this.options.countSelectedText;f=i.replace("{0}",e.length.toString()).replace("{1}",h.toString())}}void 0==this.options.title&&(this.options.title=this.$element.attr("title")),"static"==this.options.selectedTextFormat&&(f=this.options.title),f||(f="undefined"!=typeof this.options.title?this.options.title:this.options.noneSelectedText),this.$button.attr("title",j(a.trim(f.replace(/<[^>]*>?/g,"")))),this.$button.children(".filter-option").html(f),this.$element.trigger("rendered.bs.select")},setStyle:function(a,b){this.$element.attr("class")&&this.$newElement.addClass(this.$element.attr("class").replace(/selectpicker|mobile-device|bs-select-hidden|validate\[.*\]/gi,""));var c=a?a:this.options.style;"add"==b?this.$button.addClass(c):"remove"==b?this.$button.removeClass(c):(this.$button.removeClass(this.options.style),this.$button.addClass(c))},liHeight:function(b){if(b||this.options.size!==!1&&!this.sizeInfo){var c=document.createElement("div"),d=document.createElement("div"),e=document.createElement("ul"),f=document.createElement("li"),g=document.createElement("li"),h=document.createElement("a"),i=document.createElement("span"),j=this.options.header&&this.$menu.find(".popover-title").length>0?this.$menu.find(".popover-title")[0].cloneNode(!0):null,k=this.options.liveSearch?document.createElement("div"):null,l=this.options.actionsBox&&this.multiple&&this.$menu.find(".bs-actionsbox").length>0?this.$menu.find(".bs-actionsbox")[0].cloneNode(!0):null,m=this.options.doneButton&&this.multiple&&this.$menu.find(".bs-donebutton").length>0?this.$menu.find(".bs-donebutton")[0].cloneNode(!0):null;if(i.className="text",c.className=this.$menu[0].parentNode.className+" open",d.className="dropdown-menu open",e.className="dropdown-menu inner",f.className="divider",i.appendChild(document.createTextNode("Inner text")),h.appendChild(i),g.appendChild(h),e.appendChild(g),e.appendChild(f),j&&d.appendChild(j),k){var n=document.createElement("input");k.className="bs-searchbox",n.className="form-control",k.appendChild(n),d.appendChild(k)}l&&d.appendChild(l),d.appendChild(e),m&&d.appendChild(m),c.appendChild(d),document.body.appendChild(c);var o=h.offsetHeight,p=j?j.offsetHeight:0,q=k?k.offsetHeight:0,r=l?l.offsetHeight:0,s=m?m.offsetHeight:0,t=a(f).outerHeight(!0),u="function"==typeof getComputedStyle&&getComputedStyle(d),v=u?null:a(d),w={vert:parseInt(u?u.paddingTop:v.css("paddingTop"))+parseInt(u?u.paddingBottom:v.css("paddingBottom"))+parseInt(u?u.borderTopWidth:v.css("borderTopWidth"))+parseInt(u?u.borderBottomWidth:v.css("borderBottomWidth")),horiz:parseInt(u?u.paddingLeft:v.css("paddingLeft"))+parseInt(u?u.paddingRight:v.css("paddingRight"))+parseInt(u?u.borderLeftWidth:v.css("borderLeftWidth"))+parseInt(u?u.borderRightWidth:v.css("borderRightWidth"))},x={vert:w.vert+parseInt(u?u.marginTop:v.css("marginTop"))+parseInt(u?u.marginBottom:v.css("marginBottom"))+2,horiz:w.horiz+parseInt(u?u.marginLeft:v.css("marginLeft"))+parseInt(u?u.marginRight:v.css("marginRight"))+2};document.body.removeChild(c),this.sizeInfo={liHeight:o,headerHeight:p,searchHeight:q,actionsHeight:r,doneButtonHeight:s,dividerHeight:t,menuPadding:w,menuExtras:x}}},setSize:function(){if(this.findLis(),this.liHeight(),this.options.header&&this.$menu.css("padding-top",0),this.options.size!==!1){var b,c,d,e,f,g,h,i,j=this,k=this.$menu,l=this.$menuInner,m=a(window),n=this.$newElement[0].offsetHeight,o=this.$newElement[0].offsetWidth,p=this.sizeInfo.liHeight,q=this.sizeInfo.headerHeight,r=this.sizeInfo.searchHeight,s=this.sizeInfo.actionsHeight,t=this.sizeInfo.doneButtonHeight,u=this.sizeInfo.dividerHeight,v=this.sizeInfo.menuPadding,w=this.sizeInfo.menuExtras,x=this.options.hideDisabled?".disabled":"",y=function(){var b,c=j.$newElement.offset(),d=a(j.options.container);j.options.container&&!d.is("body")?(b=d.offset(),b.top+=parseInt(d.css("borderTopWidth")),b.left+=parseInt(d.css("borderLeftWidth"))):b={top:0,left:0};var e=j.options.windowPadding;f=c.top-b.top-m.scrollTop(),g=m.height()-f-n-b.top-e[2],h=c.left-b.left-m.scrollLeft(),i=m.width()-h-o-b.left-e[1],f-=e[0],h-=e[3]};if(y(),"auto"===this.options.size){var z=function(){var m,n=function(b,c){return function(d){return c?d.classList?d.classList.contains(b):a(d).hasClass(b):!(d.classList?d.classList.contains(b):a(d).hasClass(b))}},u=j.$menuInner[0].getElementsByTagName("li"),x=Array.prototype.filter?Array.prototype.filter.call(u,n("hidden",!1)):j.$lis.not(".hidden"),z=Array.prototype.filter?Array.prototype.filter.call(x,n("dropdown-header",!0)):x.filter(".dropdown-header");y(),b=g-w.vert,c=i-w.horiz,j.options.container?(k.data("height")||k.data("height",k.height()),d=k.data("height"),k.data("width")||k.data("width",k.width()),e=k.data("width")):(d=k.height(),e=k.width()),j.options.dropupAuto&&j.$newElement.toggleClass("dropup",f>g&&b-w.vert<d),j.$newElement.hasClass("dropup")&&(b=f-w.vert),"auto"===j.options.dropdownAlignRight&&k.toggleClass("dropdown-menu-right",h>i&&c-w.horiz<e-o),m=x.length+z.length>3?3*p+w.vert-2:0,k.css({"max-height":b+"px",overflow:"hidden","min-height":m+q+r+s+t+"px"}),l.css({"max-height":b-q-r-s-t-v.vert+"px","overflow-y":"auto","min-height":Math.max(m-v.vert,0)+"px"})};z(),this.$searchbox.off("input.getSize propertychange.getSize").on("input.getSize propertychange.getSize",z),m.off("resize.getSize scroll.getSize").on("resize.getSize scroll.getSize",z)}else if(this.options.size&&"auto"!=this.options.size&&this.$lis.not(x).length>this.options.size){var A=this.$lis.not(".divider").not(x).children().slice(0,this.options.size).last().parent().index(),B=this.$lis.slice(0,A+1).filter(".divider").length;b=p*this.options.size+B*u+v.vert,j.options.container?(k.data("height")||k.data("height",k.height()),d=k.data("height")):d=k.height(),j.options.dropupAuto&&this.$newElement.toggleClass("dropup",f>g&&b-w.vert<d),k.css({"max-height":b+q+r+s+t+"px",overflow:"hidden","min-height":""}),l.css({"max-height":b-v.vert+"px","overflow-y":"auto","min-height":""})}}},setWidth:function(){if("auto"===this.options.width){this.$menu.css("min-width","0");var a=this.$menu.parent().clone().appendTo("body"),b=this.options.container?this.$newElement.clone().appendTo("body"):a,c=a.children(".dropdown-menu").outerWidth(),d=b.css("width","auto").children("button").outerWidth();a.remove(),b.remove(),this.$newElement.css("width",Math.max(c,d)+"px")}else"fit"===this.options.width?(this.$menu.css("min-width",""),this.$newElement.css("width","").addClass("fit-width")):this.options.width?(this.$menu.css("min-width",""),this.$newElement.css("width",this.options.width)):(this.$menu.css("min-width",""),this.$newElement.css("width",""));this.$newElement.hasClass("fit-width")&&"fit"!==this.options.width&&this.$newElement.removeClass("fit-width")},selectPosition:function(){this.$bsContainer=a('<div class="bs-container" />');var b,c,d,e=this,f=a(this.options.container),g=function(a){e.$bsContainer.addClass(a.attr("class").replace(/form-control|fit-width/gi,"")).toggleClass("dropup",a.hasClass("dropup")),b=a.offset(),f.is("body")?c={top:0,left:0}:(c=f.offset(),c.top+=parseInt(f.css("borderTopWidth"))-f.scrollTop(),c.left+=parseInt(f.css("borderLeftWidth"))-f.scrollLeft()),d=a.hasClass("dropup")?0:a[0].offsetHeight,e.$bsContainer.css({top:b.top-c.top+d,left:b.left-c.left,width:a[0].offsetWidth})};this.$button.on("click",function(){var b=a(this);e.isDisabled()||(g(e.$newElement),e.$bsContainer.appendTo(e.options.container).toggleClass("open",!b.hasClass("open")).append(e.$menu))}),a(window).on("resize scroll",function(){g(e.$newElement)}),this.$element.on("hide.bs.select",function(){e.$menu.data("height",e.$menu.height()),e.$bsContainer.detach()})},setSelected:function(a,b,c){c||(this.togglePlaceholder(),c=this.findLis().eq(this.liObj[a])),c.toggleClass("selected",b).find("a").attr("aria-selected",b)},setDisabled:function(a,b,c){c||(c=this.findLis().eq(this.liObj[a])),b?c.addClass("disabled").children("a").attr("href","#").attr("tabindex",-1).attr("aria-disabled",!0):c.removeClass("disabled").children("a").removeAttr("href").attr("tabindex",0).attr("aria-disabled",!1)},isDisabled:function(){return this.$element[0].disabled},checkDisabled:function(){var a=this;this.isDisabled()?(this.$newElement.addClass("disabled"),this.$button.addClass("disabled").attr("tabindex",-1).attr("aria-disabled",!0)):(this.$button.hasClass("disabled")&&(this.$newElement.removeClass("disabled"),this.$button.removeClass("disabled").attr("aria-disabled",!1)),this.$button.attr("tabindex")!=-1||this.$element.data("tabindex")||this.$button.removeAttr("tabindex")),this.$button.click(function(){return!a.isDisabled()})},togglePlaceholder:function(){var a=this.$element.val();this.$button.toggleClass("bs-placeholder",null===a||""===a||a.constructor===Array&&0===a.length)},tabIndex:function(){this.$element.data("tabindex")!==this.$element.attr("tabindex")&&this.$element.attr("tabindex")!==-98&&"-98"!==this.$element.attr("tabindex")&&(this.$element.data("tabindex",this.$element.attr("tabindex")),this.$button.attr("tabindex",this.$element.data("tabindex"))),this.$element.attr("tabindex",-98)},clickListener:function(){var b=this,c=a(document);c.data("spaceSelect",!1),this.$button.on("keyup",function(a){/(32)/.test(a.keyCode.toString(10))&&c.data("spaceSelect")&&(a.preventDefault(),c.data("spaceSelect",!1))}),this.$button.on("click",function(){b.setSize()}),this.$element.on("shown.bs.select",function(){if(b.options.liveSearch||b.multiple){if(!b.multiple){var a=b.liObj[b.$element[0].selectedIndex];if("number"!=typeof a||b.options.size===!1)return;var c=b.$lis.eq(a)[0].offsetTop-b.$menuInner[0].offsetTop;c=c-b.$menuInner[0].offsetHeight/2+b.sizeInfo.liHeight/2,b.$menuInner[0].scrollTop=c}}else b.$menuInner.find(".selected a").focus()}),this.$menuInner.on("click","li a",function(c){var d=a(this),f=d.parent().data("originalIndex"),g=b.$element.val(),h=b.$element.prop("selectedIndex"),i=!0;if(b.multiple&&1!==b.options.maxOptions&&c.stopPropagation(),c.preventDefault(),!b.isDisabled()&&!d.parent().hasClass("disabled")){var j=b.$element.find("option"),k=j.eq(f),l=k.prop("selected"),m=k.parent("optgroup"),n=b.options.maxOptions,o=m.data("maxOptions")||!1;if(b.multiple){if(k.prop("selected",!l),b.setSelected(f,!l),d.blur(),n!==!1||o!==!1){var p=n<j.filter(":selected").length,q=o<m.find("option:selected").length;if(n&&p||o&&q)if(n&&1==n)j.prop("selected",!1),k.prop("selected",!0),b.$menuInner.find(".selected").removeClass("selected"),b.setSelected(f,!0);else if(o&&1==o){m.find("option:selected").prop("selected",!1),k.prop("selected",!0);var r=d.parent().data("optgroup");b.$menuInner.find('[data-optgroup="'+r+'"]').removeClass("selected"),b.setSelected(f,!0)}else{var s="string"==typeof b.options.maxOptionsText?[b.options.maxOptionsText,b.options.maxOptionsText]:b.options.maxOptionsText,t="function"==typeof s?s(n,o):s,u=t[0].replace("{n}",n),v=t[1].replace("{n}",o),w=a('<div class="notify"></div>');t[2]&&(u=u.replace("{var}",t[2][n>1?0:1]),v=v.replace("{var}",t[2][o>1?0:1])),k.prop("selected",!1),b.$menu.append(w),n&&p&&(w.append(a("<div>"+u+"</div>")),i=!1,b.$element.trigger("maxReached.bs.select")),o&&q&&(w.append(a("<div>"+v+"</div>")),i=!1,b.$element.trigger("maxReachedGrp.bs.select")),setTimeout(function(){b.setSelected(f,!1)},10),w.delay(750).fadeOut(300,function(){a(this).remove()})}}}else j.prop("selected",!1),k.prop("selected",!0),b.$menuInner.find(".selected").removeClass("selected").find("a").attr("aria-selected",!1),b.setSelected(f,!0);!b.multiple||b.multiple&&1===b.options.maxOptions?b.$button.focus():b.options.liveSearch&&b.$searchbox.focus(),i&&(g!=b.$element.val()&&b.multiple||h!=b.$element.prop("selectedIndex")&&!b.multiple)&&(e=[f,k.prop("selected"),l],b.$element.triggerNative("change"))}}),this.$menu.on("click","li.disabled a, .popover-title, .popover-title :not(.close)",function(c){c.currentTarget==this&&(c.preventDefault(),c.stopPropagation(),b.options.liveSearch&&!a(c.target).hasClass("close")?b.$searchbox.focus():b.$button.focus())}),this.$menuInner.on("click",".divider, .dropdown-header",function(a){a.preventDefault(),a.stopPropagation(),b.options.liveSearch?b.$searchbox.focus():b.$button.focus()}),this.$menu.on("click",".popover-title .close",function(){b.$button.click()}),this.$searchbox.on("click",function(a){a.stopPropagation()}),this.$menu.on("click",".actions-btn",function(c){b.options.liveSearch?b.$searchbox.focus():b.$button.focus(),c.preventDefault(),c.stopPropagation(),a(this).hasClass("bs-select-all")?b.selectAll():b.deselectAll()}),this.$element.change(function(){b.render(!1),b.$element.trigger("changed.bs.select",e),e=null})},liveSearchListener:function(){var c=this,d=a('<li class="no-results"></li>');this.$button.on("click.dropdown.data-api",function(){c.$menuInner.find(".active").removeClass("active"),c.$searchbox.val()&&(c.$searchbox.val(""),c.$lis.not(".is-hidden").removeClass("hidden"),d.parent().length&&d.remove()),c.multiple||c.$menuInner.find(".selected").addClass("active"),setTimeout(function(){c.$searchbox.focus()},10)}),this.$searchbox.on("click.dropdown.data-api focus.dropdown.data-api touchend.dropdown.data-api",function(a){a.stopPropagation()}),this.$searchbox.on("input propertychange",function(){if(c.$lis.not(".is-hidden").removeClass("hidden"),c.$lis.filter(".active").removeClass("active"),d.remove(),c.$searchbox.val()){var e,f=c.$lis.not(".is-hidden, .divider, .dropdown-header");if(e=c.options.liveSearchNormalize?f.find("a").not(":a"+c._searchStyle()+'("'+b(c.$searchbox.val())+'")'):f.find("a").not(":"+c._searchStyle()+'("'+c.$searchbox.val()+'")'),e.length===f.length)d.html(c.options.noneResultsText.replace("{0}",'"'+i(c.$searchbox.val())+'"')),c.$menuInner.append(d),c.$lis.addClass("hidden");else{e.parent().addClass("hidden");var g,h=c.$lis.not(".hidden");h.each(function(b){var c=a(this);c.hasClass("divider")?void 0===g?c.addClass("hidden"):(g&&g.addClass("hidden"),g=c):c.hasClass("dropdown-header")&&h.eq(b+1).data("optgroup")!==c.data("optgroup")?c.addClass("hidden"):g=null}),g&&g.addClass("hidden"),f.not(".hidden").first().addClass("active")}}})},_searchStyle:function(){var a={begins:"ibegins",startsWith:"ibegins"};return a[this.options.liveSearchStyle]||"icontains"},val:function(a){return"undefined"!=typeof a?(this.$element.val(a),this.render(),this.$element):this.$element.val()},changeAll:function(b){if(this.multiple){"undefined"==typeof b&&(b=!0),this.findLis();var c=this.$element.find("option"),d=this.$lis.not(".divider, .dropdown-header, .disabled, .hidden"),e=d.length,f=[];if(b){if(d.filter(".selected").length===d.length)return}else if(0===d.filter(".selected").length)return;d.toggleClass("selected",b);for(var g=0;g<e;g++){var h=d[g].getAttribute("data-original-index");f[f.length]=c.eq(h)[0]}a(f).prop("selected",b),this.render(!1),this.togglePlaceholder(),this.$element.triggerNative("change")}},selectAll:function(){return this.changeAll(!0)},deselectAll:function(){return this.changeAll(!1)},toggle:function(a){a=a||window.event,a&&a.stopPropagation(),this.$button.trigger("click")},keydown:function(c){var d,e,f,g,h,i,j,k,l,m=a(this),n=m.is("input")?m.parent().parent():m.parent(),o=n.data("this"),p=":not(.disabled, .hidden, .dropdown-header, .divider)",q={32:" ",48:"0",49:"1",50:"2",51:"3",52:"4",53:"5",54:"6",55:"7",56:"8",57:"9",59:";",65:"a",66:"b",67:"c",68:"d",69:"e",70:"f",71:"g",72:"h",73:"i",74:"j",75:"k",76:"l",77:"m",78:"n",79:"o",80:"p",81:"q",82:"r",83:"s",84:"t",85:"u",86:"v",87:"w",88:"x",89:"y",90:"z",96:"0",97:"1",98:"2",99:"3",100:"4",101:"5",102:"6",103:"7",104:"8",105:"9"};if(o.options.liveSearch&&(n=m.parent().parent()),o.options.container&&(n=o.$menu),d=a('[role="listbox"] li',n),l=o.$newElement.hasClass("open"),!l&&(c.keyCode>=48&&c.keyCode<=57||c.keyCode>=96&&c.keyCode<=105||c.keyCode>=65&&c.keyCode<=90))return o.options.container?o.$button.trigger("click"):(o.setSize(),o.$menu.parent().addClass("open"),l=!0),void o.$searchbox.focus();if(o.options.liveSearch&&(/(^9$|27)/.test(c.keyCode.toString(10))&&l&&(c.preventDefault(),c.stopPropagation(),o.$menuInner.click(),o.$button.focus()),d=a('[role="listbox"] li'+p,n),m.val()||/(38|40)/.test(c.keyCode.toString(10))||0===d.filter(".active").length&&(d=o.$menuInner.find("li"),d=o.options.liveSearchNormalize?d.filter(":a"+o._searchStyle()+"("+b(q[c.keyCode])+")"):d.filter(":"+o._searchStyle()+"("+q[c.keyCode]+")"))),d.length){if(/(38|40)/.test(c.keyCode.toString(10)))e=d.index(d.find("a").filter(":focus").parent()),g=d.filter(p).first().index(),h=d.filter(p).last().index(),f=d.eq(e).nextAll(p).eq(0).index(),i=d.eq(e).prevAll(p).eq(0).index(),j=d.eq(f).prevAll(p).eq(0).index(),o.options.liveSearch&&(d.each(function(b){a(this).hasClass("disabled")||a(this).data("index",b)}),e=d.index(d.filter(".active")),g=d.first().data("index"),h=d.last().data("index"),f=d.eq(e).nextAll().eq(0).data("index"),i=d.eq(e).prevAll().eq(0).data("index"),j=d.eq(f).prevAll().eq(0).data("index")),k=m.data("prevIndex"),38==c.keyCode?(o.options.liveSearch&&e--,e!=j&&e>i&&(e=i),e<g&&(e=g),e==k&&(e=h)):40==c.keyCode&&(o.options.liveSearch&&e++,e==-1&&(e=0),e!=j&&e<f&&(e=f),e>h&&(e=h),e==k&&(e=g)),m.data("prevIndex",e),o.options.liveSearch?(c.preventDefault(),m.hasClass("dropdown-toggle")||(d.removeClass("active").eq(e).addClass("active").children("a").focus(),m.focus())):d.eq(e).children("a").focus();else if(!m.is("input")){var r,s,t=[];d.each(function(){a(this).hasClass("disabled")||a.trim(a(this).children("a").text().toLowerCase()).substring(0,1)==q[c.keyCode]&&t.push(a(this).index())}),r=a(document).data("keycount"),r++,a(document).data("keycount",r),s=a.trim(a(":focus").text().toLowerCase()).substring(0,1),s!=q[c.keyCode]?(r=1,a(document).data("keycount",r)):r>=t.length&&(a(document).data("keycount",0),r>t.length&&(r=1)),d.eq(t[r-1]).children("a").focus()}if((/(13|32)/.test(c.keyCode.toString(10))||/(^9$)/.test(c.keyCode.toString(10))&&o.options.selectOnTab)&&l){if(/(32)/.test(c.keyCode.toString(10))||c.preventDefault(),o.options.liveSearch)/(32)/.test(c.keyCode.toString(10))||(o.$menuInner.find(".active a").click(),
 m.focus());else{var u=a(":focus");u.click(),u.focus(),c.preventDefault(),a(document).data("spaceSelect",!0)}a(document).data("keycount",0)}(/(^9$|27)/.test(c.keyCode.toString(10))&&l&&(o.multiple||o.options.liveSearch)||/(27)/.test(c.keyCode.toString(10))&&!l)&&(o.$menu.parent().removeClass("open"),o.options.container&&o.$newElement.removeClass("open"),o.$button.focus())}},mobile:function(){this.$element.addClass("mobile-device")},refresh:function(){this.$lis=null,this.liObj={},this.reloadLi(),this.render(),this.checkDisabled(),this.liHeight(!0),this.setStyle(),this.setWidth(),this.$lis&&this.$searchbox.trigger("propertychange"),this.$element.trigger("refreshed.bs.select")},hide:function(){this.$newElement.hide()},show:function(){this.$newElement.show()},remove:function(){this.$newElement.remove(),this.$element.remove()},destroy:function(){this.$newElement.before(this.$element).remove(),this.$bsContainer?this.$bsContainer.remove():this.$menu.remove(),this.$element.off(".bs.select").removeData("selectpicker").removeClass("bs-select-hidden selectpicker")}};var l=a.fn.selectpicker;a.fn.selectpicker=c,a.fn.selectpicker.Constructor=k,a.fn.selectpicker.noConflict=function(){return a.fn.selectpicker=l,this},a(document).data("keycount",0).on("keydown.bs.select",'.bootstrap-select [data-toggle=dropdown], .bootstrap-select [role="listbox"], .bs-searchbox input',k.prototype.keydown).on("focusin.modal",'.bootstrap-select [data-toggle=dropdown], .bootstrap-select [role="listbox"], .bs-searchbox input',function(a){a.stopPropagation()}),a(window).on("load.bs.select.data-api",function(){a(".selectpicker").each(function(){var b=a(this);c.call(b,b.data())})})}(a)});
-//# sourceMappingURL=bootstrap-select.js.map
\ No newline at end of file
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 4e6b303d..0f0b4098 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -12,10 +12,10 @@ $(document).ready(function() {
     } while(Math.abs(bytes) >= 1024 && u < units.length - 1);
     return bytes.toFixed(1)+' '+units[u];
   }
-  
+
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/domain/all',
+    url: '/api/v1/get/domain/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw domain table');
@@ -24,7 +24,7 @@ $(document).ready(function() {
       $.each(data, function (i, item) {
         item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
         item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
-        item.quota = humanFileSize(item.quota_used_in_domain) + " / " + humanFileSize(item.max_quota_for_domain);
+        item.quota = item.quota_used_in_domain + "/" + item.max_quota_for_domain;
         item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
         if (role == "admin") {
         item.action = '<div class="btn-group">' +
@@ -43,7 +43,15 @@ $(document).ready(function() {
           {"sorted": true,"name":"domain_name","title":lang.domain,"style":{"width":"250px"}},
           {"name":"aliases","title":lang.aliases,"breakpoints":"xs sm"},
           {"name":"mailboxes","title":lang.mailboxes},
-          {"name":"quota","title":lang.domain_quota},
+          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota,"formatter": function(value){
+            res = value.split("/");
+            return humanFileSize(res[0]) + " / " + humanFileSize(res[1]);
+          },
+          "sortValue": function(value){
+            res = value.split("/");
+            return res[0];
+          },
+          },
           {"name":"max_quota_for_mbox","title":lang.mailbox_quota,"breakpoints":"xs sm"},
           {"name":"backupmx","filterable": false,"style":{"maxWidth":"120px","width":"120px"},"title":lang.backup_mx,"breakpoints":"xs sm"},
           {"name":"active","filterable": false,"style":{"maxWidth":"80px","width":"80px"},"title":lang.active},
@@ -70,14 +78,14 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/mailbox/all',
+    url: '/api/v1/get/mailbox/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw mailbox table');
     },
     success: function (data) {
       $.each(data, function (i, item) {
-        item.quota = humanFileSize(item.quota_used) + " / " + humanFileSize(item.quota);
+        item.quota = item.quota_used + "/" + item.quota;
         item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
         if (role == "admin") {
         item.action = '<div class="btn-group">' +
@@ -102,7 +110,15 @@ $(document).ready(function() {
           {"sorted": true,"name":"username","title":lang.username,"style":{"width":"250px"}},
           {"name":"name","title":lang.fname,"breakpoints":"xs sm"},
           {"name":"domain","title":lang.domain,"breakpoints":"xs sm"},
-          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota},
+          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota,"formatter": function(value){
+            res = value.split("/");
+            return humanFileSize(res[0]) + " / " + humanFileSize(res[1]);
+          },
+          "sortValue": function(value){
+            res = value.split("/");
+            return res[0];
+          },
+          },
           {"name":"spam_aliases","filterable": false,"title":lang.spam_aliases,"breakpoints":"xs sm md"},
           {"name":"in_use","filterable": false,"style":{"whiteSpace":"nowrap"},"type":"html","title":lang.in_use},
           {"name":"messages","filterable": false,"style":{"whiteSpace":"nowrap"},"title":lang.msg_num,"breakpoints":"xs sm md"},
@@ -130,7 +146,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/resource/all',
+    url: '/api/v1/get/resource/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw resource table');
@@ -172,7 +188,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/alias-domain/all',
+    url: '/api/v1/get/alias-domain/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw alias domain table');
@@ -212,23 +228,28 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/alias/all',
+    url: '/api/v1/get/alias/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw alias table');
     },
     success: function (data) {
       $.each(data, function (i, item) {
+        item.action = '<div class="btn-group">' +
+          '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+          '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-pencil"></span> ' + lang.remove + '</a>' +
+					'</div>';
+        item.chkbox = '<input type="checkbox" class="alias_item" name="sel_aliases" value="' + item.address + '" />';
         if (item.is_catch_all == 1) {
           item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
         }
-        item.action = '<div class="btn-group">' +
-          '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-          '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
-					'</div>';
+        if (item.in_primary_domain !== "") {
+          item.domain = "↳ " + item.domain + " (" + item.in_primary_domain + ")";
+        }
       });
-      $('#alias_table').footable({
+      ft_aliases = FooTable.init("#alias_table", {
         "columns": [
+          {"name":"chkbox","title":"","style":{"maxWidth":"40px","width":"40px"},"filterable": false,"sortable": false,"type":"html"},
           {"sorted": true,"name":"address","title":lang.alias,"style":{"width":"250px"}},
           {"name":"goto","title":lang.target_address},
           {"name":"domain","title":lang.domain,"breakpoints":"xs sm"},
@@ -251,6 +272,98 @@ $(document).ready(function() {
           "enabled": true
         }
       });
+
+      var selected_aliases = [];
+
+      $(document).on('click', 'tr', function(e) {
+        if (e.target.type == "checkbox") {
+          e.stopPropagation();
+        } else {
+          var checkbox = $(this).find(':checkbox');
+          checkbox.trigger('click');
+        }
+      });
+
+      $(document).on('change', 'input[name=sel_aliases]:checkbox', function() {
+        if ($(this).is(':checked')) {
+          selected_aliases.push($(this).val());
+        }
+        else {
+          selected_aliases.splice($.inArray($(this).val(), selected_aliases),1);
+        }
+      });
+
+      $(document).on('click', '#select_all_aliases', function(e) {
+        e.preventDefault();
+        var alias_chkbxs = $("input[name=sel_aliases]");
+        alias_chkbxs.prop("checked", !alias_chkbxs.prop("checked")).change();
+      });
+
+      $(document).on('click', '#activate_selected_alias', function(e) {
+        e.preventDefault();
+        if (selected_aliases.length !== 0) {
+          $.ajax({
+            type: "POST",
+            dataType: "json",
+            data: { "address": JSON.stringify(selected_aliases), "active": "1" },
+            url: '/api/v1/edit/alias',
+            jsonp: false,
+            complete: function (data) {
+              location.reload();
+            }
+          });
+        }
+      });
+
+      $(document).on('click', '#deactivate_selected_alias', function(e) {
+        e.preventDefault();
+        if (Object.keys(selected_aliases).length !== 0) {
+          $.ajax({
+            type: "POST",
+            dataType: "json",
+            data: { "address": JSON.stringify(selected_aliases), "active": "0" },
+            url: '/api/v1/edit/alias',
+            jsonp: false,
+            complete: function (data) {
+              location.reload();
+            }
+          });
+        }
+      });
+
+      $(document).on('click', '#delete_selected_alias', function(e) {
+        e.preventDefault();
+        if (Object.keys(selected_aliases).length !== 0) {
+          $(document).on('show.bs.modal','#ConfirmDeleteModal', function () {
+            $("#ItemsToDelete").empty();
+            for (var i in selected_aliases) {
+              $("#ItemsToDelete").append("<li>" + selected_aliases[i] + "</li>");
+            }
+          })
+          $('#ConfirmDeleteModal').modal({
+            backdrop: 'static',
+            keyboard: false
+          })
+          .one('click', '#IsConfirmed', function(e) {
+            $.ajax({
+              type: "POST",
+              dataType: "json",
+              data: { "address": JSON.stringify(selected_aliases) },
+              url: '/api/v1/delete/alias',
+              jsonp: false,
+              complete: function (data) {
+                location.reload();
+              }
+            });
+          })
+          .one('click', '#isCanceled', function(e) {
+            $('#ConfirmDeleteModal').modal('hide');
+          });;
+
+        }
+      });
+
     }
+
   });
 });
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 66b46cfb..44e7d934 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1,243 +1,321 @@
 <?php
+/*
+edit/alias => POST data:
+  {
+    address: {a, b, c},   (where a, b, c represent alias addresses)
+    active: 1             (0 or 1)
+  }
+
+delete/alias => POST data:
+  {
+    address: {a, b, c},   (where a, b, c represent alias addresses)
+  }
+
+*/
+header('Content-Type: application/json');
 require_once 'inc/prerequisites.inc.php';
 error_reporting(E_ALL);
 if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_username'])) {
-  if (isset($_GET['action']) && isset($_GET['object'])) {
-    $action = filter_input(INPUT_GET, 'action',  FILTER_SANITIZE_STRING);
-    $object   = filter_input(INPUT_GET, 'object',  FILTER_SANITIZE_STRING);
+  if (isset($_GET['query'])) {
+
+    $query = explode('/', $_GET['query']);
+    $action =     (isset($query[0])) ? $query[0] : null;
+    $category =   (isset($query[1])) ? $query[1] : null;
+    $object =     (isset($query[2])) ? $query[2] : null;
+
     switch ($action) {
-      case "domain":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $data[] = mailbox_get_domain_details($domain);
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
-
-          default:
-            $data = mailbox_get_domain_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_domain_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-        }
-      break;
-      case "mailbox":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $mailboxes = mailbox_get_mailboxes($domain);
-                if (!empty($mailboxes)) {
-                  foreach ($mailboxes as $mailbox) {
-                    $data[] = mailbox_get_mailbox_details($mailbox);
+      case "get":
+        switch ($category) {
+          case "domain":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $data[] = mailbox_get_domain_details($domain);
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_domain_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_domain_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
             }
           break;
-
-          default:
-            $data = mailbox_get_mailbox_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_mailbox_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-
-        }
-      break;
-      case "resource":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $resources = mailbox_get_resources($domain);
-                if (!empty($resources)) {
-                  foreach ($resources as $resource) {
-                    $data[] = mailbox_get_resource_details($resource);
+          case "mailbox":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $mailboxes = mailbox_get_mailboxes($domain);
+                    if (!empty($mailboxes)) {
+                      foreach ($mailboxes as $mailbox) {
+                        $data[] = mailbox_get_mailbox_details($mailbox);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_mailbox_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_mailbox_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+
             }
           break;
-
-          default:
-            $data = mailbox_get_resource_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_resource_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-
-        }
-      break;
-      case "alias-domain":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $alias_domains = mailbox_get_alias_domains($domain);
-                if (!empty($alias_domains)) {
-                  foreach ($alias_domains as $alias_domain) {
-                    $data[] = mailbox_get_alias_domain_details($alias_domain);
+          case "resource":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $resources = mailbox_get_resources($domain);
+                    if (!empty($resources)) {
+                      foreach ($resources as $resource) {
+                        $data[] = mailbox_get_resource_details($resource);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_resource_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_resource_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
 
-          default:
-            $data = mailbox_get_alias_domains($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_alias_domains($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
             }
           break;
-        }
-      break;
-      case "alias":
-        switch ($object) {
-          case "all":
-            $domains = array_merge(mailbox_get_domains(), mailbox_get_alias_domains());
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $aliases = mailbox_get_aliases($domain);
-                if (!empty($aliases)) {
-                  foreach ($aliases as $alias) {
-                    $data[] = mailbox_get_alias_details($alias);
+          case "alias-domain":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $alias_domains = mailbox_get_alias_domains($domain);
+                    if (!empty($alias_domains)) {
+                      foreach ($alias_domains as $alias_domain) {
+                        $data[] = mailbox_get_alias_domain_details($alias_domain);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
+                else {
+                  echo '{}';
+                }
+              break;
 
-          default:
-            $data = mailbox_get_alias_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_alias_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-        }
-      break;
-      case "domain-admin":
-        switch ($object) {
-          case "all":
-            $domain_admins = get_domain_admins();
-            if (!empty($domain_admins)) {
-              foreach ($domain_admins as $domain_admin) {
-                $data[] = get_domain_admin_details($domain_admin);
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+              default:
+                $data = mailbox_get_alias_domains($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_alias_domains($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
             }
           break;
+          case "alias":
+            switch ($object) {
+              case "all":
+                $domains = array_merge(mailbox_get_domains(), mailbox_get_alias_domains());
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $aliases = mailbox_get_aliases($domain);
+                    if (!empty($aliases)) {
+                      foreach ($aliases as $alias) {
+                        $data[] = mailbox_get_alias_details($alias);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                  }
+                }
+                else {
+                  echo '{}';
+                }
+              break;
 
-          default:
-            $data = get_domain_admin_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
+              default:
+                $data = mailbox_get_alias_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_alias_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+            }
+          break;
+          case "domain-admin":
+            switch ($object) {
+              case "all":
+                $domain_admins = get_domain_admins();
+                if (!empty($domain_admins)) {
+                  foreach ($domain_admins as $domain_admin) {
+                    $data[] = get_domain_admin_details($domain_admin);
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                  }
+                }
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = get_domain_admin_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(get_domain_admin_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+            }
+          break;
+          case "u2f-registration":
+            if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
+              $data = $u2f->getRegisterData(get_u2f_registrations($object));
+              list($req, $sigs) = $data;
+              $_SESSION['regReq'] = json_encode($req);
+              echo 'var req = ' . json_encode($req) . '; var sigs = ' . json_encode($sigs) . ';';
             }
             else {
-              echo json_encode(get_domain_admin_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+              return;
+            }
+          break;
+          case "u2f-authentication":
+            if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
+              $reqs = json_encode($u2f->getAuthenticateData(get_u2f_registrations($object)));
+              $_SESSION['authReq']  = $reqs;
+              echo 'var req = ' . $reqs . ';';
+            }
+            else {
+              return;
+            }
+          break;
+          default:
+            echo '{}';
+          break;
+        }
+      break;
+      case "delete":
+        switch ($category) {
+          case "alias":
+            if (isset($_POST['address'])) {
+              $address = json_decode($_POST['address'], true);
+              if (is_array($address)) {
+                if (mailbox_delete_alias(array('address' => $address)) === false) {
+                  echo json_encode(array(
+                    'type' => 'error',
+                    'message' => 'Deletion of item failed'
+                  ));
+                  exit();
+                }
+                echo json_encode(array(
+                  'type' => 'success',
+                  'message' => 'Task completed'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'message' => 'Cannot find address array in post data'
+              ));
             }
           break;
         }
       break;
-      case "u2f-registration":
-        if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
-          $data = $u2f->getRegisterData(get_u2f_registrations($object));
-          list($req, $sigs) = $data;
-          $_SESSION['regReq'] = json_encode($req);
-          echo 'var req = ' . json_encode($req) . '; var sigs = ' . json_encode($sigs) . ';';
+      case "edit":
+        switch ($category) {
+          case "alias":
+            if (isset($_POST['address']) && isset($_POST['active'])) {
+              $address = json_decode($_POST['address'], true);
+              if (is_array($address)) {
+                if (mailbox_edit_alias(array('address' => $address, 'active' => ($_POST['active'] == "1") ? $active = 1 : null)) === false) {
+                  echo json_encode(array(
+                    'type' => 'error',
+                    'message' => 'Edit item failed'
+                  ));
+                  exit();
+                }
+                echo json_encode(array(
+                  'type' => 'success',
+                  'message' => 'Task completed'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'message' => 'Cannot find address array in post data'
+              ));
+            }
+          break;
         }
-        else {
-          return;
-        }
-      break;
-      case "u2f-authentication":
-        if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
-          $reqs = json_encode($u2f->getAuthenticateData(get_u2f_registrations($object)));
-          $_SESSION['authReq']  = $reqs;
-          echo 'var req = ' . $reqs . ';';
-        }
-        else {
-          return;
-        }
-      break;
-      default:
-        echo '{}';
       break;
     }
   }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 07d23d70..2a8b7985 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -9,6 +9,12 @@ $lang['header']['restart_sogo'] = 'SOGo neustarten';
 $lang['footer']['restart_sogo'] = 'SOGo neustarten';
 $lang['footer']['restart_now'] = 'Jetzt neustarten';
 $lang['footer']['restart_sogo_info'] = 'Einige Änderungen an Domains benötigen einen Neustart SOGos. Hier können Sie SOGo neustarten.<br /><br /><b>Wichtig:</b> Ein korrekter Neustart SOGos kann eine Weile in Anspruch nehmen, bitte warten Sie, bis der Prozess vollständig beendet wurde.';
+
+$lang['footer']['confirm_delete'] = 'Löschen bestätigen';
+$lang['footer']['delete_these_items'] = 'Sind Sie sicher, dass die folgenden Elemente entfernt werden sollen?';
+$lang['footer']['delete_now'] = 'Jetzt löschen';
+$lang['footer']['cancel'] = 'Abbrechen';
+
 $lang['dkim']['confirm'] = 'Sind Sie sicher?';
 $lang['danger']['dkim_not_found'] = 'DKIM-Key nicht gefunden';
 $lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Key nicht entfernen';
@@ -249,9 +255,12 @@ $lang['mailbox']['add_mailbox'] = 'Mailbox hinzufügen';
 $lang['mailbox']['add_resource'] = 'Ressource hinzufügen';
 $lang['mailbox']['add_alias'] = 'Alias hinzufügen';
 $lang['mailbox']['empty'] = 'Keine Einträge vorhanden';
+$lang['mailbox']['toggle_all'] = 'Alle';
+$lang['mailbox']['quick_actions'] = 'Aktionen';
+$lang['mailbox']['activate'] = 'Aktivieren';
+$lang['mailbox']['deactivate'] = 'Deaktivieren';
 
 $lang['info']['no_action'] = 'Keine Aktion anwendbar';
-
 $lang['delete']['title'] = 'Objekt entfernen';
 $lang['delete']['remove_domain_warning'] = '<b>Warnung:</b> Sie entfernen die Domain <b>%s</b>!';
 $lang['delete']['remove_domainalias_warning'] = '<b>Warnung:</b> Sie entfernen die Alias-Domain <b>%s</b>!';
@@ -450,11 +459,20 @@ $lang['admin']['unchanged_if_empty'] = 'Unverändert, wenn leer';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Zugang';
-$lang['admin']['invalid_max_msg_size'] = 'Invalid max. message size'; // NEEDS TRANSLATION
+$lang['admin']['invalid_max_msg_size'] = 'Ungültige maximale Nachrichtengröße';
 $lang['admin']['site_not_found'] = 'Kann mailcow Site-Konfiguration nicht finden';
-$lang['admin']['public_folder_empty'] = 'Public folder name must not be empty'; // NEEDS TRANSLATION
+$lang['admin']['public_folder_empty'] = 'Name des öffentlichen Ordners darf nicht leer sein';
 $lang['admin']['set_rr_failed'] = 'Kann Postfix Restriktionen nicht setzen';
 $lang['admin']['no_record'] = 'Kein Eintrag';
 $lang['admin']['filter_table'] = 'Tabelle Filtern';
 $lang['admin']['empty'] = 'Keine Einträge vorhanden';
+$lang['admin']['forwarding_hosts'] = 'Weiterleitungs-Hosts';
+$lang['admin']['forwarding_hosts_hint'] = 'Eingehende Nachrichten werden von den hier gelisteten Hosts bedingungslos akzeptiert. Diese Hosts werden dann nicht mit DNSBLs abgeglichen oder Greylisting unterworfen. Von ihnen empfangener Spam wird nie abgelehnt und immer in den Spam-Ordner einsortiert. Die übliche Verwendung für diese Funktion ist, um Mailserver anzugeben, auf denen eine Weiterleitung zu Ihrem Mailcow-Server eingerichtet wurde.';
+$lang['admin']['forwarding_hosts_add_hint'] = 'Sie können entweder IPv4/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.';
+$lang['edit']['host'] = 'Host';
+$lang['edit']['source'] = 'Quelle';
+$lang['admin']['add_forwarding_host'] = 'Weiterleitungs-Host hinzufügen';
+$lang['delete']['remove_forwardinghost_warning'] = '<b>Warnung:</b> Sie entfernen den Weiterleitungs-Host <b>%s</b>!';
+$lang['success']['forwarding_host_removed'] = "Weiterleitungs-Host %s wurde entfernt";
+$lang['success']['forwarding_host_added'] = "Weiterleitungs-Host %s wurde hinzugefügt";
 ?>
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 978ee713..6c3f905d 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -9,6 +9,12 @@ $lang['header']['restart_sogo'] = 'Restart SOGo';
 $lang['footer']['restart_sogo'] = 'Restart SOGo';
 $lang['footer']['restart_now'] = 'Restart now';
 $lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.<br /><br /><b>Important:</b> A graceful restart may take a while to complete, please wait for it to finish.';
+
+$lang['footer']['confirm_delete'] = 'Confirm deletion';
+$lang['footer']['delete_these_items'] = 'Are you sure you want to delete the following items?';
+$lang['footer']['delete_now'] = 'Delete now';
+$lang['footer']['cancel'] = 'Cancel';
+
 $lang['dkim']['confirm'] = "Are you sure?";
 $lang['danger']['dkim_not_found'] = "DKIM key not found";
 $lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM key";
@@ -40,7 +46,7 @@ $lang['danger']['alias_goto_identical'] = "Alias and goto address must not be id
 $lang['danger']['aliasd_targetd_identical'] = "Alias domain must not be equal to target domain";
 $lang['danger']['maxquota_empty'] = 'Max. quota per mailbox must not be 0.';
 $lang['success']['alias_added'] = "Alias address/es has/have been added";
-$lang['success']['alias_modified'] = "Changes to alias have been saved";
+$lang['success']['alias_modified'] = "Changes to alias/es %s have been saved";
 $lang['success']['aliasd_modified'] = "Changes to alias domain have been saved";
 $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['resource_modified'] = "Changes to mailbox %s have been saved";
@@ -79,7 +85,7 @@ $lang['danger']['mailbox_quota_left_exceeded'] = "Not enough space left (space l
 $lang['success']['mailbox_added'] = "Mailbox %s has been added";
 $lang['success']['resource_added'] = "Resource %s has been added";
 $lang['success']['domain_removed'] = "Domain %s has been removed";
-$lang['success']['alias_removed'] = "Alias-Adresse %s has been removed";
+$lang['success']['alias_removed'] = "Alias %s has been removed";
 $lang['success']['alias_domain_removed'] = "Alias domain %s has been removed";
 $lang['success']['domain_admin_removed'] = "Domain administrator %s has been removed";
 $lang['success']['mailbox_removed'] = "Mailbox %s has been removed";
@@ -252,6 +258,10 @@ $lang['mailbox']['add_resource'] = 'Add resource';
 $lang['mailbox']['add_alias'] = 'Add alias';
 $lang['mailbox']['add_domain_record_first'] = 'Please add a domain first';
 $lang['mailbox']['empty'] = 'No results';
+$lang['mailbox']['toggle_all'] = 'Toggle all';
+$lang['mailbox']['quick_actions'] = 'Quick actions';
+$lang['mailbox']['activate'] = 'Activate';
+$lang['mailbox']['deactivate'] = 'Deactivate';
 
 $lang['info']['no_action'] = 'No action applicable';
 
@@ -468,4 +478,13 @@ $lang['admin']['set_rr_failed'] = 'Cannot set Postfix restrictions';
 $lang['admin']['no_record'] = 'No record';
 $lang['admin']['filter_table'] = 'Filter table';
 $lang['admin']['empty'] = 'No results';
+$lang['admin']['forwarding_hosts'] = 'Forwarding Hosts';
+$lang['admin']['forwarding_hosts_hint'] = 'Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected and always filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your Mailcow server.';
+$lang['admin']['forwarding_hosts_add_hint'] = 'You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).';
+$lang['edit']['host'] = 'Host';
+$lang['edit']['source'] = 'Source';
+$lang['admin']['add_forwarding_host'] = 'Add Forwarding Host';
+$lang['delete']['remove_forwardinghost_warning'] = '<b>Warning:</b> You are about to remove the forwarding host <b>%s</b>!';
+$lang['success']['forwarding_host_removed'] = "Forwarding host %s has been removed";
+$lang['success']['forwarding_host_added'] = "Forwarding host %s has been added";
 ?>
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index fe2cd803..864ea676 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -6,94 +6,119 @@ require_once "inc/header.inc.php";
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 ?>
 <div class="container">
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-				<div class="pull-right">
-				<?php
-				if ($_SESSION['mailcow_cc_role'] == "admin"):
-				?>
-					<a href="/add.php?domain"><span class="glyphicon glyphicon-plus"></span></a>
-				<?php
-				endif;
-				?>
-				</div>
-        <h3 class="panel-title"><?=$lang['mailbox']['domains'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="domain_table" class="table table-striped"></table>
-        </div>
-        <span class="footer-add-item"><a href="/add.php?domain"><?=$lang['mailbox']['add_domain'];?></a></span>
-			</div>
-		</div>
-	</div>
+      
+  <ul class="nav nav-tabs" role="tablist">
+    <li role="presentation" class="active"><a href="#tab-domains" aria-controls="tab-domains" role="tab" data-toggle="tab"><?=$lang['mailbox']['domains'];?></a></li>
+    <li role="presentation"><a href="#tab-mailboxes" aria-controls="tab-mailboxes" role="tab" data-toggle="tab"><?=$lang['mailbox']['mailboxes'];?></a></li>
+    <li role="presentation"><a href="#tab-resources" aria-controls="tab-resources" role="tab" data-toggle="tab"><?=$lang['mailbox']['resources'];?></a></li>
+    <li class="dropdown">
+      <a class="dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['mailbox']['aliases'];?>
+      <span class="caret"></span></a>
+      <ul class="dropdown-menu">
+        <li role="presentation"><a href="#tab-mbox-aliases" aria-controls="tab-mbox-aliases" role="tab" data-toggle="tab"><?=$lang['mailbox']['aliases'];?></a></li>
+        <li role="presentation"><a href="#tab-domain-aliases" aria-controls="tab-domain-aliases" role="tab" data-toggle="tab"><?=$lang['mailbox']['domain_aliases'];?></a></li>
+      </ul>
+    </li>
+  </ul>
 
 	<div class="row">
 		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?mailbox"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['mailboxes'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="mailbox_table" class="table table-striped"></table>
+      <div class="tab-content" style="padding-top:20px">
+        <div role="tabpanel" class="tab-pane active" id="tab-domains">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+            <div class="pull-right">
+            <?php
+            if ($_SESSION['mailcow_cc_role'] == "admin"):
+            ?>
+              <a href="/add.php?domain"><span class="glyphicon glyphicon-plus"></span></a>
+            <?php
+            endif;
+            ?>
+            </div>
+            <h3 class="panel-title"><?=$lang['mailbox']['domains'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="domain_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?domain"><?=$lang['mailbox']['add_domain'];?></a></span>
+          </div>
         </div>
-        <span class="footer-add-item"><a href="/add.php?mailbox"><?=$lang['mailbox']['add_mailbox'];?></a></span>
-			</div>
-		</div>
-	</div>
 
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?resource"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['resources'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="resources_table" class="table table-striped"></table>
+        <div role="tabpanel" class="tab-pane" id="tab-mailboxes">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?mailbox"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['mailboxes'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="mailbox_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?mailbox"><?=$lang['mailbox']['add_mailbox'];?></a></span>
+          </div>
         </div>
-        <span class="footer-add-item"><a href="/add.php?resource"><?=$lang['mailbox']['add_resource'];?></a></span>			</div>
-		</div>
-	</div>
 
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?aliasdomain"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['domain_aliases'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="aliasdomain_table" class="table table-striped"></table>
+        <div role="tabpanel" class="tab-pane" id="tab-resources">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?resource"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['resources'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="resources_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?resource"><?=$lang['mailbox']['add_resource'];?></a></span>
+          </div>
         </div>
-        <span class="footer-add-item"><a href="/add.php?aliasdomain"><?=$lang['mailbox']['add_domain_alias'];?></a></span>			</div>
-		</div>
-	</div>
 
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['aliases'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="alias_table" class="table table-striped"></table>
+        <div role="tabpanel" class="tab-pane" id="tab-domain-aliases">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?aliasdomain"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['domain_aliases'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="aliasdomain_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?aliasdomain"><?=$lang['mailbox']['add_domain_alias'];?></a></span>
+          </div>
         </div>
-        <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>			</div>
-		</div>
-	</div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-mbox-aliases">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <a class="pull-right" href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
+              <h3 class="panel-title"><?=$lang['mailbox']['aliases'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="alias_table" class="table table-striped"></table>
+            </div>
+            <div class="mass-actions">
+              <p id="select_all_aliases" class="mass-select-all">
+                ↪ <?=$lang['mailbox']['toggle_all'];?>
+              </p>
+            </div>
+            <div class="footer-add-item">
+              <a class="pull-right" href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
+              <b><?=$lang['mailbox']['quick_actions'];?>:</b>
+              <a id="delete_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['remove'];?></a> |
+              <a id="activate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['activate'];?></a> |
+              <a id="deactivate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['deactivate'];?></a>
+            </div>
+          </div>
+        </div>
+
+      </div> <!-- /tab-content -->
+    </div> <!-- /col-md-12 -->
+  </div> <!-- /row -->
 </div> <!-- /container -->
+
 <script type='text/javascript'>
 <?php
 $lang_mailbox = json_encode($lang['mailbox']);
diff --git a/data/web/u2f_api.php b/data/web/u2f_api.php
deleted file mode 100644
index ddeb1ece..00000000
--- a/data/web/u2f_api.php
+++ /dev/null
@@ -1,156 +0,0 @@
-<?php
-require_once('inc/prerequisites.inc.php');
-$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
-
-$u2f = new u2flib_server\U2F('https://' . $_SERVER['SERVER_NAME']);
-
-function getRegs($username) {
-  global $pdo;
-  $sel = $pdo->prepare("select * from tfa where username = ?");
-  $sel->execute(array($username));
-  return $sel->fetchAll();
-}
-function addReg($username, $reg) {
-  global $pdo;
-  $ins = $pdo->prepare("INSERT INTO `tfa` (`username`, `keyHandle`, `publicKey`, `certificate`, `counter`) values (?, ?, ?, ?, ?)");
-  $ins->execute(array($username, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
-}
-function updateReg($reg) {
-  global $pdo;
-  $upd = $pdo->prepare("update tfa set counter = ? where id = ?");
-  $upd->execute(array($reg->counter, $reg->id));
-}
-?>
-<html>
-<head>
-<script src="js/u2f-api.js"></script>
-<?php
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-  if ((empty($_POST['u2f_username'])) || (!isset($_POST['action']) && !isset($_POST['u2f_register_data']) && !isset($_POST['u2f_auth_data']))) {
-    print_r($_POST);
-    exit();
-  }
-  else {
-    $username = $_POST['u2f_username'];
-    if (isset($_POST['action'])) {
-      switch($_POST['action']) {
-        case 'register':
-          try {
-          $data = $u2f->getRegisterData(getRegs($username));
-          list($req, $sigs) = $data;
-          $_SESSION['regReq'] = json_encode($req);
-?>
-<script>
-var req = <?=json_encode($req);?>;
-var sigs = <?=json_encode($sigs);?>;
-var username = "<?=$username;?>";
-setTimeout(function() {
-  console.log("Register: ", req);
-  u2f.register([req], sigs, function(data) {
-    var form  = document.getElementById('u2f_form');
-    var reg   = document.getElementById('u2f_register_data');
-    var user  = document.getElementById('u2f_username');
-    var status = document.getElementById('u2f_status');
-    console.log("Register callback", data);
-    if (data.errorCode && data.errorCode != 0) {
-      var div = document.getElementById('u2f_return_code');
-      div.innerHTML = 'Error code: ' + data.errorCode;
-      return;
-    }
-    reg.value = JSON.stringify(data);
-    user.value = username;
-    status.value = "1";
-    form.submit();
-  });
-}, 1000);
-</script>
-<?php
-          }
-          catch( Exception $e ) {
-            echo "U2F error: " . $e->getMessage();
-          }
-        break;
-
-        case 'authenticate':
-        try {
-          $reqs = json_encode($u2f->getAuthenticateData(getRegs($username)));
-          $_SESSION['authReq']  = $reqs;
-?>
-<script>
-var req = <?=$reqs;?>;
-var username = "<?=$username;?>";       
-setTimeout(function() {
-  console.log("sign: ", req);
-  u2f.sign(req, function(data) {
-    var form = document.getElementById('u2f_form');
-    var auth = document.getElementById('u2f_auth_data');
-    var user = document.getElementById('u2f_username');
-    console.log("Authenticate callback", data);
-    auth.value = JSON.stringify(data);
-    user.value = username;
-    form.submit();
-  });
-}, 1000);
-</script>
-<?php
-        }
-        catch (Exception $e) {
-          echo "U2F error: " . $e->getMessage();
-        }
-        break;
-      }
-    }
-    if (!empty($_POST['u2f_register_data'])) {
-      try {
-        $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['u2f_register_data']));
-        addReg($username, $reg);
-      }
-      catch (Exception $e) {
-        echo "U2F error: " . $e->getMessage();
-      }
-      finally {
-        echo "Success";
-        $_SESSION['regReq'] = null;
-      }
-    }
-    if (!empty($_POST['u2f_auth_data'])) {
-      try {
-        $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($username), json_decode($_POST['u2f_auth_data']));
-        updateReg($reg);
-      }
-      catch (Exception $e) {
-        echo "U2F error: " . $e->getMessage();
-      }
-      finally {
-        echo "Success";
-        $_SESSION['authReq'] = null;
-      }
-    }
-  }
-?>
-</head>
-<body>
-<div id="u2f_return_code"></div>
-<form method="POST" id="u2f_form">
-<input type="hidden" name="u2f_register_data" id="u2f_register_data"/>
-<input type="hidden" name="u2f_auth_data" id="u2f_auth_data"/>
-<input type="hidden" name="u2f_username" id="u2f_username"/><br/>
-<input type="hidden" name="u2f_status" id="u2f_status"/><br/>
-</form>
-<?php
-}
-else {
-?>
-<form method="POST" id="post_form">
-Username: <input name="u2f_username" id="u2f_username"/><br/><hr>
-Action: <br />
-<input value="register" name="action" type="radio"/> Register<br/>
-<input value="authenticate" name="action" type="radio"/> Authenticate<br/>
-<button type="submit">Submit!</button>
-  </form>
-<?php
-}
-?>
-</body>
-</html>
diff --git a/docker-compose.yml b/docker-compose.yml
index b3d18790..f2c80a4d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,6 +55,18 @@ services:
           aliases:
             - redis
 
+    clamd-mailcow:
+      image: mailcow/clamd
+      build: ./data/Dockerfiles/clamav
+      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
+      networks:
+        mailcow-network:
+          aliases:
+            - clamd
+
     rspamd-mailcow:
       image: mailcow/rspamd
       build: ./data/Dockerfiles/rspamd
diff --git a/docs/first_steps.md b/docs/first_steps.md
index ab7876dc..cba908e5 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -17,9 +17,9 @@ This is just an example of how to obtain certificates with certbot. There are se
 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
 ```
 
-2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:
+2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then rebuild Nginx:
 ``` bash
-docker-compose restart nginx-mailcow
+docker-compose up -d
 ```
 
 3\. Request the certificate with the webroot method:
@@ -35,6 +35,8 @@ certbot certonly \
     --email you@example.org \
     --agree-tos
 ```
+
+**Remember to replace the example.org domain with your own domain, this command will not work if you dont.**
     
 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
 ``` bash
@@ -158,6 +160,99 @@ docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd
 docker-compose exec postfix-mailcow postfix reload
 ```
 
+### Helper script
+
+There is a helper script `mailcow-setup-relayhost.sh` you can run to setup a relayhost.
+
+``` bash
+Usage:
+
+Setup a relayhost:
+./mailcow-setup-relayhost.sh relayhost port (username) (password)
+Username and password are optional parameters.
+
+Reset to defaults:
+./mailcow-setup-relayhost.sh reset
+```
+
+## Optional: Log to Syslog
+
+Enable Rsyslog to receive logs on 524/tcp:
+
+```
+# This setting depends on your Rsyslog version and configuration format.
+# For most Debian derivates it will work like this...
+$ModLoad imtcp
+$TCPServerAddress 127.0.0.1
+$InputTCPServerRun 524
+
+# ...while for Ubuntu 16.04 it looks like this:
+module(load="imtcp")
+input(type="imtcp" address="127.0.0.1" port="524")
+
+# No matter your Rsyslog version, you should set this option to off
+# if you plan to use Fail2ban
+$RepeatedMsgReduction off
+```
+
+Restart rsyslog after enabling the TCP listener.
+
+Now setup Docker daemon to start with the syslog driver.
+This enables the syslog driver for all containers!
+
+Debian users can change the startup configuration in `/etc/default/docker` while CentOS users find it in `/etc/sysconfig/docker`:
+```
+...
+DOCKER_OPTS="--log-driver=syslog --log-opt syslog-address=tcp://127.0.0.1:524"
+...
+```
+
+**Caution:** For some reason Ubuntu 16.04 and some, but not all, systemd based distros do not read the defaults file parameters.
+
+Just run `systemctl edit docker.service` and add the following content to fix it.
+
+**Note:** If "systemctl edit" is not available, just copy the content to `/etc/systemd/system/docker.service.d/override.conf`.
+
+The first empty ExecStart parameter is not a mistake.
+
+```
+[Service]
+EnvironmentFile=/etc/default/docker
+ExecStart=
+ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
+```
+
+Restart the Docker daemon and run `docker-compose down && docker-compose up -d` to recreate the containers.
+
+### Use Fail2ban
+
+**This is a subsection of "Log to Syslog", which is required for Fail2ban to work.**
+
+Open `/etc/fail2ban/filter.d/common.conf` and search for the prefix_line parameter, change it to ".*":
+
+```
+__prefix_line = .*
+```
+
+Create `/etc/fail2ban/jail.d/dovecot.conf`...
+```
+[dovecot]
+enabled = true
+filter  = dovecot
+logpath = /var/log/syslog
+chain = FORWARD
+```
+
+and `jail.d/postfix-sasl.conf`:
+```
+[postfix-sasl]
+enabled = true
+filter  = postfix-sasl
+logpath = /var/log/syslog
+chain = FORWARD
+```
+
+Restart Fail2ban.
 
 ## Install a local MTA
 
diff --git a/docs/index.md b/docs/index.md
index f4aea569..c48e0d17 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,6 +1,8 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JWBSYHF4SMC68)
+[![Servercow](https://www.servercow.de/img/cow_globe_200.svg)](https://www.servercow.de)
+
+If you want to support mailcow, consider hosting mailcow on a Servercow virtual machine @ Servercow!
 
 ## Screenshots
 
@@ -8,9 +10,11 @@ You can find screenshots [on Imgur](http://imgur.com/a/oewYt).
 
 ## Overview
 
-mailcow dockerized comes with **11 containers** linked in **one bridged network**.
+mailcow dockerized comes with **12 containers** linked in **one bridged network**.
+Each container represents a single application.
 
 - Dovecot
+- ClamAV
 - Memcached
 - Redis
 - MySQL
@@ -22,7 +26,7 @@ mailcow dockerized comes with **11 containers** linked in **one bridged network*
 - Rspamd
 - SOGo
 
-**6 volumes** to keep dynamic data - take care of them!
+**7 volumes** to keep dynamic data - take care of them!
 
 - vmail-vol-1
 - dkim-vol-1
@@ -30,6 +34,7 @@ mailcow dockerized comes with **11 containers** linked in **one bridged network*
 - mysql-vol-1
 - rspamd-vol-1
 - postfix-vol-1
+- crypt-vol-1
 
 The integrated **mailcow UI** allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:
 
@@ -43,6 +48,6 @@ The integrated **mailcow UI** allows administrative work on your mail server ins
 - imapsync to migrate or pull remote mailboxes regularly
 - TFA: Yubi OTP and U2F USB (Google Chrome and derivates only)
 - Add domains, mailboxes, aliases, domain aliases and SOGo resources
-
+- Add whitelisted hosts to forward mail to mailcow
 
 *[Looking for a farm to host your cow?](https://www.servercow.de)* 
diff --git a/docs/u_and_e.md b/docs/u_and_e.md
index c80f0618..d61b81eb 100644
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -75,7 +75,7 @@ Beware that a mailbox user can login to mailcow and override a domain policy fil
 Make your changes in `data/Dockerfiles/$service` and build the image locally:
 
 ```
-docker build data/Dockerfiles/service -t andryyy/mailcow-dockerized:$service
+docker build data/Dockerfiles/service -t mailcow/$service
 ```
 
 Now auto-recreate modified containers:
@@ -311,14 +311,11 @@ Running `docker-compose down -v` will **destroy all mailcow: dockerized volumes*
 ## Reset admin password
 Reset mailcow admin to `admin:moohoo`:
 
-1\. Drop admin table
 ```
-source mailcow.conf
-docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;"
+cd mailcow_path
+bash reset_admin.sh
 ```
 
-2\. Open mailcow UI to auto-init the db
-
 ## Rspamd
 
 ### Learn spam and ham
@@ -521,6 +518,14 @@ map $http_upgrade $connection_upgrade {
 
 Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the **admin** account. After specifying your password, you’ll then be able to connect to the Portainer UI.
 
+## Change autodiscover setup type
+
+This disables ActiveSync in the autodiscover service for Outlook and configures it with IMAP and SMTP instead:
+
+Open `data/web/autodiscover.php` and set `'useEASforOutlook' => 'yes'` to `'useEASforOutlook' => 'no'`.
+
+To always use IMAP and SMTP instead of EAS, set `'autodiscoverType' => 'imap'`.
+
 ## Why Bind?
 
 For DNS blacklist lookups and DNSSEC.
diff --git a/mailcow-reset-admin.sh b/mailcow-reset-admin.sh
new file mode 100755
index 00000000..7ce1def8
--- /dev/null
+++ b/mailcow-reset-admin.sh
@@ -0,0 +1,36 @@
+#/bin/bash
+if [[ ! -f mailcow.conf ]]; then
+        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
+        exit 1
+fi
+
+echo -n "Checking MySQL service... "
+docker-compose ps -q mysql-mailcow > /dev/null 2>&1
+
+if [[ $? -ne 0 ]]; then
+        echo "failed"
+        echo "MySQL (mysql-mailcow) is not up and running, exiting..."
+        exit 1
+fi
+
+echo "OK"
+read -r -p "Are you sure you want to reset the mailcow administrator account? [y/N] " response
+response=${response,,}    # tolower
+if [[ "$response" =~ ^(yes|y)$ ]]; then
+        echo -e "\nWorking, please wait..."
+        source mailcow.conf
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin;"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO admin (username, password, superadmin, created, modified, active) VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO domain_admins (username, domain, created, active) VALUES ('admin', 'ALL', NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='admin';"
+        echo "
+Reset credentials:
+---
+Username: admin
+Password: moohoo
+TFA: none
+"
+else
+        echo "Operation canceled."
+fi
diff --git a/mailcow-setup-relayhost.sh b/mailcow-setup-relayhost.sh
new file mode 100755
index 00000000..283590df
--- /dev/null
+++ b/mailcow-setup-relayhost.sh
@@ -0,0 +1,76 @@
+#/bin/bash
+if [[ ! -f mailcow.conf ]]; then
+        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
+        exit 1
+fi
+
+echo -n "Checking Postfix service... "
+docker-compose ps -q postfix-mailcow > /dev/null 2>&1
+
+if [[ $? -ne 0 ]]; then
+        echo "failed"
+        echo "Postfix (postifx-mailcow) is not up and running, exiting..."
+        exit 1
+fi
+
+echo "OK"
+
+if [[ -z ${1} ]]; then
+    echo "Usage:"
+	echo
+	echo "Setup a relayhost:"
+	echo "${0} relayhost port (username) (password)"
+    echo "Username and password are optional parameters."
+	echo
+	echo "Reset to defaults:"
+	echo "${0} reset"
+    exit 1
+fi
+
+if [[ ${1} == "reset" ]]; then
+	# Reset modified values to their defaults
+	sed -i "s/^relayhost\ \=.*/relayhost\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=\ noplaintext\,\ noanonymous/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ no/" data/conf/postfix/main.cf
+	# Also delete the plaintext password file
+	rm -f data/conf/postfix/smarthost_passwd*
+	docker-compose exec postfix-mailcow postfix reload
+	# Exit with dc exit code
+	exit $?
+else
+	# Try a simple connection to host:port but don't recieve any data
+	# Abort after 3 seconds
+	if ! nc -z -v -w3 ${1} ${2} 2>/dev/null; then
+		echo "Connection to relayhost ${1} failed, aborting..."
+		exit 1
+	fi
+	# Use exact hostname as relayhost, don't lookup the MX record of relayhost
+	sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf
+	if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >>  data/conf/postfix/main.cf
+	fi
+	if grep -q "smtp_sasl_auth_enable" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ yes/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_auth_enable = yes" >>  data/conf/postfix/main.cf
+	fi
+	if grep -q "smtp_sasl_security_options" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_security_options =" >>  data/conf/postfix/main.cf
+	fi
+	if [[ ! -z ${3} ]]; then
+		echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd
+		docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd
+	fi
+	docker-compose exec postfix-mailcow chown root:postfix /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow postfix reload
+	exit $?
+fi