From 76720f3e947384816769696cf251eac6d1361d22 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Mon, 17 Apr 2017 13:16:54 +0200
Subject: [PATCH 01/55] Forwarding hosts in web interface

---
 data/web/admin.php             | 68 ++++++++++++++++++++++++++++++++++
 data/web/delete.php            | 17 +++++++++
 data/web/inc/functions.inc.php | 67 +++++++++++++++++++++++++++++++++
 data/web/inc/init.sql          |  5 +++
 data/web/inc/triggers.inc.php  |  6 +++
 data/web/lang/lang.en.php      |  6 +++
 6 files changed, 169 insertions(+)

diff --git a/data/web/admin.php b/data/web/admin.php
index e0e04aee..6d0bdf82 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -183,6 +183,8 @@ $tfa_data = get_tfa();
   </div>
 
   <h4><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> <?=$lang['admin']['configuration'];?></h4>
+  <div class="panel-group" id="accordion_access">
+  
   <div class="panel panel-default">
   <div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
   <div id="collapseDKIM" class="panel-collapse">
@@ -298,6 +300,72 @@ $tfa_data = get_tfa();
   </div>
   </div>
   </div>
+  
+  <div class="panel panel-default">
+  <div style="cursor:pointer;" class="panel-heading" data-toggle="collapse" data-parent="#accordion_access" data-target="#collapseForwardingHosts">
+    <span class="accordion-toggle"><?=$lang['admin']['forwarding_hosts'];?></span>
+  </div>
+    <div id="collapseForwardingHosts" class="panel-collapse collapse">
+      <div class="panel-body">
+        <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
+        <form method="post">
+          <div class="table-responsive">
+          <table class="table table-striped" id="forwardinghoststable">
+            <thead>
+            <tr>
+              <th style="min-width: 100px;"><?=$lang['edit']['hostname'];?></th>
+              <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
+            </tr>
+            </thead>
+            <tbody>
+              <?php
+              $forwarding_hosts = get_forwarding_hosts();
+              if ($forwarding_hosts) {
+              foreach ($forwarding_hosts as $host) {
+              ?>
+              <tr id="data">
+                <td><?=htmlspecialchars(strtolower($host));?></td>
+                <td style="text-align: right;">
+                  <div class="btn-group">
+                    <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
+                  </div>
+                </td>
+                </td>
+              </tr>
+
+              <?php
+              }
+              } else {
+              ?>
+                <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
+              <?php
+              }
+              ?>
+            </tbody>
+          </table>
+          </div>
+        </form>
+        <small>
+        <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
+        <form class="form-horizontal" role="form" method="post">
+          <div class="form-group">
+            <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['hostname'];?>:</label>
+            <div class="col-sm-10">
+              <input type="text" class="form-control" name="hostname" id="hostname" required>
+            </div>
+          </div>
+          <div class="form-group">
+            <div class="col-sm-offset-2 col-sm-10">
+              <button type="submit" name="add_forwarding_host" class="btn btn-default"><?=$lang['admin']['add'];?></button>
+            </div>
+          </div>
+        </form>
+        </small>
+      </div>
+    </div>
+    </div>
+  </div>
+
 </div> <!-- /container -->
 <script type='text/javascript'>
 <?php
diff --git a/data/web/delete.php b/data/web/delete.php
index 6ba93d31..bfacad0c 100644
--- a/data/web/delete.php
+++ b/data/web/delete.php
@@ -105,6 +105,23 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				</form>
 				<?php
 		}
+		// DELETE DOMAIN ADMIN
+		elseif (isset($_GET["forwardinghost"]) &&
+			!empty($_GET["forwardinghost"]) &&
+        $_SESSION['mailcow_cc_role'] == "admin") {
+				$host = $_GET["forwardinghost"];
+				?>
+				<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_forwardinghost_warning'], htmlspecialchars($_GET["forwardinghost"]));?></div>
+				<form class="form-horizontal" role="form" method="post" action="/admin.php">
+				<input type="hidden" name="forwardinghost" value="<?=htmlspecialchars($host);?>">
+					<div class="form-group">
+						<div class="col-sm-offset-1 col-sm-10">
+							<button type="submit" name="delete_forwarding_host" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
+						</div>
+					</div>
+				</form>
+				<?php
+		}
 		// DELETE MAILBOX
 		elseif (isset($_GET["mailbox"]) &&
 			filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) &&
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 465ab2ac..f031af8d 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -124,6 +124,9 @@ function init_db_schema() {
   if ($num_results == 0) {
     $pdo->query("ALTER TABLE `tfa` ADD `key_id` VARCHAR(255) DEFAULT 'unidentified'");
   }
+  
+  // Add newly added tables
+  $stmt = $pdo->query("CREATE TABLE IF NOT EXISTS `forwarding_hosts` (`host` VARCHAR(255) NOT NULL, PRIMARY KEY (`host`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC");
 }
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
@@ -5039,4 +5042,68 @@ function get_u2f_registrations($username) {
   $sel->execute(array($username));
   return $sel->fetchAll(PDO::FETCH_OBJ);
 }
+function get_forwarding_hosts() {
+	global $pdo;
+  $sel = $pdo->prepare("SELECT host FROM `forwarding_hosts`");
+  $sel->execute();
+  return $sel->fetchAll(PDO::FETCH_COLUMN);
+}
+function add_forwarding_host($postarray) {
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$host = $postarray['hostname'];
+	try {
+		$stmt = $pdo->prepare("INSERT INTO `forwarding_hosts` (`host`) VALUES (:host)");
+		$stmt->execute(array(
+			':host' => $host,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars($host))
+	);
+}
+function delete_forwarding_host($postarray) {
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$host = $postarray['forwardinghost'];
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `forwarding_hosts` WHERE `host` = :host");
+		$stmt->execute(array(
+			':host' => $host,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['forwarding_host_removed'], htmlspecialchars($host))
+	);
+}
 ?>
diff --git a/data/web/inc/init.sql b/data/web/inc/init.sql
index 84e19f74..bdce3e9c 100644
--- a/data/web/inc/init.sql
+++ b/data/web/inc/init.sql
@@ -140,6 +140,11 @@ CREATE TABLE IF NOT EXISTS `tfa` (
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
 
+CREATE TABLE IF NOT EXISTS `forwarding_hosts` (
+  `host` VARCHAR(255) NOT NULL,
+  PRIMARY KEY (`host`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
+
 DROP VIEW IF EXISTS grouped_mail_aliases;
 DROP VIEW IF EXISTS grouped_sender_acl;
 DROP VIEW IF EXISTS grouped_domain_alias_address;
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 2895420d..5d8e7b7d 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -72,6 +72,12 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 	if (isset($_POST["delete_domain_admin"])) {
 		delete_domain_admin($_POST);
 	}
+	if (isset($_POST["add_forwarding_host"])) {
+		add_forwarding_host($_POST);
+	}
+	if (isset($_POST["delete_forwarding_host"])) {
+		delete_forwarding_host($_POST);
+	}
 }
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user") {
 	if (isset($_POST["edit_user_account"])) {
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 978ee713..120f35cf 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -468,4 +468,10 @@ $lang['admin']['set_rr_failed'] = 'Cannot set Postfix restrictions';
 $lang['admin']['no_record'] = 'No record';
 $lang['admin']['filter_table'] = 'Filter table';
 $lang['admin']['empty'] = 'No results';
+$lang['admin']['forwarding_hosts'] = 'Forwarding Hosts';
+$lang['admin']['forwarding_hosts_hint'] = 'Specify any networks (in CIDR notation) from which you unconditionally want to accept incoming messages. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected and always filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a forwarding rule.';
+$lang['admin']['add_forwarding_host'] = 'Add Forwarding Host';
+$lang['delete']['remove_forwardinghost_warning'] = '<b>Warning:</b> You are about to remove the forwarding host <b>%s</b>!';
+$lang['success']['forwarding_host_removed'] = "Forwarding host %s has been removed";
+$lang['success']['forwarding_host_added'] = "Forwarding host %s has been added";
 ?>

From 8822eb57c88d6e2ae8077d704bcb0ba5d9e030bb Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Mon, 17 Apr 2017 15:11:36 +0200
Subject: [PATCH 02/55] Forwarding hosts in rspamd

---
 data/conf/rspamd/dynmaps/settings.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 9be1f696..80b046df 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -31,6 +31,30 @@ catch (PDOException $e) {
 
 ?>
 settings {
+	whitelist_forwarding_hosts {
+		priority = high;
+<?php
+try {
+	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts`");
+	$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
+}
+catch (PDOException $e) {
+	$rows = array();
+}
+
+foreach ($rows as $host) {
+	echo "\t\t" . 'ip = "' . $host . '";' . "\n";
+}
+?>
+		apply "default" {
+			actions {
+				reject = 999.9;
+			}
+		}
+		symbols [
+			"WHITELIST_FORWARDING_HOST"
+		]
+	}
 <?php
 $stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
 $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

From a75d916b74a78f3d1f9a07eaf7920f113569bc9f Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Mon, 17 Apr 2017 15:42:35 +0200
Subject: [PATCH 03/55] Forwarding hosts in postscreen

---
 data/Dockerfiles/postfix/Dockerfile           |  1 +
 data/conf/postfix/main.cf                     |  2 +-
 data/conf/postfix/master.cf                   |  2 +
 .../conf/postfix/whitelist_forwardinghosts.sh | 11 ++++
 data/conf/rspamd/dynmaps/forwardinghosts.php  | 53 +++++++++++++++++++
 5 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100755 data/conf/postfix/whitelist_forwardinghosts.sh
 create mode 100644 data/conf/rspamd/dynmaps/forwardinghosts.php

diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index 0fcdc893..ba004827 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -23,6 +23,7 @@ RUN apt-get install -y --no-install-recommends supervisor \
 	gnupg \
 	python-gpgme \
 	sudo \
+	curl \
 	dirmngr
 
 RUN addgroup --system --gid 600 zeyple
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index b28f6eb9..52e86681 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -24,7 +24,7 @@ milter_default_action = accept
 milter_protocol = 6
 minimal_backoff_time = 300s
 plaintext_reject_code = 550
-postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr
+postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr, tcp:127.0.0.1:10027
 postscreen_bare_newline_enable = no
 postscreen_blacklist_action = drop
 postscreen_cache_cleanup_interval = 24h
diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 3802c9a0..61aeb592 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -55,3 +55,5 @@ zeyple    unix  -       n       n       -       -       pipe
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+
+127.0.0.1:10027 inet  n       n       n       -       0      spawn user=nobody argv=/opt/postfix/conf/whitelist_forwardinghosts.sh
diff --git a/data/conf/postfix/whitelist_forwardinghosts.sh b/data/conf/postfix/whitelist_forwardinghosts.sh
new file mode 100755
index 00000000..aa9df608
--- /dev/null
+++ b/data/conf/postfix/whitelist_forwardinghosts.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+while true; do
+	read QUERY
+	QUERY=($QUERY)
+	if [ "${QUERY[0]}" != "get" ]; then
+		echo "500 dunno"
+		continue
+	fi
+	echo $(curl -s http://172.22.1.251:8081/forwardinghosts.php?host=${QUERY[1]})
+done
diff --git a/data/conf/rspamd/dynmaps/forwardinghosts.php b/data/conf/rspamd/dynmaps/forwardinghosts.php
new file mode 100644
index 00000000..95773e45
--- /dev/null
+++ b/data/conf/rspamd/dynmaps/forwardinghosts.php
@@ -0,0 +1,53 @@
+<?php
+header('Content-Type: text/plain');
+require_once "vars.inc.php";
+
+ini_set('error_reporting', 0);
+
+function in_net($addr, $net)
+{
+	$net = explode('/', $net);
+	$mask = $net[1];
+	$net = inet_pton($net[0]);
+	$addr = inet_pton($addr);
+
+	$length = strlen($net); // 4 for IPv4, 16 for IPv6
+	if (strlen($net) != strlen($addr))
+		return FALSE;
+
+	$addr_bin = '';
+	$net_bin = '';
+	for ($i = 0; $i < $length; ++$i)
+	{
+		$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+		$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+	}
+
+	return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
+}
+
+$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$opt = [
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    PDO::ATTR_EMULATE_PREPARES   => false,
+];
+try {
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+  $stmt = $pdo->query("SELECT * FROM `forwarding_hosts`");
+  $networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
+  foreach ($networks as $network)
+  {
+    if (in_net($_GET['host'], $network))
+    {
+      echo '200 permit';
+      exit;
+    }
+  }
+  echo '200 dunno';
+}
+catch (PDOException $e) {
+  echo 'settings { }';
+  exit;
+}
+?>

From 7273fcaafcf7719699d394da708b8d0e1911aaed Mon Sep 17 00:00:00 2001
From: chaosbunker <ufo@chaosbunker.com>
Date: Tue, 18 Apr 2017 18:42:20 +0200
Subject: [PATCH 04/55] ported from  mailcow 0.14 to work with
 mailcow-dockerized

---
 data/misc/mailcow-setup-relayhost.sh | 87 ++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100755 data/misc/mailcow-setup-relayhost.sh

diff --git a/data/misc/mailcow-setup-relayhost.sh b/data/misc/mailcow-setup-relayhost.sh
new file mode 100755
index 00000000..ab721ab4
--- /dev/null
+++ b/data/misc/mailcow-setup-relayhost.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# Postfix smtp_tls_security_level should be set to "may" to try an
+# encrypted connection.
+
+if [ "$EUID" -ne 0 ]
+	then echo "Please run as root"
+	exit 1
+fi
+
+# move into mailcow-dockerized base directory
+cd ../../
+
+if [[ ${1} == "reset" ]]; then
+	# Reset modified values to their defaults
+	sed -i "s/^relayhost\ \=.*/relayhost\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=\ noplaintext\,\ noanonymous/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ no/" data/conf/postfix/main.cf
+	# Also delete the plaintext password file
+	rm -f data/conf/postfix/smarthost_passwd*
+	docker-compose exec postfix-mailcow postfix reload
+	# Exit last exit code
+	exit $?
+elif [[ ${1} == "restore-string" ]]; then
+	# Set parameter value of smtp_sasl_password_maps
+	SMTPSASLPWDMAP="data/conf/postfix/smarthost_passwd"
+	# Get parameter value of relayhost
+	RELAYHOSTCFG=$(grep "relayhost\ =" data/conf/postfix/main.cf | awk '{print $3}')
+	# Exit if empty/unset
+	[[ -z ${RELAYHOSTCFG} ]] && exit 0
+	# Replace ':' by ' ' (white space)
+	RELAYHOSTCFG=${RELAYHOSTCFG//\:/ }
+	# Replace '[' by '' (empty)
+	RELAYHOSTCFG=${RELAYHOSTCFG//\[/}
+	# Replace ']' by '' (empty) and create array of result
+	RELAYHOSTCFGARR=(${RELAYHOSTCFG//\]/})
+	# Get 'username:password' from SASL password maps
+	# Grep relayhost without port and '[', ']' or ':' from SASL password map file without map type (e.g. 'hash:')
+	USRPWD=$(grep ${RELAYHOSTCFGARR[0]} $SMTPSASLPWDMAP | awk {'print $2'})
+	# Replace ':' by ' ' and create array of result
+	USRPWDARR=(${USRPWD//:/ })
+	# Echo script name, all values in RELAYHOSTCFGARR, first and second value in USRPWDARR
+	# Why?
+	# Host and port are required, so we can print the whole array RELAYHOSTCFGARR.
+	# Password might be empty, so we print them separately.
+	echo ${0} ${RELAYHOSTCFGARR[@]} \'${USRPWDARR[0]}\' \'${USRPWDARR[1]}\'
+	exit 0
+elif [[ -z ${1} ]] || [[ -z ${2} ]]; then
+	# Exit with code 1 if host and port are missing
+	echo "Usage: ${0} relayhost port (username) (password)"
+	echo "Username and password are optional parameters."
+	exit 1
+else
+	# Try a simple connection to host:port but don't recieve any data
+	# Abort after 3 seconds
+	if ! nc -z -v -w3 ${1} ${2} 2>/dev/null; then
+		echo "Connection to relayhost ${1} failed, aborting..."
+		exit 1
+	fi
+	# Use exact hostname as relayhost, don't lookup the MX record of relayhost
+	sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf
+	if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >>  data/conf/postfix/main.cf
+	fi
+	if grep -q "smtp_sasl_auth_enable" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ yes/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_auth_enable = yes" >>  data/conf/postfix/main.cf
+	fi
+	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd"
+	# We can use anonymous and plain-text authentication, too (be warned)
+	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_security_options = "
+	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_auth_enable = yes"
+	if [[ ! -z ${3} ]]; then
+		echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd
+		docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd
+	fi
+	docker-compose exec postfix-mailcow chown root:postfix /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow postfix reload
+	exit $?
+fi

From 06e64c585ccc03cd26b23d4625230b2f3565d727 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Tue, 18 Apr 2017 20:24:43 +0200
Subject: [PATCH 05/55] Fix CalDAV/CardDAV URLs displayed in SOGo web interface
 when used behind a reverse proxy

---
 data/conf/nginx/site.conf | 39 +++++++++++++++++++++++++++++----------
 docs/first_steps.md       | 17 ++++++++++++++++-
 2 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index a78c483f..debc9c5e 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -1,4 +1,23 @@
 proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
+
+# use the non-standard X-Forwarded-* headers for WebObjects
+map $http_x_forwarded_proto $maybe_real_scheme {
+  default $http_x_forwarded_proto;
+  ''      $scheme;
+}
+map $http_x_forwarded_port $maybe_real_port {
+  default $http_x_forwarded_port;
+  ''      $server_port;
+}
+map $realip_remote_addr $real_scheme {
+  default $scheme;
+  172.22.1.1 $maybe_real_scheme;
+}
+map $realip_remote_addr $real_port {
+  default $server_port;
+  172.22.1.1 $maybe_real_port;
+}
+
 server {
   include /etc/nginx/conf.d/listen_ssl.active;
   include /etc/nginx/mime.types;
@@ -34,7 +53,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
+    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
     allow all;
   }
 
@@ -100,8 +119,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
-    proxy_set_header x-webobjects-server-port $server_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
   }
@@ -114,8 +133,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
-    proxy_set_header x-webobjects-server-port $server_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
     break;
@@ -187,7 +206,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
+    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
     allow all;
   }
 
@@ -253,8 +272,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
-    proxy_set_header x-webobjects-server-port $server_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
   }
@@ -267,8 +286,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
-    proxy_set_header x-webobjects-server-port $server_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
     break;
diff --git a/docs/first_steps.md b/docs/first_steps.md
index ab7876dc..62773938 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -103,6 +103,8 @@ Recreate affected containers by running `docker-compose up -d`.
     ProxyPass / http://127.0.0.1:8080/
     ProxyPassReverse / http://127.0.0.1:8080/
     ProxyPreserveHost Off
+    RequestHeader set X-Forwarded-Proto "https"
+    RequestHeader set X-Forwarded-Port "443"
     your-ssl-configuration-here
     [...]
 
@@ -127,15 +129,28 @@ server {
     your-ssl-configuration-here
     location / {
         proxy_pass http://127.0.0.1:8080/;
-        proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
     }
     [...]
 }
 ```
 
+### HAProxy
+```
+frontend https-in
+  bind :::443 v4v6 ssl crt mailcow.pem
+  default_backend mailcow
+
+backend mailcow
+  option forwardfor
+  http-request set-header X-Forwarded-Proto https
+  http-request set-header X-Forwarded-Port %[dst_port]
+  server mailcow 127.0.0.1:8080 check
+```
+
 ## Optional: Setup a relayhost
 
 Insert these lines to `data/conf/postfix/main.cf`. "relayhost" does already exist (empty), just change its value.

From a3bbd76537809cdc7207f9c80adefbf4c91fdd79 Mon Sep 17 00:00:00 2001
From: chaosbunker <ufo@chaosbunker.com>
Date: Tue, 18 Apr 2017 20:56:35 +0200
Subject: [PATCH 06/55] fixes

---
 data/misc/mailcow-setup-relayhost.sh | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/data/misc/mailcow-setup-relayhost.sh b/data/misc/mailcow-setup-relayhost.sh
index ab721ab4..5aa2f09d 100755
--- a/data/misc/mailcow-setup-relayhost.sh
+++ b/data/misc/mailcow-setup-relayhost.sh
@@ -8,8 +8,10 @@ if [ "$EUID" -ne 0 ]
 	exit 1
 fi
 
-# move into mailcow-dockerized base directory
-cd ../../
+# Find script directory and move to base directory of mailcow-dockerized
+# so docker-compose is executed from the right location
+DIR=$(echo $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | sed 's/mailcow-dockerized.*/mailcow-dockerized/')
+cd $DIR
 
 if [[ ${1} == "reset" ]]; then
 	# Reset modified values to their defaults
@@ -62,7 +64,7 @@ else
 	sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf
 	if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf
 	then
-		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
+		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
 	else
 		echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >>  data/conf/postfix/main.cf
 	fi
@@ -72,10 +74,12 @@ else
 	else
 		echo "smtp_sasl_auth_enable = yes" >>  data/conf/postfix/main.cf
 	fi
-	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd"
-	# We can use anonymous and plain-text authentication, too (be warned)
-	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_security_options = "
-	docker-compose exec postfix-mailcow postconf -e "smtp_sasl_auth_enable = yes"
+	if grep -q "smtp_sasl_security_options" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_security_options =" >>  data/conf/postfix/main.cf
+	fi
 	if [[ ! -z ${3} ]]; then
 		echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd
 		docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd

From d350c009b9d120f5c764e872f8f5cd6756526b49 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Thu, 20 Apr 2017 19:53:56 +0200
Subject: [PATCH 07/55] Fix login redirect behind reverse proxy

---
 data/conf/nginx/site.conf | 20 ++++++++++++++------
 docs/first_steps.md       |  4 +++-
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index debc9c5e..145bef73 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -9,6 +9,10 @@ map $http_x_forwarded_port $maybe_real_port {
   default $http_x_forwarded_port;
   ''      $server_port;
 }
+map $http_x_forwarded_host $maybe_real_host {
+  default $http_x_forwarded_host;
+  ''      $host:$real_port;
+}
 map $realip_remote_addr $real_scheme {
   default $scheme;
   172.22.1.1 $maybe_real_scheme;
@@ -17,6 +21,10 @@ map $realip_remote_addr $real_port {
   default $server_port;
   172.22.1.1 $maybe_real_port;
 }
+map $realip_remote_addr $real_host {
+  default $scheme;
+  172.22.1.1 $maybe_real_host;
+}
 
 server {
   include /etc/nginx/conf.d/listen_ssl.active;
@@ -53,7 +61,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
+    rewrite ^ $real_scheme://$real_host/SOGo/dav;
     allow all;
   }
 
@@ -119,7 +127,7 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
     proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
@@ -133,7 +141,7 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
     proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
@@ -206,7 +214,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
+    rewrite ^ $real_scheme://$real_host/SOGo/dav;
     allow all;
   }
 
@@ -272,7 +280,7 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
     proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
@@ -286,7 +294,7 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
     proxy_set_header x-webobjects-server-port $real_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
diff --git a/docs/first_steps.md b/docs/first_steps.md
index 62773938..b64e5618 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -101,8 +101,8 @@ Recreate affected containers by running `docker-compose up -d`.
     [...]
     # You should proxy to a plain HTTP session to offload SSL processing
     ProxyPass / http://127.0.0.1:8080/
-    ProxyPassReverse / http://127.0.0.1:8080/
     ProxyPreserveHost Off
+    RequestHeader set X-Forwarded-Host "mail.example.org"
     RequestHeader set X-Forwarded-Proto "https"
     RequestHeader set X-Forwarded-Port "443"
     your-ssl-configuration-here
@@ -131,6 +131,7 @@ server {
         proxy_pass http://127.0.0.1:8080/;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-Port $server_port;
     }
@@ -146,6 +147,7 @@ frontend https-in
 
 backend mailcow
   option forwardfor
+  http-request set-header X-Forwarded-Host %[req.hdr(Host)]
   http-request set-header X-Forwarded-Proto https
   http-request set-header X-Forwarded-Port %[dst_port]
   server mailcow 127.0.0.1:8080 check

From e24862bdae65f5eb13b918b9ffa82e4d3c835661 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 20 Apr 2017 21:11:49 +0200
Subject: [PATCH 08/55] New reset admin routine

---
 docs/u_and_e.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/docs/u_and_e.md b/docs/u_and_e.md
index 3f52b05e..c0a7a804 100644
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -75,7 +75,7 @@ Beware that a mailbox user can login to mailcow and override a domain policy fil
 Make your changes in `data/Dockerfiles/$service` and build the image locally:
 
 ```
-docker build data/Dockerfiles/service -t andryyy/mailcow-dockerized:$service
+docker build data/Dockerfiles/service -t mailcow/$service
 ```
 
 Now auto-recreate modified containers:
@@ -311,14 +311,11 @@ Running `docker-compose down -v` will **destroy all mailcow: dockerized volumes*
 ## Reset admin password
 Reset mailcow admin to `admin:moohoo`:
 
-1\. Drop admin table
 ```
-source mailcow.conf
-docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;"
+cd mailcow_path
+bash reset_admin.sh
 ```
 
-2\. Open mailcow UI to auto-init the db
-
 ## Rspamd
 
 ### Learn spam and ham

From 01bcc5e6531d683c4e807b6e1ef346914097a525 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 20 Apr 2017 21:11:53 +0200
Subject: [PATCH 09/55] New reset admin routine

---
 reset_admin.sh | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 reset_admin.sh

diff --git a/reset_admin.sh b/reset_admin.sh
new file mode 100644
index 00000000..7ce1def8
--- /dev/null
+++ b/reset_admin.sh
@@ -0,0 +1,36 @@
+#/bin/bash
+if [[ ! -f mailcow.conf ]]; then
+        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
+        exit 1
+fi
+
+echo -n "Checking MySQL service... "
+docker-compose ps -q mysql-mailcow > /dev/null 2>&1
+
+if [[ $? -ne 0 ]]; then
+        echo "failed"
+        echo "MySQL (mysql-mailcow) is not up and running, exiting..."
+        exit 1
+fi
+
+echo "OK"
+read -r -p "Are you sure you want to reset the mailcow administrator account? [y/N] " response
+response=${response,,}    # tolower
+if [[ "$response" =~ ^(yes|y)$ ]]; then
+        echo -e "\nWorking, please wait..."
+        source mailcow.conf
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin;"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO admin (username, password, superadmin, created, modified, active) VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO domain_admins (username, domain, created, active) VALUES ('admin', 'ALL', NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='admin';"
+        echo "
+Reset credentials:
+---
+Username: admin
+Password: moohoo
+TFA: none
+"
+else
+        echo "Operation canceled."
+fi

From 7676fe2dd2e86767ff847406cdc26a4426192937 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 20 Apr 2017 21:12:59 +0200
Subject: [PATCH 10/55] New index, Fail2ban setup

---
 docs/first_steps.md | 78 +++++++++++++++++++++++++++++++++++++++++++++
 docs/index.md       |  5 ++-
 2 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index ab7876dc..22e4f192 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -158,6 +158,84 @@ docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd
 docker-compose exec postfix-mailcow postfix reload
 ```
 
+## Optional: Log to Syslog
+
+Enable Rsyslog to receive logs on 524/tcp:
+
+```
+# This setting depends on your Rsyslog version and configuration format.
+# For most Debian derivates it will work like this...
+$ModLoad imtcp
+$TCPServerAddress 127.0.0.1
+$InputTCPServerRun 524
+
+# ...while for Ubuntu 16.04 it looks like this:
+module(load="imtcp")
+input(type="imtcp" address="127.0.0.1" port="524")
+
+# No matter your Rsyslog version, you should set this option to off
+# if you plan to use Fail2ban
+$RepeatedMsgReduction off
+```
+
+Restart rsyslog after enabling the TCP listener.
+
+Now setup Docker daemon to start with the syslog driver.
+This enables the syslog driver for all containers!
+
+Debian users can change the startup configuration in `/etc/default/docker` while CentOS users find it in `/etc/sysconfig/docker`:
+```
+...
+DOCKER_OPTS="--log-driver=syslog --log-opt syslog-address=tcp://127.0.0.1:524"
+...
+```
+
+**Caution:** For some reason Ubuntu 16.04 and some, but not all, systemd based distros do not read the defaults file parameters.
+
+Just run `systemctl edit docker.service` and add the following content to fix it.
+
+**Note:** If "systemctl edit" is not available, just copy the content to `/etc/systemd/system/docker.service.d/override.conf`.
+
+The first empty ExecStart parameter is not a mistake.
+
+```
+[Service]
+EnvironmentFile=/etc/default/docker
+ExecStart=
+ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
+```
+
+Restart the Docker daemon and run `docker-compose down && docker-compose up -d` to recreate the containers.
+
+### Use Fail2ban
+
+**This is a subsection of "Log to Syslog", which is required for Fail2ban to work.**
+
+Open `/etc/fail2ban/filter.d/common.conf` and search for the prefix_line parameter, change it to ".*":
+
+```
+__prefix_line = .*
+```
+
+Create `/etc/fail2ban/jail.d/dovecot.conf`...
+```
+[dovecot]
+enabled = true
+filter  = dovecot
+logpath = /var/log/syslog
+chain = FORWARD
+```
+
+and `jail.d/postfix-sasl.conf`:
+```
+[postfix-sasl]
+enabled = true
+filter  = postfix-sasl
+logpath = /var/log/syslog
+chain = FORWARD
+```
+
+Restart Fail2ban.
 
 ## Install a local MTA
 
diff --git a/docs/index.md b/docs/index.md
index f4aea569..4a5943f0 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,6 +1,8 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 
-[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JWBSYHF4SMC68)
+[![Servercow](https://www.servercow.de/img/cow_globe_200.svg)](https://www.servercow.de)
+
+If you want to support mailcow, consider hosting mailcow on a Servercow virtual machine @ Servercow!
 
 ## Screenshots
 
@@ -30,6 +32,7 @@ mailcow dockerized comes with **11 containers** linked in **one bridged network*
 - mysql-vol-1
 - rspamd-vol-1
 - postfix-vol-1
+- crypt-vol-1
 
 The integrated **mailcow UI** allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:
 

From cae7ff7816e6a79300665e3117b7594d89d4dffc Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 20 Apr 2017 21:13:41 +0200
Subject: [PATCH 11/55] Initial clamd container

---
 data/Dockerfiles/clamav/Dockerfile   | 16 ++++++--------
 data/Dockerfiles/clamav/bootstrap.sh | 32 ++--------------------------
 data/Dockerfiles/clamav/dl_files.sh  | 32 ++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 40 deletions(-)
 create mode 100755 data/Dockerfiles/clamav/dl_files.sh

diff --git a/data/Dockerfiles/clamav/Dockerfile b/data/Dockerfiles/clamav/Dockerfile
index 5fc44d9a..170b7d8f 100755
--- a/data/Dockerfiles/clamav/Dockerfile
+++ b/data/Dockerfiles/clamav/Dockerfile
@@ -1,8 +1,8 @@
-FROM debian:latest
+FROM debian:stretch-slim
 MAINTAINER https://m-ko.de Markus Kosmal <code@cnfg.io>
 
 # Debian Base to use
-ENV DEBIAN_VERSION jessie
+ENV DEBIAN_VERSION stretch
 
 # initial install of av daemon
 RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
@@ -13,15 +13,14 @@ RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-fr
         clamav-daemon \
         clamav-freshclam \
         libclamunrar7 \
-        wget && \
+        curl && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
 # initial update of av databases
-RUN wget -O /var/lib/clamav/main.cvd http://db.local.clamav.net/main.cvd && \
-    wget -O /var/lib/clamav/daily.cvd http://db.local.clamav.net/daily.cvd && \
-    wget -O /var/lib/clamav/bytecode.cvd http://db.local.clamav.net/bytecode.cvd && \
-    chown clamav:clamav /var/lib/clamav/*.cvd
+COPY dl_files.sh /dl_files.sh
+RUN chmod +x /dl_files.sh
+RUN /dl_files.sh
 
 # permission juggling
 RUN mkdir /var/run/clamav && \
@@ -33,9 +32,6 @@ RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \
     echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
     sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf
 
-# volume provision
-VOLUME ["/var/lib/clamav"]
-
 # port provision
 EXPOSE 3310
 
diff --git a/data/Dockerfiles/clamav/bootstrap.sh b/data/Dockerfiles/clamav/bootstrap.sh
index 635e93ea..bc5d1b32 100755
--- a/data/Dockerfiles/clamav/bootstrap.sh
+++ b/data/Dockerfiles/clamav/bootstrap.sh
@@ -1,35 +1,7 @@
 #!/bin/bash
-# bootstrap clam av service and clam av database updater shell script
-# presented by mko (Markus Kosmal<code@cnfg.io>)
-set -m
+trap "kill 0" SIGINT
 
-# start clam service itself and the updater in background as daemon
 freshclam -d &
 clamd &
 
-# recognize PIDs
-pidlist=`jobs -p`
-
-# initialize latest result var
-latest_exit=0
-
-# define shutdown helper
-function shutdown() {
-    trap "" SUBS
-
-    for single in $pidlist; do
-        if ! kill -0 $pidlist 2>/dev/null; then
-            wait $pidlist
-            exitcode=$?
-        fi
-    done
-
-    kill $pidlist 2>/dev/null
-}
-
-# run shutdown
-trap terminate SUBS
-wait
-
-# return received result
-exit $latest_exit
+sleep inf
diff --git a/data/Dockerfiles/clamav/dl_files.sh b/data/Dockerfiles/clamav/dl_files.sh
new file mode 100755
index 00000000..09d61241
--- /dev/null
+++ b/data/Dockerfiles/clamav/dl_files.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare -a DB_MIRRORS=(
+  "switch.clamav.net"
+  "clamavdb.heanet.ie"
+  "clamav.iol.cz"
+  "clamav.univ-nantes.fr"
+  "clamav.easynet.fr"
+  "clamav.begi.net"
+)
+declare -a DB_MIRRORS=( $(shuf -e "${DB_MIRRORS[@]}") )
+
+DB_FILES=(
+  "bytecode.cvd"
+  "daily.cvd"
+  "main.cvd"
+)
+
+for i in "${DB_MIRRORS[@]}"; do
+  for j in "${DB_FILES[@]}"; do
+  [[ -f "/var/lib/clamav/${j}" && -s "/var/lib/clamav/${j}" ]] && continue;
+  if [[ $(curl -o /dev/null --connect-timeout 1 \
+    --max-time 1 \
+    --silent \
+    --head \
+    --write-out "%{http_code}\n" "${i}/${j}") == 200 ]]; then
+    curl "${i}/${j}" -o "/var/lib/clamav/${j}" -#
+  fi
+  done
+done
+
+chown clamav:clamav /var/lib/clamav/*.cvd

From babad4f13732aa86a4ee082661cb4f1b7de0fae3 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 20 Apr 2017 21:14:20 +0200
Subject: [PATCH 12/55] Anti-Virus local configuration for Rspamd, container
 not enabled by default

---
 data/conf/rspamd/local.d/antivirus.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 data/conf/rspamd/local.d/antivirus.conf

diff --git a/data/conf/rspamd/local.d/antivirus.conf b/data/conf/rspamd/local.d/antivirus.conf
new file mode 100644
index 00000000..51bc46f9
--- /dev/null
+++ b/data/conf/rspamd/local.d/antivirus.conf
@@ -0,0 +1,8 @@
+clamav {
+  attachments_only = false;
+  max_size = 20000000;
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  log_clean = true;
+  servers = "clamd:3310";
+}

From 95cbfe366130023acaa42f59617dd6d9e11a53bc Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 21 Apr 2017 10:19:07 +0200
Subject: [PATCH 13/55] Move mail to spam when DKIM fails, ignore when
 white/blacklist and honor other actions

---
 data/conf/rspamd/local.d/force_actions.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 data/conf/rspamd/local.d/force_actions.conf

diff --git a/data/conf/rspamd/local.d/force_actions.conf b/data/conf/rspamd/local.d/force_actions.conf
new file mode 100644
index 00000000..7b97e437
--- /dev/null
+++ b/data/conf/rspamd/local.d/force_actions.conf
@@ -0,0 +1,7 @@
+rules {
+  DKIM_FAIL {
+    action = "add header";
+    expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
+    require_action = ["no action", "greylist"];
+  }
+}

From be28877f685d764be8f9ef39331cac44fe5e3213 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 21 Apr 2017 10:19:24 +0200
Subject: [PATCH 14/55] Remove permanent moo symbol

---
 data/conf/rspamd/lua/rspamd.local.lua | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
index 7d6aaa20..09cf9d10 100644
--- a/data/conf/rspamd/lua/rspamd.local.lua
+++ b/data/conf/rspamd/lua/rspamd.local.lua
@@ -7,10 +7,6 @@ rspamd_config.MAILCOW_AUTH = {
 	end
 }
 
-rspamd_config.MAILCOW_MOO = function (task)
-	return true
-end
-
 modify_subject_map = rspamd_config:add_map({
   url = 'http://172.22.1.251:8081/tags.php',
   type = 'map',

From 8adcc4fcd3668c48a45372a81cd2b62c92b01dc0 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 21 Apr 2017 10:19:45 +0200
Subject: [PATCH 15/55] Force add mailcow_black/white

---
 data/conf/rspamd/dynmaps/settings.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 9be1f696..21377e00 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -207,8 +207,11 @@ while ($row = array_shift($rows)) {
 	}
 ?>
 		apply "default" {
-			MAILCOW_MOO = -999.0;
+			MAILCOW_WHITE = -999.0;
 		}
+		symbols [
+			"MAILCOW_WHITE"
+		]
 	}
 <?php
 }
@@ -302,10 +305,13 @@ while ($row = array_shift($rows)) {
 	}
 ?>
 		apply "default" {
-			MAILCOW_MOO = 999.0;
+			MAILCOW_BLACK = 999.0;
 		}
+		symbols [
+			"MAILCOW_BLACK"
+		]
 	}
 <?php
 }
 ?>
-}
\ No newline at end of file
+}

From 790c92237524ba99efb359fa5bc4b48082ca256b Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 21 Apr 2017 10:20:31 +0200
Subject: [PATCH 16/55] New db init system

---
 data/web/inc/functions.inc.php     | 153 ++------
 data/web/inc/init_db.inc.php       | 584 +++++++++++++++++++++++++++++
 data/web/inc/prerequisites.inc.php |  17 +-
 3 files changed, 621 insertions(+), 133 deletions(-)
 create mode 100644 data/web/inc/init_db.inc.php

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 465ab2ac..a7f8f54f 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -62,69 +62,6 @@ function hasMailboxObjectAccess($username, $role, $object) {
 	}
 	return false;
 }
-function init_db_schema() {
-  // This will be much better in future releases...
-	global $pdo;
-	try {
-		$stmt = $pdo->prepare("SELECT NULL FROM `admin`, `imapsync`, `tfa`");
-		$stmt->execute();
-	}
-	catch (Exception $e) {
-		$lines = file('/web/inc/init.sql');
-		$data = '';
-		foreach ($lines as $line) {
-			if (substr($line, 0, 2) == '--' || $line == '') {
-				continue;
-			}
-			$data .= $line;
-			if (substr(trim($line), -1, 1) == ';') {
-				$pdo->query($data);
-				$data = '';
-			}
-		}
-    // Create index if not exists
-		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_folder_id_idx'");
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		if ($num_results == 0) {
-			$pdo->query("CREATE INDEX sogo_acl_c_folder_id_idx ON sogo_acl(c_folder_id)");
-		}
-		$stmt = $pdo->query("SHOW INDEX FROM sogo_acl WHERE KEY_NAME = 'sogo_acl_c_uid_idx'");
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		if ($num_results == 0) {
-			$pdo->query("CREATE INDEX sogo_acl_c_uid_idx ON sogo_acl(c_uid)");
-		}
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => 'Database initialization completed.'
-		);
-	}
-  // Add newly added columns
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'kind'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `kind` VARCHAR(100) NOT NULL DEFAULT ''");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'multiple_bookings'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `multiple_bookings` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `imapsync` LIKE 'delete1'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `imapsync` ADD `delete1` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'wants_tagged_subject'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `mailbox` ADD `wants_tagged_subject` tinyint(1) NOT NULL DEFAULT '0'");
-  }
-  $stmt = $pdo->query("SHOW COLUMNS FROM `tfa` LIKE 'key_id'");
-  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-  if ($num_results == 0) {
-    $pdo->query("ALTER TABLE `tfa` ADD `key_id` VARCHAR(255) DEFAULT 'unidentified'");
-  }
-}
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
 	$hash = ltrim($hash, '{SSHA256}');
@@ -287,13 +224,11 @@ function edit_admin_account($postarray) {
 		$password_hashed = hash_password($password);
 		try {
 			$stmt = $pdo->prepare("UPDATE `admin` SET 
-				`modified` = :modified,
 				`password` = :password_hashed,
 				`username` = :username1
 					WHERE `username` = :username2");
 			$stmt->execute(array(
 				':password_hashed' => $password_hashed,
-				':modified' => date('Y-m-d H:i:s'),
 				':username1' => $username,
 				':username2' => $username_now
 			));
@@ -309,12 +244,10 @@ function edit_admin_account($postarray) {
 	else {
 		try {
 			$stmt = $pdo->prepare("UPDATE `admin` SET 
-				`modified` = :modified,
 				`username` = :username1
 					WHERE `username` = :username2");
 			$stmt->execute(array(
 				':username1' => $username,
-				':modified' => date('Y-m-d H:i:s'),
 				':username2' => $username_now
 			));
 		}
@@ -608,10 +541,9 @@ function edit_user_account($postarray) {
 			}
 			$password_hashed = hash_password($password_new);
 			try {
-				$stmt = $pdo->prepare("UPDATE `mailbox` SET `modified` = :modified, `password` = :password_hashed WHERE `username` = :username");
+				$stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed WHERE `username` = :username");
 				$stmt->execute(array(
 					':password_hashed' => $password_hashed,
-					':modified' => date('Y-m-d H:i:s'),
 					':username' => $username
 				));
 			}
@@ -1633,13 +1565,11 @@ function add_domain_admin($postarray) {
 			}
 		}
 		try {
-			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-				VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
+			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+				VALUES (:username, :password_hashed, '0', :active)");
 			$stmt->execute(array(
 				':username' => $username,
 				':password_hashed' => $password_hashed,
-				':created' => date('Y-m-d H:i:s'),
-				':modified' => date('Y-m-d H:i:s'),
 				':active' => $active
 			));
 		}
@@ -2228,12 +2158,11 @@ function edit_domain_admin($postarray) {
       }
       $password_hashed = hash_password($password);
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username2");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `active` = :active, `password` = :password_hashed WHERE `username` = :username2");
         $stmt->execute(array(
           ':password_hashed' => $password_hashed,
           ':username1' => $username,
           ':username2' => $username_now,
-          ':modified' => date('Y-m-d H:i:s'),
           ':active' => $active
         ));
         if (isset($postarray['disable_tfa'])) {
@@ -2255,11 +2184,10 @@ function edit_domain_admin($postarray) {
     }
     else {
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `modified` = :modified, `active` = :active WHERE `username` = :username2");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username1, `active` = :active WHERE `username` = :username2");
         $stmt->execute(array(
           ':username1' => $username,
           ':username2' => $username_now,
-          ':modified' => date('Y-m-d H:i:s'),
           ':active' => $active
         ));
         if (isset($postarray['disable_tfa'])) {
@@ -2321,10 +2249,9 @@ function edit_domain_admin($postarray) {
       }
       $password_hashed = hash_password($password_new);
       try {
-        $stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `password` = :password_hashed WHERE `username` = :username");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
         $stmt->execute(array(
           ':password_hashed' => $password_hashed,
-          ':modified' => date('Y-m-d H:i:s'),
           ':username' => $username
         ));
       }
@@ -2356,7 +2283,7 @@ function get_admin_details() {
     return false;
   }
   try {
-    $stmt = $pdo->prepare("SELECT `username`, `modified`, `created` FROM `admin`WHERE `superadmin`='1' AND active='1'");
+    $stmt = $pdo->prepare("SELECT `username`, `modified`, `created` FROM `admin` WHERE `superadmin`='1' AND active='1'");
     $stmt->execute();
     $data = $stmt->fetch(PDO::FETCH_ASSOC);
   }
@@ -2601,8 +2528,8 @@ function mailbox_add_domain($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `created`, `modified`, `active`, `relay_all_recipients`)
-			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :created, :modified, :active, :relay_all_recipients)");
+		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `active`, `relay_all_recipients`)
+			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :active, :relay_all_recipients)");
 		$stmt->execute(array(
 			':domain' => $domain,
 			':description' => $description,
@@ -2612,8 +2539,6 @@ function mailbox_add_domain($postarray) {
 			':quota' => $quota,
 			':backupmx' => $backupmx,
 			':active' => $active,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':relay_all_recipients' => $relay_all_recipients
 		));
 		$_SESSION['return'] = array(
@@ -2789,16 +2714,14 @@ function mailbox_add_alias($postarray) {
 		$goto = implode(",", $gotos);
 
 		try {
-			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-				VALUES (:address, :goto, :domain, :created, :modified, :active)");
+			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`)
+				VALUES (:address, :goto, :domain, :active)");
 
 			if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
 				$stmt->execute(array(
 					':address' => '@'.$domain,
 					':goto' => $goto,
 					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
 					':active' => $active
 				));
 			}
@@ -2807,8 +2730,6 @@ function mailbox_add_alias($postarray) {
 					':address' => $address,
 					':goto' => $goto,
 					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
 					':active' => $active
 				));
 			}
@@ -2909,13 +2830,11 @@ function mailbox_add_alias_domain($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`)
-			VALUES (:alias_domain, :target_domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `active`)
+			VALUES (:alias_domain, :target_domain, :active)");
 		$stmt->execute(array(
 			':alias_domain' => $alias_domain,
 			':target_domain' => $target_domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 		$_SESSION['return'] = array(
@@ -3118,8 +3037,8 @@ function mailbox_add_mailbox($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) 
-			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`) 
+			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :active)");
 		$stmt->execute(array(
 			':username' => $username,
 			':password_hashed' => $password_hashed,
@@ -3128,8 +3047,6 @@ function mailbox_add_mailbox($postarray) {
 			':quota_b' => $quota_b,
 			':local_part' => $local_part,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 
@@ -3137,14 +3054,12 @@ function mailbox_add_mailbox($postarray) {
 			VALUES (:username, '0', '0')");
 		$stmt->execute(array(':username' => $username));
 
-		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-			VALUES (:username1, :username2, :domain, :created, :modified, :active)");
+		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `active`)
+			VALUES (:username1, :username2, :domain, :active)");
 		$stmt->execute(array(
 			':username1' => $username,
 			':username2' => $username,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 
@@ -3274,15 +3189,13 @@ function mailbox_add_resource($postarray) {
 	}
 
 	try {
-		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`, `multiple_bookings`, `kind`) 
-			VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :created, :modified, :active, :multiple_bookings, :kind)");
+		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`, `multiple_bookings`, `kind`) 
+			VALUES (:name, 'RESOURCE', :description, 'RESOURCE', 0, :local_part, :domain, :active, :multiple_bookings, :kind)");
 		$stmt->execute(array(
 			':name' => $name,
 			':description' => $description,
 			':local_part' => $local_part,
 			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active,
 			':kind' => $kind,
 			':multiple_bookings' => $multiple_bookings
@@ -3373,12 +3286,10 @@ function mailbox_edit_alias_domain($postarray) {
 	try {
 		$stmt = $pdo->prepare("UPDATE `alias_domain` SET
       `alias_domain` = :alias_domain,
-      `active` = :active,
-      `modified` = :modified
+      `active` = :active
         WHERE `alias_domain` = :alias_domain_now");
 		$stmt->execute(array(
 			':alias_domain' => $alias_domain,
-      ':modified' => date('Y-m-d H:i:s'),
 			':alias_domain_now' => $alias_domain_now,
 			':active' => $active
 		));
@@ -3454,14 +3365,12 @@ function mailbox_edit_alias($postarray) {
 	try {
 		$stmt = $pdo->prepare("UPDATE `alias` SET
       `goto` = :goto,
-      `active`= :active,
-      `modified` = :modified
+      `active`= :active
         WHERE `address` = :address");
 		$stmt->execute(array(
 			':goto' => $goto,
 			':active' => $active,
-			':address' => $address,
-      ':modified' => date('Y-m-d H:i:s'),
+			':address' => $address
 		));
 		$_SESSION['return'] = array(
 			'type' => 'success',
@@ -3506,11 +3415,9 @@ function mailbox_edit_domain($postarray) {
     isset($postarray['active']) ? $active = '1' : $active = '0';
     try {
       $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
       `description` = :description
         WHERE `domain` = :domain");
       $stmt->execute(array(
-        ':modified' => date('Y-m-d H:i:s'),
         ':description' => $description,
         ':domain' => $domain
       ));
@@ -3614,7 +3521,6 @@ function mailbox_edit_domain($postarray) {
     }
     try {
       $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
       `relay_all_recipients` = :relay_all_recipients,
       `backupmx` = :backupmx,
       `active` = :active,
@@ -3632,7 +3538,6 @@ function mailbox_edit_domain($postarray) {
         ':maxquota' => $maxquota,
         ':mailboxes' => $mailboxes,
         ':aliases' => $aliases,
-        ':modified' => date('Y-m-d H:i:s'),
         ':description' => $description,
         ':domain' => $domain
       ));
@@ -3844,23 +3749,19 @@ function mailbox_edit_mailbox($postarray) {
 		$password_hashed = hash_password($password);
 		try {
 			$stmt = $pdo->prepare("UPDATE `alias` SET
-					`modified` = :modified,
 					`active` = :active
 						WHERE `address` = :address");
 			$stmt->execute(array(
 				':address' => $username,
-				':modified' => date('Y-m-d H:i:s'),
 				':active' => $active
 			));
 			$stmt = $pdo->prepare("UPDATE `mailbox` SET
-					`modified` = :modified,
 					`active` = :active,
 					`password` = :password_hashed,
 					`name`= :name,
 					`quota` = :quota_b
 						WHERE `username` = :username");
 			$stmt->execute(array(
-				':modified' => date('Y-m-d H:i:s'),
 				':password_hashed' => $password_hashed,
 				':active' => $active,
 				':name' => $name,
@@ -3883,23 +3784,19 @@ function mailbox_edit_mailbox($postarray) {
 	}
 	try {
 		$stmt = $pdo->prepare("UPDATE `alias` SET
-				`modified` = :modified,
 				`active` = :active
 					WHERE `address` = :address");
 		$stmt->execute(array(
 			':address' => $username,
-			':modified' => date('Y-m-d H:i:s'),
 			':active' => $active
 		));
 		$stmt = $pdo->prepare("UPDATE `mailbox` SET
-				`modified` = :modified,
 				`active` = :active,
 				`name`= :name,
 				`quota` = :quota_b
 					WHERE `username` = :username");
 		$stmt->execute(array(
 			':active' => $active,
-			':modified' => date('Y-m-d H:i:s'),
 			':name' => $name,
 			':quota_b' => $quota_b,
 			':username' => $username
@@ -3962,7 +3859,6 @@ function mailbox_edit_resource($postarray) {
 
 	try {
 		$stmt = $pdo->prepare("UPDATE `mailbox` SET
-				`modified` = :modified,
 				`active` = :active,
 				`name`= :description,
 				`kind`= :kind,
@@ -3970,7 +3866,6 @@ function mailbox_edit_resource($postarray) {
           WHERE `username` = :name");
 		$stmt->execute(array(
 			':active' => $active,
-			':modified' => date('Y-m-d H:i:s'),
 			':description' => $description,
 			':multiple_bookings' => $multiple_bookings,
 			':kind' => $kind,
@@ -4796,12 +4691,10 @@ function mailbox_delete_mailbox($postarray) {
 			}
 			$gotos_rebuild = implode(',', $goto_exploded);
 			$stmt = $pdo->prepare("UPDATE `alias` SET
-        `goto` = :goto,
-        `modified` = :modified,
+        `goto` = :goto
           WHERE `address` = :address");
 			$stmt->execute(array(
 				':goto' => $gotos_rebuild,
-        ':modified' => date('Y-m-d H:i:s'),
 				':address' => $gotos['address']
 			));
 		}
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
new file mode 100644
index 00000000..37c04a12
--- /dev/null
+++ b/data/web/inc/init_db.inc.php
@@ -0,0 +1,584 @@
+<?php
+function init_db_schema() {
+  try {
+    global $pdo;
+
+    $db_version = "20042017_1926";
+
+    $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); 
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $stmt = $pdo->query("SELECT `version` FROM `versions`");
+      if ($stmt->fetch(PDO::FETCH_ASSOC)['version'] == $db_version) {
+        return true;
+      }
+    }
+
+    $views = array(
+    "grouped_mail_aliases" => "CREATE VIEW grouped_mail_aliases (username, aliases) AS
+      SELECT goto, IFNULL(GROUP_CONCAT(address SEPARATOR ' '), '') AS address FROM alias
+      WHERE address!=goto
+      AND active = '1'
+      AND address NOT LIKE '@%'
+      GROUP BY goto;",
+    "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as) AS
+      SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as FROM sender_acl
+      WHERE send_as NOT LIKE '@%'
+      GROUP BY logged_in_as;",
+    "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
+      SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
+      LEFT OUTER JOIN alias_domain on target_domain=domain GROUP BY username;"
+    );
+
+    $tables = array(
+      "versions" => array(
+        "cols" => array(
+          "application" => "VARCHAR(255) NOT NULL",
+          "version" => "VARCHAR(100) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("application")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "admin" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "superadmin" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sender_acl" => array(
+        "cols" => array(
+          "logged_in_as" => "VARCHAR(255) NOT NULL",
+          "send_as" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain" => array(
+        "cols" => array(
+          "domain" => "VARCHAR(255) NOT NULL",
+          "description" => "VARCHAR(255)",
+          "aliases" => "INT(10) NOT NULL DEFAULT '0'",
+          "mailboxes" => "INT(10) NOT NULL DEFAULT '0'",
+          "maxquota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "transport" => "VARCHAR(255) NOT NULL",
+          "backupmx" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "alias_domain" => array(
+        "cols" => array(
+          "alias_domain" => "VARCHAR(255) NOT NULL",
+          "target_domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("alias_domain")
+          ),
+          "key" => array(
+            "active" => array("active"),
+            "target_domain" => array("target_domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "spamalias" => array(
+        "cols" => array(
+          "address" => "VARCHAR(255) NOT NULL",
+          "goto" => "TEXT NOT NULL",
+          "validity" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("address")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "filterconf" => array(
+        "cols" => array(
+          "object" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "option" => "VARCHAR(50) NOT NULL DEFAULT ''",
+          "value" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "prefid" => "INT(11) NOT NULL AUTO_INCREMENT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("prefid")
+          ),
+          "key" => array(
+            "object" => array("object")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "quota2" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "bytes" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "messages" => "BIGINT(20) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "mailbox" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "password" => "VARCHAR(255) NOT NULL",
+          "name" => "VARCHAR(255)",
+          "maildir" => "VARCHAR(255) NOT NULL",
+          "quota" => "BIGINT(20) NOT NULL DEFAULT '0'",
+          "local_part" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
+          "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "wants_tagged_subject" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("username")
+          ),
+          "key" => array(
+            "domain" => array("domain")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "domain_admins" => array(
+        "cols" => array(
+          "username" => "VARCHAR(255) NOT NULL",
+          "domain" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
+        ),
+        "keys" => array(
+          "key" => array(
+            "username" => array("username")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "imapsync" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "user2" => "VARCHAR(255) NOT NULL",
+          "host1" => "VARCHAR(255) NOT NULL",
+          "authmech1" => "ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN'",
+          "regextrans2" => "VARCHAR(255) DEFAULT ''",
+          "authmd51" => "TINYINT(1) NOT NULL DEFAULT 0",
+          "domain2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "subfolder2" => "VARCHAR(255) NOT NULL DEFAULT ''",
+          "user1" => "VARCHAR(255) NOT NULL",
+          "password1" => "VARCHAR(255) NOT NULL",
+          "exclude" => "VARCHAR(500) NOT NULL DEFAULT ''",
+          "maxage" => "SMALLINT NOT NULL DEFAULT '0'",
+          "mins_interval" => "VARCHAR(50) NOT NULL",
+          "port1" => "SMALLINT NOT NULL",
+          "enc1" => "ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS'",
+          "delete2duplicates" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "returned_text" => "TEXT",
+          "last_run" => "TIMESTAMP NULL DEFAULT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "tfa" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "username" => "VARCHAR(255) NOT NULL",
+          "authmech" => "ENUM('yubi_otp', 'u2f', 'hotp', 'totp')",
+          "secret" => "VARCHAR(255) DEFAULT NULL",
+          "keyHandle" => "VARCHAR(255) DEFAULT NULL",
+          "publicKey" => "VARCHAR(255) DEFAULT NULL",
+          "counter" => "INT NOT NULL DEFAULT '0'",
+          "certificate" => "TEXT",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_acl" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_object" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_role" => "VARCHAR(80) NOT NULL"
+        ),
+        "keys" => array(
+          "key" => array(
+            "sogo_acl_c_folder_id_idx" => array("c_folder_id"),
+            "sogo_acl_c_uid_idx" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_alarms_folder" => array(
+        "cols" => array(
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_recurrence_id" => "INT(11) DEFAULT NULL",
+          "c_alarm_number" => "INT(11) NOT NULL",
+          "c_alarm_date" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_cache_folder" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_parent_path" => "VARCHAR(255) DEFAULT NULL",
+          "c_type" => "TINYINT(3) unsigned NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastmodified" => "INT(11) NOT NULL",
+          "c_version" => "INT(11) NOT NULL DEFAULT '0'",
+          "c_deleted" => "TINYINT(4) NOT NULL DEFAULT '0'",
+          "c_content" => "LONGTEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid", "c_path")
+          ),
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_folder_info" => array(
+        "cols" => array(
+          "c_folder_id" => "BIGINT(20) unsigned NOT NULL AUTO_INCREMENT",
+          "c_path" => "VARCHAR(255) NOT NULL",
+          "c_path1" => "VARCHAR(255) NOT NULL",
+          "c_path2" => "VARCHAR(255) DEFAULT NULL",
+          "c_path3" => "VARCHAR(255) DEFAULT NULL",
+          "c_path4" => "VARCHAR(255) DEFAULT NULL",
+          "c_foldername" => "VARCHAR(255) NOT NULL",
+          "c_location" => "INT NULL",
+          "c_quick_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_acl_location" => "VARCHAR(2048) DEFAULT NULL",
+          "c_folder_type" => "VARCHAR(255) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_path")
+          ),
+          "unique" => array(
+            "c_folder_id" => array("c_folder_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_appointment" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_startdate" => "INT",
+          "c_enddate" => "INT",
+          "c_cycleenddate" => "INT",
+          "c_title" => "VARCHAR(1000) NOT NULL",
+          "c_participants" => "TEXT",
+          "c_isallday" => "INT",
+          "c_iscycle" => "INT",
+          "c_cycleinfo" => "TEXT",
+          "c_classification" => "INT NOT NULL",
+          "c_isopaque" => "INT NOT NULL",
+          "c_status" => "INT NOT NULL",
+          "c_priority" => "INT",
+          "c_location" => "VARCHAR(255)",
+          "c_orgmail" => "VARCHAR(255)",
+          "c_partmails" => "TEXT",
+          "c_partstates" => "TEXT",
+          "c_category" => "VARCHAR(255)",
+          "c_sequence" => "INT",
+          "c_component" => "VARCHAR(10) NOT NULL",
+          "c_nextalarm" => "INT",
+          "c_description" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_quick_contact" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_givenname" => "VARCHAR(255)",
+          "c_cn" => "VARCHAR(255)",
+          "c_sn" => "VARCHAR(255)",
+          "c_screenname" => "VARCHAR(255)",
+          "c_l" => "VARCHAR(255)",
+          "c_mail" => "VARCHAR(255)",
+          "c_o" => "VARCHAR(255)",
+          "c_ou" => "VARCHAR(255)",
+          "c_telephonenumber" => "VARCHAR(255)",
+          "c_categories" => "VARCHAR(255)",
+          "c_component" => "VARCHAR(10) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_sessions_folder" => array(
+        "cols" => array(
+          "c_id" => "VARCHAR(255) NOT NULL",
+          "c_value" => "VARCHAR(255) NOT NULL",
+          "c_creationdate" => "INT(11) NOT NULL",
+          "c_lastseen" => "INT(11) NOT NULL"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_id")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_store" => array(
+        "cols" => array(
+          "c_folder_id" => "INT NOT NULL",
+          "c_name" => "VARCHAR(255) NOT NULL",
+          "c_content" => "MEDIUMTEXT NOT NULL",
+          "c_creationdate" => "INT NOT NULL",
+          "c_lastmodified" => "INT NOT NULL",
+          "c_version" => "INT NOT NULL",
+          "c_deleted" => "INT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_folder_id", "c_name")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
+      "sogo_user_profile" => array(
+        "cols" => array(
+          "c_uid" => "VARCHAR(255) NOT NULL",
+          "c_defaults" => "TEXT",
+          "c_settings" => "TEXT"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("c_uid")
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      )
+    );
+
+    foreach ($tables as $table => $properties) {
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
+      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        foreach($properties['cols'] as $column => $type) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "` LIKE '" . $column . "'"); 
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` ADD `" . $column . "` " . $type);
+          }
+          else {
+            $pdo->query("ALTER TABLE `" . $table . "` MODIFY COLUMN `" . $column . "` " . $type);
+          }
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP PRIMARY KEY, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD PRIMARY KEY (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+          if (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'"); 
+              $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+              $is_drop = ($num_results != 0) ? "DROP INDEX `" . $key_name . "`, " : "";
+              $pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
+            }
+          }
+        }
+        // Drop all vanished columns
+        $stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`"); 
+        $cols_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
+        while ($row = array_shift($cols_in_table)) {
+          if (!array_key_exists($row['Field'], $properties['cols'])) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP COLUMN `" . $row['Field'] . "`;");
+          }
+        }
+
+        // Step 1: Get all non-primary keys, that currently exist and those that should exist
+        $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE `Key_name` != 'PRIMARY'"); 
+        $keys_in_table = $stmt->fetchAll(PDO::FETCH_ASSOC); 
+        $keys_to_exist = array();
+        if (isset($properties['keys']['unique']) && is_array($properties['keys']['unique'])) {
+          foreach ($properties['keys']['unique'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        if (isset($properties['keys']['key']) && is_array($properties['keys']['key'])) {
+          foreach ($properties['keys']['key'] as $key_name => $key_values) {
+             $keys_to_exist[] = $key_name;
+          }
+        }
+        // Step 2: Drop all vanished indexes
+        while ($row = array_shift($keys_in_table)) {
+          if (!in_array($row['Key_name'], $keys_to_exist)) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
+          }
+        }
+        // Step 3: Drop all vanished primary keys
+        if (!isset($properties['keys']['primary'])) {
+          $stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = 'PRIMARY'"); 
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $pdo->query("ALTER TABLE `" . $table . "` DROP PRIMARY KEY");
+          }
+        }
+      }
+      else {
+        // Create table if it is missing
+        $sql = "CREATE TABLE IF NOT EXISTS `" . $table . "` (";
+        foreach($properties['cols'] as $column => $type) {
+          $sql .= $column . " " . $type . ",";
+        }
+        foreach($properties['keys'] as $key_type => $key_content) {
+          if (strtolower($key_type) == 'primary') {
+            foreach ($key_content as $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "PRIMARY KEY (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'key') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+          elseif (strtolower($key_type) == 'unique') {
+            foreach ($key_content as $key_name => $key_values) {
+              $fields = "`" . implode("`, `", $key_values) . "`";
+              $sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
+            }
+          }
+        }
+        $sql = rtrim($sql, ",");
+        $sql .= ") " . $properties['attr'];
+        $pdo->query($sql);
+      }
+      // Reset table attributes
+      $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+    }
+
+    // Recreate SQL views
+    foreach ($views as $view => $create) {
+      $pdo->query("DROP VIEW IF EXISTS `" . $view . "`;");
+      $pdo->query($create);
+    }
+
+    // Inject admin if not exists
+    $stmt = $pdo->query("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+      SELECT 'admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1
+        WHERE NOT EXISTS (SELECT * FROM `admin`);");
+    $stmt = $pdo->query("DELETE FROM `domain_admins`;");
+    $stmt = $pdo->query("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        SELECT `username`, 'ALL', NOW(), 1 FROM `admin`
+          WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);"); 
+
+    // Insert new DB schema version
+    $stmt = $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');"); 
+
+    $_SESSION['return'] = array(
+      'type' => 'success',
+      'msg' => 'Database initialisation completed'
+    );
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'Database initialisation failed: ' . $e->getMessage()
+    );
+  }
+}
+?>
\ No newline at end of file
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 1959ae18..c766e780 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -29,18 +29,28 @@ require_once 'inc/lib/U2F.php';
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['SERVER_NAME']);
 
 // PDO
-$dsn = "$database_type:host=$database_host;dbname=$database_name";
+// Calculate offset
+$now = new DateTime();
+$mins = $now->getOffset() / 60;
+$sgn = ($mins < 0 ? -1 : 1);
+$mins = abs($mins);
+$hrs = floor($mins / 60);
+$mins -= $hrs * 60;
+$offset = sprintf('%+d:%02d', $hrs*$sgn, $mins);
+
+$dsn = $database_type . ":host=" . $database_host . ";dbname=" . $database_name;
 $opt = [
     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
     PDO::ATTR_EMULATE_PREPARES   => false,
+    PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone = '" . $offset . "'",
 ];
 try {
 	$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 }
 catch (PDOException $e) {
 ?>
-<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>🐮 Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/>  <?=$e->getMessage();?></center>
+<center style='font-family: "Lucida Sans Unicode", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif;'>?? Connection failed, database may be in warm-up state, please try again later.<br /><br />The following error was reported:<br/>  <?=$e->getMessage();?></center>
 <?php
 exit;
 }
@@ -106,5 +116,6 @@ if (isset($_GET['lang'])) {
 require_once 'lang/lang.en.php';
 include 'lang/lang.'.$_SESSION['mailcow_locale'].'.php';
 require_once 'inc/functions.inc.php';
+require_once 'inc/init_db.inc.php';
 require_once 'inc/triggers.inc.php';
-(!isset($_SESSION['mailcow_cc_username'])) ? init_db_schema() : null;
+init_db_schema();

From d901bd453b8373e00cace8116b97cb6224b14f95 Mon Sep 17 00:00:00 2001
From: chaosbunker <ufo@chaosbunker.com>
Date: Fri, 21 Apr 2017 11:19:38 +0200
Subject: [PATCH 17/55] Fix: also find base directory, when not called
 'mailcow-dockerized'

---
 data/misc/mailcow-setup-relayhost.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/misc/mailcow-setup-relayhost.sh b/data/misc/mailcow-setup-relayhost.sh
index 5aa2f09d..486435a8 100755
--- a/data/misc/mailcow-setup-relayhost.sh
+++ b/data/misc/mailcow-setup-relayhost.sh
@@ -10,7 +10,7 @@ fi
 
 # Find script directory and move to base directory of mailcow-dockerized
 # so docker-compose is executed from the right location
-DIR=$(echo $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | sed 's/mailcow-dockerized.*/mailcow-dockerized/')
+DIR=$(echo $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | sed 's/data\/misc.*//')
 cd $DIR
 
 if [[ ${1} == "reset" ]]; then

From 55ad1a3d5c35603d89cb0b13b2bad3e51b8998bc Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Fri, 21 Apr 2017 18:15:28 +0200
Subject: [PATCH 18/55] Fix X-Forwarded-Host behind Apache reverse proxy

---
 docs/first_steps.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index b64e5618..509e0e78 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -102,9 +102,14 @@ Recreate affected containers by running `docker-compose up -d`.
     # You should proxy to a plain HTTP session to offload SSL processing
     ProxyPass / http://127.0.0.1:8080/
     ProxyPreserveHost Off
-    RequestHeader set X-Forwarded-Host "mail.example.org"
-    RequestHeader set X-Forwarded-Proto "https"
-    RequestHeader set X-Forwarded-Port "443"
+    ProxyAddHeaders Off
+    RewriteEngine on
+    RewriteRule ^(.*) - [E=HOST_HEADER:%{HTTP_HOST},E=CLIENT_IP:%{REMOTE_ADDR},E=PORT_NUMBER:%{SERVER_PORT},L]
+    RequestHeader append X-Forwarded-For "%{CLIENT_IP}e"
+    RequestHeader set X-Forwarded-Host "%{HOST_HEADER}e"
+    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
+    RequestHeader set X-Forwarded-Proto "http" env=!HTTPS
+    RequestHeader set X-Forwarded-Port "%{PORT_NUMBER}e"
     your-ssl-configuration-here
     [...]
 
@@ -148,7 +153,8 @@ frontend https-in
 backend mailcow
   option forwardfor
   http-request set-header X-Forwarded-Host %[req.hdr(Host)]
-  http-request set-header X-Forwarded-Proto https
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   http-request set-header X-Forwarded-Port %[dst_port]
   server mailcow 127.0.0.1:8080 check
 ```

From 0c7ff2f4b680662b99f01304634f600a2a2f57d7 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 21 Apr 2017 22:09:09 +0200
Subject: [PATCH 19/55] Added clamd container for testing

---
 data/web/inc/init.sql | 281 ------------------------------------------
 docker-compose.yml    |  11 ++
 2 files changed, 11 insertions(+), 281 deletions(-)
 delete mode 100644 data/web/inc/init.sql

diff --git a/data/web/inc/init.sql b/data/web/inc/init.sql
deleted file mode 100644
index 84e19f74..00000000
--- a/data/web/inc/init.sql
+++ /dev/null
@@ -1,281 +0,0 @@
-CREATE TABLE IF NOT EXISTS `admin` (
-	`username` VARCHAR(255) NOT NULL,
-	`password` VARCHAR(255) NOT NULL,
-	`superadmin` TINYINT(1) NOT NULL DEFAULT '0',
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `alias` (
-	`address` VARCHAR(255) NOT NULL,
-	`goto` TEXT NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`address`),
-	KEY `domain` (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `sender_acl` (
-	`logged_in_as` VARCHAR(255) NOT NULL,
-	`send_as` VARCHAR(255) NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `spamalias` (
-	`address` VARCHAR(255) NOT NULL,
-	`goto` TEXT NOT NULL,
-	`validity` INT(11) NOT NULL,
-	PRIMARY KEY (`address`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `alias_domain` (
-	`alias_domain` VARCHAR(255) NOT NULL,
-	`target_domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`alias_domain`),
-	KEY `active` (`active`),
-	KEY `target_domain` (`target_domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `domain` (
-	`domain` VARCHAR(255) NOT NULL,
-	`description` VARCHAR(255),
-	`aliases` INT(10) NOT NULL DEFAULT '0',
-	`mailboxes` INT(10) NOT NULL DEFAULT '0',
-	`maxquota` BIGINT(20) NOT NULL DEFAULT '0',
-	`quota` BIGINT(20) NOT NULL DEFAULT '0',
-	`transport` VARCHAR(255) NOT NULL,
-	`backupmx` TINYINT(1) NOT NULL DEFAULT '0',
-	`relay_all_recipients` TINYINT(1) NOT NULL DEFAULT '0',
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `domain_admins` (
-	`username` VARCHAR(255) NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	KEY `username` (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `mailbox` (
-	`username` VARCHAR(255) NOT NULL,
-	`password` VARCHAR(255) NOT NULL,
-	`name` VARCHAR(255),
-	`maildir` VARCHAR(255) NOT NULL,
-	`quota` BIGINT(20) NOT NULL DEFAULT '0',
-	`local_part` VARCHAR(255) NOT NULL,
-	`domain` VARCHAR(255) NOT NULL,
-	`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
-	`tls_enforce_in` TINYINT(1) NOT NULL DEFAULT '0',
-	`tls_enforce_out` TINYINT(1) NOT NULL DEFAULT '0',
-	`kind` VARCHAR(100) NOT NULL DEFAULT '',
-	`multiple_bookings` TINYINT(1) NOT NULL DEFAULT '0',
-	`wants_tagged_subject` TINYINT(1) NOT NULL DEFAULT '0',
-	`active` TINYINT(1) NOT NULL DEFAULT '1',
-	PRIMARY KEY (`username`),
-	KEY `domain` (`domain`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `quota2` (
-	`username` VARCHAR(100) NOT NULL,
-	`bytes` BIGINT(20) NOT NULL DEFAULT '0',
-	`messages` INT(11) NOT NULL DEFAULT '0',
-	PRIMARY KEY (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `filterconf` (
-	`object` VARCHAR(100) NOT NULL DEFAULT '',
-	`option` VARCHAR(50) NOT NULL DEFAULT '',
-	`value` VARCHAR(100) NOT NULL DEFAULT '',
-	`prefid` INT(11) NOT NULL AUTO_INCREMENT,
-	PRIMARY KEY (`prefid`),
-	KEY `object` (`object`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `imapsync` (
-  `id` INT NOT NULL AUTO_INCREMENT,
-  `user2` VARCHAR(255) NOT NULL,
-  `host1` VARCHAR(255) NOT NULL,
-  `authmech1` ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN',
-  `regextrans2` VARCHAR(255) DEFAULT '',
-  `authmd51` TINYINT(1) NOT NULL DEFAULT 0,
-  `domain2` VARCHAR(255) NOT NULL DEFAULT '',
-  `subfolder2` VARCHAR(255) NOT NULL DEFAULT '',
-  `user1` VARCHAR(255) NOT NULL,
-  `password1` VARCHAR(255) NOT NULL,
-  `exclude` VARCHAR(500) NOT NULL DEFAULT '',
-  `maxage` SMALLINT NOT NULL DEFAULT '0',
-  `mins_interval` VARCHAR(50) NOT NULL,
-  `port1` SMALLINT NOT NULL,
-  `enc1` ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS',
-  `delete2duplicates` TINYINT(1) NOT NULL DEFAULT '1',
-  `returned_text` TEXT,
-  `last_run` TIMESTAMP NULL DEFAULT NULL,
-  `created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `active` TINYINT(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS `tfa` (
-  `id` INT NOT NULL AUTO_INCREMENT,
-  `username` VARCHAR(255) NOT NULL,
-  `authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp'),
-  `secret` VARCHAR(255) DEFAULT NULL,
-  `keyHandle` VARCHAR(255) DEFAULT NULL,
-  `publicKey` VARCHAR(255) DEFAULT NULL,
-  `counter` INT NOT NULL DEFAULT '0',
-  `certificate` TEXT,
-  `active` TINYINT(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-DROP VIEW IF EXISTS grouped_mail_aliases;
-DROP VIEW IF EXISTS grouped_sender_acl;
-DROP VIEW IF EXISTS grouped_domain_alias_address;
-
-CREATE VIEW grouped_mail_aliases (username, aliases) AS
-SELECT goto, IFNULL(GROUP_CONCAT(address SEPARATOR ' '), '') AS address FROM alias
-WHERE address!=goto
-AND active = '1'
-AND address NOT LIKE '@%'
-GROUP BY goto;
-
-CREATE VIEW grouped_sender_acl (username, send_as) AS
-SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as FROM sender_acl
-WHERE send_as NOT LIKE '@%'
-GROUP BY logged_in_as;
-
-CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
-SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
-LEFT OUTER JOIN alias_domain on target_domain=domain GROUP BY username;
-
-CREATE TABLE IF NOT EXISTS sogo_acl (
-	c_folder_id INTEGER NOT NULL,
-	c_object character varying(255) NOT NULL,
-	c_uid character varying(255) NOT NULL,
-	c_role character varying(80) NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_alarms_folder (
-	c_path          VARCHAR(255) NOT NULL,
-	c_name          VARCHAR(255) NOT NULL,
-	c_uid           VARCHAR(255) NOT NULL,
-	c_recurrence_id INT(11)      DEFAULT NULL,
-	c_alarm_number  INT(11)      NOT NULL,
-	c_alarm_date    INT(11)      NOT NULL
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_cache_folder (
-	c_uid          VARCHAR(255) NOT NULL,
-	c_path         VARCHAR(255) NOT NULL,
-	c_parent_path  VARCHAR(255) DEFAULT NULL,
-	c_type         TINYINT(3)   unsigned NOT NULL,
-	c_creationdate INT(11)      NOT NULL,
-	c_lastmodified INT(11)      NOT NULL,
-	c_version      INT(11)      NOT NULL DEFAULT '0',
-	c_deleted      TINYINT(4)   NOT NULL DEFAULT '0',
-	c_content      longTEXT,
-	PRIMARY KEY (c_uid,c_path)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_folder_info (
-	c_folder_id      BIGINT(20)    unsigned NOT NULL AUTO_INCREMENT,
-	c_path           VARCHAR(255)  NOT NULL,
-	c_path1          VARCHAR(255)  NOT NULL,
-	c_path2          VARCHAR(255)  DEFAULT NULL,
-	c_path3          VARCHAR(255)  DEFAULT NULL,
-	c_path4          VARCHAR(255)  DEFAULT NULL,
-	c_foldername     VARCHAR(255)  NOT NULL,
-	c_location       INTeger NULL,
-	c_quick_location VARCHAR(2048) DEFAULT NULL,
-	c_acl_location   VARCHAR(2048) DEFAULT NULL,
-	c_folder_type    VARCHAR(255)  NOT NULL,
-	PRIMARY KEY (c_path),
-	UNIQUE KEY c_folder_id (c_folder_id)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_quick_appointment (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_uid character varying(255) NOT NULL,
-	c_startdate INTeger,
-	c_enddate INTeger,
-	c_cycleenddate INTeger,
-	c_title character varying(1000) NOT NULL,
-	c_participants TEXT,
-	c_isallday INTeger,
-	c_iscycle INTeger,
-	c_cycleinfo TEXT,
-	c_classification INTeger NOT NULL,
-	c_isopaque INTeger NOT NULL,
-	c_status INTeger NOT NULL,
-	c_priority INTeger,
-	c_location character varying(255),
-	c_orgmail character varying(255),
-	c_partmails TEXT,
-	c_partstates TEXT,
-	c_category character varying(255),
-	c_sequence INTeger,
-	c_component character varying(10) NOT NULL,
-	c_nextalarm INTeger,
-	c_description TEXT,
-	CONSTRAINT sogo_quick_appointment_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_quick_contact (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_givenname character varying(255),
-	c_cn character varying(255),
-	c_sn character varying(255),
-	c_screenname character varying(255),
-	c_l character varying(255),
-	c_mail character varying(255),
-	c_o character varying(255),
-	c_ou character varying(255),
-	c_telephonenumber character varying(255),
-	c_categories character varying(255),
-	c_component character varying(10) NOT NULL,
-	CONSTRAINT sogo_quick_contact_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_sessions_folder (
-	c_id           VARCHAR(255) NOT NULL,
-	c_value        VARCHAR(255) NOT NULL,
-	c_creationdate INT(11)      NOT NULL,
-	c_lastseen     INT(11)      NOT NULL,
-	PRIMARY KEY (c_id)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_store (
-	c_folder_id INTeger NOT NULL,
-	c_name character varying(255) NOT NULL,
-	c_content mediumTEXT NOT NULL,
-	c_creationdate INTeger NOT NULL,
-	c_lastmodified INTeger NOT NULL,
-	c_version INTeger NOT NULL,
-	c_deleted INTeger,
-	CONSTRAINT sogo_store_pkey PRIMARY KEY (c_folder_id, c_name)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-CREATE TABLE IF NOT EXISTS sogo_user_profile (
-	c_uid      VARCHAR(255) NOT NULL,
-	c_defaults TEXT,
-	c_settings TEXT,
-	PRIMARY KEY (c_uid)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
-
-INSERT INTO `admin` (username, password, superadmin, created, modified, active) SELECT 'admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1 WHERE NOT EXISTS (SELECT * FROM `admin`);
-DELETE FROM `domain_admins`;
-INSERT INTO `domain_admins` (username, domain, created, active) SELECT `username`, 'ALL', NOW(), 1 FROM `admin` WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);
diff --git a/docker-compose.yml b/docker-compose.yml
index b3d18790..eac8bb29 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,6 +55,17 @@ services:
           aliases:
             - redis
 
+#    clamd-mailcow:
+#      image: mailcow/clamd
+#      restart: always
+#      dns:
+#        - 172.22.1.254
+#      dns_search: mailcow-network
+#      networks:
+#        mailcow-network:
+#          aliases:
+#            - clamd
+
     rspamd-mailcow:
       image: mailcow/rspamd
       build: ./data/Dockerfiles/rspamd

From df71e97a09fa9b90b4766875ee20f9ba2345bcc3 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Sat, 22 Apr 2017 12:33:53 +0200
Subject: [PATCH 20/55] Forwarding hosts: use SPF records if present

---
 data/web/admin.php             |  35 +++++----
 data/web/delete.php            |   2 +-
 data/web/inc/functions.inc.php |  55 ++++++++++----
 data/web/inc/init.sql          |   1 +
 data/web/inc/spf.inc.php       | 127 +++++++++++++++++++++++++++++++++
 data/web/lang/lang.de.php      |  13 +++-
 data/web/lang/lang.en.php      |   5 +-
 7 files changed, 206 insertions(+), 32 deletions(-)
 create mode 100644 data/web/inc/spf.inc.php

diff --git a/data/web/admin.php b/data/web/admin.php
index 6d0bdf82..defe794e 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -313,7 +313,8 @@ $tfa_data = get_tfa();
           <table class="table table-striped" id="forwardinghoststable">
             <thead>
             <tr>
-              <th style="min-width: 100px;"><?=$lang['edit']['hostname'];?></th>
+              <th style="min-width: 100px;"><?=$lang['edit']['host'];?></th>
+              <th style="min-width: 100px;"><?=$lang['edit']['source'];?></th>
               <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
             </tr>
             </thead>
@@ -321,20 +322,23 @@ $tfa_data = get_tfa();
               <?php
               $forwarding_hosts = get_forwarding_hosts();
               if ($forwarding_hosts) {
-              foreach ($forwarding_hosts as $host) {
-              ?>
-              <tr id="data">
-                <td><?=htmlspecialchars(strtolower($host));?></td>
-                <td style="text-align: right;">
-                  <div class="btn-group">
-                    <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
-                  </div>
-                </td>
-                </td>
-              </tr>
+                foreach ($forwarding_hosts as $host) {
+                  $source = $host->source;
+                  $host = $host->host;
+                ?>
+                <tr id="data">
+                  <td><?=htmlspecialchars(strtolower($host));?></td>
+                  <td><?=htmlspecialchars(strtolower($source));?></td>
+                  <td style="text-align: right;">
+                    <div class="btn-group">
+                      <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
+                    </div>
+                  </td>
+                  </td>
+                </tr>
 
-              <?php
-              }
+                <?php
+                }
               } else {
               ?>
                 <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
@@ -347,9 +351,10 @@ $tfa_data = get_tfa();
         </form>
         <small>
         <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
+        <p style="margin-bottom:10px"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
         <form class="form-horizontal" role="form" method="post">
           <div class="form-group">
-            <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['hostname'];?>:</label>
+            <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['host'];?>:</label>
             <div class="col-sm-10">
               <input type="text" class="form-control" name="hostname" id="hostname" required>
             </div>
diff --git a/data/web/delete.php b/data/web/delete.php
index bfacad0c..bfeff0f3 100644
--- a/data/web/delete.php
+++ b/data/web/delete.php
@@ -105,7 +105,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				</form>
 				<?php
 		}
-		// DELETE DOMAIN ADMIN
+		// DELETE FORWARDING HOST
 		elseif (isset($_GET["forwardinghost"]) &&
 			!empty($_GET["forwardinghost"]) &&
         $_SESSION['mailcow_cc_role'] == "admin") {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f031af8d..66560a22 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -98,6 +98,8 @@ function init_db_schema() {
 			'msg' => 'Database initialization completed.'
 		);
 	}
+  // Add newly added tables
+  $stmt = $pdo->query("CREATE TABLE IF NOT EXISTS `forwarding_hosts` (`host` VARCHAR(255) NOT NULL, PRIMARY KEY (`host`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC");
   // Add newly added columns
   $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE 'kind'");
   $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -124,9 +126,11 @@ function init_db_schema() {
   if ($num_results == 0) {
     $pdo->query("ALTER TABLE `tfa` ADD `key_id` VARCHAR(255) DEFAULT 'unidentified'");
   }
-  
-  // Add newly added tables
-  $stmt = $pdo->query("CREATE TABLE IF NOT EXISTS `forwarding_hosts` (`host` VARCHAR(255) NOT NULL, PRIMARY KEY (`host`)) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC");
+  $stmt = $pdo->query("SHOW COLUMNS FROM `forwarding_hosts` LIKE 'source'");
+  $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+  if ($num_results == 0) {
+    $pdo->query("ALTER TABLE `forwarding_hosts` ADD `source` VARCHAR(255) DEFAULT ''");
+  }
 }
 function verify_ssha256($hash, $password) {
 	// Remove tag if any
@@ -5044,11 +5048,12 @@ function get_u2f_registrations($username) {
 }
 function get_forwarding_hosts() {
 	global $pdo;
-  $sel = $pdo->prepare("SELECT host FROM `forwarding_hosts`");
+  $sel = $pdo->prepare("SELECT host, source FROM `forwarding_hosts`");
   $sel->execute();
-  return $sel->fetchAll(PDO::FETCH_COLUMN);
+  return $sel->fetchAll(PDO::FETCH_OBJ);
 }
 function add_forwarding_host($postarray) {
+	require_once 'spf.inc.php';
 	global $pdo;
 	global $lang;
 	if ($_SESSION['mailcow_cc_role'] != "admin") {
@@ -5058,23 +5063,47 @@ function add_forwarding_host($postarray) {
 		);
 		return false;
 	}
+	$source = $postarray['hostname'];
 	$host = $postarray['hostname'];
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `forwarding_hosts` (`host`) VALUES (:host)");
-		$stmt->execute(array(
-			':host' => $host,
-		));
+	$hosts = array();
+	if (preg_match('/^[0-9a-fA-F:\/]+$/', $host)) { // IPv6 address
+		$hosts = array($host);
 	}
-	catch (PDOException $e) {
+	elseif (preg_match('/^[0-9\.\/]+$/', $host)) { // IPv4 address
+		$hosts = array($host);
+	}
+	else {
+		$hosts = get_outgoing_hosts_best_guess($host);
+	}
+	if (!$hosts)
+	{
 		$_SESSION['return'] = array(
 			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
+			'msg' => 'Invalid host specified: '. htmlspecialchars($host)
 		);
 		return false;
 	}
+	foreach ($hosts as $host) {
+		if ($source == $host)
+			$source = '';
+		try {
+			$stmt = $pdo->prepare("INSERT IGNORE INTO `forwarding_hosts` (`host`, `source`) VALUES (:host, :source)");
+			$stmt->execute(array(
+				':host' => $host,
+				':source' => $source,
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
 	$_SESSION['return'] = array(
 		'type' => 'success',
-		'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars($host))
+		'msg' => sprintf($lang['success']['forwarding_host_added'], htmlspecialchars(implode(', ', $hosts)))
 	);
 }
 function delete_forwarding_host($postarray) {
diff --git a/data/web/inc/init.sql b/data/web/inc/init.sql
index bdce3e9c..54b227c9 100644
--- a/data/web/inc/init.sql
+++ b/data/web/inc/init.sql
@@ -142,6 +142,7 @@ CREATE TABLE IF NOT EXISTS `tfa` (
 
 CREATE TABLE IF NOT EXISTS `forwarding_hosts` (
   `host` VARCHAR(255) NOT NULL,
+  `source` VARCHAR(255) NOT NULL,
   PRIMARY KEY (`host`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
 
diff --git a/data/web/inc/spf.inc.php b/data/web/inc/spf.inc.php
new file mode 100644
index 00000000..0e584b40
--- /dev/null
+++ b/data/web/inc/spf.inc.php
@@ -0,0 +1,127 @@
+<?php
+function get_spf_allowed_hosts($domain)
+{
+	$hosts = array();
+	
+	$records = dns_get_record($domain, DNS_TXT);
+	foreach ($records as $record)
+	{
+		$txt = explode(' ', $record['entries'][0]);
+		if (array_shift($txt) != 'v=spf1') // only handle SPF records
+			continue;
+		
+		foreach ($txt as $mech)
+		{
+			$qual = substr($mech, 0, 1);
+			if ($qual == '-' || $qual == '~') // only handle pass or neutral records
+				continue(2);
+			
+			if ($qual == '+' || $qual == '?')
+				$mech = substr($mech, 1); // remove the qualifier
+			
+			if (strpos($mech, '=') !== FALSE) // handle a modifier
+			{
+				$mod = explode('=', $mech);
+				if ($mod[0] == 'redirect') // handle a redirect
+				{
+					$hosts = get_spf_allowed_hosts($mod[1]);
+					return $hosts;
+				}
+			}
+			else
+			{
+				unset($cidr);
+				if (strpos($mech, ':') !== FALSE) // handle a domain specification
+				{
+					$split = explode(':', $mech);
+					$mech = array_shift($split);
+					$domain = implode(':', $split);
+					if (strpos($domain, '/') !== FALSE) // remove CIDR specification
+					{
+						$split = explode('/', $domain);
+						$domain = $split[0];
+						$cidr = $split[1];
+					}
+				}
+				
+				$new_hosts = array();
+				if ($mech == 'include') // handle an inclusion
+				{
+					$new_hosts = get_spf_allowed_hosts($domain);
+				}
+				elseif ($mech == 'a') // handle a mechanism
+				{
+					$new_hosts = get_a_hosts($domain);
+				}
+				elseif ($mech == 'mx') // handle mx mechanism
+				{
+					$new_hosts = get_mx_hosts($domain);
+				}
+				elseif ($mech == 'ip4' || $mech == 'ip6') // handle ip mechanism
+				{
+					$new_hosts = array($domain);
+				}
+				
+				if (isset($cidr)) // add CIDR specification if present
+				{
+					foreach ($new_hosts as &$host)
+					{
+						$host .= '/' . $cidr;
+					}
+					unset($host);
+				}
+				
+				$hosts = array_unique(array_merge($hosts,$new_hosts), SORT_REGULAR);
+			}
+		}
+	}
+	
+	return $hosts;
+}
+
+function get_mx_hosts($domain)
+{
+	$hosts = array();
+	
+	$mx_records = dns_get_record($domain, DNS_MX);
+	foreach ($mx_records as $mx_record)
+	{
+		$new_hosts = get_a_hosts($mx_record['target']);
+		$hosts = array_unique(array_merge($hosts,$new_hosts), SORT_REGULAR);
+	}
+	
+	return $hosts;
+}
+
+function get_a_hosts($domain)
+{
+	$hosts = array();
+	
+	$a_records = dns_get_record($domain, DNS_A);
+	foreach ($a_records as $a_record)
+	{
+		$hosts[] = $a_record['ip'];
+	}
+	$a_records = dns_get_record($domain, DNS_AAAA);
+	foreach ($a_records as $a_record)
+	{
+		$hosts[] = $a_record['ipv6'];
+	}
+	
+	return $hosts;
+}
+
+function get_outgoing_hosts_best_guess($domain)
+{
+	// try the SPF record to get hosts that are allowed to send outgoing mails for this domain
+	$hosts = get_spf_allowed_hosts($domain);
+	if ($hosts) return $hosts;
+	
+	// try the MX record to get mail servers for this domain
+	$hosts = get_mx_hosts($domain);
+	if ($hosts) return $hosts;
+	
+	// fall back to the A record to get the host name for this domain
+	return get_a_hosts($domain);
+}
+?>
\ No newline at end of file
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 07d23d70..a14b9143 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -450,11 +450,20 @@ $lang['admin']['unchanged_if_empty'] = 'Unverändert, wenn leer';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Zugang';
-$lang['admin']['invalid_max_msg_size'] = 'Invalid max. message size'; // NEEDS TRANSLATION
+$lang['admin']['invalid_max_msg_size'] = 'Ungültige maximale Nachrichtengröße';
 $lang['admin']['site_not_found'] = 'Kann mailcow Site-Konfiguration nicht finden';
-$lang['admin']['public_folder_empty'] = 'Public folder name must not be empty'; // NEEDS TRANSLATION
+$lang['admin']['public_folder_empty'] = 'Name des öffentlichen Ordners darf nicht leer sein';
 $lang['admin']['set_rr_failed'] = 'Kann Postfix Restriktionen nicht setzen';
 $lang['admin']['no_record'] = 'Kein Eintrag';
 $lang['admin']['filter_table'] = 'Tabelle Filtern';
 $lang['admin']['empty'] = 'Keine Einträge vorhanden';
+$lang['admin']['forwarding_hosts'] = 'Weiterleitungs-Hosts';
+$lang['admin']['forwarding_hosts_hint'] = 'Eingehende Nachrichten werden von den hier gelisteten Hosts bedingungslos akzeptiert. Diese Hosts werden dann nicht mit DNSBLs abgeglichen oder Greylisting unterworfen. Von ihnen empfangener Spam wird nie abgelehnt und immer in den Spam-Ordner einsortiert. Die übliche Verwendung für diese Funktion ist, um Mailserver anzugeben, auf denen eine Weiterleitung zu Ihrem Mailcow-Server eingerichtet wurde.';
+$lang['admin']['forwarding_hosts_add_hint'] = 'Sie können entweder IPv4/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.';
+$lang['edit']['host'] = 'Host';
+$lang['edit']['source'] = 'Quelle';
+$lang['admin']['add_forwarding_host'] = 'Weiterleitungs-Host hinzufügen';
+$lang['delete']['remove_forwardinghost_warning'] = '<b>Warnung:</b> Sie entfernen den Weiterleitungs-Host <b>%s</b>!';
+$lang['success']['forwarding_host_removed'] = "Weiterleitungs-Host %s wurde entfernt";
+$lang['success']['forwarding_host_added'] = "Weiterleitungs-Host %s wurde hinzugefügt";
 ?>
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 120f35cf..4bc48f2c 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -469,7 +469,10 @@ $lang['admin']['no_record'] = 'No record';
 $lang['admin']['filter_table'] = 'Filter table';
 $lang['admin']['empty'] = 'No results';
 $lang['admin']['forwarding_hosts'] = 'Forwarding Hosts';
-$lang['admin']['forwarding_hosts_hint'] = 'Specify any networks (in CIDR notation) from which you unconditionally want to accept incoming messages. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected and always filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a forwarding rule.';
+$lang['admin']['forwarding_hosts_hint'] = 'Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected and always filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your Mailcow server.';
+$lang['admin']['forwarding_hosts_add_hint'] = 'You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).';
+$lang['edit']['host'] = 'Host';
+$lang['edit']['source'] = 'Source';
 $lang['admin']['add_forwarding_host'] = 'Add Forwarding Host';
 $lang['delete']['remove_forwardinghost_warning'] = '<b>Warning:</b> You are about to remove the forwarding host <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Forwarding host %s has been removed";

From 894d6234e9ee6e636679bf4229cc527eb84cc307 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Sat, 22 Apr 2017 14:28:37 +0200
Subject: [PATCH 21/55] Improvements to forwarding hosts in Postfix

- No more premature EOF and no more leaking of bash processes
- Log result
- Correctly treat non-CIDR entries
- Adapt to schema change from df71e97
- Correctly report SQL failure
---
 data/conf/postfix/whitelist_forwardinghosts.sh | 7 ++++---
 data/conf/rspamd/dynmaps/forwardinghosts.php   | 9 ++++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/data/conf/postfix/whitelist_forwardinghosts.sh b/data/conf/postfix/whitelist_forwardinghosts.sh
index aa9df608..f18139b5 100755
--- a/data/conf/postfix/whitelist_forwardinghosts.sh
+++ b/data/conf/postfix/whitelist_forwardinghosts.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 
-while true; do
-	read QUERY
+while read QUERY; do
 	QUERY=($QUERY)
 	if [ "${QUERY[0]}" != "get" ]; then
 		echo "500 dunno"
 		continue
 	fi
-	echo $(curl -s http://172.22.1.251:8081/forwardinghosts.php?host=${QUERY[1]})
+	result=$(curl -s http://172.22.1.251:8081/forwardinghosts.php?host=${QUERY[1]})
+	logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
+	echo $result
 done
diff --git a/data/conf/rspamd/dynmaps/forwardinghosts.php b/data/conf/rspamd/dynmaps/forwardinghosts.php
index 95773e45..377c5e7e 100644
--- a/data/conf/rspamd/dynmaps/forwardinghosts.php
+++ b/data/conf/rspamd/dynmaps/forwardinghosts.php
@@ -7,13 +7,16 @@ ini_set('error_reporting', 0);
 function in_net($addr, $net)
 {
 	$net = explode('/', $net);
-	$mask = $net[1];
+	if (count($net) > 1)
+		$mask = $net[1];
 	$net = inet_pton($net[0]);
 	$addr = inet_pton($addr);
 
 	$length = strlen($net); // 4 for IPv4, 16 for IPv6
 	if (strlen($net) != strlen($addr))
 		return FALSE;
+	if (!isset($mask))
+		$mask = $length * 8;
 
 	$addr_bin = '';
 	$net_bin = '';
@@ -34,7 +37,7 @@ $opt = [
 ];
 try {
   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT * FROM `forwarding_hosts`");
+  $stmt = $pdo->query("SELECT host FROM `forwarding_hosts`");
   $networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
   foreach ($networks as $network)
   {
@@ -47,7 +50,7 @@ try {
   echo '200 dunno';
 }
 catch (PDOException $e) {
-  echo 'settings { }';
+  echo '200 dunno';
   exit;
 }
 ?>

From affa52edcf3ce6e41e90e5126d5eb179b2973a78 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Sat, 22 Apr 2017 18:34:49 +0200
Subject: [PATCH 22/55] =?UTF-8?q?Forwarding=20hosts:=20don=E2=80=99t=20add?=
 =?UTF-8?q?=20configuration=20if=20none=20are=20defined?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/conf/rspamd/dynmaps/settings.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 176389db..098ffbd9 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -31,8 +31,6 @@ catch (PDOException $e) {
 
 ?>
 settings {
-	whitelist_forwarding_hosts {
-		priority = high;
 <?php
 try {
 	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts`");
@@ -42,6 +40,12 @@ catch (PDOException $e) {
 	$rows = array();
 }
 
+if ($rows)
+{
+?>
+	whitelist_forwarding_hosts {
+		priority = high;
+<?php
 foreach ($rows as $host) {
 	echo "\t\t" . 'ip = "' . $host . '";' . "\n";
 }
@@ -56,6 +60,7 @@ foreach ($rows as $host) {
 		]
 	}
 <?php
+}
 $stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
 $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 

From 4516e1b9b97f35b7312184d85a1c05748990df0a Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sat, 22 Apr 2017 23:22:05 +0200
Subject: [PATCH 23/55] Do not delete from source (default)

---
 data/web/add.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/add.php b/data/web/add.php
index 39017e98..5f1aa0d6 100644
--- a/data/web/add.php
+++ b/data/web/add.php
@@ -353,7 +353,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete1" checked> <?=$lang['add']['delete1'];?></label>
+							<label><input type="checkbox" name="delete1"> <?=$lang['add']['delete1'];?></label>
 							</div>
 						</div>
 					</div>

From 55f6384f2a32ed8568fc6245135afc242204d259 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 17:42:50 +0200
Subject: [PATCH 24/55] Change to hostname, connection is not important for
 container start

---
 data/conf/postfix/whitelist_forwardinghosts.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/postfix/whitelist_forwardinghosts.sh b/data/conf/postfix/whitelist_forwardinghosts.sh
index f18139b5..4ad5ab32 100755
--- a/data/conf/postfix/whitelist_forwardinghosts.sh
+++ b/data/conf/postfix/whitelist_forwardinghosts.sh
@@ -6,7 +6,7 @@ while read QUERY; do
 		echo "500 dunno"
 		continue
 	fi
-	result=$(curl -s http://172.22.1.251:8081/forwardinghosts.php?host=${QUERY[1]})
+	result=$(curl -s http://nginx:8081/forwardinghosts.php?host=${QUERY[1]})
 	logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
-	echo $result
+	echo ${result}
 done

From 686df83a34a3a12920ff2ecef375bc4000ad5012 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 18:42:39 +0200
Subject: [PATCH 25/55] Add portainer manual

---
 docs/u_and_e.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/docs/u_and_e.md b/docs/u_and_e.md
index c0a7a804..d61b81eb 100644
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -462,6 +462,70 @@ For Firefox you will need to install the "U2F Support Add-on" as provided on [mo
 
 U2F works without an internet connection.
 
+## Portainer
+
+In order to enable Portainer, the docker-compose.yml and site.conf for nginx must be modified.
+
+1\. docker-compose.yml: Insert this block for portainer
+```
+    portainer-mailcow:
+      image: portainer/portainer
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
+      networks:
+        mailcow-network:
+          aliases:
+            - portainer
+```
+2a\. data/conf/nginx/site.conf: Just beneath the opening line, at the same level as a server { block, add this:
+```
+upstream portainer {
+  server portainer-mailcow:9000;
+}
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+```
+
+2b\. data/conf/nginx/site.conf: Then, inside **both** (ssl and plain) server blocks, add this:
+```
+  location /portainer/ {
+    proxy_http_version 1.1;
+    proxy_set_header Host              $http_host;   # required for docker client's sake
+    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_read_timeout                 900;
+
+    proxy_set_header Connection "";
+    proxy_buffers 32 4k;
+    proxy_pass http://portainer/;
+  }
+
+  location /portainer/api/websocket/ {
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_pass http://portainer/api/websocket/;
+  }
+```
+
+Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the **admin** account. After specifying your password, you’ll then be able to connect to the Portainer UI.
+
+## Change autodiscover setup type
+
+This disables ActiveSync in the autodiscover service for Outlook and configures it with IMAP and SMTP instead:
+
+Open `data/web/autodiscover.php` and set `'useEASforOutlook' => 'yes'` to `'useEASforOutlook' => 'no'`.
+
+To always use IMAP and SMTP instead of EAS, set `'autodiscoverType' => 'imap'`.
+
 ## Why Bind?
 
 For DNS blacklist lookups and DNSSEC.

From 81e86d802ed4099a0fd96c54b355070c2491031f Mon Sep 17 00:00:00 2001
From: Joel Howard <joel@paradoxalbyte.com>
Date: Mon, 24 Apr 2017 03:26:33 +1000
Subject: [PATCH 26/55] Update first_steps.md

Revision to step two, as just restarting does not apply the changes in `mailcow.conf`.
---
 docs/first_steps.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index ab7876dc..fa563a2f 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -17,9 +17,9 @@ This is just an example of how to obtain certificates with certbot. There are se
 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
 ```
 
-2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:
+2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then rebuild Nginx:
 ``` bash
-docker-compose restart nginx-mailcow
+docker-compose up -d
 ```
 
 3\. Request the certificate with the webroot method:

From c2fe6ee9475380bf16d4067fc493c4abe094b87a Mon Sep 17 00:00:00 2001
From: Joel Howard <joel@paradoxalbyte.com>
Date: Mon, 24 Apr 2017 03:34:21 +1000
Subject: [PATCH 27/55] Update first_steps.md

Yet another revision, adding a warning to step three.
---
 docs/first_steps.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index fa563a2f..24448b53 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -35,6 +35,8 @@ certbot certonly \
     --email you@example.org \
     --agree-tos
 ```
+
+**Remember to replace the example.org domain with your own domain, this command will not work if you dont.**
     
 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
 ``` bash

From 53b6662aeaf0a0dec1fda2d1b66c1e5249ae15eb Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 19:37:45 +0200
Subject: [PATCH 28/55] Minor and temp. workaround for panel

---
 data/misc/mailcow-setup-relayhost.sh |  91 --------------------
 data/web/admin.php                   | 122 +++++++++++++--------------
 data/web/inc/init_db.inc.php         |   2 +-
 3 files changed, 59 insertions(+), 156 deletions(-)
 delete mode 100755 data/misc/mailcow-setup-relayhost.sh

diff --git a/data/misc/mailcow-setup-relayhost.sh b/data/misc/mailcow-setup-relayhost.sh
deleted file mode 100755
index 486435a8..00000000
--- a/data/misc/mailcow-setup-relayhost.sh
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/bin/bash
-
-# Postfix smtp_tls_security_level should be set to "may" to try an
-# encrypted connection.
-
-if [ "$EUID" -ne 0 ]
-	then echo "Please run as root"
-	exit 1
-fi
-
-# Find script directory and move to base directory of mailcow-dockerized
-# so docker-compose is executed from the right location
-DIR=$(echo $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | sed 's/data\/misc.*//')
-cd $DIR
-
-if [[ ${1} == "reset" ]]; then
-	# Reset modified values to their defaults
-	sed -i "s/^relayhost\ \=.*/relayhost\ \=/" data/conf/postfix/main.cf
-	sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=/" data/conf/postfix/main.cf
-	sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=\ noplaintext\,\ noanonymous/" data/conf/postfix/main.cf
-	sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ no/" data/conf/postfix/main.cf
-	# Also delete the plaintext password file
-	rm -f data/conf/postfix/smarthost_passwd*
-	docker-compose exec postfix-mailcow postfix reload
-	# Exit last exit code
-	exit $?
-elif [[ ${1} == "restore-string" ]]; then
-	# Set parameter value of smtp_sasl_password_maps
-	SMTPSASLPWDMAP="data/conf/postfix/smarthost_passwd"
-	# Get parameter value of relayhost
-	RELAYHOSTCFG=$(grep "relayhost\ =" data/conf/postfix/main.cf | awk '{print $3}')
-	# Exit if empty/unset
-	[[ -z ${RELAYHOSTCFG} ]] && exit 0
-	# Replace ':' by ' ' (white space)
-	RELAYHOSTCFG=${RELAYHOSTCFG//\:/ }
-	# Replace '[' by '' (empty)
-	RELAYHOSTCFG=${RELAYHOSTCFG//\[/}
-	# Replace ']' by '' (empty) and create array of result
-	RELAYHOSTCFGARR=(${RELAYHOSTCFG//\]/})
-	# Get 'username:password' from SASL password maps
-	# Grep relayhost without port and '[', ']' or ':' from SASL password map file without map type (e.g. 'hash:')
-	USRPWD=$(grep ${RELAYHOSTCFGARR[0]} $SMTPSASLPWDMAP | awk {'print $2'})
-	# Replace ':' by ' ' and create array of result
-	USRPWDARR=(${USRPWD//:/ })
-	# Echo script name, all values in RELAYHOSTCFGARR, first and second value in USRPWDARR
-	# Why?
-	# Host and port are required, so we can print the whole array RELAYHOSTCFGARR.
-	# Password might be empty, so we print them separately.
-	echo ${0} ${RELAYHOSTCFGARR[@]} \'${USRPWDARR[0]}\' \'${USRPWDARR[1]}\'
-	exit 0
-elif [[ -z ${1} ]] || [[ -z ${2} ]]; then
-	# Exit with code 1 if host and port are missing
-	echo "Usage: ${0} relayhost port (username) (password)"
-	echo "Username and password are optional parameters."
-	exit 1
-else
-	# Try a simple connection to host:port but don't recieve any data
-	# Abort after 3 seconds
-	if ! nc -z -v -w3 ${1} ${2} 2>/dev/null; then
-		echo "Connection to relayhost ${1} failed, aborting..."
-		exit 1
-	fi
-	# Use exact hostname as relayhost, don't lookup the MX record of relayhost
-	sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf
-	if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf
-	then
-		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
-	else
-		echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >>  data/conf/postfix/main.cf
-	fi
-	if grep -q "smtp_sasl_auth_enable" data/conf/postfix/main.cf
-	then
-		sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ yes/" data/conf/postfix/main.cf
-	else
-		echo "smtp_sasl_auth_enable = yes" >>  data/conf/postfix/main.cf
-	fi
-	if grep -q "smtp_sasl_security_options" data/conf/postfix/main.cf
-	then
-		sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=/" data/conf/postfix/main.cf
-	else
-		echo "smtp_sasl_security_options =" >>  data/conf/postfix/main.cf
-	fi
-	if [[ ! -z ${3} ]]; then
-		echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd
-		docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd
-	fi
-	docker-compose exec postfix-mailcow chown root:postfix /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
-	docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
-	docker-compose exec postfix-mailcow postfix reload
-	exit $?
-fi
diff --git a/data/web/admin.php b/data/web/admin.php
index defe794e..ca20af8a 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -183,11 +183,11 @@ $tfa_data = get_tfa();
   </div>
 
   <h4><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> <?=$lang['admin']['configuration'];?></h4>
+
   <div class="panel-group" id="accordion_access">
-  
+
   <div class="panel panel-default">
   <div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
-  <div id="collapseDKIM" class="panel-collapse">
   <div class="panel-body">
     <p style="margin-bottom:40px"><?=$lang['admin']['dkim_key_hint'];?></p>
     <?php
@@ -299,78 +299,72 @@ $tfa_data = get_tfa();
     </form>
   </div>
   </div>
-  </div>
   
   <div class="panel panel-default">
-  <div style="cursor:pointer;" class="panel-heading" data-toggle="collapse" data-parent="#accordion_access" data-target="#collapseForwardingHosts">
-    <span class="accordion-toggle"><?=$lang['admin']['forwarding_hosts'];?></span>
-  </div>
-    <div id="collapseForwardingHosts" class="panel-collapse collapse">
-      <div class="panel-body">
-        <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
-        <form method="post">
-          <div class="table-responsive">
-          <table class="table table-striped" id="forwardinghoststable">
-            <thead>
-            <tr>
-              <th style="min-width: 100px;"><?=$lang['edit']['host'];?></th>
-              <th style="min-width: 100px;"><?=$lang['edit']['source'];?></th>
-              <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
-            </tr>
-            </thead>
-            <tbody>
-              <?php
-              $forwarding_hosts = get_forwarding_hosts();
-              if ($forwarding_hosts) {
-                foreach ($forwarding_hosts as $host) {
-                  $source = $host->source;
-                  $host = $host->host;
-                ?>
-                <tr id="data">
-                  <td><?=htmlspecialchars(strtolower($host));?></td>
-                  <td><?=htmlspecialchars(strtolower($source));?></td>
-                  <td style="text-align: right;">
-                    <div class="btn-group">
-                      <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
-                    </div>
-                  </td>
-                  </td>
-                </tr>
-
-                <?php
-                }
-              } else {
+    <div class="panel-heading"><?=$lang['admin']['forwarding_hosts'];?></div>
+    <div class="panel-body">
+      <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
+      <form method="post">
+        <div class="table-responsive">
+        <table class="table table-striped" id="forwardinghoststable">
+          <thead>
+          <tr>
+            <th style="min-width: 100px;"><?=$lang['edit']['host'];?></th>
+            <th style="min-width: 100px;"><?=$lang['edit']['source'];?></th>
+            <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
+          </tr>
+          </thead>
+          <tbody>
+            <?php
+            $forwarding_hosts = get_forwarding_hosts();
+            if ($forwarding_hosts) {
+              foreach ($forwarding_hosts as $host) {
+                $source = $host->source;
+                $host = $host->host;
               ?>
-                <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
+              <tr id="data">
+                <td><?=htmlspecialchars(strtolower($host));?></td>
+                <td><?=htmlspecialchars(strtolower($source));?></td>
+                <td style="text-align: right;">
+                  <div class="btn-group">
+                    <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
+                  </div>
+                </td>
+                </td>
+              </tr>
+
               <?php
               }
-              ?>
-            </tbody>
-          </table>
+            } else {
+            ?>
+              <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
+            <?php
+            }
+            ?>
+          </tbody>
+        </table>
+        </div>
+      </form>
+      <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
+      <p class="help-block"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
+      <form class="form-horizontal" role="form" method="post">
+        <div class="form-group">
+          <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['host'];?>:</label>
+          <div class="col-sm-10">
+            <input type="text" class="form-control" name="hostname" id="hostname" required>
           </div>
-        </form>
-        <small>
-        <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
-        <p style="margin-bottom:10px"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
-        <form class="form-horizontal" role="form" method="post">
-          <div class="form-group">
-            <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['host'];?>:</label>
-            <div class="col-sm-10">
-              <input type="text" class="form-control" name="hostname" id="hostname" required>
-            </div>
+        </div>
+        <div class="form-group">
+          <div class="col-sm-offset-2 col-sm-10">
+            <button type="submit" name="add_forwarding_host" class="btn btn-default"><?=$lang['admin']['add'];?></button>
           </div>
-          <div class="form-group">
-            <div class="col-sm-offset-2 col-sm-10">
-              <button type="submit" name="add_forwarding_host" class="btn btn-default"><?=$lang['admin']['add'];?></button>
-            </div>
-          </div>
-        </form>
-        </small>
-      </div>
-    </div>
+        </div>
+      </form>
     </div>
   </div>
 
+  </div>
+
 </div> <!-- /container -->
 <script type='text/javascript'>
 <?php
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 94f1c1c2..3064bd8a 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "20042017_1926";
+    $db_version = "23042017_1807";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); 
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));

From c2410a6004431abb63a9e3d79e83a67087ff6e5c Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 19:38:04 +0200
Subject: [PATCH 29/55] Move helper scripts, mark executable

---
 mailcow-reset-admin.sh     | 36 ++++++++++++++++++
 mailcow-setup-relayhost.sh | 76 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 112 insertions(+)
 create mode 100755 mailcow-reset-admin.sh
 create mode 100755 mailcow-setup-relayhost.sh

diff --git a/mailcow-reset-admin.sh b/mailcow-reset-admin.sh
new file mode 100755
index 00000000..7ce1def8
--- /dev/null
+++ b/mailcow-reset-admin.sh
@@ -0,0 +1,36 @@
+#/bin/bash
+if [[ ! -f mailcow.conf ]]; then
+        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
+        exit 1
+fi
+
+echo -n "Checking MySQL service... "
+docker-compose ps -q mysql-mailcow > /dev/null 2>&1
+
+if [[ $? -ne 0 ]]; then
+        echo "failed"
+        echo "MySQL (mysql-mailcow) is not up and running, exiting..."
+        exit 1
+fi
+
+echo "OK"
+read -r -p "Are you sure you want to reset the mailcow administrator account? [y/N] " response
+response=${response,,}    # tolower
+if [[ "$response" =~ ^(yes|y)$ ]]; then
+        echo -e "\nWorking, please wait..."
+        source mailcow.conf
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin;"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO admin (username, password, superadmin, created, modified, active) VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO domain_admins (username, domain, created, active) VALUES ('admin', 'ALL', NOW(), 1);"
+        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='admin';"
+        echo "
+Reset credentials:
+---
+Username: admin
+Password: moohoo
+TFA: none
+"
+else
+        echo "Operation canceled."
+fi
diff --git a/mailcow-setup-relayhost.sh b/mailcow-setup-relayhost.sh
new file mode 100755
index 00000000..6a7f6410
--- /dev/null
+++ b/mailcow-setup-relayhost.sh
@@ -0,0 +1,76 @@
+#/bin/bash
+if [[ ! -f mailcow.conf ]]; then
+        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
+        exit 1
+fi
+
+echo -n "Checking Postfix service... "
+docker-compose ps -q postfix-mailcow > /dev/null 2>&1
+
+if [[ $? -ne 0 ]]; then
+        echo "failed"
+        echo "Postfix (postifx-mailcow) is not up and running, exiting..."
+        exit 1
+fi
+
+echo "OK"
+
+if [[ -z ${1} ]]; then
+    echo "Usage:"
+	echo
+	echo "Setup a relayhost:"
+	echo "./${0} relayhost port (username) (password)"
+    echo "Username and password are optional parameters."
+	echo
+	echo "Reset to defaults:"
+	echo "./${0} reset"
+    exit 1
+fi
+
+if [[ ${1} == "reset" ]]; then
+	# Reset modified values to their defaults
+	sed -i "s/^relayhost\ \=.*/relayhost\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=\ noplaintext\,\ noanonymous/" data/conf/postfix/main.cf
+	sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ no/" data/conf/postfix/main.cf
+	# Also delete the plaintext password file
+	rm -f data/conf/postfix/smarthost_passwd*
+	docker-compose exec postfix-mailcow postfix reload
+	# Exit with dc exit code
+	exit $?
+else
+	# Try a simple connection to host:port but don't recieve any data
+	# Abort after 3 seconds
+	if ! nc -z -v -w3 ${1} ${2} 2>/dev/null; then
+		echo "Connection to relayhost ${1} failed, aborting..."
+		exit 1
+	fi
+	# Use exact hostname as relayhost, don't lookup the MX record of relayhost
+	sed -i "s/relayhost\ \=.*/relayhost\ \=\ \[${1}\]\:${2}/" data/conf/postfix/main.cf
+	if grep -q "smtp_sasl_password_maps" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_password\_maps.*/smtp\_sasl\_password\_maps\ \=\ hash\:\/opt\/postfix\/conf\/smarthost\_passwd/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_password_maps = hash:/opt/postfix/conf/smarthost_passwd" >>  data/conf/postfix/main.cf
+	fi
+	if grep -q "smtp_sasl_auth_enable" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_auth\_enable.*/smtp\_sasl\_auth\_enable\ \=\ yes/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_auth_enable = yes" >>  data/conf/postfix/main.cf
+	fi
+	if grep -q "smtp_sasl_security_options" data/conf/postfix/main.cf
+	then
+		sed -i "s/^smtp\_sasl\_security\_options.*/smtp\_sasl\_security\_options\ \=/" data/conf/postfix/main.cf
+	else
+		echo "smtp_sasl_security_options =" >>  data/conf/postfix/main.cf
+	fi
+	if [[ ! -z ${3} ]]; then
+		echo ${1} ${3}:${4} > data/conf/postfix/smarthost_passwd
+		docker-compose exec postfix-mailcow postmap /opt/postfix/conf/smarthost_passwd
+	fi
+	docker-compose exec postfix-mailcow chown root:postfix /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd /opt/postfix/conf/smarthost_passwd.db
+	docker-compose exec postfix-mailcow postfix reload
+	exit $?
+fi

From 755da65426050f653ad9198e14ee9f4990b3a9be Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 19:38:27 +0200
Subject: [PATCH 30/55] Change path

---
 data/conf/postfix/master.cf                   |  2 +-
 .../conf/postfix/whitelist_forwardinghosts.sh | 12 -------
 reset_admin.sh                                | 36 -------------------
 3 files changed, 1 insertion(+), 49 deletions(-)
 delete mode 100755 data/conf/postfix/whitelist_forwardinghosts.sh
 delete mode 100644 reset_admin.sh

diff --git a/data/conf/postfix/master.cf b/data/conf/postfix/master.cf
index 61aeb592..955728d1 100644
--- a/data/conf/postfix/master.cf
+++ b/data/conf/postfix/master.cf
@@ -56,4 +56,4 @@ zeyple    unix  -       n       n       -       -       pipe
   -o mynetworks=127.0.0.0/8
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
 
-127.0.0.1:10027 inet  n       n       n       -       0      spawn user=nobody argv=/opt/postfix/conf/whitelist_forwardinghosts.sh
+127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
diff --git a/data/conf/postfix/whitelist_forwardinghosts.sh b/data/conf/postfix/whitelist_forwardinghosts.sh
deleted file mode 100755
index 4ad5ab32..00000000
--- a/data/conf/postfix/whitelist_forwardinghosts.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-while read QUERY; do
-	QUERY=($QUERY)
-	if [ "${QUERY[0]}" != "get" ]; then
-		echo "500 dunno"
-		continue
-	fi
-	result=$(curl -s http://nginx:8081/forwardinghosts.php?host=${QUERY[1]})
-	logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
-	echo ${result}
-done
diff --git a/reset_admin.sh b/reset_admin.sh
deleted file mode 100644
index 7ce1def8..00000000
--- a/reset_admin.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#/bin/bash
-if [[ ! -f mailcow.conf ]]; then
-        echo "Cannot find mailcow.conf, make sure this script is run from within the mailcow folder."
-        exit 1
-fi
-
-echo -n "Checking MySQL service... "
-docker-compose ps -q mysql-mailcow > /dev/null 2>&1
-
-if [[ $? -ne 0 ]]; then
-        echo "failed"
-        echo "MySQL (mysql-mailcow) is not up and running, exiting..."
-        exit 1
-fi
-
-echo "OK"
-read -r -p "Are you sure you want to reset the mailcow administrator account? [y/N] " response
-response=${response,,}    # tolower
-if [[ "$response" =~ ^(yes|y)$ ]]; then
-        echo -e "\nWorking, please wait..."
-        source mailcow.conf
-        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM admin;"
-        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO admin (username, password, superadmin, created, modified, active) VALUES ('admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1);"
-        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM domain_admins WHERE username='admin';"
-        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "INSERT INTO domain_admins (username, domain, created, active) VALUES ('admin', 'ALL', NOW(), 1);"
-        docker-compose exec -T mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='admin';"
-        echo "
-Reset credentials:
----
-Username: admin
-Password: moohoo
-TFA: none
-"
-else
-        echo "Operation canceled."
-fi

From 40f86057e50d5da72be6e25b27e5a9813d130aa6 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 23 Apr 2017 19:38:47 +0200
Subject: [PATCH 31/55] Move forwarding host script to Docker image

---
 data/Dockerfiles/postfix/Dockerfile                  |  1 +
 .../Dockerfiles/postfix/whitelist_forwardinghosts.sh | 12 ++++++++++++
 2 files changed, 13 insertions(+)
 create mode 100755 data/Dockerfiles/postfix/whitelist_forwardinghosts.sh

diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile
index ba004827..9da92ad6 100644
--- a/data/Dockerfiles/postfix/Dockerfile
+++ b/data/Dockerfiles/postfix/Dockerfile
@@ -35,6 +35,7 @@ COPY zeyple.py /usr/local/bin/zeyple.py
 COPY zeyple.conf /etc/zeyple.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 COPY postfix.sh /opt/postfix.sh
+COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
 
 EXPOSE 588
 
diff --git a/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh b/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
new file mode 100755
index 00000000..4ad5ab32
--- /dev/null
+++ b/data/Dockerfiles/postfix/whitelist_forwardinghosts.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+while read QUERY; do
+	QUERY=($QUERY)
+	if [ "${QUERY[0]}" != "get" ]; then
+		echo "500 dunno"
+		continue
+	fi
+	result=$(curl -s http://nginx:8081/forwardinghosts.php?host=${QUERY[1]})
+	logger -t whitelist_forwardinghosts -p mail.info "Look up ${QUERY[1]} on whitelist, result $result"
+	echo ${result}
+done

From f81bcb161a0dc65f6b3d585de2a1a53fc1bac683 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Mon, 24 Apr 2017 13:13:23 +0200
Subject: [PATCH 32/55] Fix editing catch-all addresses, show primary domain of
 alias in alias domain

---
 data/web/js/mailbox.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 4e6b303d..118cd1d0 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -219,13 +219,16 @@ $(document).ready(function() {
     },
     success: function (data) {
       $.each(data, function (i, item) {
-        if (item.is_catch_all == 1) {
-          item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
-        }
         item.action = '<div class="btn-group">' +
           '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
           '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
 					'</div>';
+        if (item.is_catch_all == 1) {
+          item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
+        }
+        if (item.in_primary_domain !== "") {
+          item.domain = "↳ " + item.domain + " (" + item.in_primary_domain + ")";
+        }
       });
       $('#alias_table').footable({
         "columns": [

From 8b463d53d62b097948e85f8a82e25406aa68ee7a Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Mon, 24 Apr 2017 13:15:04 +0200
Subject: [PATCH 33/55] Fixes adding aliases to alias domains

---
 data/web/inc/functions.inc.php | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index fc9e7296..3164f473 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2603,7 +2603,7 @@ function mailbox_add_alias($postarray) {
 		$address      = $local_part.'@'.$domain;
 
     $domaindata = mailbox_get_domain_details($domain);
-    if ($domaindata['aliases_left'] == 0) {
+    if (is_array($domaindata) && ['aliases_left'] == 0) {
       $_SESSION['return'] = array(
         'type' => 'danger',
         'msg' => sprintf($lang['danger']['max_alias_exceeded'])
@@ -4094,6 +4094,17 @@ function mailbox_get_alias_details($address) {
       ':address' => $address,
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain");
+    $stmt->execute(array(
+      ':domain' => $row['domain'],
+    ));
+    $row_alias_domain = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (isset($row_alias_domain['target_domain']) && !empty($row_alias_domain['target_domain'])) {
+      $aliasdata['in_primary_domain'] = $row_alias_domain['target_domain'];
+    }
+    else {
+      $aliasdata['in_primary_domain'] = "";
+    }
     $aliasdata['domain'] = $row['domain'];
     $aliasdata['goto'] = $row['goto'];
     $aliasdata['address'] = $row['address'];
@@ -4210,6 +4221,15 @@ function mailbox_get_domain_details($domain) {
 	}
 
   try {
+    $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` =  :domain");
+    $stmt->execute(array(
+      ':domain' => $domain
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    if (!empty($row)) { 
+      $domain = $row['target_domain'];
+    }
+
     $stmt = $pdo->prepare("SELECT 
         `domain`,
         `description`,
@@ -4225,14 +4245,18 @@ function mailbox_get_domain_details($domain) {
         CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
           FROM `domain` WHERE `domain`= :domain");
     $stmt->execute(array(
-      ':domain' => $domain,
+      ':domain' => $domain
     ));
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if (empty($row)) { 
       return false;
     }
 
-    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `kind` NOT REGEXP 'location|thing|group' AND `domain` = :domain");
+    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`,
+      COALESCE(SUM(`quota`), 0) AS `in_use`
+        FROM `mailbox`
+          WHERE `kind` NOT REGEXP 'location|thing|group'
+            AND `domain` = :domain");
     $stmt->execute(array(':domain' => $row['domain']));
     $MailboxDataDomain	= $stmt->fetch(PDO::FETCH_ASSOC);
 
@@ -4257,12 +4281,13 @@ function mailbox_get_domain_details($domain) {
     $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int'];
 
     $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
-      WHERE `domain`= :domain
+      WHERE (`domain`= :domain OR `domain` = (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2))
         AND `address` NOT IN (
           SELECT `username` FROM `mailbox`
         )");
     $stmt->execute(array(
       ':domain' => $domain,
+      ':domain2' => $domain
     ));
     $AliasDataDomain = $stmt->fetch(PDO::FETCH_ASSOC);
     (isset($AliasDataDomain['alias_count'])) ? $domaindata['aliases_in_domain'] = $AliasDataDomain['alias_count'] : $domaindata['aliases_in_domain'] = "0";

From f3fad4e7a2279581115d48e4ac0946991c95fb30 Mon Sep 17 00:00:00 2001
From: Michael Kuron <m.kuron@gmx.de>
Date: Mon, 24 Apr 2017 19:49:41 +0200
Subject: [PATCH 34/55] Remove rspamd size limit

This ensures that the spam and antivirus filters cannot be evaded by making the message large enough.
Rspamd does not need a size limit on its own (e.g. for DoS protection) as Postfix already has a size limit (message_size_limit).
---
 data/conf/rmilter/rmilter.conf          | 1 -
 data/conf/rspamd/local.d/antivirus.conf | 1 -
 2 files changed, 2 deletions(-)

diff --git a/data/conf/rmilter/rmilter.conf b/data/conf/rmilter/rmilter.conf
index f84408cd..d957935c 100644
--- a/data/conf/rmilter/rmilter.conf
+++ b/data/conf/rmilter/rmilter.conf
@@ -28,7 +28,6 @@ redis {
 };
 tempdir = /tmp;
 tempfiles_mode = 00600;
-max_size = 20M;
 strict_auth = yes;
 use_dcc = no;
 limits {
diff --git a/data/conf/rspamd/local.d/antivirus.conf b/data/conf/rspamd/local.d/antivirus.conf
index 51bc46f9..92ba684c 100644
--- a/data/conf/rspamd/local.d/antivirus.conf
+++ b/data/conf/rspamd/local.d/antivirus.conf
@@ -1,6 +1,5 @@
 clamav {
   attachments_only = false;
-  max_size = 20000000;
   symbol = "CLAM_VIRUS";
   type = "clamav";
   log_clean = true;

From 72a21e48bd1e603e5902978f3173f0d88df3bd37 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:46:11 +0200
Subject: [PATCH 35/55] Revert RP changes as they do not work without RP

---
 docs/first_steps.md | 42 +++++++++++++++++-------------------------
 1 file changed, 17 insertions(+), 25 deletions(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index 01876e91..1f9c342d 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -103,15 +103,8 @@ Recreate affected containers by running `docker-compose up -d`.
     [...]
     # You should proxy to a plain HTTP session to offload SSL processing
     ProxyPass / http://127.0.0.1:8080/
+    ProxyPassReverse / http://127.0.0.1:8080/
     ProxyPreserveHost Off
-    ProxyAddHeaders Off
-    RewriteEngine on
-    RewriteRule ^(.*) - [E=HOST_HEADER:%{HTTP_HOST},E=CLIENT_IP:%{REMOTE_ADDR},E=PORT_NUMBER:%{SERVER_PORT},L]
-    RequestHeader append X-Forwarded-For "%{CLIENT_IP}e"
-    RequestHeader set X-Forwarded-Host "%{HOST_HEADER}e"
-    RequestHeader set X-Forwarded-Proto "https" env=HTTPS
-    RequestHeader set X-Forwarded-Proto "http" env=!HTTPS
-    RequestHeader set X-Forwarded-Port "%{PORT_NUMBER}e"
     your-ssl-configuration-here
     [...]
 
@@ -136,31 +129,15 @@ server {
     your-ssl-configuration-here
     location / {
         proxy_pass http://127.0.0.1:8080/;
+        proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Host $host:$server_port;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Port $server_port;
     }
     [...]
 }
 ```
 
-### HAProxy
-```
-frontend https-in
-  bind :::443 v4v6 ssl crt mailcow.pem
-  default_backend mailcow
-
-backend mailcow
-  option forwardfor
-  http-request set-header X-Forwarded-Host %[req.hdr(Host)]
-  http-request set-header X-Forwarded-Proto https if { ssl_fc }
-  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
-  http-request set-header X-Forwarded-Port %[dst_port]
-  server mailcow 127.0.0.1:8080 check
-```
-
 ## Optional: Setup a relayhost
 
 Insert these lines to `data/conf/postfix/main.cf`. "relayhost" does already exist (empty), just change its value.
@@ -183,6 +160,21 @@ docker-compose exec postfix-mailcow chmod 660 /opt/postfix/conf/smarthost_passwd
 docker-compose exec postfix-mailcow postfix reload
 ```
 
+### Helper script
+
+There is a helper script `mailcow-setup-relayhost.sh` you can run to setup a relayhost.
+
+```
+Usage:
+
+Setup a relayhost:
+./mailcow-setup-relayhost.sh relayhost port (username) (password)
+Username and password are optional parameters.
+
+Reset to defaults:
+./mailcow-setup-relayhost.sh reset
+```
+
 ## Optional: Log to Syslog
 
 Enable Rsyslog to receive logs on 524/tcp:

From 73c6d69f5b8ca64dc62bfec1399c29ebbe60cd5e Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:46:27 +0200
Subject: [PATCH 36/55] Add ClamAV by default, can be shut down if not needed

---
 docker-compose.yml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index eac8bb29..f2c80a4d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,16 +55,17 @@ services:
           aliases:
             - redis
 
-#    clamd-mailcow:
-#      image: mailcow/clamd
-#      restart: always
-#      dns:
-#        - 172.22.1.254
-#      dns_search: mailcow-network
-#      networks:
-#        mailcow-network:
-#          aliases:
-#            - clamd
+    clamd-mailcow:
+      image: mailcow/clamd
+      build: ./data/Dockerfiles/clamav
+      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
+      networks:
+        mailcow-network:
+          aliases:
+            - clamd
 
     rspamd-mailcow:
       image: mailcow/rspamd

From 2ab6301edaf43d2e4b505f23ddccd2e809f4381f Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:46:44 +0200
Subject: [PATCH 37/55] Fix usage

---
 mailcow-setup-relayhost.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mailcow-setup-relayhost.sh b/mailcow-setup-relayhost.sh
index 6a7f6410..283590df 100755
--- a/mailcow-setup-relayhost.sh
+++ b/mailcow-setup-relayhost.sh
@@ -19,11 +19,11 @@ if [[ -z ${1} ]]; then
     echo "Usage:"
 	echo
 	echo "Setup a relayhost:"
-	echo "./${0} relayhost port (username) (password)"
+	echo "${0} relayhost port (username) (password)"
     echo "Username and password are optional parameters."
 	echo
 	echo "Reset to defaults:"
-	echo "./${0} reset"
+	echo "${0} reset"
     exit 1
 fi
 

From 174ced5ce711270c8cd85c3828150d03b8339d15 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:46:53 +0200
Subject: [PATCH 38/55] Fix index

---
 docs/index.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 4a5943f0..c48e0d17 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -10,9 +10,11 @@ You can find screenshots [on Imgur](http://imgur.com/a/oewYt).
 
 ## Overview
 
-mailcow dockerized comes with **11 containers** linked in **one bridged network**.
+mailcow dockerized comes with **12 containers** linked in **one bridged network**.
+Each container represents a single application.
 
 - Dovecot
+- ClamAV
 - Memcached
 - Redis
 - MySQL
@@ -24,7 +26,7 @@ mailcow dockerized comes with **11 containers** linked in **one bridged network*
 - Rspamd
 - SOGo
 
-**6 volumes** to keep dynamic data - take care of them!
+**7 volumes** to keep dynamic data - take care of them!
 
 - vmail-vol-1
 - dkim-vol-1
@@ -46,6 +48,6 @@ The integrated **mailcow UI** allows administrative work on your mail server ins
 - imapsync to migrate or pull remote mailboxes regularly
 - TFA: Yubi OTP and U2F USB (Google Chrome and derivates only)
 - Add domains, mailboxes, aliases, domain aliases and SOGo resources
-
+- Add whitelisted hosts to forward mail to mailcow
 
 *[Looking for a farm to host your cow?](https://www.servercow.de)* 

From 28e0ca022ff896935a07c1a516ed14a00b05d361 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:49:31 +0200
Subject: [PATCH 39/55] Add relayhost helper script info

---
 docs/first_steps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index 1f9c342d..cba908e5 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -164,7 +164,7 @@ docker-compose exec postfix-mailcow postfix reload
 
 There is a helper script `mailcow-setup-relayhost.sh` you can run to setup a relayhost.
 
-```
+``` bash
 Usage:
 
 Setup a relayhost:

From e4310cafb3a329958642327700d82425e026dc2c Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 10:49:38 +0200
Subject: [PATCH 40/55] Revert RP changes

---
 data/conf/nginx/site.conf | 53 ++++++++-------------------------------
 1 file changed, 11 insertions(+), 42 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 145bef73..83993d62 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -1,31 +1,4 @@
 proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
-
-# use the non-standard X-Forwarded-* headers for WebObjects
-map $http_x_forwarded_proto $maybe_real_scheme {
-  default $http_x_forwarded_proto;
-  ''      $scheme;
-}
-map $http_x_forwarded_port $maybe_real_port {
-  default $http_x_forwarded_port;
-  ''      $server_port;
-}
-map $http_x_forwarded_host $maybe_real_host {
-  default $http_x_forwarded_host;
-  ''      $host:$real_port;
-}
-map $realip_remote_addr $real_scheme {
-  default $scheme;
-  172.22.1.1 $maybe_real_scheme;
-}
-map $realip_remote_addr $real_port {
-  default $server_port;
-  172.22.1.1 $maybe_real_port;
-}
-map $realip_remote_addr $real_host {
-  default $scheme;
-  172.22.1.1 $maybe_real_host;
-}
-
 server {
   include /etc/nginx/conf.d/listen_ssl.active;
   include /etc/nginx/mime.types;
@@ -61,7 +34,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $real_scheme://$real_host/SOGo/dav;
+    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
     allow all;
   }
 
@@ -91,10 +64,6 @@ server {
     add_header X-XSS-Protection "1; mode=block";
   }
 
-  location ^~ /inc/init.sql {
-    deny all;
-  }
-
   location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
 		fastcgi_pass phpfpm:9000;
@@ -127,8 +96,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
-    proxy_set_header x-webobjects-server-port $real_port;
+    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
+    proxy_set_header x-webobjects-server-port $server_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
   }
@@ -141,8 +110,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
-    proxy_set_header x-webobjects-server-port $real_port;
+    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
+    proxy_set_header x-webobjects-server-port $server_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
     break;
@@ -214,7 +183,7 @@ server {
   real_ip_recursive on;
 
   location = /principals/ {
-    rewrite ^ $real_scheme://$real_host/SOGo/dav;
+    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
     allow all;
   }
 
@@ -280,8 +249,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
-    proxy_set_header x-webobjects-server-port $real_port;
+    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
+    proxy_set_header x-webobjects-server-port $server_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
   }
@@ -294,8 +263,8 @@ server {
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
     proxy_set_header x-webobjects-remote-host $remote_addr;
     proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
-    proxy_set_header x-webobjects-server-port $real_port;
+    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
+    proxy_set_header x-webobjects-server-port $server_port;
     client_body_buffer_size 128k;
     client_max_body_size 100m;
     break;
@@ -340,4 +309,4 @@ server {
     #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
   }
 
-}
+}
\ No newline at end of file

From 4729a912c7964dbebb2926151a54a4b5269da5a2 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 11:27:59 +0200
Subject: [PATCH 41/55] Fix max aliases

---
 data/web/inc/functions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 3164f473..8da40386 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -2603,7 +2603,7 @@ function mailbox_add_alias($postarray) {
 		$address      = $local_part.'@'.$domain;
 
     $domaindata = mailbox_get_domain_details($domain);
-    if (is_array($domaindata) && ['aliases_left'] == 0) {
+    if (is_array($domaindata) && $domaindata['aliases_left'] == "0") {
       $_SESSION['return'] = array(
         'type' => 'danger',
         'msg' => sprintf($lang['danger']['max_alias_exceeded'])

From f9662025cc41a9ab582f6cabe1a2d16ffe182554 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 20:32:29 +0200
Subject: [PATCH 42/55] Initial fix for sorting of quotas

---
 data/web/js/mailbox.js | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 118cd1d0..b2aeb5b9 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -24,7 +24,7 @@ $(document).ready(function() {
       $.each(data, function (i, item) {
         item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain;
         item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
-        item.quota = humanFileSize(item.quota_used_in_domain) + " / " + humanFileSize(item.max_quota_for_domain);
+        item.quota = item.quota_used_in_domain + "/" + item.max_quota_for_domain;
         item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
         if (role == "admin") {
         item.action = '<div class="btn-group">' +
@@ -43,7 +43,15 @@ $(document).ready(function() {
           {"sorted": true,"name":"domain_name","title":lang.domain,"style":{"width":"250px"}},
           {"name":"aliases","title":lang.aliases,"breakpoints":"xs sm"},
           {"name":"mailboxes","title":lang.mailboxes},
-          {"name":"quota","title":lang.domain_quota},
+          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota,"formatter": function(value){
+            res = value.split("/");
+            return humanFileSize(res[0]) + " / " + humanFileSize(res[1]);
+          },
+          "sortValue": function(value){
+            res = value.split("/");
+            return res[0];
+          },
+          },
           {"name":"max_quota_for_mbox","title":lang.mailbox_quota,"breakpoints":"xs sm"},
           {"name":"backupmx","filterable": false,"style":{"maxWidth":"120px","width":"120px"},"title":lang.backup_mx,"breakpoints":"xs sm"},
           {"name":"active","filterable": false,"style":{"maxWidth":"80px","width":"80px"},"title":lang.active},
@@ -77,7 +85,7 @@ $(document).ready(function() {
     },
     success: function (data) {
       $.each(data, function (i, item) {
-        item.quota = humanFileSize(item.quota_used) + " / " + humanFileSize(item.quota);
+        item.quota = item.quota_used + "/" + item.quota;
         item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
         if (role == "admin") {
         item.action = '<div class="btn-group">' +
@@ -102,7 +110,15 @@ $(document).ready(function() {
           {"sorted": true,"name":"username","title":lang.username,"style":{"width":"250px"}},
           {"name":"name","title":lang.fname,"breakpoints":"xs sm"},
           {"name":"domain","title":lang.domain,"breakpoints":"xs sm"},
-          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota},
+          {"name":"quota","style":{"whiteSpace":"nowrap"},"title":lang.domain_quota,"formatter": function(value){
+            res = value.split("/");
+            return humanFileSize(res[0]) + " / " + humanFileSize(res[1]);
+          },
+          "sortValue": function(value){
+            res = value.split("/");
+            return res[0];
+          },
+          },
           {"name":"spam_aliases","filterable": false,"title":lang.spam_aliases,"breakpoints":"xs sm md"},
           {"name":"in_use","filterable": false,"style":{"whiteSpace":"nowrap"},"type":"html","title":lang.in_use},
           {"name":"messages","filterable": false,"style":{"whiteSpace":"nowrap"},"title":lang.msg_num,"breakpoints":"xs sm md"},

From fd84b2ffa907e9154215a10ad0674a3c41b7aee0 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 25 Apr 2017 20:32:36 +0200
Subject: [PATCH 43/55] Change DKIM to new method, add clamav forced action
 when virus is found"

---
 data/conf/rspamd/local.d/dkim.conf          | 34 ---------------------
 data/conf/rspamd/local.d/dkim_signing.conf  | 28 +++++++++++++++++
 data/conf/rspamd/local.d/force_actions.conf |  5 +++
 3 files changed, 33 insertions(+), 34 deletions(-)
 delete mode 100644 data/conf/rspamd/local.d/dkim.conf
 create mode 100644 data/conf/rspamd/local.d/dkim_signing.conf

diff --git a/data/conf/rspamd/local.d/dkim.conf b/data/conf/rspamd/local.d/dkim.conf
deleted file mode 100644
index c199c6ae..00000000
--- a/data/conf/rspamd/local.d/dkim.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-sign_condition =<<EOD
-return function(task)
-  local smtp_from = task:get_from('smtp')
-  local mime_from = task:get_from('mime')
-  local rspamd_logger = require "rspamd_logger"
-  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
-    domain = smtp_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
-    if not task:get_user() then
-      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
-      return false
-    end
-  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
-    domain = mime_from[1]['domain']
-    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
-  else
-    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
-    return false
-  end
-  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
-  if keyfile then
-    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
-    keyfile:close()
-    return {
-      key = "/data/dkim/keys/" .. domain .. ".dkim",
-      domain = domain,
-      selector = "dkim"
-    }
-  else
-    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
-  end
-  return false
-end
-EOD;
diff --git a/data/conf/rspamd/local.d/dkim_signing.conf b/data/conf/rspamd/local.d/dkim_signing.conf
new file mode 100644
index 00000000..fb718b69
--- /dev/null
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@@ -0,0 +1,28 @@
+# If false, messages with empty envelope from are not signed
+allow_envfrom_empty = false;
+# If true, envelope/header domain mismatch is ignored
+allow_hdrfrom_mismatch = true;
+# If true, multiple from headers are allowed (but only first is used)
+allow_hdrfrom_multiple = true;
+# If true, username does not need to contain matching domain
+allow_username_mismatch = true;
+# If false, messages from authenticated users are not selected for signing
+auth_only = true;
+# Default path to key, can include '$domain' and '$selector' variables
+path = "/data/dkim/keys/$domain.dkim";
+# Default selector to use
+selector = "dkim";
+# If false, messages from local networks are not selected for signing
+sign_local = true;
+# Symbol to add when message is signed
+symbol = "DKIM_SIGNED";
+# Whether to fallback to global config
+try_fallback = true;
+# Domain to use for DKIM signing: can be "header" or "envelope"
+use_domain = "envelope";
+# Whether to normalise domains to eSLD
+use_esld = true;
+# Whether to get keys from Redis
+use_redis = false;
+# Hash for DKIM keys in Redis
+hash_key = "DKIM_KEYS";
diff --git a/data/conf/rspamd/local.d/force_actions.conf b/data/conf/rspamd/local.d/force_actions.conf
index 7b97e437..1aa10659 100644
--- a/data/conf/rspamd/local.d/force_actions.conf
+++ b/data/conf/rspamd/local.d/force_actions.conf
@@ -4,4 +4,9 @@ rules {
     expression = "R_DKIM_REJECT & !MAILLIST & !MAILCOW_WHITE & !MAILCOW_BLACK";
     require_action = ["no action", "greylist"];
   }
+  VIRUS_FOUND {
+    action = "reject";
+    expression = "CLAM_VIRUS & !MAILCOW_WHITE";
+    honor_action = ["reject"];
+  }
 }

From a03b36e0c3146cb0dda0bb37c3627f3aae6135b0 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Wed, 26 Apr 2017 23:37:55 +0200
Subject: [PATCH 44/55] Add object to Nginx api configuration

---
 data/conf/nginx/site.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 83993d62..181a802b 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -21,7 +21,7 @@ server {
   location /api/v1/ {
     try_files $uri $uri/ /json_api.php?$args;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&object=$2? last;
+  rewrite ^/api/v1/([^/]+)/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&cat=$2&object=$3? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
@@ -170,7 +170,7 @@ server {
   location /api/v1/ {
     try_files $uri $uri/ /json_api.php?$args;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&object=$2? last;
+  rewrite ^/api/v1/([^/]+)/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&cat=$2&object=$3? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
@@ -309,4 +309,4 @@ server {
     #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
   }
 
-}
\ No newline at end of file
+}

From 5586bd2bb519ab23032aab9473e434c42521e465 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Wed, 26 Apr 2017 23:38:18 +0200
Subject: [PATCH 45/55] Initial push or quick actions in alias table

---
 data/web/css/mailbox.css       |  15 +-
 data/web/css/mailcow.css       |   5 +
 data/web/inc/functions.inc.php | 240 ++++++++--------
 data/web/js/mailbox.js         |  78 +++++-
 data/web/json_api.php          | 481 +++++++++++++++++++--------------
 data/web/lang/lang.en.php      |   4 +-
 data/web/mailbox.php           |   8 +
 7 files changed, 504 insertions(+), 327 deletions(-)

diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index 23f5ad84..a22f5fe2 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -16,4 +16,17 @@ table.footable>tbody>tr.footable-empty>td {
   font-style: italic;
   display:block;
   padding: 10px;
-}
\ No newline at end of file
+}
+.mass-each-action {
+  font-style: italic;
+  padding: 0 3px 0 3px;
+  user-select: none;
+}
+.mass-actions {
+  user-select: none;
+  padding:10px;
+}
+.mass-select-all {
+  cursor:pointer;
+  color:grey;
+}
diff --git a/data/web/css/mailcow.css b/data/web/css/mailcow.css
index 1b3a691c..f7db5296 100644
--- a/data/web/css/mailcow.css
+++ b/data/web/css/mailcow.css
@@ -50,3 +50,8 @@ pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-s
   -ms-user-select: none;      
   user-select: none;
 }
+/* Fix modal moving content left */
+body.modal-open {
+  overflow: inherit;
+  padding-right: inherit !important;
+}
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 8da40386..091b3623 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -3308,82 +3308,95 @@ function mailbox_edit_alias_domain($postarray) {
 	);
 }
 function mailbox_edit_alias($postarray) {
-  // Array elements
-  // address            string
-  // goto               string    (separated by " ", "," ";" "\n") - email address or domain
-  // active             int
+  // We can edit multiple addresses at once, but only set one "goto" and/or "active" attribute for all
+  // address    string or array containing strings | email | required
+  // goto       string | separated by " ", "," ";" "\n", email or domain | optional
+  // active     set (active) or unset (inactive)
 	global $lang;
 	global $pdo;
-	$address      = $postarray['address'];
-	$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
-	$local_part   = strstr($address, '@', true);
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (empty($postarray['goto'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['goto_empty'])
-		);
-		return false;
-	}
-	$gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
-	foreach ($gotos as &$goto) {
-		if (empty($goto)) {
-			continue;
-		}
-		if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' =>sprintf($lang['danger']['goto_invalid'])
-			);
-			return false;
-		}
-		if ($goto == $address) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['alias_goto_identical'])
-			);
-			return false;
-		}
-	}
-	$gotos = array_filter($gotos);
-	$goto = implode(",", $gotos);
+  if (!is_array($postarray['address'])) {
+    $address_array = array();
+    $address_array[] = $postarray['address'];
+  }
+  else {
+    $address_array = $postarray['address'];
+  }
+	if (isset($postarray['goto']) || !empty($postarray['goto'])) {
+    $gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
+    foreach ($gotos as &$goto) {
+      if (empty($goto)) {
+        continue;
+      }
+      if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' =>sprintf($lang['danger']['goto_invalid'])
+        );
+        return false;
+      }
+      if ($goto == $address) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['alias_goto_identical'])
+        );
+        return false;
+      }
+    }
+    $gotos = array_filter($gotos);
+    $goto = implode(",", $gotos);
+  }
 	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_invalid'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("UPDATE `alias` SET
-      `goto` = :goto,
-      `active`= :active
-        WHERE `address` = :address");
-		$stmt->execute(array(
-			':goto' => $goto,
-			':active' => $active,
-			':address' => $address
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars($address))
-		);
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
+  foreach ($address_array as $address) {
+    $domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
+    $local_part   = strstr($address, '@', true);
+    if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['alias_invalid'])
+      );
+      return false;
+    }
+    try {
+      if (isset($goto) && !empty($goto)) {
+        $stmt = $pdo->prepare("UPDATE `alias` SET
+          `goto` = :goto,
+          `active`= :active
+            WHERE `address` = :address");
+        $stmt->execute(array(
+          ':goto' => $goto,
+          ':active' => $active,
+          ':address' => $address
+        ));
+      }
+      else {
+        $stmt = $pdo->prepare("UPDATE `alias` SET
+          `active`= :active
+            WHERE `address` = :address");
+        $stmt->execute(array(
+          ':active' => $active,
+          ':address' => $address
+        ));
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
 	}
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars(implode(', ', $address_array)))
+  );
 }
 function mailbox_edit_domain($postarray) {
   // Array elements
@@ -4527,48 +4540,57 @@ function mailbox_delete_domain($postarray) {
 	return true;
 }
 function mailbox_delete_alias($postarray) {
+  // $postarray['address'] can be a single element or an array
 	global $lang;
 	global $pdo;
-	$address		= $postarray['address'];
-	$local_part		= strstr($address, '@', true);
-  $domain = mailbox_get_alias_details($address)['domain'];
-	try {
-		$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
-		$stmt->execute(array(':address' => $address));
-		$gotos = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$goto_array = explode(',', $gotos['goto']);
+  if (!is_array($postarray['address'])) {
+    $address_array = array();
+    $address_array[] = $postarray['address'];
+  }
+  else {
+    $address_array = $postarray['address'];
+  }
+  foreach ($address_array as $address) {
+    $local_part		= strstr($address, '@', true);
+    $domain = mailbox_get_alias_details($address)['domain'];
+    try {
+      $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
+      $stmt->execute(array(':address' => $address));
+      $gotos = $stmt->fetch(PDO::FETCH_ASSOC);
+    }
+    catch(PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+    $goto_array = explode(',', $gotos['goto']);
 
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
-		$stmt->execute(array(
-			':address' => $address
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
+    if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    try {
+      $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
+      $stmt->execute(array(
+        ':address' => $address
+      ));
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
 	$_SESSION['return'] = array(
 		'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars($address))
+		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars(implode(', ', $address_array)))
 	);
 
 }
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index b2aeb5b9..b68cf8e4 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -12,10 +12,10 @@ $(document).ready(function() {
     } while(Math.abs(bytes) >= 1024 && u < units.length - 1);
     return bytes.toFixed(1)+' '+units[u];
   }
-  
+
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/domain/all',
+    url: '/api/v1/get/domain/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw domain table');
@@ -78,7 +78,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/mailbox/all',
+    url: '/api/v1/get/mailbox/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw mailbox table');
@@ -146,7 +146,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/resource/all',
+    url: '/api/v1/get/resource/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw resource table');
@@ -188,7 +188,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/alias-domain/all',
+    url: '/api/v1/get/alias-domain/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw alias domain table');
@@ -228,7 +228,7 @@ $(document).ready(function() {
 
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/alias/all',
+    url: '/api/v1/get/alias/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw alias table');
@@ -239,6 +239,7 @@ $(document).ready(function() {
           '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
           '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
 					'</div>';
+        item.chkbox = '<input type="checkbox" class="alias_item" name="sel_aliases" value="' + item.address + '" />';
         if (item.is_catch_all == 1) {
           item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
         }
@@ -246,8 +247,9 @@ $(document).ready(function() {
           item.domain = "↳ " + item.domain + " (" + item.in_primary_domain + ")";
         }
       });
-      $('#alias_table').footable({
+      ft_aliases = FooTable.init("#alias_table", {
         "columns": [
+          {"name":"chkbox","title":"","style":{"maxWidth":"40px","width":"40px"},"filterable": false,"sortable": false,"type":"html"},
           {"sorted": true,"name":"address","title":lang.alias,"style":{"width":"250px"}},
           {"name":"goto","title":lang.target_address},
           {"name":"domain","title":lang.domain,"breakpoints":"xs sm"},
@@ -269,6 +271,68 @@ $(document).ready(function() {
         "sorting": {
           "enabled": true
         }
+      }, function aliases_table_hook() {
+        var selected_aliases = {};
+        $('input[name=sel_aliases]').change(function() {
+          selected_aliases = {};
+          $('input[name=sel_aliases]:checked').each(function(i) {
+            selected_aliases[i] = ($(this).val());
+          });
+        });
+        $("#select_all_aliases").click(function(e) {
+          e.preventDefault();
+          var alias_chkbxs = $("input[name=sel_aliases]");
+          alias_chkbxs.prop("checked", !alias_chkbxs.prop("checked")).change();
+        });
+        $("#activate_selected_alias").click(function(e) {
+          e.preventDefault();
+          if (Object.keys(selected_aliases).length !== 0) {
+            $.ajax({
+              type: "POST",
+              dataType: "json",
+              data: { "address": JSON.stringify(selected_aliases), "active": "1" },
+              url: '/api/v1/edit/alias/post',
+              jsonp: false,
+              complete: function (data) {
+                location.reload();
+              }
+            });
+          }
+        });
+        $("#deactivate_selected_alias").click(function(e) {
+          e.preventDefault();
+          if (Object.keys(selected_aliases).length !== 0) {
+            $.ajax({
+              type: "POST",
+              dataType: "json",
+              data: { "address": JSON.stringify(selected_aliases), "active": "0" },
+              url: '/api/v1/edit/alias/post',
+              jsonp: false,
+              complete: function (data) {
+                location.reload();
+              }
+            });
+          }
+        });
+        $("#delete_selected_alias").click(function(e) {
+          e.preventDefault();
+          if (Object.keys(selected_aliases).length !== 0) {
+            $.ajax({
+              type: "POST",
+              dataType: "json",
+              data: { "address": JSON.stringify(selected_aliases) },
+              url: '/api/v1/delete/alias/post',
+              jsonp: false,
+              complete: function (data) {
+                location.reload();
+              }
+            });
+          }
+        });
+        $("tr").on('click',function(event) {
+          var checkbox = $(this).find(':checkbox');
+          checkbox.trigger('click');
+        });
       });
     }
   });
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 66b46cfb..b09caa67 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -2,242 +2,307 @@
 require_once 'inc/prerequisites.inc.php';
 error_reporting(E_ALL);
 if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_username'])) {
-  if (isset($_GET['action']) && isset($_GET['object'])) {
+  if (isset($_GET['action']) && isset($_GET['cat'])) {
+    $category = filter_input(INPUT_GET, 'cat',  FILTER_SANITIZE_STRING);
     $action = filter_input(INPUT_GET, 'action',  FILTER_SANITIZE_STRING);
-    $object   = filter_input(INPUT_GET, 'object',  FILTER_SANITIZE_STRING);
+    
+    if (isset($_GET['object'])) {
+      $object = filter_input(INPUT_GET, 'object',  FILTER_SANITIZE_STRING);
+    }
+
     switch ($action) {
-      case "domain":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $data[] = mailbox_get_domain_details($domain);
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
-
-          default:
-            $data = mailbox_get_domain_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_domain_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-        }
-      break;
-      case "mailbox":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $mailboxes = mailbox_get_mailboxes($domain);
-                if (!empty($mailboxes)) {
-                  foreach ($mailboxes as $mailbox) {
-                    $data[] = mailbox_get_mailbox_details($mailbox);
+      case "get":
+        switch ($category) {
+          case "domain":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $data[] = mailbox_get_domain_details($domain);
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_domain_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_domain_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
             }
           break;
-
-          default:
-            $data = mailbox_get_mailbox_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_mailbox_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-
-        }
-      break;
-      case "resource":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $resources = mailbox_get_resources($domain);
-                if (!empty($resources)) {
-                  foreach ($resources as $resource) {
-                    $data[] = mailbox_get_resource_details($resource);
+          case "mailbox":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $mailboxes = mailbox_get_mailboxes($domain);
+                    if (!empty($mailboxes)) {
+                      foreach ($mailboxes as $mailbox) {
+                        $data[] = mailbox_get_mailbox_details($mailbox);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_mailbox_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_mailbox_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+
             }
           break;
-
-          default:
-            $data = mailbox_get_resource_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_resource_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-
-        }
-      break;
-      case "alias-domain":
-        switch ($object) {
-          case "all":
-            $domains = mailbox_get_domains();
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $alias_domains = mailbox_get_alias_domains($domain);
-                if (!empty($alias_domains)) {
-                  foreach ($alias_domains as $alias_domain) {
-                    $data[] = mailbox_get_alias_domain_details($alias_domain);
+          case "resource":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $resources = mailbox_get_resources($domain);
+                    if (!empty($resources)) {
+                      foreach ($resources as $resource) {
+                        $data[] = mailbox_get_resource_details($resource);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = mailbox_get_resource_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_resource_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
 
-          default:
-            $data = mailbox_get_alias_domains($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_alias_domains($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
             }
           break;
-        }
-      break;
-      case "alias":
-        switch ($object) {
-          case "all":
-            $domains = array_merge(mailbox_get_domains(), mailbox_get_alias_domains());
-            if (!empty($domains)) {
-              foreach ($domains as $domain) {
-                $aliases = mailbox_get_aliases($domain);
-                if (!empty($aliases)) {
-                  foreach ($aliases as $alias) {
-                    $data[] = mailbox_get_alias_details($alias);
+          case "alias-domain":
+            switch ($object) {
+              case "all":
+                $domains = mailbox_get_domains();
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $alias_domains = mailbox_get_alias_domains($domain);
+                    if (!empty($alias_domains)) {
+                      foreach ($alias_domains as $alias_domain) {
+                        $data[] = mailbox_get_alias_domain_details($alias_domain);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
                   }
                 }
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
-            }
-          break;
+                else {
+                  echo '{}';
+                }
+              break;
 
-          default:
-            $data = mailbox_get_alias_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
-            }
-            else {
-              echo json_encode(mailbox_get_alias_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-            }
-          break;
-        }
-      break;
-      case "domain-admin":
-        switch ($object) {
-          case "all":
-            $domain_admins = get_domain_admins();
-            if (!empty($domain_admins)) {
-              foreach ($domain_admins as $domain_admin) {
-                $data[] = get_domain_admin_details($domain_admin);
-              }
-              if (!isset($data) || empty($data)) {
-                echo '{}';
-              }
-              else {
-                echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
-              }
-            }
-            else {
-              echo '{}';
+              default:
+                $data = mailbox_get_alias_domains($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_alias_domains($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
             }
           break;
+          case "alias":
+            switch ($object) {
+              case "all":
+                $domains = array_merge(mailbox_get_domains(), mailbox_get_alias_domains());
+                if (!empty($domains)) {
+                  foreach ($domains as $domain) {
+                    $aliases = mailbox_get_aliases($domain);
+                    if (!empty($aliases)) {
+                      foreach ($aliases as $alias) {
+                        $data[] = mailbox_get_alias_details($alias);
+                      }
+                    }
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                  }
+                }
+                else {
+                  echo '{}';
+                }
+              break;
 
-          default:
-            $data = get_domain_admin_details($object);
-            if (!isset($data) || empty($data)) {
-              echo '{}';
+              default:
+                $data = mailbox_get_alias_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(mailbox_get_alias_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+            }
+          break;
+          case "domain-admin":
+            switch ($object) {
+              case "all":
+                $domain_admins = get_domain_admins();
+                if (!empty($domain_admins)) {
+                  foreach ($domain_admins as $domain_admin) {
+                    $data[] = get_domain_admin_details($domain_admin);
+                  }
+                  if (!isset($data) || empty($data)) {
+                    echo '{}';
+                  }
+                  else {
+                    echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                  }
+                }
+                else {
+                  echo '{}';
+                }
+              break;
+
+              default:
+                $data = get_domain_admin_details($object);
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode(get_domain_admin_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+            }
+          break;
+          case "u2f-registration":
+            if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
+              $data = $u2f->getRegisterData(get_u2f_registrations($object));
+              list($req, $sigs) = $data;
+              $_SESSION['regReq'] = json_encode($req);
+              echo 'var req = ' . json_encode($req) . '; var sigs = ' . json_encode($sigs) . ';';
             }
             else {
-              echo json_encode(get_domain_admin_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+              return;
+            }
+          break;
+          case "u2f-authentication":
+            if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
+              $reqs = json_encode($u2f->getAuthenticateData(get_u2f_registrations($object)));
+              $_SESSION['authReq']  = $reqs;
+              echo 'var req = ' . $reqs . ';';
+            }
+            else {
+              return;
+            }
+          break;
+          default:
+            echo '{}';
+          break;
+        }
+      break;
+      case "delete":
+        switch ($category) {
+          case "alias":
+            if (isset($_POST['address'])) {
+              $address = json_decode($_POST['address'], true);
+              if (is_array($address)) {
+                if (mailbox_delete_alias(array('address' => $address)) === false) {
+                  echo json_encode(array(
+                    'type' => 'error',
+                    'message' => 'Deletion of item failed'
+                  ));
+                  exit();
+                }
+                echo json_encode(array(
+                  'type' => 'success',
+                  'message' => 'Task completed'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'message' => 'Cannot find address array in post data'
+              ));
             }
           break;
         }
       break;
-      case "u2f-registration":
-        if (($_SESSION["mailcow_cc_role"] == "admin" || $_SESSION["mailcow_cc_role"] == "domainadmin") && $_SESSION["mailcow_cc_username"] == $object) {
-          $data = $u2f->getRegisterData(get_u2f_registrations($object));
-          list($req, $sigs) = $data;
-          $_SESSION['regReq'] = json_encode($req);
-          echo 'var req = ' . json_encode($req) . '; var sigs = ' . json_encode($sigs) . ';';
+      case "edit":
+        switch ($category) {
+          case "alias":
+            if (isset($_POST['address']) && isset($_POST['active'])) {
+              $address = json_decode($_POST['address'], true);
+              if (is_array($address)) {
+                if (mailbox_edit_alias(array('address' => $address, 'active' => ($_POST['active'] == "1") ? $active = 1 : null)) === false) {
+                  echo json_encode(array(
+                    'type' => 'error',
+                    'message' => 'Edit item failed'
+                  ));
+                  exit();
+                }
+                echo json_encode(array(
+                  'type' => 'success',
+                  'message' => 'Task completed'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'message' => 'Cannot find address array in post data'
+              ));
+            }
+          break;
         }
-        else {
-          return;
-        }
-      break;
-      case "u2f-authentication":
-        if (isset($_SESSION['pending_mailcow_cc_username']) && $_SESSION['pending_mailcow_cc_username'] == $object) {
-          $reqs = json_encode($u2f->getAuthenticateData(get_u2f_registrations($object)));
-          $_SESSION['authReq']  = $reqs;
-          echo 'var req = ' . $reqs . ';';
-        }
-        else {
-          return;
-        }
-      break;
-      default:
-        echo '{}';
       break;
     }
   }
-}
\ No newline at end of file
+}
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 4bc48f2c..d3a615c6 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -40,7 +40,7 @@ $lang['danger']['alias_goto_identical'] = "Alias and goto address must not be id
 $lang['danger']['aliasd_targetd_identical'] = "Alias domain must not be equal to target domain";
 $lang['danger']['maxquota_empty'] = 'Max. quota per mailbox must not be 0.';
 $lang['success']['alias_added'] = "Alias address/es has/have been added";
-$lang['success']['alias_modified'] = "Changes to alias have been saved";
+$lang['success']['alias_modified'] = "Changes to alias/es %s have been saved";
 $lang['success']['aliasd_modified'] = "Changes to alias domain have been saved";
 $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['resource_modified'] = "Changes to mailbox %s have been saved";
@@ -79,7 +79,7 @@ $lang['danger']['mailbox_quota_left_exceeded'] = "Not enough space left (space l
 $lang['success']['mailbox_added'] = "Mailbox %s has been added";
 $lang['success']['resource_added'] = "Resource %s has been added";
 $lang['success']['domain_removed'] = "Domain %s has been removed";
-$lang['success']['alias_removed'] = "Alias-Adresse %s has been removed";
+$lang['success']['alias_removed'] = "Alias %s has been removed";
 $lang['success']['alias_domain_removed'] = "Alias domain %s has been removed";
 $lang['success']['domain_admin_removed'] = "Domain administrator %s has been removed";
 $lang['success']['mailbox_removed'] = "Mailbox %s has been removed";
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index fe2cd803..2640a58b 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -89,6 +89,14 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 				</div>
         <div class="table-responsive">
           <table id="alias_table" class="table table-striped"></table>
+          <div class="mass-actions">
+              <span id="select_all_aliases" class="mass-select-all">Toggle all</span>
+              <br /><span>(
+                <a id="delete_selected_alias" href="#" class="mass-each-action">delete</a> |
+                <a id="activate_selected_alias" href="#" class="mass-each-action">activate</a> |
+                <a id="deactivate_selected_alias" href="#" class="mass-each-action">deactivate</a>)
+              </span>
+          </div>
         </div>
         <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>			</div>
 		</div>

From e26304f6d04821e79d63cd3716c0cc8e7202a815 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 27 Apr 2017 08:44:21 +0200
Subject: [PATCH 46/55] Fix checkbox toggling, add nav tabs, fix broken domain
 quota when adding a new domain

---
 data/web/css/mailbox.css            |   6 +-
 data/web/js/add.js                  |   2 +-
 data/web/js/bootstrap-select.min.js |   1 -
 data/web/js/mailbox.js              |  11 +-
 data/web/mailbox.php                | 197 +++++++++++++++-------------
 5 files changed, 120 insertions(+), 97 deletions(-)

diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index a22f5fe2..25eb2cd3 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -18,15 +18,17 @@ table.footable>tbody>tr.footable-empty>td {
   padding: 10px;
 }
 .mass-each-action {
-  font-style: italic;
   padding: 0 3px 0 3px;
   user-select: none;
 }
 .mass-actions {
   user-select: none;
-  padding:10px;
+  margin-top:-5px;
 }
 .mass-select-all {
   cursor:pointer;
   color:grey;
 }
+#alias_table {
+  cursor:pointer;
+}
\ No newline at end of file
diff --git a/data/web/js/add.js b/data/web/js/add.js
index 54a70500..e7a3fd90 100644
--- a/data/web/js/add.js
+++ b/data/web/js/add.js
@@ -2,7 +2,7 @@ $(document).ready(function() {
 	// add.php
 	// Get max. possible quota for a domain when domain field changes
 	$('#addSelectDomain').on('change', function() {
-		$.get("/api/v1/domain/" + this.value, function(data){
+		$.get("/api/v1/get/domain/" + this.value, function(data){
       var result = jQuery.parseJSON( data );
       max_new_mailbox_quota = ( result.max_new_mailbox_quota / 1048576);
 			if (max_new_mailbox_quota != '0') {
diff --git a/data/web/js/bootstrap-select.min.js b/data/web/js/bootstrap-select.min.js
index d2a33149..9e20a22e 100644
--- a/data/web/js/bootstrap-select.min.js
+++ b/data/web/js/bootstrap-select.min.js
@@ -6,4 +6,3 @@
  */
 !function(a,b){"function"==typeof define&&define.amd?define(["jquery"],function(a){return b(a)}):"object"==typeof module&&module.exports?module.exports=b(require("jquery")):b(a.jQuery)}(this,function(a){!function(a){"use strict";function b(b){var c=[{re:/[\xC0-\xC6]/g,ch:"A"},{re:/[\xE0-\xE6]/g,ch:"a"},{re:/[\xC8-\xCB]/g,ch:"E"},{re:/[\xE8-\xEB]/g,ch:"e"},{re:/[\xCC-\xCF]/g,ch:"I"},{re:/[\xEC-\xEF]/g,ch:"i"},{re:/[\xD2-\xD6]/g,ch:"O"},{re:/[\xF2-\xF6]/g,ch:"o"},{re:/[\xD9-\xDC]/g,ch:"U"},{re:/[\xF9-\xFC]/g,ch:"u"},{re:/[\xC7-\xE7]/g,ch:"c"},{re:/[\xD1]/g,ch:"N"},{re:/[\xF1]/g,ch:"n"}];return a.each(c,function(){b=b?b.replace(this.re,this.ch):""}),b}function c(b){var c=arguments,d=b;[].shift.apply(c);var e,f=this.each(function(){var b=a(this);if(b.is("select")){var f=b.data("selectpicker"),g="object"==typeof d&&d;if(f){if(g)for(var h in g)g.hasOwnProperty(h)&&(f.options[h]=g[h])}else{var i=a.extend({},k.DEFAULTS,a.fn.selectpicker.defaults||{},b.data(),g);i.template=a.extend({},k.DEFAULTS.template,a.fn.selectpicker.defaults?a.fn.selectpicker.defaults.template:{},b.data().template,g.template),b.data("selectpicker",f=new k(this,i))}"string"==typeof d&&(e=f[d]instanceof Function?f[d].apply(f,c):f.options[d])}});return"undefined"!=typeof e?e:f}String.prototype.includes||!function(){var a={}.toString,b=function(){try{var a={},b=Object.defineProperty,c=b(a,a,a)&&b}catch(a){}return c}(),c="".indexOf,d=function(b){if(null==this)throw new TypeError;var d=String(this);if(b&&"[object RegExp]"==a.call(b))throw new TypeError;var e=d.length,f=String(b),g=f.length,h=arguments.length>1?arguments[1]:void 0,i=h?Number(h):0;i!=i&&(i=0);var j=Math.min(Math.max(i,0),e);return!(g+j>e)&&c.call(d,f,i)!=-1};b?b(String.prototype,"includes",{value:d,configurable:!0,writable:!0}):String.prototype.includes=d}(),String.prototype.startsWith||!function(){var a=function(){try{var a={},b=Object.defineProperty,c=b(a,a,a)&&b}catch(a){}return c}(),b={}.toString,c=function(a){if(null==this)throw new TypeError;var c=String(this);if(a&&"[object RegExp]"==b.call(a))throw new TypeError;var d=c.length,e=String(a),f=e.length,g=arguments.length>1?arguments[1]:void 0,h=g?Number(g):0;h!=h&&(h=0);var i=Math.min(Math.max(h,0),d);if(f+i>d)return!1;for(var j=-1;++j<f;)if(c.charCodeAt(i+j)!=e.charCodeAt(j))return!1;return!0};a?a(String.prototype,"startsWith",{value:c,configurable:!0,writable:!0}):String.prototype.startsWith=c}(),Object.keys||(Object.keys=function(a,b,c){c=[];for(b in a)c.hasOwnProperty.call(a,b)&&c.push(b);return c});var d={useDefault:!1,_set:a.valHooks.select.set};a.valHooks.select.set=function(b,c){return c&&!d.useDefault&&a(b).data("selected",!0),d._set.apply(this,arguments)};var e=null;a.fn.triggerNative=function(a){var b,c=this[0];c.dispatchEvent?("function"==typeof Event?b=new Event(a,{bubbles:!0}):(b=document.createEvent("Event"),b.initEvent(a,!0,!1)),c.dispatchEvent(b)):c.fireEvent?(b=document.createEventObject(),b.eventType=a,c.fireEvent("on"+a,b)):this.trigger(a)},a.expr.pseudos.icontains=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.text()).toString().toUpperCase();return f.includes(d[3].toUpperCase())},a.expr.pseudos.ibegins=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.text()).toString().toUpperCase();return f.startsWith(d[3].toUpperCase())},a.expr.pseudos.aicontains=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.data("normalizedText")||e.text()).toString().toUpperCase();return f.includes(d[3].toUpperCase())},a.expr.pseudos.aibegins=function(b,c,d){var e=a(b),f=(e.data("tokens")||e.data("normalizedText")||e.text()).toString().toUpperCase();return f.startsWith(d[3].toUpperCase())};var f={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","`":"&#x60;"},g={"&amp;":"&","&lt;":"<","&gt;":">","&quot;":'"',"&#x27;":"'","&#x60;":"`"},h=function(a){var b=function(b){return a[b]},c="(?:"+Object.keys(a).join("|")+")",d=RegExp(c),e=RegExp(c,"g");return function(a){return a=null==a?"":""+a,d.test(a)?a.replace(e,b):a}},i=h(f),j=h(g),k=function(b,c){d.useDefault||(a.valHooks.select.set=d._set,d.useDefault=!0),this.$element=a(b),this.$newElement=null,this.$button=null,this.$menu=null,this.$lis=null,this.options=c,null===this.options.title&&(this.options.title=this.$element.attr("title"));var e=this.options.windowPadding;"number"==typeof e&&(this.options.windowPadding=[e,e,e,e]),this.val=k.prototype.val,this.render=k.prototype.render,this.refresh=k.prototype.refresh,this.setStyle=k.prototype.setStyle,this.selectAll=k.prototype.selectAll,this.deselectAll=k.prototype.deselectAll,this.destroy=k.prototype.destroy,this.remove=k.prototype.remove,this.show=k.prototype.show,this.hide=k.prototype.hide,this.init()};k.VERSION="1.12.2",k.DEFAULTS={noneSelectedText:"Nothing selected",noneResultsText:"No results matched {0}",countSelectedText:function(a,b){return 1==a?"{0} item selected":"{0} items selected"},maxOptionsText:function(a,b){return[1==a?"Limit reached ({n} item max)":"Limit reached ({n} items max)",1==b?"Group limit reached ({n} item max)":"Group limit reached ({n} items max)"]},selectAllText:"Select All",deselectAllText:"Deselect All",doneButton:!1,doneButtonText:"Close",multipleSeparator:", ",styleBase:"btn",style:"btn-default",size:"auto",title:null,selectedTextFormat:"values",width:!1,container:!1,hideDisabled:!1,showSubtext:!1,showIcon:!0,showContent:!0,dropupAuto:!0,header:!1,liveSearch:!1,liveSearchPlaceholder:null,liveSearchNormalize:!1,liveSearchStyle:"contains",actionsBox:!1,iconBase:"glyphicon",tickIcon:"glyphicon-ok",showTick:!1,template:{caret:'<span class="caret"></span>'},maxOptions:!1,mobile:!1,selectOnTab:!1,dropdownAlignRight:!1,windowPadding:0},k.prototype={constructor:k,init:function(){var b=this,c=this.$element.attr("id");this.$element.addClass("bs-select-hidden"),this.liObj={},this.multiple=this.$element.prop("multiple"),this.autofocus=this.$element.prop("autofocus"),this.$newElement=this.createView(),this.$element.after(this.$newElement).appendTo(this.$newElement),this.$button=this.$newElement.children("button"),this.$menu=this.$newElement.children(".dropdown-menu"),this.$menuInner=this.$menu.children(".inner"),this.$searchbox=this.$menu.find("input"),this.$element.removeClass("bs-select-hidden"),this.options.dropdownAlignRight===!0&&this.$menu.addClass("dropdown-menu-right"),"undefined"!=typeof c&&(this.$button.attr("data-id",c),a('label[for="'+c+'"]').click(function(a){a.preventDefault(),b.$button.focus()})),this.checkDisabled(),this.clickListener(),this.options.liveSearch&&this.liveSearchListener(),this.render(),this.setStyle(),this.setWidth(),this.options.container&&this.selectPosition(),this.$menu.data("this",this),this.$newElement.data("this",this),this.options.mobile&&this.mobile(),this.$newElement.on({"hide.bs.dropdown":function(a){b.$menuInner.attr("aria-expanded",!1),b.$element.trigger("hide.bs.select",a)},"hidden.bs.dropdown":function(a){b.$element.trigger("hidden.bs.select",a)},"show.bs.dropdown":function(a){b.$menuInner.attr("aria-expanded",!0),b.$element.trigger("show.bs.select",a)},"shown.bs.dropdown":function(a){b.$element.trigger("shown.bs.select",a)}}),b.$element[0].hasAttribute("required")&&this.$element.on("invalid",function(){b.$button.addClass("bs-invalid").focus(),b.$element.on({"focus.bs.select":function(){b.$button.focus(),b.$element.off("focus.bs.select")},"shown.bs.select":function(){b.$element.val(b.$element.val()).off("shown.bs.select")},"rendered.bs.select":function(){this.validity.valid&&b.$button.removeClass("bs-invalid"),b.$element.off("rendered.bs.select")}})}),setTimeout(function(){b.$element.trigger("loaded.bs.select")})},createDropdown:function(){var b=this.multiple||this.options.showTick?" show-tick":"",c=this.$element.parent().hasClass("input-group")?" input-group-btn":"",d=this.autofocus?" autofocus":"",e=this.options.header?'<div class="popover-title"><button type="button" class="close" aria-hidden="true">&times;</button>'+this.options.header+"</div>":"",f=this.options.liveSearch?'<div class="bs-searchbox"><input type="text" class="form-control" autocomplete="off"'+(null===this.options.liveSearchPlaceholder?"":' placeholder="'+i(this.options.liveSearchPlaceholder)+'"')+' role="textbox" aria-label="Search"></div>':"",g=this.multiple&&this.options.actionsBox?'<div class="bs-actionsbox"><div class="btn-group btn-group-sm btn-block"><button type="button" class="actions-btn bs-select-all btn btn-default">'+this.options.selectAllText+'</button><button type="button" class="actions-btn bs-deselect-all btn btn-default">'+this.options.deselectAllText+"</button></div></div>":"",h=this.multiple&&this.options.doneButton?'<div class="bs-donebutton"><div class="btn-group btn-block"><button type="button" class="btn btn-sm btn-default">'+this.options.doneButtonText+"</button></div></div>":"",j='<div class="btn-group bootstrap-select'+b+c+'"><button type="button" class="'+this.options.styleBase+' dropdown-toggle" data-toggle="dropdown"'+d+' role="button"><span class="filter-option pull-left"></span>&nbsp;<span class="bs-caret">'+this.options.template.caret+'</span></button><div class="dropdown-menu open" role="combobox">'+e+f+g+'<ul class="dropdown-menu inner" role="listbox" aria-expanded="false"></ul>'+h+"</div></div>";return a(j)},createView:function(){var a=this.createDropdown(),b=this.createLi();return a.find("ul")[0].innerHTML=b,a},reloadLi:function(){var a=this.createLi();this.$menuInner[0].innerHTML=a},createLi:function(){var c=this,d=[],e=0,f=document.createElement("option"),g=-1,h=function(a,b,c,d){return"<li"+("undefined"!=typeof c&""!==c?' class="'+c+'"':"")+("undefined"!=typeof b&null!==b?' data-original-index="'+b+'"':"")+("undefined"!=typeof d&null!==d?'data-optgroup="'+d+'"':"")+">"+a+"</li>"},j=function(d,e,f,g){return'<a tabindex="0"'+("undefined"!=typeof e?' class="'+e+'"':"")+(f?' style="'+f+'"':"")+(c.options.liveSearchNormalize?' data-normalized-text="'+b(i(a(d).html()))+'"':"")+("undefined"!=typeof g||null!==g?' data-tokens="'+g+'"':"")+' role="option">'+d+'<span class="'+c.options.iconBase+" "+c.options.tickIcon+' check-mark"></span></a>'};if(this.options.title&&!this.multiple&&(g--,!this.$element.find(".bs-title-option").length)){var k=this.$element[0];f.className="bs-title-option",f.innerHTML=this.options.title,f.value="",k.insertBefore(f,k.firstChild);var l=a(k.options[k.selectedIndex]);void 0===l.attr("selected")&&void 0===this.$element.data("selected")&&(f.selected=!0)}return this.$element.find("option").each(function(b){var f=a(this);if(g++,!f.hasClass("bs-title-option")){var k=this.className||"",l=this.style.cssText,m=f.data("content")?f.data("content"):f.html(),n=f.data("tokens")?f.data("tokens"):null,o="undefined"!=typeof f.data("subtext")?'<small class="text-muted">'+f.data("subtext")+"</small>":"",p="undefined"!=typeof f.data("icon")?'<span class="'+c.options.iconBase+" "+f.data("icon")+'"></span> ':"",q=f.parent(),r="OPTGROUP"===q[0].tagName,s=r&&q[0].disabled,t=this.disabled||s;if(""!==p&&t&&(p="<span>"+p+"</span>"),c.options.hideDisabled&&(t&&!r||s))return void g--;if(f.data("content")||(m=p+'<span class="text">'+m+o+"</span>"),r&&f.data("divider")!==!0){if(c.options.hideDisabled&&t){if(void 0===q.data("allOptionsDisabled")){var u=q.children();q.data("allOptionsDisabled",u.filter(":disabled").length===u.length)}if(q.data("allOptionsDisabled"))return void g--}var v=" "+q[0].className||"";if(0===f.index()){e+=1;var w=q[0].label,x="undefined"!=typeof q.data("subtext")?'<small class="text-muted">'+q.data("subtext")+"</small>":"",y=q.data("icon")?'<span class="'+c.options.iconBase+" "+q.data("icon")+'"></span> ':"";w=y+'<span class="text">'+i(w)+x+"</span>",0!==b&&d.length>0&&(g++,d.push(h("",null,"divider",e+"div"))),g++,d.push(h(w,null,"dropdown-header"+v,e))}if(c.options.hideDisabled&&t)return void g--;d.push(h(j(m,"opt "+k+v,l,n),b,"",e))}else if(f.data("divider")===!0)d.push(h("",b,"divider"));else if(f.data("hidden")===!0)d.push(h(j(m,k,l,n),b,"hidden is-hidden"));else{var z=this.previousElementSibling&&"OPTGROUP"===this.previousElementSibling.tagName;if(!z&&c.options.hideDisabled)for(var A=a(this).prevAll(),B=0;B<A.length;B++)if("OPTGROUP"===A[B].tagName){for(var C=0,D=0;D<B;D++){var E=A[D];(E.disabled||a(E).data("hidden")===!0)&&C++}C===B&&(z=!0);break}z&&(g++,d.push(h("",null,"divider",e+"div"))),d.push(h(j(m,k,l,n),b))}c.liObj[b]=g}}),this.multiple||0!==this.$element.find("option:selected").length||this.options.title||this.$element.find("option").eq(0).prop("selected",!0).attr("selected","selected"),d.join("")},findLis:function(){return null==this.$lis&&(this.$lis=this.$menu.find("li")),this.$lis},render:function(b){var c,d=this;b!==!1&&this.$element.find("option").each(function(a){var b=d.findLis().eq(d.liObj[a]);d.setDisabled(a,this.disabled||"OPTGROUP"===this.parentNode.tagName&&this.parentNode.disabled,b),d.setSelected(a,this.selected,b)}),this.togglePlaceholder(),this.tabIndex();var e=this.$element.find("option").map(function(){if(this.selected){if(d.options.hideDisabled&&(this.disabled||"OPTGROUP"===this.parentNode.tagName&&this.parentNode.disabled))return;var b,c=a(this),e=c.data("icon")&&d.options.showIcon?'<i class="'+d.options.iconBase+" "+c.data("icon")+'"></i> ':"";return b=d.options.showSubtext&&c.data("subtext")&&!d.multiple?' <small class="text-muted">'+c.data("subtext")+"</small>":"","undefined"!=typeof c.attr("title")?c.attr("title"):c.data("content")&&d.options.showContent?c.data("content").toString():e+c.html()+b}}).toArray(),f=this.multiple?e.join(this.options.multipleSeparator):e[0];if(this.multiple&&this.options.selectedTextFormat.indexOf("count")>-1){var g=this.options.selectedTextFormat.split(">");if(g.length>1&&e.length>g[1]||1==g.length&&e.length>=2){c=this.options.hideDisabled?", [disabled]":"";var h=this.$element.find("option").not('[data-divider="true"], [data-hidden="true"]'+c).length,i="function"==typeof this.options.countSelectedText?this.options.countSelectedText(e.length,h):this.options.countSelectedText;f=i.replace("{0}",e.length.toString()).replace("{1}",h.toString())}}void 0==this.options.title&&(this.options.title=this.$element.attr("title")),"static"==this.options.selectedTextFormat&&(f=this.options.title),f||(f="undefined"!=typeof this.options.title?this.options.title:this.options.noneSelectedText),this.$button.attr("title",j(a.trim(f.replace(/<[^>]*>?/g,"")))),this.$button.children(".filter-option").html(f),this.$element.trigger("rendered.bs.select")},setStyle:function(a,b){this.$element.attr("class")&&this.$newElement.addClass(this.$element.attr("class").replace(/selectpicker|mobile-device|bs-select-hidden|validate\[.*\]/gi,""));var c=a?a:this.options.style;"add"==b?this.$button.addClass(c):"remove"==b?this.$button.removeClass(c):(this.$button.removeClass(this.options.style),this.$button.addClass(c))},liHeight:function(b){if(b||this.options.size!==!1&&!this.sizeInfo){var c=document.createElement("div"),d=document.createElement("div"),e=document.createElement("ul"),f=document.createElement("li"),g=document.createElement("li"),h=document.createElement("a"),i=document.createElement("span"),j=this.options.header&&this.$menu.find(".popover-title").length>0?this.$menu.find(".popover-title")[0].cloneNode(!0):null,k=this.options.liveSearch?document.createElement("div"):null,l=this.options.actionsBox&&this.multiple&&this.$menu.find(".bs-actionsbox").length>0?this.$menu.find(".bs-actionsbox")[0].cloneNode(!0):null,m=this.options.doneButton&&this.multiple&&this.$menu.find(".bs-donebutton").length>0?this.$menu.find(".bs-donebutton")[0].cloneNode(!0):null;if(i.className="text",c.className=this.$menu[0].parentNode.className+" open",d.className="dropdown-menu open",e.className="dropdown-menu inner",f.className="divider",i.appendChild(document.createTextNode("Inner text")),h.appendChild(i),g.appendChild(h),e.appendChild(g),e.appendChild(f),j&&d.appendChild(j),k){var n=document.createElement("input");k.className="bs-searchbox",n.className="form-control",k.appendChild(n),d.appendChild(k)}l&&d.appendChild(l),d.appendChild(e),m&&d.appendChild(m),c.appendChild(d),document.body.appendChild(c);var o=h.offsetHeight,p=j?j.offsetHeight:0,q=k?k.offsetHeight:0,r=l?l.offsetHeight:0,s=m?m.offsetHeight:0,t=a(f).outerHeight(!0),u="function"==typeof getComputedStyle&&getComputedStyle(d),v=u?null:a(d),w={vert:parseInt(u?u.paddingTop:v.css("paddingTop"))+parseInt(u?u.paddingBottom:v.css("paddingBottom"))+parseInt(u?u.borderTopWidth:v.css("borderTopWidth"))+parseInt(u?u.borderBottomWidth:v.css("borderBottomWidth")),horiz:parseInt(u?u.paddingLeft:v.css("paddingLeft"))+parseInt(u?u.paddingRight:v.css("paddingRight"))+parseInt(u?u.borderLeftWidth:v.css("borderLeftWidth"))+parseInt(u?u.borderRightWidth:v.css("borderRightWidth"))},x={vert:w.vert+parseInt(u?u.marginTop:v.css("marginTop"))+parseInt(u?u.marginBottom:v.css("marginBottom"))+2,horiz:w.horiz+parseInt(u?u.marginLeft:v.css("marginLeft"))+parseInt(u?u.marginRight:v.css("marginRight"))+2};document.body.removeChild(c),this.sizeInfo={liHeight:o,headerHeight:p,searchHeight:q,actionsHeight:r,doneButtonHeight:s,dividerHeight:t,menuPadding:w,menuExtras:x}}},setSize:function(){if(this.findLis(),this.liHeight(),this.options.header&&this.$menu.css("padding-top",0),this.options.size!==!1){var b,c,d,e,f,g,h,i,j=this,k=this.$menu,l=this.$menuInner,m=a(window),n=this.$newElement[0].offsetHeight,o=this.$newElement[0].offsetWidth,p=this.sizeInfo.liHeight,q=this.sizeInfo.headerHeight,r=this.sizeInfo.searchHeight,s=this.sizeInfo.actionsHeight,t=this.sizeInfo.doneButtonHeight,u=this.sizeInfo.dividerHeight,v=this.sizeInfo.menuPadding,w=this.sizeInfo.menuExtras,x=this.options.hideDisabled?".disabled":"",y=function(){var b,c=j.$newElement.offset(),d=a(j.options.container);j.options.container&&!d.is("body")?(b=d.offset(),b.top+=parseInt(d.css("borderTopWidth")),b.left+=parseInt(d.css("borderLeftWidth"))):b={top:0,left:0};var e=j.options.windowPadding;f=c.top-b.top-m.scrollTop(),g=m.height()-f-n-b.top-e[2],h=c.left-b.left-m.scrollLeft(),i=m.width()-h-o-b.left-e[1],f-=e[0],h-=e[3]};if(y(),"auto"===this.options.size){var z=function(){var m,n=function(b,c){return function(d){return c?d.classList?d.classList.contains(b):a(d).hasClass(b):!(d.classList?d.classList.contains(b):a(d).hasClass(b))}},u=j.$menuInner[0].getElementsByTagName("li"),x=Array.prototype.filter?Array.prototype.filter.call(u,n("hidden",!1)):j.$lis.not(".hidden"),z=Array.prototype.filter?Array.prototype.filter.call(x,n("dropdown-header",!0)):x.filter(".dropdown-header");y(),b=g-w.vert,c=i-w.horiz,j.options.container?(k.data("height")||k.data("height",k.height()),d=k.data("height"),k.data("width")||k.data("width",k.width()),e=k.data("width")):(d=k.height(),e=k.width()),j.options.dropupAuto&&j.$newElement.toggleClass("dropup",f>g&&b-w.vert<d),j.$newElement.hasClass("dropup")&&(b=f-w.vert),"auto"===j.options.dropdownAlignRight&&k.toggleClass("dropdown-menu-right",h>i&&c-w.horiz<e-o),m=x.length+z.length>3?3*p+w.vert-2:0,k.css({"max-height":b+"px",overflow:"hidden","min-height":m+q+r+s+t+"px"}),l.css({"max-height":b-q-r-s-t-v.vert+"px","overflow-y":"auto","min-height":Math.max(m-v.vert,0)+"px"})};z(),this.$searchbox.off("input.getSize propertychange.getSize").on("input.getSize propertychange.getSize",z),m.off("resize.getSize scroll.getSize").on("resize.getSize scroll.getSize",z)}else if(this.options.size&&"auto"!=this.options.size&&this.$lis.not(x).length>this.options.size){var A=this.$lis.not(".divider").not(x).children().slice(0,this.options.size).last().parent().index(),B=this.$lis.slice(0,A+1).filter(".divider").length;b=p*this.options.size+B*u+v.vert,j.options.container?(k.data("height")||k.data("height",k.height()),d=k.data("height")):d=k.height(),j.options.dropupAuto&&this.$newElement.toggleClass("dropup",f>g&&b-w.vert<d),k.css({"max-height":b+q+r+s+t+"px",overflow:"hidden","min-height":""}),l.css({"max-height":b-v.vert+"px","overflow-y":"auto","min-height":""})}}},setWidth:function(){if("auto"===this.options.width){this.$menu.css("min-width","0");var a=this.$menu.parent().clone().appendTo("body"),b=this.options.container?this.$newElement.clone().appendTo("body"):a,c=a.children(".dropdown-menu").outerWidth(),d=b.css("width","auto").children("button").outerWidth();a.remove(),b.remove(),this.$newElement.css("width",Math.max(c,d)+"px")}else"fit"===this.options.width?(this.$menu.css("min-width",""),this.$newElement.css("width","").addClass("fit-width")):this.options.width?(this.$menu.css("min-width",""),this.$newElement.css("width",this.options.width)):(this.$menu.css("min-width",""),this.$newElement.css("width",""));this.$newElement.hasClass("fit-width")&&"fit"!==this.options.width&&this.$newElement.removeClass("fit-width")},selectPosition:function(){this.$bsContainer=a('<div class="bs-container" />');var b,c,d,e=this,f=a(this.options.container),g=function(a){e.$bsContainer.addClass(a.attr("class").replace(/form-control|fit-width/gi,"")).toggleClass("dropup",a.hasClass("dropup")),b=a.offset(),f.is("body")?c={top:0,left:0}:(c=f.offset(),c.top+=parseInt(f.css("borderTopWidth"))-f.scrollTop(),c.left+=parseInt(f.css("borderLeftWidth"))-f.scrollLeft()),d=a.hasClass("dropup")?0:a[0].offsetHeight,e.$bsContainer.css({top:b.top-c.top+d,left:b.left-c.left,width:a[0].offsetWidth})};this.$button.on("click",function(){var b=a(this);e.isDisabled()||(g(e.$newElement),e.$bsContainer.appendTo(e.options.container).toggleClass("open",!b.hasClass("open")).append(e.$menu))}),a(window).on("resize scroll",function(){g(e.$newElement)}),this.$element.on("hide.bs.select",function(){e.$menu.data("height",e.$menu.height()),e.$bsContainer.detach()})},setSelected:function(a,b,c){c||(this.togglePlaceholder(),c=this.findLis().eq(this.liObj[a])),c.toggleClass("selected",b).find("a").attr("aria-selected",b)},setDisabled:function(a,b,c){c||(c=this.findLis().eq(this.liObj[a])),b?c.addClass("disabled").children("a").attr("href","#").attr("tabindex",-1).attr("aria-disabled",!0):c.removeClass("disabled").children("a").removeAttr("href").attr("tabindex",0).attr("aria-disabled",!1)},isDisabled:function(){return this.$element[0].disabled},checkDisabled:function(){var a=this;this.isDisabled()?(this.$newElement.addClass("disabled"),this.$button.addClass("disabled").attr("tabindex",-1).attr("aria-disabled",!0)):(this.$button.hasClass("disabled")&&(this.$newElement.removeClass("disabled"),this.$button.removeClass("disabled").attr("aria-disabled",!1)),this.$button.attr("tabindex")!=-1||this.$element.data("tabindex")||this.$button.removeAttr("tabindex")),this.$button.click(function(){return!a.isDisabled()})},togglePlaceholder:function(){var a=this.$element.val();this.$button.toggleClass("bs-placeholder",null===a||""===a||a.constructor===Array&&0===a.length)},tabIndex:function(){this.$element.data("tabindex")!==this.$element.attr("tabindex")&&this.$element.attr("tabindex")!==-98&&"-98"!==this.$element.attr("tabindex")&&(this.$element.data("tabindex",this.$element.attr("tabindex")),this.$button.attr("tabindex",this.$element.data("tabindex"))),this.$element.attr("tabindex",-98)},clickListener:function(){var b=this,c=a(document);c.data("spaceSelect",!1),this.$button.on("keyup",function(a){/(32)/.test(a.keyCode.toString(10))&&c.data("spaceSelect")&&(a.preventDefault(),c.data("spaceSelect",!1))}),this.$button.on("click",function(){b.setSize()}),this.$element.on("shown.bs.select",function(){if(b.options.liveSearch||b.multiple){if(!b.multiple){var a=b.liObj[b.$element[0].selectedIndex];if("number"!=typeof a||b.options.size===!1)return;var c=b.$lis.eq(a)[0].offsetTop-b.$menuInner[0].offsetTop;c=c-b.$menuInner[0].offsetHeight/2+b.sizeInfo.liHeight/2,b.$menuInner[0].scrollTop=c}}else b.$menuInner.find(".selected a").focus()}),this.$menuInner.on("click","li a",function(c){var d=a(this),f=d.parent().data("originalIndex"),g=b.$element.val(),h=b.$element.prop("selectedIndex"),i=!0;if(b.multiple&&1!==b.options.maxOptions&&c.stopPropagation(),c.preventDefault(),!b.isDisabled()&&!d.parent().hasClass("disabled")){var j=b.$element.find("option"),k=j.eq(f),l=k.prop("selected"),m=k.parent("optgroup"),n=b.options.maxOptions,o=m.data("maxOptions")||!1;if(b.multiple){if(k.prop("selected",!l),b.setSelected(f,!l),d.blur(),n!==!1||o!==!1){var p=n<j.filter(":selected").length,q=o<m.find("option:selected").length;if(n&&p||o&&q)if(n&&1==n)j.prop("selected",!1),k.prop("selected",!0),b.$menuInner.find(".selected").removeClass("selected"),b.setSelected(f,!0);else if(o&&1==o){m.find("option:selected").prop("selected",!1),k.prop("selected",!0);var r=d.parent().data("optgroup");b.$menuInner.find('[data-optgroup="'+r+'"]').removeClass("selected"),b.setSelected(f,!0)}else{var s="string"==typeof b.options.maxOptionsText?[b.options.maxOptionsText,b.options.maxOptionsText]:b.options.maxOptionsText,t="function"==typeof s?s(n,o):s,u=t[0].replace("{n}",n),v=t[1].replace("{n}",o),w=a('<div class="notify"></div>');t[2]&&(u=u.replace("{var}",t[2][n>1?0:1]),v=v.replace("{var}",t[2][o>1?0:1])),k.prop("selected",!1),b.$menu.append(w),n&&p&&(w.append(a("<div>"+u+"</div>")),i=!1,b.$element.trigger("maxReached.bs.select")),o&&q&&(w.append(a("<div>"+v+"</div>")),i=!1,b.$element.trigger("maxReachedGrp.bs.select")),setTimeout(function(){b.setSelected(f,!1)},10),w.delay(750).fadeOut(300,function(){a(this).remove()})}}}else j.prop("selected",!1),k.prop("selected",!0),b.$menuInner.find(".selected").removeClass("selected").find("a").attr("aria-selected",!1),b.setSelected(f,!0);!b.multiple||b.multiple&&1===b.options.maxOptions?b.$button.focus():b.options.liveSearch&&b.$searchbox.focus(),i&&(g!=b.$element.val()&&b.multiple||h!=b.$element.prop("selectedIndex")&&!b.multiple)&&(e=[f,k.prop("selected"),l],b.$element.triggerNative("change"))}}),this.$menu.on("click","li.disabled a, .popover-title, .popover-title :not(.close)",function(c){c.currentTarget==this&&(c.preventDefault(),c.stopPropagation(),b.options.liveSearch&&!a(c.target).hasClass("close")?b.$searchbox.focus():b.$button.focus())}),this.$menuInner.on("click",".divider, .dropdown-header",function(a){a.preventDefault(),a.stopPropagation(),b.options.liveSearch?b.$searchbox.focus():b.$button.focus()}),this.$menu.on("click",".popover-title .close",function(){b.$button.click()}),this.$searchbox.on("click",function(a){a.stopPropagation()}),this.$menu.on("click",".actions-btn",function(c){b.options.liveSearch?b.$searchbox.focus():b.$button.focus(),c.preventDefault(),c.stopPropagation(),a(this).hasClass("bs-select-all")?b.selectAll():b.deselectAll()}),this.$element.change(function(){b.render(!1),b.$element.trigger("changed.bs.select",e),e=null})},liveSearchListener:function(){var c=this,d=a('<li class="no-results"></li>');this.$button.on("click.dropdown.data-api",function(){c.$menuInner.find(".active").removeClass("active"),c.$searchbox.val()&&(c.$searchbox.val(""),c.$lis.not(".is-hidden").removeClass("hidden"),d.parent().length&&d.remove()),c.multiple||c.$menuInner.find(".selected").addClass("active"),setTimeout(function(){c.$searchbox.focus()},10)}),this.$searchbox.on("click.dropdown.data-api focus.dropdown.data-api touchend.dropdown.data-api",function(a){a.stopPropagation()}),this.$searchbox.on("input propertychange",function(){if(c.$lis.not(".is-hidden").removeClass("hidden"),c.$lis.filter(".active").removeClass("active"),d.remove(),c.$searchbox.val()){var e,f=c.$lis.not(".is-hidden, .divider, .dropdown-header");if(e=c.options.liveSearchNormalize?f.find("a").not(":a"+c._searchStyle()+'("'+b(c.$searchbox.val())+'")'):f.find("a").not(":"+c._searchStyle()+'("'+c.$searchbox.val()+'")'),e.length===f.length)d.html(c.options.noneResultsText.replace("{0}",'"'+i(c.$searchbox.val())+'"')),c.$menuInner.append(d),c.$lis.addClass("hidden");else{e.parent().addClass("hidden");var g,h=c.$lis.not(".hidden");h.each(function(b){var c=a(this);c.hasClass("divider")?void 0===g?c.addClass("hidden"):(g&&g.addClass("hidden"),g=c):c.hasClass("dropdown-header")&&h.eq(b+1).data("optgroup")!==c.data("optgroup")?c.addClass("hidden"):g=null}),g&&g.addClass("hidden"),f.not(".hidden").first().addClass("active")}}})},_searchStyle:function(){var a={begins:"ibegins",startsWith:"ibegins"};return a[this.options.liveSearchStyle]||"icontains"},val:function(a){return"undefined"!=typeof a?(this.$element.val(a),this.render(),this.$element):this.$element.val()},changeAll:function(b){if(this.multiple){"undefined"==typeof b&&(b=!0),this.findLis();var c=this.$element.find("option"),d=this.$lis.not(".divider, .dropdown-header, .disabled, .hidden"),e=d.length,f=[];if(b){if(d.filter(".selected").length===d.length)return}else if(0===d.filter(".selected").length)return;d.toggleClass("selected",b);for(var g=0;g<e;g++){var h=d[g].getAttribute("data-original-index");f[f.length]=c.eq(h)[0]}a(f).prop("selected",b),this.render(!1),this.togglePlaceholder(),this.$element.triggerNative("change")}},selectAll:function(){return this.changeAll(!0)},deselectAll:function(){return this.changeAll(!1)},toggle:function(a){a=a||window.event,a&&a.stopPropagation(),this.$button.trigger("click")},keydown:function(c){var d,e,f,g,h,i,j,k,l,m=a(this),n=m.is("input")?m.parent().parent():m.parent(),o=n.data("this"),p=":not(.disabled, .hidden, .dropdown-header, .divider)",q={32:" ",48:"0",49:"1",50:"2",51:"3",52:"4",53:"5",54:"6",55:"7",56:"8",57:"9",59:";",65:"a",66:"b",67:"c",68:"d",69:"e",70:"f",71:"g",72:"h",73:"i",74:"j",75:"k",76:"l",77:"m",78:"n",79:"o",80:"p",81:"q",82:"r",83:"s",84:"t",85:"u",86:"v",87:"w",88:"x",89:"y",90:"z",96:"0",97:"1",98:"2",99:"3",100:"4",101:"5",102:"6",103:"7",104:"8",105:"9"};if(o.options.liveSearch&&(n=m.parent().parent()),o.options.container&&(n=o.$menu),d=a('[role="listbox"] li',n),l=o.$newElement.hasClass("open"),!l&&(c.keyCode>=48&&c.keyCode<=57||c.keyCode>=96&&c.keyCode<=105||c.keyCode>=65&&c.keyCode<=90))return o.options.container?o.$button.trigger("click"):(o.setSize(),o.$menu.parent().addClass("open"),l=!0),void o.$searchbox.focus();if(o.options.liveSearch&&(/(^9$|27)/.test(c.keyCode.toString(10))&&l&&(c.preventDefault(),c.stopPropagation(),o.$menuInner.click(),o.$button.focus()),d=a('[role="listbox"] li'+p,n),m.val()||/(38|40)/.test(c.keyCode.toString(10))||0===d.filter(".active").length&&(d=o.$menuInner.find("li"),d=o.options.liveSearchNormalize?d.filter(":a"+o._searchStyle()+"("+b(q[c.keyCode])+")"):d.filter(":"+o._searchStyle()+"("+q[c.keyCode]+")"))),d.length){if(/(38|40)/.test(c.keyCode.toString(10)))e=d.index(d.find("a").filter(":focus").parent()),g=d.filter(p).first().index(),h=d.filter(p).last().index(),f=d.eq(e).nextAll(p).eq(0).index(),i=d.eq(e).prevAll(p).eq(0).index(),j=d.eq(f).prevAll(p).eq(0).index(),o.options.liveSearch&&(d.each(function(b){a(this).hasClass("disabled")||a(this).data("index",b)}),e=d.index(d.filter(".active")),g=d.first().data("index"),h=d.last().data("index"),f=d.eq(e).nextAll().eq(0).data("index"),i=d.eq(e).prevAll().eq(0).data("index"),j=d.eq(f).prevAll().eq(0).data("index")),k=m.data("prevIndex"),38==c.keyCode?(o.options.liveSearch&&e--,e!=j&&e>i&&(e=i),e<g&&(e=g),e==k&&(e=h)):40==c.keyCode&&(o.options.liveSearch&&e++,e==-1&&(e=0),e!=j&&e<f&&(e=f),e>h&&(e=h),e==k&&(e=g)),m.data("prevIndex",e),o.options.liveSearch?(c.preventDefault(),m.hasClass("dropdown-toggle")||(d.removeClass("active").eq(e).addClass("active").children("a").focus(),m.focus())):d.eq(e).children("a").focus();else if(!m.is("input")){var r,s,t=[];d.each(function(){a(this).hasClass("disabled")||a.trim(a(this).children("a").text().toLowerCase()).substring(0,1)==q[c.keyCode]&&t.push(a(this).index())}),r=a(document).data("keycount"),r++,a(document).data("keycount",r),s=a.trim(a(":focus").text().toLowerCase()).substring(0,1),s!=q[c.keyCode]?(r=1,a(document).data("keycount",r)):r>=t.length&&(a(document).data("keycount",0),r>t.length&&(r=1)),d.eq(t[r-1]).children("a").focus()}if((/(13|32)/.test(c.keyCode.toString(10))||/(^9$)/.test(c.keyCode.toString(10))&&o.options.selectOnTab)&&l){if(/(32)/.test(c.keyCode.toString(10))||c.preventDefault(),o.options.liveSearch)/(32)/.test(c.keyCode.toString(10))||(o.$menuInner.find(".active a").click(),
 m.focus());else{var u=a(":focus");u.click(),u.focus(),c.preventDefault(),a(document).data("spaceSelect",!0)}a(document).data("keycount",0)}(/(^9$|27)/.test(c.keyCode.toString(10))&&l&&(o.multiple||o.options.liveSearch)||/(27)/.test(c.keyCode.toString(10))&&!l)&&(o.$menu.parent().removeClass("open"),o.options.container&&o.$newElement.removeClass("open"),o.$button.focus())}},mobile:function(){this.$element.addClass("mobile-device")},refresh:function(){this.$lis=null,this.liObj={},this.reloadLi(),this.render(),this.checkDisabled(),this.liHeight(!0),this.setStyle(),this.setWidth(),this.$lis&&this.$searchbox.trigger("propertychange"),this.$element.trigger("refreshed.bs.select")},hide:function(){this.$newElement.hide()},show:function(){this.$newElement.show()},remove:function(){this.$newElement.remove(),this.$element.remove()},destroy:function(){this.$newElement.before(this.$element).remove(),this.$bsContainer?this.$bsContainer.remove():this.$menu.remove(),this.$element.off(".bs.select").removeData("selectpicker").removeClass("bs-select-hidden selectpicker")}};var l=a.fn.selectpicker;a.fn.selectpicker=c,a.fn.selectpicker.Constructor=k,a.fn.selectpicker.noConflict=function(){return a.fn.selectpicker=l,this},a(document).data("keycount",0).on("keydown.bs.select",'.bootstrap-select [data-toggle=dropdown], .bootstrap-select [role="listbox"], .bs-searchbox input',k.prototype.keydown).on("focusin.modal",'.bootstrap-select [data-toggle=dropdown], .bootstrap-select [role="listbox"], .bs-searchbox input',function(a){a.stopPropagation()}),a(window).on("load.bs.select.data-api",function(){a(".selectpicker").each(function(){var b=a(this);c.call(b,b.data())})})}(a)});
-//# sourceMappingURL=bootstrap-select.js.map
\ No newline at end of file
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index b68cf8e4..4dff45b7 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -329,9 +329,14 @@ $(document).ready(function() {
             });
           }
         });
-        $("tr").on('click',function(event) {
-          var checkbox = $(this).find(':checkbox');
-          checkbox.trigger('click');
+        $("tr").on('click',function(e) {
+          if (e.target.type == "checkbox") {
+            e.stopPropagation();
+          } else {
+            var $checkbox = $(this).find(':checkbox');
+            var checkbox = $(this).find(':checkbox');
+            checkbox.trigger('click');
+          }
         });
       });
     }
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index 2640a58b..a55ff8fd 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -6,102 +6,119 @@ require_once "inc/header.inc.php";
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 ?>
 <div class="container">
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-				<div class="pull-right">
-				<?php
-				if ($_SESSION['mailcow_cc_role'] == "admin"):
-				?>
-					<a href="/add.php?domain"><span class="glyphicon glyphicon-plus"></span></a>
-				<?php
-				endif;
-				?>
-				</div>
-        <h3 class="panel-title"><?=$lang['mailbox']['domains'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="domain_table" class="table table-striped"></table>
-        </div>
-        <span class="footer-add-item"><a href="/add.php?domain"><?=$lang['mailbox']['add_domain'];?></a></span>
-			</div>
-		</div>
-	</div>
+      
+  <ul class="nav nav-tabs" role="tablist">
+    <li role="presentation" class="active"><a href="#tab-domains" aria-controls="tab-domains" role="tab" data-toggle="tab"><?=$lang['mailbox']['domains'];?></a></li>
+    <li role="presentation"><a href="#tab-mailboxes" aria-controls="tab-mailboxes" role="tab" data-toggle="tab"><?=$lang['mailbox']['mailboxes'];?></a></li>
+    <li role="presentation"><a href="#tab-resources" aria-controls="tab-resources" role="tab" data-toggle="tab"><?=$lang['mailbox']['resources'];?></a></li>
+    <li class="dropdown">
+      <a class="dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['mailbox']['aliases'];?>
+      <span class="caret"></span></a>
+      <ul class="dropdown-menu">
+        <li role="presentation"><a href="#tab-mbox-aliases" aria-controls="tab-mbox-aliases" role="tab" data-toggle="tab"><?=$lang['mailbox']['aliases'];?></a></li>
+        <li role="presentation"><a href="#tab-domain-aliases" aria-controls="tab-domain-aliases" role="tab" data-toggle="tab"><?=$lang['mailbox']['domain_aliases'];?></a></li>
+      </ul>
+    </li>
+  </ul>
 
 	<div class="row">
 		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?mailbox"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['mailboxes'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="mailbox_table" class="table table-striped"></table>
-        </div>
-        <span class="footer-add-item"><a href="/add.php?mailbox"><?=$lang['mailbox']['add_mailbox'];?></a></span>
-			</div>
-		</div>
-	</div>
-
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?resource"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['resources'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="resources_table" class="table table-striped"></table>
-        </div>
-        <span class="footer-add-item"><a href="/add.php?resource"><?=$lang['mailbox']['add_resource'];?></a></span>			</div>
-		</div>
-	</div>
-
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?aliasdomain"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['domain_aliases'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="aliasdomain_table" class="table table-striped"></table>
-        </div>
-        <span class="footer-add-item"><a href="/add.php?aliasdomain"><?=$lang['mailbox']['add_domain_alias'];?></a></span>			</div>
-		</div>
-	</div>
-
-	<div class="row">
-		<div class="col-md-12">
-			<div class="panel panel-default">
-				<div class="panel-heading">
-					<div class="pull-right">
-						<a href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
-					</div>
-					<h3 class="panel-title"><?=$lang['mailbox']['aliases'];?></h3>
-				</div>
-        <div class="table-responsive">
-          <table id="alias_table" class="table table-striped"></table>
-          <div class="mass-actions">
-              <span id="select_all_aliases" class="mass-select-all">Toggle all</span>
-              <br /><span>(
-                <a id="delete_selected_alias" href="#" class="mass-each-action">delete</a> |
-                <a id="activate_selected_alias" href="#" class="mass-each-action">activate</a> |
-                <a id="deactivate_selected_alias" href="#" class="mass-each-action">deactivate</a>)
-              </span>
+      <div class="tab-content" style="padding-top:20px">
+        <div role="tabpanel" class="tab-pane active" id="tab-domains">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+            <div class="pull-right">
+            <?php
+            if ($_SESSION['mailcow_cc_role'] == "admin"):
+            ?>
+              <a href="/add.php?domain"><span class="glyphicon glyphicon-plus"></span></a>
+            <?php
+            endif;
+            ?>
+            </div>
+            <h3 class="panel-title"><?=$lang['mailbox']['domains'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="domain_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?domain"><?=$lang['mailbox']['add_domain'];?></a></span>
           </div>
         </div>
-        <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>			</div>
-		</div>
-	</div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-mailboxes">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?mailbox"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['mailboxes'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="mailbox_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?mailbox"><?=$lang['mailbox']['add_mailbox'];?></a></span>
+          </div>
+        </div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-resources">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?resource"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['resources'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="resources_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?resource"><?=$lang['mailbox']['add_resource'];?></a></span>
+          </div>
+        </div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-domain-aliases">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?aliasdomain"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['domain_aliases'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="aliasdomain_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?aliasdomain"><?=$lang['mailbox']['add_domain_alias'];?></a></span>
+          </div>
+        </div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-mbox-aliases">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <div class="pull-right">
+                <a href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
+              </div>
+              <h3 class="panel-title"><?=$lang['mailbox']['aliases'];?></h3>
+            </div>
+            <div class="table-responsive">
+              <table id="alias_table" class="table table-striped"></table>
+            </div>
+            <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>
+          </div>
+          <hr>
+          <div class="mass-actions">
+            <span id="select_all_aliases" class="mass-select-all">Toggle all</span>
+            <span>&ndash; Quick actions: 
+              <a id="delete_selected_alias" href="#" class="mass-each-action">delete</a> |
+              <a id="activate_selected_alias" href="#" class="mass-each-action">activate</a> |
+              <a id="deactivate_selected_alias" href="#" class="mass-each-action">deactivate</a>
+            </span>
+          </div>
+        </div>
+
+      </div> <!-- /tab-content -->
+    </div> <!-- /col-md-12 -->
+  </div> <!-- /row -->
 </div> <!-- /container -->
+
 <script type='text/javascript'>
 <?php
 $lang_mailbox = json_encode($lang['mailbox']);

From 68e67ba9b7cac0a6a27c22192479a35938827144 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 27 Apr 2017 09:49:04 +0200
Subject: [PATCH 47/55] Fix quick actions for alias table when pagination is
 true

---
 data/web/css/mailbox.css |   3 +
 data/web/js/mailbox.js   | 140 +++++++++++++++++++++------------------
 2 files changed, 77 insertions(+), 66 deletions(-)

diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index 25eb2cd3..86236b8f 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -31,4 +31,7 @@ table.footable>tbody>tr.footable-empty>td {
 }
 #alias_table {
   cursor:pointer;
+}
+#alias_table .footable-paging {
+  cursor:	auto;
 }
\ No newline at end of file
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 4dff45b7..5cfb3736 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -271,74 +271,82 @@ $(document).ready(function() {
         "sorting": {
           "enabled": true
         }
-      }, function aliases_table_hook() {
-        var selected_aliases = {};
-        $('input[name=sel_aliases]').change(function() {
-          selected_aliases = {};
-          $('input[name=sel_aliases]:checked').each(function(i) {
-            selected_aliases[i] = ($(this).val());
-          });
-        });
-        $("#select_all_aliases").click(function(e) {
-          e.preventDefault();
-          var alias_chkbxs = $("input[name=sel_aliases]");
-          alias_chkbxs.prop("checked", !alias_chkbxs.prop("checked")).change();
-        });
-        $("#activate_selected_alias").click(function(e) {
-          e.preventDefault();
-          if (Object.keys(selected_aliases).length !== 0) {
-            $.ajax({
-              type: "POST",
-              dataType: "json",
-              data: { "address": JSON.stringify(selected_aliases), "active": "1" },
-              url: '/api/v1/edit/alias/post',
-              jsonp: false,
-              complete: function (data) {
-                location.reload();
-              }
-            });
-          }
-        });
-        $("#deactivate_selected_alias").click(function(e) {
-          e.preventDefault();
-          if (Object.keys(selected_aliases).length !== 0) {
-            $.ajax({
-              type: "POST",
-              dataType: "json",
-              data: { "address": JSON.stringify(selected_aliases), "active": "0" },
-              url: '/api/v1/edit/alias/post',
-              jsonp: false,
-              complete: function (data) {
-                location.reload();
-              }
-            });
-          }
-        });
-        $("#delete_selected_alias").click(function(e) {
-          e.preventDefault();
-          if (Object.keys(selected_aliases).length !== 0) {
-            $.ajax({
-              type: "POST",
-              dataType: "json",
-              data: { "address": JSON.stringify(selected_aliases) },
-              url: '/api/v1/delete/alias/post',
-              jsonp: false,
-              complete: function (data) {
-                location.reload();
-              }
-            });
-          }
-        });
-        $("tr").on('click',function(e) {
-          if (e.target.type == "checkbox") {
-            e.stopPropagation();
-          } else {
-            var $checkbox = $(this).find(':checkbox');
-            var checkbox = $(this).find(':checkbox');
-            checkbox.trigger('click');
-          }
+      });
+
+      var selected_aliases = {};
+
+      $(document).on('click', 'tr', function(e) {
+        if (e.target.type == "checkbox") {
+          e.stopPropagation();
+        } else {
+          var $checkbox = $(this).find(':checkbox');
+          var checkbox = $(this).find(':checkbox');
+          checkbox.trigger('click');
+        }
+      });
+      
+      $(document).on('change', 'input[name=sel_aliases]', function() {
+        selected_aliases = {};
+        $('input[name=sel_aliases]:checked').each(function(i) {
+          selected_aliases[i] = ($(this).val());
         });
       });
+
+      $(document).on('click', '#select_all_aliases', function(e) {
+        e.preventDefault();
+        var alias_chkbxs = $("input[name=sel_aliases]:visible");
+        alias_chkbxs.prop("checked", !alias_chkbxs.prop("checked")).change();
+      });
+
+      $(document).on('click', '#activate_selected_alias', function(e) {
+        e.preventDefault();
+        if (Object.keys(selected_aliases).length !== 0) {
+          $.ajax({
+            type: "POST",
+            dataType: "json",
+            data: { "address": JSON.stringify(selected_aliases), "active": "1" },
+            url: '/api/v1/edit/alias/post',
+            jsonp: false,
+            complete: function (data) {
+              location.reload();
+            }
+          });
+        }
+      });
+
+      $(document).on('click', '#deactivate_selected_alias', function(e) {
+        e.preventDefault();
+        if (Object.keys(selected_aliases).length !== 0) {
+          $.ajax({
+            type: "POST",
+            dataType: "json",
+            data: { "address": JSON.stringify(selected_aliases), "active": "0" },
+            url: '/api/v1/edit/alias/post',
+            jsonp: false,
+            complete: function (data) {
+              location.reload();
+            }
+          });
+        }
+      });
+
+      $(document).on('click', '#delete_selected_alias', function(e) {
+        e.preventDefault();
+        if (Object.keys(selected_aliases).length !== 0) {
+          $.ajax({
+            type: "POST",
+            dataType: "json",
+            data: { "address": JSON.stringify(selected_aliases) },
+            url: '/api/v1/delete/alias/post',
+            jsonp: false,
+            complete: function (data) {
+              location.reload();
+            }
+          });
+        }
+      });
+
     }
+
   });
 });

From 2c2441eaf0bdc060ba24a865bd56fcceb3241228 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 27 Apr 2017 11:58:20 +0200
Subject: [PATCH 48/55] Confirm deletion, some other fixes to quick actions,
 added language strings

---
 data/web/css/mailbox.css    |  3 ++-
 data/web/inc/footer.inc.php | 17 +++++++++++++++++
 data/web/js/mailbox.js      | 36 +++++++++++++++++++++++++-----------
 data/web/lang/lang.de.php   | 11 ++++++++++-
 data/web/lang/lang.en.php   | 10 ++++++++++
 data/web/mailbox.php        | 17 ++++++++---------
 6 files changed, 72 insertions(+), 22 deletions(-)

diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index 86236b8f..1305a916 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -16,6 +16,7 @@ table.footable>tbody>tr.footable-empty>td {
   font-style: italic;
   display:block;
   padding: 10px;
+  background: #F5F5F5;
 }
 .mass-each-action {
   padding: 0 3px 0 3px;
@@ -23,7 +24,7 @@ table.footable>tbody>tr.footable-empty>td {
 }
 .mass-actions {
   user-select: none;
-  margin-top:-5px;
+  padding:10px;
 }
 .mass-select-all {
   cursor:pointer;
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 580c457f..6cf48242 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -19,6 +19,23 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 		</div>
 	</div>
 </div>
+<div id="ConfirmDeleteModal" class="modal fade" role="dialog">
+	<div class="modal-dialog">
+		<div class="modal-content">
+		<div class="modal-header">
+			<button type="button" class="close" data-dismiss="modal">&times;</button>
+			<h4 class="modal-title"><?=$lang['footer']['confirm_delete'];?></h4>
+		</div>
+		<div class="modal-body">
+			<p><?=$lang['footer']['delete_these_items'];?></p>
+      <ul id="ItemsToDelete"></ul>
+			<hr />
+			<button class="btn btn-sm btn-danger" id="IsConfirmed"><?=$lang['footer']['delete_now'];?></button>
+			<button class="btn btn-sm btn-default" id="isCanceled"><?=$lang['footer']['cancel'];?></button>
+		</div>
+		</div>
+	</div>
+</div>
 <?php
 endif;
 ?>
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 5cfb3736..56cc6d04 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -237,7 +237,6 @@ $(document).ready(function() {
       $.each(data, function (i, item) {
         item.action = '<div class="btn-group">' +
           '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-          '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
 					'</div>';
         item.chkbox = '<input type="checkbox" class="alias_item" name="sel_aliases" value="' + item.address + '" />';
         if (item.is_catch_all == 1) {
@@ -279,7 +278,6 @@ $(document).ready(function() {
         if (e.target.type == "checkbox") {
           e.stopPropagation();
         } else {
-          var $checkbox = $(this).find(':checkbox');
           var checkbox = $(this).find(':checkbox');
           checkbox.trigger('click');
         }
@@ -333,16 +331,32 @@ $(document).ready(function() {
       $(document).on('click', '#delete_selected_alias', function(e) {
         e.preventDefault();
         if (Object.keys(selected_aliases).length !== 0) {
-          $.ajax({
-            type: "POST",
-            dataType: "json",
-            data: { "address": JSON.stringify(selected_aliases) },
-            url: '/api/v1/delete/alias/post',
-            jsonp: false,
-            complete: function (data) {
-              location.reload();
+          $(document).on('show.bs.modal','#ConfirmDeleteModal', function () {
+            $("#ItemsToDelete").empty();
+            for (var i in selected_aliases) {
+              $("#ItemsToDelete").append("<li>" + selected_aliases[i] + "</li>");
             }
-          });
+          })
+          $('#ConfirmDeleteModal').modal({
+            backdrop: 'static',
+            keyboard: false
+          })
+          .one('click', '#IsConfirmed', function(e) {
+            $.ajax({
+              type: "POST",
+              dataType: "json",
+              data: { "address": JSON.stringify(selected_aliases) },
+              url: '/api/v1/delete/alias/post',
+              jsonp: false,
+              complete: function (data) {
+                location.reload();
+              }
+            });
+          })
+          .one('click', '#isCanceled', function(e) {
+            $('#ConfirmDeleteModal').modal('hide');
+          });;
+
         }
       });
 
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index a14b9143..2a8b7985 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -9,6 +9,12 @@ $lang['header']['restart_sogo'] = 'SOGo neustarten';
 $lang['footer']['restart_sogo'] = 'SOGo neustarten';
 $lang['footer']['restart_now'] = 'Jetzt neustarten';
 $lang['footer']['restart_sogo_info'] = 'Einige Änderungen an Domains benötigen einen Neustart SOGos. Hier können Sie SOGo neustarten.<br /><br /><b>Wichtig:</b> Ein korrekter Neustart SOGos kann eine Weile in Anspruch nehmen, bitte warten Sie, bis der Prozess vollständig beendet wurde.';
+
+$lang['footer']['confirm_delete'] = 'Löschen bestätigen';
+$lang['footer']['delete_these_items'] = 'Sind Sie sicher, dass die folgenden Elemente entfernt werden sollen?';
+$lang['footer']['delete_now'] = 'Jetzt löschen';
+$lang['footer']['cancel'] = 'Abbrechen';
+
 $lang['dkim']['confirm'] = 'Sind Sie sicher?';
 $lang['danger']['dkim_not_found'] = 'DKIM-Key nicht gefunden';
 $lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Key nicht entfernen';
@@ -249,9 +255,12 @@ $lang['mailbox']['add_mailbox'] = 'Mailbox hinzufügen';
 $lang['mailbox']['add_resource'] = 'Ressource hinzufügen';
 $lang['mailbox']['add_alias'] = 'Alias hinzufügen';
 $lang['mailbox']['empty'] = 'Keine Einträge vorhanden';
+$lang['mailbox']['toggle_all'] = 'Alle';
+$lang['mailbox']['quick_actions'] = 'Aktionen';
+$lang['mailbox']['activate'] = 'Aktivieren';
+$lang['mailbox']['deactivate'] = 'Deaktivieren';
 
 $lang['info']['no_action'] = 'Keine Aktion anwendbar';
-
 $lang['delete']['title'] = 'Objekt entfernen';
 $lang['delete']['remove_domain_warning'] = '<b>Warnung:</b> Sie entfernen die Domain <b>%s</b>!';
 $lang['delete']['remove_domainalias_warning'] = '<b>Warnung:</b> Sie entfernen die Alias-Domain <b>%s</b>!';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index d3a615c6..6c3f905d 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -9,6 +9,12 @@ $lang['header']['restart_sogo'] = 'Restart SOGo';
 $lang['footer']['restart_sogo'] = 'Restart SOGo';
 $lang['footer']['restart_now'] = 'Restart now';
 $lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.<br /><br /><b>Important:</b> A graceful restart may take a while to complete, please wait for it to finish.';
+
+$lang['footer']['confirm_delete'] = 'Confirm deletion';
+$lang['footer']['delete_these_items'] = 'Are you sure you want to delete the following items?';
+$lang['footer']['delete_now'] = 'Delete now';
+$lang['footer']['cancel'] = 'Cancel';
+
 $lang['dkim']['confirm'] = "Are you sure?";
 $lang['danger']['dkim_not_found'] = "DKIM key not found";
 $lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM key";
@@ -252,6 +258,10 @@ $lang['mailbox']['add_resource'] = 'Add resource';
 $lang['mailbox']['add_alias'] = 'Add alias';
 $lang['mailbox']['add_domain_record_first'] = 'Please add a domain first';
 $lang['mailbox']['empty'] = 'No results';
+$lang['mailbox']['toggle_all'] = 'Toggle all';
+$lang['mailbox']['quick_actions'] = 'Quick actions';
+$lang['mailbox']['activate'] = 'Activate';
+$lang['mailbox']['deactivate'] = 'Deactivate';
 
 $lang['info']['no_action'] = 'No action applicable';
 
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index a55ff8fd..09164809 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -101,17 +101,16 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
             <div class="table-responsive">
               <table id="alias_table" class="table table-striped"></table>
             </div>
+            <div class="mass-actions">
+              <span id="select_all_aliases" class="mass-select-all"><?=$lang['mailbox']['toggle_all'];?></span>
+              <span>&ndash; <?=$lang['mailbox']['quick_actions'];?>: 
+                <a id="delete_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['remove'];?></a> |
+                <a id="activate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['activate'];?></a> |
+                <a id="deactivate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['deactivate'];?></a>
+              </span>
+            </div>
             <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>
           </div>
-          <hr>
-          <div class="mass-actions">
-            <span id="select_all_aliases" class="mass-select-all">Toggle all</span>
-            <span>&ndash; Quick actions: 
-              <a id="delete_selected_alias" href="#" class="mass-each-action">delete</a> |
-              <a id="activate_selected_alias" href="#" class="mass-each-action">activate</a> |
-              <a id="deactivate_selected_alias" href="#" class="mass-each-action">deactivate</a>
-            </span>
-          </div>
         </div>
 
       </div> <!-- /tab-content -->

From 25e63399404e8ba814aa0b1e65d83ea50cd1b2f2 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 27 Apr 2017 19:34:00 +0200
Subject: [PATCH 49/55] Fix domain admin table, move quick actions

---
 data/web/css/mailbox.css |  6 ++----
 data/web/js/admin.js     |  2 +-
 data/web/js/mailbox.js   |  1 +
 data/web/mailbox.php     | 17 ++++++++++-------
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/data/web/css/mailbox.css b/data/web/css/mailbox.css
index 1305a916..4a110ba1 100644
--- a/data/web/css/mailbox.css
+++ b/data/web/css/mailbox.css
@@ -12,8 +12,6 @@ table.footable>tbody>tr.footable-empty>td {
   overflow: visible !important;
 }
 .footer-add-item {
-  text-align:center;
-  font-style: italic;
   display:block;
   padding: 10px;
   background: #F5F5F5;
@@ -28,11 +26,11 @@ table.footable>tbody>tr.footable-empty>td {
 }
 .mass-select-all {
   cursor:pointer;
-  color:grey;
+  color:#555;
 }
 #alias_table {
   cursor:pointer;
 }
 #alias_table .footable-paging {
   cursor:	auto;
-}
\ No newline at end of file
+}
diff --git a/data/web/js/admin.js b/data/web/js/admin.js
index feaf3907..647dba9a 100644
--- a/data/web/js/admin.js
+++ b/data/web/js/admin.js
@@ -1,7 +1,7 @@
 $(document).ready(function() {
   $.ajax({
     dataType: 'json',
-    url: '/api/v1/domain-admin/all',
+    url: '/api/v1/get/domain-admin/all',
     jsonp: false,
     error: function () {
       alert('Cannot draw domain administrator table');
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 56cc6d04..9876ec36 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -237,6 +237,7 @@ $(document).ready(function() {
       $.each(data, function (i, item) {
         item.action = '<div class="btn-group">' +
           '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+          '<a href="/remove.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-pencil"></span> ' + lang.remove + '</a>' +
 					'</div>';
         item.chkbox = '<input type="checkbox" class="alias_item" name="sel_aliases" value="' + item.address + '" />';
         if (item.is_catch_all == 1) {
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index 09164809..dc208896 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -102,14 +102,17 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
               <table id="alias_table" class="table table-striped"></table>
             </div>
             <div class="mass-actions">
-              <span id="select_all_aliases" class="mass-select-all"><?=$lang['mailbox']['toggle_all'];?></span>
-              <span>&ndash; <?=$lang['mailbox']['quick_actions'];?>: 
-                <a id="delete_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['remove'];?></a> |
-                <a id="activate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['activate'];?></a> |
-                <a id="deactivate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['deactivate'];?></a>
-              </span>
+              <p id="select_all_aliases" class="mass-select-all">
+                ↪ <?=$lang['mailbox']['toggle_all'];?>
+              </p>
+            </div>
+            <div class="footer-add-item">
+              <b><?=$lang['mailbox']['quick_actions'];?>:</b>
+              <a id="delete_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['remove'];?></a> |
+              <a id="activate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['activate'];?></a> |
+              <a id="deactivate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['deactivate'];?></a>
+              <a class="pull-right" href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a>
             </div>
-            <span class="footer-add-item"><a href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a></span>
           </div>
         </div>
 

From c29923d77a8e0ba6fd988676af2ea00fdfbbe4b4 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Thu, 27 Apr 2017 20:11:05 +0200
Subject: [PATCH 50/55] Use JS array instead of JSON object when creating lists
 of items for quick actions, respect all pages

---
 data/web/js/mailbox.js | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 9876ec36..9e1da2ac 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -237,7 +237,7 @@ $(document).ready(function() {
       $.each(data, function (i, item) {
         item.action = '<div class="btn-group">' +
           '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-          '<a href="/remove.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-pencil"></span> ' + lang.remove + '</a>' +
+          '<a href="/delete.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-pencil"></span> ' + lang.remove + '</a>' +
 					'</div>';
         item.chkbox = '<input type="checkbox" class="alias_item" name="sel_aliases" value="' + item.address + '" />';
         if (item.is_catch_all == 1) {
@@ -273,7 +273,7 @@ $(document).ready(function() {
         }
       });
 
-      var selected_aliases = {};
+      var selected_aliases = [];
 
       $(document).on('click', 'tr', function(e) {
         if (e.target.type == "checkbox") {
@@ -283,23 +283,25 @@ $(document).ready(function() {
           checkbox.trigger('click');
         }
       });
-      
-      $(document).on('change', 'input[name=sel_aliases]', function() {
-        selected_aliases = {};
-        $('input[name=sel_aliases]:checked').each(function(i) {
-          selected_aliases[i] = ($(this).val());
-        });
+
+      $(document).on('change', 'input[name=sel_aliases]:checkbox', function() {
+        if ($(this).is(':checked')) {
+          selected_aliases.push($(this).val());
+        }
+        else {
+          selected_aliases.splice($.inArray($(this).val(), selected_aliases),1);
+        }
       });
 
       $(document).on('click', '#select_all_aliases', function(e) {
         e.preventDefault();
-        var alias_chkbxs = $("input[name=sel_aliases]:visible");
+        var alias_chkbxs = $("input[name=sel_aliases]");
         alias_chkbxs.prop("checked", !alias_chkbxs.prop("checked")).change();
       });
 
       $(document).on('click', '#activate_selected_alias', function(e) {
         e.preventDefault();
-        if (Object.keys(selected_aliases).length !== 0) {
+        if (selected_aliases.length !== 0) {
           $.ajax({
             type: "POST",
             dataType: "json",

From f5255acc97a0e69d9499f29114e7376f429d7b34 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 28 Apr 2017 10:52:54 +0200
Subject: [PATCH 51/55] Use plus symbol on top and bottom

---
 data/web/mailbox.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index dc208896..864ea676 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -93,9 +93,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
         <div role="tabpanel" class="tab-pane" id="tab-mbox-aliases">
           <div class="panel panel-default">
             <div class="panel-heading">
-              <div class="pull-right">
-                <a href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
-              </div>
+              <a class="pull-right" href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
               <h3 class="panel-title"><?=$lang['mailbox']['aliases'];?></h3>
             </div>
             <div class="table-responsive">
@@ -107,11 +105,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
               </p>
             </div>
             <div class="footer-add-item">
+              <a class="pull-right" href="/add.php?alias"><span class="glyphicon glyphicon-plus"></span></a>
               <b><?=$lang['mailbox']['quick_actions'];?>:</b>
               <a id="delete_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['remove'];?></a> |
               <a id="activate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['activate'];?></a> |
               <a id="deactivate_selected_alias" href="#" class="mass-each-action"><?=$lang['mailbox']['deactivate'];?></a>
-              <a class="pull-right" href="/add.php?alias"><?=$lang['mailbox']['add_alias'];?></a>
             </div>
           </div>
         </div>

From 77992be9fc8171035f15fd05f0512e3c20ada4ba Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 28 Apr 2017 10:53:04 +0200
Subject: [PATCH 52/55] Update Dovecot and Pigeonhole

---
 data/Dockerfiles/dovecot/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 90f7352d..1d3bfbef 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -4,8 +4,8 @@ MAINTAINER Andre Peters <andre.peters@servercow.de>
 
 ENV DEBIAN_FRONTEND noninteractive
 ENV LC_ALL C
-ENV DOVECOT_VERSION 2.2.28
-ENV PIGEONHOLE_VERSION 0.4.17
+ENV DOVECOT_VERSION 2.2.29.1
+ENV PIGEONHOLE_VERSION 0.4.18
 
 RUN apt-get update \
 	&& apt-get -y install libpam-dev \

From dfee8efa97b24b55b5ea490a5c315a1b95d0f139 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 28 Apr 2017 12:24:14 +0200
Subject: [PATCH 53/55] Fix DBUSER in entrypoint

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 4a2876d7..a7191306 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -16,7 +16,7 @@ DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g')
 
 # Create quota dict for Dovecot
 cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql.conf
-connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
+connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
 map {
   pattern = priv/quota/storage
   table = quota2
@@ -34,7 +34,7 @@ EOF
 # Create user and pass dict for Dovecot
 cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-mysql.conf
 driver = mysql
-connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
+connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
 default_pass_scheme = SSHA256
 password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
 user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'

From 8f213e8df968acb66b6f5d644f8c6969b5e91fea Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sat, 29 Apr 2017 16:36:41 +0200
Subject: [PATCH 54/55] Changes to api path

---
 data/conf/nginx/site.conf | 10 ++++------
 data/web/js/mailbox.js    |  6 +++---
 data/web/json_api.php     | 27 ++++++++++++++++++++-------
 3 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 181a802b..685e1fc7 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -18,10 +18,9 @@ server {
   access_log /var/log/nginx/access.log;
   root /web;
 
-  location /api/v1/ {
-    try_files $uri $uri/ /json_api.php?$args;
+  location ~ ^/api/v1/(.*)$ {
+    try_files $uri $uri/ /json_api.php?query=$1;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&cat=$2&object=$3? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
@@ -167,10 +166,9 @@ server {
   access_log /var/log/nginx/access.log;
   root /web;
 
-  location /api/v1/ {
-    try_files $uri $uri/ /json_api.php?$args;
+  location ~ ^/api/v1/(.*)$ {
+    try_files $uri $uri/ /json_api.php?query=$1;
   }
-  rewrite ^/api/v1/([^/]+)/([^/]+)/([^/]+)/?$ /json_api.php?action=$1&cat=$2&object=$3? last;
 
   location ^~ /.well-known/acme-challenge/ {
 	  allow all;
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 9e1da2ac..0f0b4098 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -306,7 +306,7 @@ $(document).ready(function() {
             type: "POST",
             dataType: "json",
             data: { "address": JSON.stringify(selected_aliases), "active": "1" },
-            url: '/api/v1/edit/alias/post',
+            url: '/api/v1/edit/alias',
             jsonp: false,
             complete: function (data) {
               location.reload();
@@ -322,7 +322,7 @@ $(document).ready(function() {
             type: "POST",
             dataType: "json",
             data: { "address": JSON.stringify(selected_aliases), "active": "0" },
-            url: '/api/v1/edit/alias/post',
+            url: '/api/v1/edit/alias',
             jsonp: false,
             complete: function (data) {
               location.reload();
@@ -349,7 +349,7 @@ $(document).ready(function() {
               type: "POST",
               dataType: "json",
               data: { "address": JSON.stringify(selected_aliases) },
-              url: '/api/v1/delete/alias/post',
+              url: '/api/v1/delete/alias',
               jsonp: false,
               complete: function (data) {
                 location.reload();
diff --git a/data/web/json_api.php b/data/web/json_api.php
index b09caa67..44e7d934 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1,14 +1,27 @@
 <?php
+/*
+edit/alias => POST data:
+  {
+    address: {a, b, c},   (where a, b, c represent alias addresses)
+    active: 1             (0 or 1)
+  }
+
+delete/alias => POST data:
+  {
+    address: {a, b, c},   (where a, b, c represent alias addresses)
+  }
+
+*/
+header('Content-Type: application/json');
 require_once 'inc/prerequisites.inc.php';
 error_reporting(E_ALL);
 if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_username'])) {
-  if (isset($_GET['action']) && isset($_GET['cat'])) {
-    $category = filter_input(INPUT_GET, 'cat',  FILTER_SANITIZE_STRING);
-    $action = filter_input(INPUT_GET, 'action',  FILTER_SANITIZE_STRING);
-    
-    if (isset($_GET['object'])) {
-      $object = filter_input(INPUT_GET, 'object',  FILTER_SANITIZE_STRING);
-    }
+  if (isset($_GET['query'])) {
+
+    $query = explode('/', $_GET['query']);
+    $action =     (isset($query[0])) ? $query[0] : null;
+    $category =   (isset($query[1])) ? $query[1] : null;
+    $object =     (isset($query[2])) ? $query[2] : null;
 
     switch ($action) {
       case "get":

From 9bb1c2cc06d904bd2d2e58fc42f47eb930aadbd4 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sat, 29 Apr 2017 16:36:51 +0200
Subject: [PATCH 55/55] Remove old file

---
 data/web/u2f_api.php | 156 -------------------------------------------
 1 file changed, 156 deletions(-)
 delete mode 100644 data/web/u2f_api.php

diff --git a/data/web/u2f_api.php b/data/web/u2f_api.php
deleted file mode 100644
index ddeb1ece..00000000
--- a/data/web/u2f_api.php
+++ /dev/null
@@ -1,156 +0,0 @@
-<?php
-require_once('inc/prerequisites.inc.php');
-$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
-
-$u2f = new u2flib_server\U2F('https://' . $_SERVER['SERVER_NAME']);
-
-function getRegs($username) {
-  global $pdo;
-  $sel = $pdo->prepare("select * from tfa where username = ?");
-  $sel->execute(array($username));
-  return $sel->fetchAll();
-}
-function addReg($username, $reg) {
-  global $pdo;
-  $ins = $pdo->prepare("INSERT INTO `tfa` (`username`, `keyHandle`, `publicKey`, `certificate`, `counter`) values (?, ?, ?, ?, ?)");
-  $ins->execute(array($username, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter));
-}
-function updateReg($reg) {
-  global $pdo;
-  $upd = $pdo->prepare("update tfa set counter = ? where id = ?");
-  $upd->execute(array($reg->counter, $reg->id));
-}
-?>
-<html>
-<head>
-<script src="js/u2f-api.js"></script>
-<?php
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-  if ((empty($_POST['u2f_username'])) || (!isset($_POST['action']) && !isset($_POST['u2f_register_data']) && !isset($_POST['u2f_auth_data']))) {
-    print_r($_POST);
-    exit();
-  }
-  else {
-    $username = $_POST['u2f_username'];
-    if (isset($_POST['action'])) {
-      switch($_POST['action']) {
-        case 'register':
-          try {
-          $data = $u2f->getRegisterData(getRegs($username));
-          list($req, $sigs) = $data;
-          $_SESSION['regReq'] = json_encode($req);
-?>
-<script>
-var req = <?=json_encode($req);?>;
-var sigs = <?=json_encode($sigs);?>;
-var username = "<?=$username;?>";
-setTimeout(function() {
-  console.log("Register: ", req);
-  u2f.register([req], sigs, function(data) {
-    var form  = document.getElementById('u2f_form');
-    var reg   = document.getElementById('u2f_register_data');
-    var user  = document.getElementById('u2f_username');
-    var status = document.getElementById('u2f_status');
-    console.log("Register callback", data);
-    if (data.errorCode && data.errorCode != 0) {
-      var div = document.getElementById('u2f_return_code');
-      div.innerHTML = 'Error code: ' + data.errorCode;
-      return;
-    }
-    reg.value = JSON.stringify(data);
-    user.value = username;
-    status.value = "1";
-    form.submit();
-  });
-}, 1000);
-</script>
-<?php
-          }
-          catch( Exception $e ) {
-            echo "U2F error: " . $e->getMessage();
-          }
-        break;
-
-        case 'authenticate':
-        try {
-          $reqs = json_encode($u2f->getAuthenticateData(getRegs($username)));
-          $_SESSION['authReq']  = $reqs;
-?>
-<script>
-var req = <?=$reqs;?>;
-var username = "<?=$username;?>";       
-setTimeout(function() {
-  console.log("sign: ", req);
-  u2f.sign(req, function(data) {
-    var form = document.getElementById('u2f_form');
-    var auth = document.getElementById('u2f_auth_data');
-    var user = document.getElementById('u2f_username');
-    console.log("Authenticate callback", data);
-    auth.value = JSON.stringify(data);
-    user.value = username;
-    form.submit();
-  });
-}, 1000);
-</script>
-<?php
-        }
-        catch (Exception $e) {
-          echo "U2F error: " . $e->getMessage();
-        }
-        break;
-      }
-    }
-    if (!empty($_POST['u2f_register_data'])) {
-      try {
-        $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['u2f_register_data']));
-        addReg($username, $reg);
-      }
-      catch (Exception $e) {
-        echo "U2F error: " . $e->getMessage();
-      }
-      finally {
-        echo "Success";
-        $_SESSION['regReq'] = null;
-      }
-    }
-    if (!empty($_POST['u2f_auth_data'])) {
-      try {
-        $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($username), json_decode($_POST['u2f_auth_data']));
-        updateReg($reg);
-      }
-      catch (Exception $e) {
-        echo "U2F error: " . $e->getMessage();
-      }
-      finally {
-        echo "Success";
-        $_SESSION['authReq'] = null;
-      }
-    }
-  }
-?>
-</head>
-<body>
-<div id="u2f_return_code"></div>
-<form method="POST" id="u2f_form">
-<input type="hidden" name="u2f_register_data" id="u2f_register_data"/>
-<input type="hidden" name="u2f_auth_data" id="u2f_auth_data"/>
-<input type="hidden" name="u2f_username" id="u2f_username"/><br/>
-<input type="hidden" name="u2f_status" id="u2f_status"/><br/>
-</form>
-<?php
-}
-else {
-?>
-<form method="POST" id="post_form">
-Username: <input name="u2f_username" id="u2f_username"/><br/><hr>
-Action: <br />
-<input value="register" name="action" type="radio"/> Register<br/>
-<input value="authenticate" name="action" type="radio"/> Authenticate<br/>
-<button type="submit">Submit!</button>
-  </form>
-<?php
-}
-?>
-</body>
-</html>