From e86565e2836b13be96d62790818849570c3bc6a1 Mon Sep 17 00:00:00 2001
From: Michael Kuron <mkuron@users.noreply.github.com>
Date: Tue, 23 Jan 2018 19:59:06 +0100
Subject: [PATCH 001/107] Expose Postfix's recipient_canonical_maps through web
 UI

---
 data/Dockerfiles/postfix/postfix.sh           |  10 +
 data/conf/postfix/main.cf                     |   3 +
 data/web/edit.php                             |  37 +++
 ...hp => functions.address_rewriting.inc.php} | 235 +++++++++++++++++-
 data/web/inc/init_db.inc.php                  |  21 +-
 data/web/inc/prerequisites.inc.php            |   2 +-
 data/web/js/mailbox.js                        |  47 ++++
 data/web/json_api.php                         | 153 ++++++++++++
 data/web/lang/lang.en.php                     |   8 +-
 data/web/mailbox.php                          |  30 ++-
 data/web/modals/mailbox.php                   |  39 +++
 docker-compose.yml                            |   2 +-
 12 files changed, 581 insertions(+), 6 deletions(-)
 rename data/web/inc/{functions.bcc.inc.php => functions.address_rewriting.inc.php} (55%)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index c152606d..0620404d 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -145,6 +145,16 @@ query = SELECT bcc_dest FROM bcc_maps
     AND active='1';
 EOF
 
+cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+user = ${DBUSER}
+password = ${DBPASS}
+hosts = mysql
+dbname = ${DBNAME}
+query = SELECT new_dest FROM recipient_maps
+  WHERE old_dest='%s'
+    AND active='1';
+EOF
+
 cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
 user = ${DBUSER}
 password = ${DBPASS}
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 4e8c577f..1c943dc6 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -45,6 +45,7 @@ proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf,
+  proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf,
   $local_recipient_maps,
   $mydestination,
   $virtual_alias_maps,
@@ -108,6 +109,8 @@ virtual_mailbox_base = /var/vmail/
 virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
 recipient_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
 sender_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
+recipient_canonical_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
+recipient_canonical_classes = envelope_recipient
 virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
 virtual_minimum_uid = 104
 virtual_transport = lmtp:inet:dovecot:24
diff --git a/data/web/edit.php b/data/web/edit.php
index b53e1794..5e337249 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -654,6 +654,43 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         <?php
         }
     }
+    elseif (isset($_GET['recipient_map']) && !empty($_GET["recipient_map"])) {
+        $map = intval($_GET["recipient_map"]);
+        $result = recipient_map('details', $map);
+        if (!empty($result)) {
+          ?>
+          <h4>Recipient map: <?=$result['recipient_map_old'];?></h4>
+          <br />
+          <form class="form-horizontal" data-id="editrecipient_map" role="form" method="post">
+            <input type="hidden" value="0" name="active">
+            <div class="form-group">
+              <label class="control-label col-sm-2" for="recipient_map_new">New destination</label>
+              <div class="col-sm-10">
+                <textarea id="recipient_map_new" class="form-control" autocapitalize="none" autocorrect="off" rows="10" id="recipient_map_new" name="recipient_map_new" required><?=$result['recipient_map_new'];?></textarea>
+                <small>Recipient map destinations can only be valid email addresses. Separated by whitespace, semicolon, new line or comma.</small>
+              </div>
+            </div>
+            <div class="form-group">
+              <div class="col-sm-offset-2 col-sm-10">
+                <div class="checkbox">
+                <label><input type="checkbox" value="1" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
+                </div>
+              </div>
+            </div>
+            <div class="form-group">
+              <div class="col-sm-offset-2 col-sm-10">
+                <button class="btn btn-success" id="edit_selected" data-id="editrecipient_map" data-item="<?=$map;?>" data-api-url='edit/recipient_map' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
+              </div>
+            </div>
+          </form>
+        <?php
+        }
+        else {
+        ?>
+          <div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
+        <?php
+        }
+    }
   }
   if ($_SESSION['mailcow_cc_role'] == "admin"  || $_SESSION['mailcow_cc_role'] == "domainadmin" || $_SESSION['mailcow_cc_role'] == "user") {
     if (isset($_GET['syncjob']) &&
diff --git a/data/web/inc/functions.bcc.inc.php b/data/web/inc/functions.address_rewriting.inc.php
similarity index 55%
rename from data/web/inc/functions.bcc.inc.php
rename to data/web/inc/functions.address_rewriting.inc.php
index 1ce58a54..9dbc5673 100644
--- a/data/web/inc/functions.bcc.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@@ -289,4 +289,237 @@ function bcc($_action, $_data = null, $attr = null) {
       return true;
     break;
   }
-}
\ No newline at end of file
+}
+
+function recipient_map($_action, $_data = null, $attr = null) {
+	global $pdo;
+	global $lang;
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    return false;
+  }
+  switch ($_action) {
+    case 'add':
+      $old_dest = strtolower(trim($_data['recipient_map_old']));
+      $new_dest = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['recipient_map_new']));
+      $active = intval($_data['active']);
+      if (empty($new_dest)) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Recipient map destination cannot be empty'
+        );
+        return false;
+      }
+      if (is_valid_domain_name($old_dest)) {
+        $old_dest_sane = '@' . idn_to_ascii($old_dest);
+      }
+      elseif (filter_var($old_dest, FILTER_VALIDATE_EMAIL)) {
+        $old_dest_sane = $old_dest;
+      }
+      else {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Invalid original recipient specified: ' . $old_dest
+        );
+        return false;
+      }
+      foreach ($new_dest as &$new_dest_e) {
+        if (!filter_var($new_dest_e, FILTER_VALIDATE_EMAIL)) {
+          $new_dest_e = null;;
+        }
+        $new_dest_e = strtolower($new_dest_e);
+      }
+      $new_dest = array_filter($new_dest);
+      $new_dest = implode(",", $new_dest);
+      if (empty($new_dest)) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'Recipient map destination cannot be empty'
+        );
+        return false;
+      }
+      try {
+        $stmt = $pdo->prepare("SELECT `id` FROM `recipient_maps`
+          WHERE `old_dest` = :old_dest");
+        $stmt->execute(array(':old_dest' => $old_dest_sane));
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      }
+      catch(PDOException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'MySQL: '.$e
+        );
+        return false;
+      }
+      if ($num_results != 0) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'A Recipient map entry "' . htmlspecialchars($old_dest_sane) . '" exists'
+        );
+        return false;
+      }
+      try {
+        $stmt = $pdo->prepare("INSERT INTO `recipient_maps` (`old_dest`, `new_dest`, `active`) VALUES
+          (:old_dest, :new_dest, :active)");
+        $stmt->execute(array(
+          ':old_dest' => $old_dest_sane,
+          ':new_dest' => $new_dest,
+          ':active' => $active
+        ));
+      }
+      catch (PDOException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'MySQL: '.$e
+        );
+        return false;
+      }
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => 'Recipient map entry saved'
+      );
+    break;
+    case 'edit':
+      $ids = (array)$_data['id'];
+      foreach ($ids as $id) {
+        $is_now = recipient_map('details', $id);
+        if (!empty($is_now)) {
+          $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
+          $new_dest = (!empty($_data['recipient_map_new'])) ? $_data['recipient_map_new'] : $is_now['recipient_map_new'];
+          $old_dest = $is_now['old_dest'];
+        }
+        else {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => sprintf($lang['danger']['access_denied'])
+          );
+          return false;
+        }
+        $new_dest = array_map('trim', preg_split( "/( |,|;|\n)/", $new_dest));
+        $active = intval($_data['active']);
+        foreach ($new_dest as &$new_dest_e) {
+          if (!filter_var($new_dest_e, FILTER_VALIDATE_EMAIL)) {
+            $new_dest_e = null;;
+          }
+          $new_dest_e = strtolower($new_dest_e);
+        }
+        $new_dest = array_filter($new_dest);
+        $new_dest = implode(",", $new_dest);
+        if (empty($new_dest)) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'Recipient map destination cannot be empty'
+          );
+          return false;
+        }
+        try {
+          $stmt = $pdo->prepare("SELECT `id` FROM `recipient_maps`
+            WHERE `old_dest` = :old_dest");
+          $stmt->execute(array(':old_dest' => $old_dest));
+          $id_now = $stmt->fetch(PDO::FETCH_ASSOC)['id'];
+        }
+        catch(PDOException $e) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'MySQL: '.$e
+          );
+          return false;
+        }
+        if (isset($id_now) && $id_now != $id) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'A Recipient map entry ' . htmlspecialchars($old_dest) . ' exists'
+          );
+          return false;
+        }
+        try {
+          $stmt = $pdo->prepare("UPDATE `recipient_maps` SET `new_dest` = :new_dest, `active` = :active WHERE `id`= :id");
+          $stmt->execute(array(
+            ':new_dest' => $new_dest,
+            ':active' => $active,
+            ':id' => $id
+          ));
+        }
+        catch (PDOException $e) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'MySQL: '.$e
+          );
+          return false;
+        }
+      }
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => 'Recipient map entry edited'
+      );
+    break;
+    case 'details':
+      $mapdata = array();
+      $id = intval($_data);
+      try {
+        $stmt = $pdo->prepare("SELECT `id`,
+          `old_dest` AS `recipient_map_old`,
+          `new_dest` AS `recipient_map_new`,
+          `active` AS `active_int`,
+          CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
+          `created`,
+          `modified` FROM `recipient_maps`
+            WHERE `id` = :id");
+        $stmt->execute(array(':id' => $id));
+        $mapdata = $stmt->fetch(PDO::FETCH_ASSOC);
+      }
+      catch(PDOException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'MySQL: '.$e
+        );
+        return false;
+      }
+      return $mapdata;
+    break;
+    case 'get':
+      $mapdata = array();
+      $all_items = array();
+      $id = intval($_data);
+      try {
+        $stmt = $pdo->query("SELECT `id` FROM `recipient_maps`");
+        $all_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      }
+      catch(PDOException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'MySQL: '.$e
+        );
+        return false;
+      }
+      foreach ($all_items as $i) {
+        $mapdata[] = $i['id'];
+      }
+      $all_items = null;
+      return $mapdata;
+    break;
+    case 'delete':
+      $ids = (array)$_data['id'];
+      foreach ($ids as $id) {
+        if (!is_numeric($id)) {
+          return false;
+        }
+        try {
+          $stmt = $pdo->prepare("DELETE FROM `recipient_maps` WHERE `id`= :id");
+          $stmt->execute(array(':id' => $id));
+        }
+        catch (PDOException $e) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'MySQL: '.$e
+          );
+          return false;
+        }
+      }
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => 'Deleted Recipient map id/s ' . implode(', ', $ids)
+      );
+      return true;
+    break;
+  }
+}
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 6c0ef937..ef704bfb 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "02012018_1515";
+    $db_version = "20012021_2202";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -394,6 +394,25 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
+      "recipient_maps" => array(
+        "cols" => array(
+          "id" => "INT NOT NULL AUTO_INCREMENT",
+          "old_dest" => "VARCHAR(255) NOT NULL",
+          "new_dest" => "VARCHAR(255) NOT NULL",
+          "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
+          "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
+          "active" => "TINYINT(1) NOT NULL DEFAULT '0'"
+        ),
+        "keys" => array(
+          "primary" => array(
+            "" => array("id")
+          ),
+          "key" => array(
+            "local_dest" => array("old_dest"),
+          )
+        ),
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
+      ),
       "tfa" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 8aa20770..c7a75fdc 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -81,7 +81,7 @@ include $_SERVER['DOCUMENT_ROOT'] . '/lang/lang.'.$_SESSION['mailcow_locale'].'.
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.customize.inc.php';
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.bcc.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.address_rewriting.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.domain_admin.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.quarantaine.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 1e08a4ee..cca7331b 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -383,6 +383,52 @@ jQuery(function($){
       }
     });
   }
+  function draw_recipient_map_table() {
+    ft_recipient_map_table = FooTable.init('#recipient_map_table', {
+      "columns": [
+        {"name":"chkbox","title":"","style":{"maxWidth":"60px","width":"60px"},"filterable": false,"sortable": false,"type":"html"},
+        {"sorted": true,"name":"id","title":"ID","style":{"maxWidth":"60px","width":"60px","text-align":"center"}},
+        {"name":"recipient_map_old","title":lang.recipient_map_old},
+        {"name":"recipient_map_new","title":lang.recipient_map_new},
+        {"name":"active","filterable": false,"style":{"maxWidth":"80px","width":"80px"},"title":lang.active},
+        {"name":"action","filterable": false,"sortable": false,"style":{"text-align":"right","maxWidth":"180px","width":"180px"},"type":"html","title":(role == "admin" ? lang.action : ""),"breakpoints":"xs sm"}
+      ],
+      "empty": lang.empty,
+      "rows": $.ajax({
+        dataType: 'json',
+        url: '/api/v1/get/recipient_map/all',
+        jsonp: false,
+        error: function () {
+          console.log('Cannot draw recipient map table');
+        },
+        success: function (data) {
+          if (role == "admin") {
+            $.each(data, function (i, item) {
+              item.action = '<div class="btn-group">' +
+                '<a href="/edit.php?recipient_map=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+                '<a href="#" id="delete_selected" data-id="single-recipient_map" data-api-url="delete/recipient_map" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+                '</div>';
+              item.chkbox = '<input type="checkbox" data-id="recipient_map" name="multi_select" value="' + item.id + '" />';
+            });
+          }
+        }
+      }),
+      "paging": {
+        "enabled": true,
+        "limit": 5,
+        "size": pagination_size
+      },
+      "filtering": {
+        "enabled": true,
+        "position": "left",
+        "connectors": false,
+        "placeholder": lang.filter_table
+      },
+      "sorting": {
+        "enabled": true
+      }
+    });
+  }
   function draw_alias_table() {
     ft_alias_table = FooTable.init('#alias_table', {
       "columns": [
@@ -609,5 +655,6 @@ jQuery(function($){
   draw_sync_job_table();
   draw_filter_table();
   draw_bcc_table();
+  draw_recipient_map_table();
 
 });
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 856facfc..8c2c5b44 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -595,6 +595,39 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               ));
             }
           break;
+          case "recipient_map":
+            if (isset($_POST['attr'])) {
+              $attr = (array)json_decode($_POST['attr'], true);
+              if (recipient_map('add', $attr) === false) {
+                if (isset($_SESSION['return'])) {
+                  echo json_encode($_SESSION['return']);
+                }
+                else {
+                  echo json_encode(array(
+                    'type' => 'error',
+                    'msg' => 'Cannot add item'
+                  ));
+                }
+              }
+              else {
+                if (isset($_SESSION['return'])) {
+                  echo json_encode($_SESSION['return']);
+                }
+                else {
+                  echo json_encode(array(
+                    'type' => 'success',
+                    'msg' => 'Task completed'
+                  ));
+                }
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'msg' => 'Cannot find attributes in post data'
+              ));
+            }
+          break;
         }
       break;
       case "get":
@@ -1191,6 +1224,41 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               break;
             }
           break;
+          case "recipient_map":
+            switch ($object) {
+              case "all":
+                $recipient_map_items = recipient_map('get');
+                if (!empty($recipient_map_items)) {
+                  foreach ($recipient_map_items as $recipient_map_item) {
+                    if ($details = recipient_map('details', $recipient_map_item)) {
+                      $data[] = $details;
+                    }
+                    else {
+                      continue;
+                    }
+                  }
+                }
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+              default:
+                $data = recipient_map('details', $object);
+                if (!empty($data)) {
+                  $data[] = $details;
+                }
+                if (!isset($data) || empty($data)) {
+                  echo '{}';
+                }
+                else {
+                  echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+                }
+              break;
+            }
+          break;
           case "policy_wl_mailbox":
             switch ($object) {
               default:
@@ -1739,6 +1807,47 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               ));
             }
           break;
+          case "recipient_map":
+            if (isset($_POST['items'])) {
+              $items = (array)json_decode($_POST['items'], true);
+              if (is_array($items)) {
+                if (recipient_map('delete', array('id' => $items)) === false) {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'error',
+                      'msg' => 'Deletion of items/s failed'
+                    ));
+                  }
+                }
+                else {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'success',
+                      'msg' => 'Task completed'
+                    ));
+                  }
+                }
+              }
+              else {
+                echo json_encode(array(
+                  'type' => 'error',
+                  'msg' => 'Cannot find id array in post data'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'msg' => 'Cannot find items in post data'
+              ));
+            }
+          break;
           case "fwdhost":
             if (isset($_POST['items'])) {
               $items = (array)json_decode($_POST['items'], true);
@@ -2238,6 +2347,50 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               ));
             }
           break;
+          case "recipient_map":
+            if (isset($_POST['items']) && isset($_POST['attr'])) {
+              $items = (array)json_decode($_POST['items'], true);
+              $attr = (array)json_decode($_POST['attr'], true);
+              $postarray = array_merge(array('id' => $items), $attr);
+              if (is_array($postarray['id'])) {
+                if (recipient_map('edit', $postarray) === false) {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'error',
+                      'msg' => 'Edit failed'
+                    ));
+                  }
+                  exit();
+                }
+                else {
+                  if (isset($_SESSION['return'])) {
+                    echo json_encode($_SESSION['return']);
+                  }
+                  else {
+                    echo json_encode(array(
+                      'type' => 'success',
+                      'msg' => 'Task completed'
+                    ));
+                  }
+                }
+              }
+              else {
+                echo json_encode(array(
+                  'type' => 'error',
+                  'msg' => 'Incomplete post data'
+                ));
+              }
+            }
+            else {
+              echo json_encode(array(
+                'type' => 'error',
+                'msg' => 'Incomplete post data'
+              ));
+            }
+          break;
           case "alias":
             if (isset($_POST['items']) && isset($_POST['attr'])) {
               $items = (array)json_decode($_POST['items'], true);
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 37cf6661..2b3236fe 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -648,5 +648,11 @@ $lang['mailbox']['bcc_maps'] = "BCC maps";
 $lang['mailbox']['bcc_to_sender'] = "Switch to sender map type";
 $lang['mailbox']['bcc_to_rcpt'] = "Switch to recipient map type";
 $lang['mailbox']['add_bcc_entry'] = "Add BCC map";
-$lang['mailbox']['bcc_info'] = "A recipient map type entry is used, when the local destination acts as recipient of a mail. Sender maps conform to the same principle.<br/>
+$lang['mailbox']['bcc_info'] = "BCC maps are used to silently forward copies of all messages to another address. A recipient map type entry is used, when the local destination acts as recipient of a mail. Sender maps conform to the same principle.<br/>
   The local destination will not be informed about a failed delivery.";
+$lang['mailbox']['address_rewriting'] = 'Address rewriting';
+$lang['mailbox']['recipient_maps'] = 'Recipient maps';
+$lang['mailbox']['recipient_map_info'] = 'Recipient maps are used to replace the destination address on a message before it is delivered.';
+$lang['mailbox']['recipient_map_old'] = 'Original recipient';
+$lang['mailbox']['recipient_map_new'] = 'New recipient';
+$lang['mailbox']['add_recipient_map_entry'] = 'Add recipient map';
\ No newline at end of file
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index 19ec683e..73a628c4 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -21,7 +21,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
     </li>
     <li role="presentation"><a href="#tab-syncjobs" aria-controls="tab-syncjobs" role="tab" data-toggle="tab"><?=$lang['mailbox']['sync_jobs'];?></a></li>
     <li role="presentation"><a href="#tab-filters" aria-controls="tab-filters" role="tab" data-toggle="tab"><?=$lang['mailbox']['filters'];?></a></li>
-    <li role="presentation"><a href="#tab-bcc" aria-controls="tab-filters" role="tab" data-toggle="tab"><?=$lang['mailbox']['bcc_maps'];?></a></li>
+    <li role="presentation"><a href="#tab-bcc" aria-controls="tab-filters" role="tab" data-toggle="tab"><?=$lang['mailbox']['address_rewriting'];?></a></li>
   </ul>
 
 	<div class="row">
@@ -234,6 +234,34 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
               </div>
             </div>
           </div>
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title"><?=$lang['mailbox']['recipient_maps'];?></h3>
+            </div>
+            <p style="margin:10px" class="help-block"><?=$lang['mailbox']['recipient_map_info'];?></p>
+            <div class="table-responsive">
+              <table class="table table-striped" id="recipient_map_table"></table>
+            </div>
+<?php
+if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"))
+  $display = 'block';
+else
+  $display = 'none';
+?>
+            <div class="mass-actions-mailbox" style="display: <?php echo $display; ?>">
+              <div class="btn-group">
+                <a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="recipient_map" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['mailbox']['toggle_all'];?></a>
+                <a class="btn btn-sm btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['mailbox']['quick_actions'];?> <span class="caret"></span></a>
+                <ul class="dropdown-menu">
+                  <li><a id="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"1"}' href="#"><?=$lang['mailbox']['activate'];?></a></li>
+                  <li><a id="edit_selected" data-id="recipient_map" data-api-url='edit/recipient_map' data-api-attr='{"active":"0"}' href="#"><?=$lang['mailbox']['deactivate'];?></a></li>
+                  <li role="separator" class="divider"></li>
+                  <li><a id="delete_selected" data-id="recipient_map" data-api-url='delete/recipient_map' href="#"><?=$lang['mailbox']['remove'];?></a></li>
+                </ul>
+                <a class="btn btn-sm btn-success" href="#" data-toggle="modal" data-target="#addRecipientMapModalAdmin"><span class="glyphicon glyphicon-plus"></span> <?=$lang['mailbox']['add_recipient_map_entry'];?></a>
+              </div>
+            </div>
+          </div>
         </div>
       </div> <!-- /tab-content -->
     </div> <!-- /col-md-12 -->
diff --git a/data/web/modals/mailbox.php b/data/web/modals/mailbox.php
index 3f05f8f8..f8dca77d 100644
--- a/data/web/modals/mailbox.php
+++ b/data/web/modals/mailbox.php
@@ -574,6 +574,45 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
     </div>
   </div>
 </div><!-- add add_bcc modal -->
+<!-- add add_recipient_map modal -->
+<div class="modal fade" id="addRecipientMapModalAdmin" tabindex="-1" role="dialog" aria-hidden="true">
+  <div class="modal-dialog modal-lg">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
+        <h3 class="modal-title"><?=$lang['mailbox']['recipient_maps'];?></h3>
+      </div>
+      <div class="modal-body">
+				<form class="form-horizontal" data-cached-form="true" role="form" data-id="add_recipient_map">
+          <div class="form-group">
+            <label class="control-label col-sm-2" for="recipient_map_old"><?=$lang['mailbox']['recipient_map_old'];?>:</label>
+						<div class="col-sm-10">
+							<textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control" rows="2" id="recipient_map_old" name="recipient_map_old" required></textarea>
+						</div>
+          </div>
+					<div class="form-group">
+						<label class="control-label col-sm-2" for="recipient_map_new"><?=$lang['mailbox']['recipient_map_new'];?>:</label>
+						<div class="col-sm-10">
+							<textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control" rows="2" id="recipient_map_new" name="recipient_map_new" required></textarea>
+						</div>
+					</div>
+					<div class="form-group">
+						<div class="col-sm-offset-2 col-sm-10">
+							<div class="checkbox">
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
+							</div>
+						</div>
+					</div>
+					<div class="form-group">
+						<div class="col-sm-offset-2 col-sm-10">
+              <button class="btn btn-success" id="add_item" data-id="add_recipient_map" data-api-url='add/recipient_map' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>
+						</div>
+					</div>
+				</form>
+      </div>
+    </div>
+  </div>
+</div><!-- add add_recipient_map modal -->
 <!-- log modal -->
 <div class="modal fade" id="syncjobLogModal" tabindex="-1" role="dialog" aria-labelledby="syncjobLogModalLabel">
   <div class="modal-dialog modal-lg" role="document">
diff --git a/docker-compose.yml b/docker-compose.yml
index 59bc7cd2..20216088 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -184,7 +184,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.11
+      image: mailcow/postfix:1.13
       build: ./data/Dockerfiles/postfix
       volumes:
         - ./data/conf/postfix:/opt/postfix/conf

From 2c5f6bc24b7ba31002be227ad05e3d43472feb9e Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Tue, 30 Jan 2018 08:58:41 +0100
Subject: [PATCH 002/107] [Compose] New images, disable watchdog debug

---
 docker-compose.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3c3b0c22..4a6a53de 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -104,6 +104,7 @@ services:
         - ./data/conf/phpfpm/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf
         - ./data/conf/phpfpm/php-fpm.d/system.conf:/usr/local/etc/php-fpm.d/system.conf
         - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini
+        - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini
       environment:
         - LOG_LINES=${LOG_LINES}
         - TZ=${TZ}
@@ -128,7 +129,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.14
+      image: mailcow/sogo:1.15
       build: ./data/Dockerfiles/sogo
       environment:
         - DBNAME=${DBNAME}
@@ -186,7 +187,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.13
+      image: mailcow/postfix:1.14
       build: ./data/Dockerfiles/postfix
       volumes:
         - ./data/conf/postfix:/opt/postfix/conf
@@ -311,7 +312,7 @@ services:
     watchdog-mailcow:
       image: mailcow/watchdog:1.13
       # Debug
-      command: /watchdog.sh
+      #command: /watchdog.sh
       build: ./data/Dockerfiles/watchdog
       volumes:
         - vmail-vol-1:/vmail:ro
@@ -331,7 +332,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.5
+      image: mailcow/dockerapi:1.6
       restart: always
       build: ./data/Dockerfiles/dockerapi
       oom_score_adj: -10

From 81c1ed9e4d82ce32a88825d03787db233e886110 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Tue, 30 Jan 2018 08:58:59 +0100
Subject: [PATCH 003/107] [Update] Fix update check

---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 57062ba6..d00cb0dd 100755
--- a/update.sh
+++ b/update.sh
@@ -73,7 +73,7 @@ while (($#)); do
     --check|-c)
       echo "Checking remote code for updates..."
       git fetch origin ${BRANCH}
-      if [[ $(git branch ${BRANCH} --contains $(git rev-parse origin/${BRANCH}) > /dev/null 2> /dev/null; echo $?) != 0 ]]; then
+      if [[ -z $(git log HEAD --pretty=format:"%H" | grep $(git rev-parse origin/${BRANCH})) ]]; then
         echo "Updated code is available."
         exit 0
       else

From 03ad0f22c48c8d067b7fb3f8854d6d253b646a34 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Tue, 30 Jan 2018 09:00:34 +0100
Subject: [PATCH 004/107] [PHP-FPM] Add bind for upload.ini

---
 data/conf/phpfpm/php-conf.d/upload.ini | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 data/conf/phpfpm/php-conf.d/upload.ini

diff --git a/data/conf/phpfpm/php-conf.d/upload.ini b/data/conf/phpfpm/php-conf.d/upload.ini
new file mode 100644
index 00000000..5cb28f10
--- /dev/null
+++ b/data/conf/phpfpm/php-conf.d/upload.ini
@@ -0,0 +1,3 @@
+file_uploads = On
+upload_max_filesize = 64M
+post_max_size = 64M

From c7280e182fd8909aa79e1e201de10d18c897f223 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 09:40:08 +0100
Subject: [PATCH 005/107] [Update] Add --ours parameter to override merge
 strategy

---
 update.sh | 83 ++++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 54 insertions(+), 29 deletions(-)

diff --git a/update.sh b/update.sh
index d00cb0dd..3054e757 100755
--- a/update.sh
+++ b/update.sh
@@ -4,9 +4,51 @@ for bin in curl docker-compose docker git awk sha1sum; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
+set -o pipefail
+export LC_ALL=C
+DATE=$(date +%Y-%m-%d_%H_%M_%S)
+BRANCH=$(git rev-parse --abbrev-ref HEAD)
+declare -a DC_PARAMS
+
+while (($#)); do
+  case "${1}" in
+    --check|-c)
+      echo "Checking remote code for updates..."
+      git fetch origin ${BRANCH}
+      if [[ -z $(git log HEAD --pretty=format:"%H" | grep $(git rev-parse origin/${BRANCH})) ]]; then
+        echo "Updated code is available."
+        exit 0
+      else
+        echo "No updates available."
+        exit 3
+      fi
+    ;;
+    --no-start)
+      DC_PARAMS=(${DC_PARAMS[@]} "--no-start")
+    ;;
+    --ours)
+      MERGE_STRATEGY=ours
+    ;;
+  esac
+done
+
 [[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing"; exit 1;}
 
-CONFIG_ARRAY=("SKIP_LETS_ENCRYPT" "USE_WATCHDOG" "WATCHDOG_NOTIFY_EMAIL" "SKIP_CLAMD" "SKIP_IP_CHECK" "SKIP_FAIL2BAN" "ADDITIONAL_SAN" "DOVEADM_PORT" "IPV4_NETWORK" "IPV6_NETWORK" "LOG_LINES")
+CONFIG_ARRAY=(
+  "SKIP_LETS_ENCRYPT"
+  "USE_WATCHDOG"
+  "WATCHDOG_NOTIFY_EMAIL"
+  "SKIP_CLAMD"
+  "SKIP_IP_CHECK"
+  "SKIP_NETFILTER"
+  "ADDITIONAL_SAN"
+  "DOVEADM_PORT"
+  "IPV4_NETWORK"
+  "IPV6_NETWORK"
+  "LOG_LINES"
+  "SNAT_TO_SOURCE"
+)
+
 sed -i '$a\' mailcow.conf
 for option in ${CONFIG_ARRAY[@]}; do
   if [[ ${option} == "ADDITIONAL_SAN" ]]; then
@@ -44,15 +86,23 @@ for option in ${CONFIG_ARRAY[@]}; do
   elif [[ ${option} == "IPV6_NETWORK" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Internal IPv6 subnet in fd00::/8' >> mailcow.conf
+      echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
       echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
     fi
+  elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Use this IP for outgoing connections (SNAT)' >> mailcow.conf
+      echo "#SNAT_TO_SOURCE=" >> mailcow.conf
+    fi
   elif ! grep -q ${option} mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf
   fi
 done
 
+sed -i 's#SKIP_FAIL2BAN#SKIP_NETFILTER#g' mailcow.conf
+
 echo -en "Checking internet connection... "
 curl -o /dev/null google.com -sm3
 if [[ $? != 0 ]]; then
@@ -62,31 +112,6 @@ if [[ $? != 0 ]]; then
   echo -e "\e[32mOK\e[0m"
 fi
 
-set -o pipefail
-export LC_ALL=C
-DATE=$(date +%Y-%m-%d_%H_%M_%S)
-BRANCH=$(git rev-parse --abbrev-ref HEAD)
-declare -a DC_PARAMS
-
-while (($#)); do
-  case "${1}" in
-    --check|-c)
-      echo "Checking remote code for updates..."
-      git fetch origin ${BRANCH}
-      if [[ -z $(git log HEAD --pretty=format:"%H" | grep $(git rev-parse origin/${BRANCH})) ]]; then
-        echo "Updated code is available."
-        exit 0
-      else
-        echo "No updates available."
-        exit 3
-      fi
-    ;;
-    --no-start)
-      DC_PARAMS=(${DC_PARAMS[@]} "--no-start")
-    ;;
-  esac
-done
-
 echo -e "\e[32mChecking for newer update script...\e[0m"
 SHA1_1=$(sha1sum update.sh)
 git fetch origin ${BRANCH}
@@ -122,9 +147,9 @@ git add -u
 git commit -am "Before update on ${DATE}" > /dev/null
 echo -e "\e[32mFetching updated code from remote...\e[0m"
 git fetch origin ${BRANCH}
-echo -e "\e[32mMerging local with remote code (recursive, options: \"theirs\", \"patience\"...\e[0m"
+echo -e "\e[32mMerging local with remote code (recursive, strategy: \"${MERGE_STRATEGY:-theirs}\", options: \"patience\"...\e[0m"
 git config merge.defaultToUpstream true
-git merge -Xtheirs -Xpatience -m "After update on ${DATE}"
+git merge -X${MERGE_STRATEGY:-theirs} -Xpatience -m "After update on ${DATE}"
 # Need to use a variable to not pass return codes of if checks
 MERGE_RETURN=$?
 if [[ ${MERGE_RETURN} == 128 ]]; then

From b2032c0e8afa8d4d68c57ea8eec805fed181f6f8 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:28:17 +0100
Subject: [PATCH 006/107] [Web] Hide up time of containers that are missing
 [Web] Rename fail2ban logs to netfiter logs [Web] Adding timeout to curl
 requests for dockerapi, fixes #981 [Web] Removed cow from favicon

---
 data/web/debug.php                      |  45 +++---
 data/web/edit.php                       |   4 +-
 data/web/favicon.png                    | Bin 6856 -> 15428 bytes
 data/web/img/cow_lock.svg               | 198 ++++++++++++++++++++++++
 data/web/inc/functions.docker.inc.php   |   3 +
 data/web/inc/functions.fail2ban.inc.php |  39 ++---
 data/web/inc/functions.inc.php          |   6 +-
 data/web/inc/init_db.inc.php            |  10 +-
 data/web/js/debug.js                    |  16 +-
 data/web/json_api.php                   |   6 +-
 data/web/lang/lang.de.php               |  11 ++
 data/web/lang/lang.en.php               |   7 +-
 12 files changed, 277 insertions(+), 68 deletions(-)
 create mode 100644 data/web/img/cow_lock.svg

diff --git a/data/web/debug.php b/data/web/debug.php
index 0723ba6a..f9685ab4 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -23,7 +23,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
         <li role="presentation"><a href="#tab-postfix-logs" aria-controls="tab-postfix-logs" role="tab" data-toggle="tab">Postfix</a></li>
         <li role="presentation"><a href="#tab-dovecot-logs" aria-controls="tab-dovecot-logs" role="tab" data-toggle="tab">Dovecot</a></li>
         <li role="presentation"><a href="#tab-sogo-logs" aria-controls="tab-sogo-logs" role="tab" data-toggle="tab">SOGo</a></li>
-        <li role="presentation"><a href="#tab-fail2ban-logs" aria-controls="tab-fail2ban-logs" role="tab" data-toggle="tab">Fail2ban</a></li>
+        <li role="presentation"><a href="#tab-netfilter-logs" aria-controls="tab-netfilter-logs" role="tab" data-toggle="tab">Netfilter</a></li>
         <li role="presentation"><a href="#tab-rspamd-history" aria-controls="tab-rspamd-history" role="tab" data-toggle="tab">Rspamd</a></li>
         <li role="presentation"><a href="#tab-autodiscover-logs" aria-controls="tab-autodiscover-logs" role="tab" data-toggle="tab">Autodiscover</a></li>
         <li role="presentation"><a href="#tab-watchdog-logs" aria-controls="tab-watchdog-logs" role="tab" data-toggle="tab">Watchdog</a></li>
@@ -112,7 +112,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
               'redis-mailcow',
               'php-fpm-mailcow',
               'mysql-mailcow',
-              'fail2ban-mailcow',
+              'netfilter-mailcow',
               'clamd-mailcow'
             );
             foreach ($container_array as $container) {
@@ -123,21 +123,26 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
                 <?php
                 date_default_timezone_set('UTC');
                 $StartedAt = date_parse($container_stats['State']['StartedAt']);
-                $date = new \DateTime();
-                $date->setTimestamp(mktime(
-                  $StartedAt['hour'],
-                  $StartedAt['minute'],
-                  $StartedAt['second'],
-                  $StartedAt['month'],
-                  $StartedAt['day'],
-                  $StartedAt['year']));
-                $user_tz = new DateTimeZone(getenv('TZ'));
-                $date->setTimezone($user_tz);
-                $started = $date->format('r');
+                if ($StartedAt['hour'] !== false) {
+                  $date = new \DateTime();
+                  $date->setTimestamp(mktime(
+                    $StartedAt['hour'],
+                    $StartedAt['minute'],
+                    $StartedAt['second'],
+                    $StartedAt['month'],
+                    $StartedAt['day'],
+                    $StartedAt['year']));
+                  $user_tz = new DateTimeZone(getenv('TZ'));
+                  $date->setTimezone($user_tz);
+                  $started = $date->format('r');
+                }
+                else {
+                  $started = '?';
+                }
                 ?>
                 <small>(Started on <?=$started;?>),
                 <a href data-toggle="modal" data-container="<?=$container;?>" data-target="#RestartContainer">Restart</a></small>
-                <span class="pull-right label label-<?=($container_stats['State']['Running'] == 1) ? 'success' : 'danger';?>">&nbsp;&nbsp;&nbsp;</span>
+                <span class="pull-right label label-<?=($container_stats !== false && !empty($container_stats)) ? (($container_stats['State']['Running'] == 1) ? 'success' : 'danger') : 'default'; ?>">&nbsp;&nbsp;&nbsp;</span>
                 </li>
               <?php
               }
@@ -198,18 +203,18 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
           </div>
         </div>
 
-        <div role="tabpanel" class="tab-pane" id="tab-fail2ban-logs">
+        <div role="tabpanel" class="tab-pane" id="tab-netfilter-logs">
           <div class="panel panel-default">
-            <div class="panel-heading">Fail2ban <span class="badge badge-info log-lines"></span>
+            <div class="panel-heading">Netfilter <span class="badge badge-info log-lines"></span>
               <div class="btn-group pull-right">
-                <button class="btn btn-xs btn-default add_log_lines" data-post-process="general_syslog" data-table="fail2ban_log" data-log-url="fail2ban" data-nrows="100">+ 100</button>
-                <button class="btn btn-xs btn-default add_log_lines" data-post-process="general_syslog" data-table="fail2ban_log" data-log-url="fail2ban" data-nrows="1000">+ 1000</button>
-                <button class="btn btn-xs btn-default" id="refresh_fail2ban_log"><?=$lang['admin']['refresh'];?></button>
+                <button class="btn btn-xs btn-default add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="100">+ 100</button>
+                <button class="btn btn-xs btn-default add_log_lines" data-post-process="general_syslog" data-table="netfilter_log" data-log-url="netfilter" data-nrows="1000">+ 1000</button>
+                <button class="btn btn-xs btn-default" id="refresh_netfilter_log"><?=$lang['admin']['refresh'];?></button>
               </div>
             </div>
             <div class="panel-body">
               <div class="table-responsive">
-                <table class="table table-striped table-condensed" id="fail2ban_log"></table>
+                <table class="table table-striped table-condensed" id="netfilter_log"></table>
               </div>
             </div>
           </div>
diff --git a/data/web/edit.php b/data/web/edit.php
index 43e055ca..1611a6af 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -661,7 +661,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
           ?>
           <h4>Recipient map: <?=$result['recipient_map_old'];?></h4>
           <br />
-          <form class="form-horizontal" data-id="editrecipient_map" role="form" method="post">
+          <form class="form-horizontal" data-id="edit_recipient_map" role="form" method="post">
             <input type="hidden" value="0" name="active">
             <div class="form-group">
               <label class="control-label col-sm-2" for="recipient_map_new">New destination</label>
@@ -679,7 +679,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             </div>
             <div class="form-group">
               <div class="col-sm-offset-2 col-sm-10">
-                <button class="btn btn-success" id="edit_selected" data-id="editrecipient_map" data-item="<?=$map;?>" data-api-url='edit/recipient_map' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
+                <button class="btn btn-success" id="edit_selected" data-id="edit_recipient_map" data-item="<?=$map;?>" data-api-url='edit/recipient_map' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
               </div>
             </div>
           </form>
diff --git a/data/web/favicon.png b/data/web/favicon.png
index 6390041d6004a1dd9c8793ba386ce2a2662d940d..69eb2fcd1f25c33001a6e67f9b2a257a5fc5c8d9 100644
GIT binary patch
literal 15428
zcmeIZ`6HD77x#b7pzMT5GNZ*3Wl5oIqmAscR1!*|1&Qp;NLjO#gvee(QBigyYsnT#
zA!A0CD8|+d#>{=@{ki{y@AtR+hqBFeUFWr(=Q)pat{6*mLjm6Hya<8_oH9Co8bQ$T
zEgIq81Yec|zOKO+PB#NH0|a@K$j7+I1wZrLG&<*lAc9Tof2ger#sv7Kr0<EdzSdr@
zzWx_)T|sVMyz1$z?0Lmk=Ag2w@&UC4nX4%XqW$62aRZwG$G<;$l6DM+lDxm4GNyE+
z$9P2c7@_wB5Gsw9^cpiLp~*61#or(QIs4e-M~rF8mDMEU=a)b8UitLU`2A7q<EM)X
zI#O(8t&A58=E7Sk4w-z;5_~T?lOF{*Pw8E(uNzd)5wB&1YHvJud!9I7He>w=`7`_@
zD~rkUOPJ%jD}0oD=l}cf|GPO5X{)1cSWDEiPR?|gI`uUF4*x3uPNi`DbeZW&A=AG`
z|Ion!l6omCm=kw1;or)i2h1HfzO~cIYsBFd#@YuPryjf+jTYiD6Q3o~?^TfXnLpFl
znz@oy{>Yx{6Tgs}`C?FlalPK4bU?2(YHe^C&m!44&1ApJo)LJC_$Gug(m5W}{gI&;
zW%Bt`qpxXko=!c5x6f6%&8)P_Yo5Fk@{rjsbm0ZQN+lg@$Ew`p$&W}IqL8L$#;%um
zHH?W+fujlWL5<4W9+4ONj?|@j;+Lf)44pK{Jh65W<txF3aI08vN@#en_Vo)<|BAOu
zMWnX=2J?>4?}(1}WdV}>1`cV8KqJR-P8KIwG^P3au)eo#F9gnf#XC{U>OPQC*T^rW
zgk&BmAh?1@{TsR}QyK-251#a*B}+1>U2BmZ+1|%ccXx0h(Ro=#zD_fmT`HsTY9p%w
z^V9Pd^#xwNZ+>VB<Gx!Vgz3IS67v!%s>kF0ukO|m2eP|U&um{jT3A2~kr`Tcq1V&a
zgS|ZNPyU<wi!FF;x<dQ&(9`t1K-S9xQaz{B$yXF>S3@jZ`>R*<ImX61cQ0mhqzzJk
zU_0~vJYSl@zb79|!Az&PovmGd7Mrdagt>8l`rpJ~>^>vuzb5g~nt59};%xn9Pbd<n
zG;Fo#1&Y$EwzgqYCv44#1=sEoPq!=LOA-c{>I50vLF^V5Ec3S#`-S1+CmVdWf%8H(
ztFJ7IDda<n#Cc4LRJHMy$nK;mXTIlarzbk4unpB}#ly*a=PM!?1>7HBJym^Su!PcL
zUCj7bxO{RgR!_KI?#6M%;{*z+$+M$BFRoi(FV<R(QzZJo>+r0`^|U|EJ{<5l)3r*i
zG$J0u#7Z>e>T|@|OiW9(2%vMCVe++X9Ibx5O8w~5zgf4CrAJlgej+MduwI|MC7SeA
zXlZ)`t)ih~3*svXD;~b0s2`N7rSg=2nPKnZyIJ(7A~TL2zaxEc{rWSaxCSR7As0a|
zoYA7+)snwpwnD4Rz?=;+b_uBz*JYHYG@L4VJFJ|~iTpec_7-a`+}FaM|CYK|-p1{<
z|2H#>C`vRy6i_$`Sk%(1!&KVxFZ(cY=i>QeO3xXYzrCCvFs8(Rc$Cy7ni@%Q<D}Rh
zQ^oqHPUc=H%X-6iPd}CY$nV=GJU{UlG$`!f_eoI2dLY8$MQ3DxE3tB6R20X99En3C
zz77`|R^Ea`E5&`I!?xZufhN)?U(_~#=5fO6(fW_M>2cl94*Yw4<X^Ls%|J|{jh}lA
z-RlNe76p$?xV4?hQD3Z6Gn7%*E;m^Gr%inVFaL2l+t<aVU_CBdlQmKK@+GM%a;T-h
zhVvkPcjA&Uj+{Y><PcWnMS6G6+Fty##e43Yz&@LaQ2(c@PG*wAtXF?}q;~&w>f_MO
z78Mt@ZJ#A>Se(&be(9;`7Q-5qs|~!Tj3NnZ$PjQ~fnaYlp0z=#D?b2V>&snd-(X9x
zGtUtkvUKAg%&EXk;>9E~Kh*uxU*GgCP}Z5gV`28jj4UCU3&q|kL!GzjDyO$@-0pKY
zWL)d@kmwm%)bQ29N9wf6c9;6<wCfwQD$1P>rl*H|N&+|%OQgd}?};?3qj1BP2;pB*
zjR32&@sjOfDnZL4QJv_Z8T^;<2REM_|7Fx+6t8>xUPV%Y-?ZeyCi64ebtfk@o+^da
z$5)Sd9ikly97nqga3SuAGuIX8=idccxLOLa-bA$=K4R^;v`X2oZnpBQ;rq6~U9!5p
z>n|&MO@ENfTczX{j2kB>C`U9NAvtESW2u=@ti9NfC#8~I_&u+u=C|k9SMT^czq&gx
zS9I&iQZcXZnQ~6Ovd;Ia9t+4K?i{>`@JsPX{B4F+pl5gPfqyww-}Z&-21~(Zrtmy@
z<%7opmjxFh&zY6luI`tJo&9k+vd3!RkJCpfX#yU6h}OUv+pwNj6vo?6H?+)bh4hqr
zOr$pWZmZ98q|I2Qux~W2LJtRf2Nn!}NoimQMP7UFl|{ID;mkxzGHboWryj>IQN7&P
zLbQ*?nS0!)ttQXS|BzKaaO^L2i4uP;b}#C@iumBWTuuZ9C+L-rH1k+taAA+cluPoh
z^UA`5S-&^JzfQz2=;4<ocBEG~?&FASk^0qhB!%P`Q`d0s47$(h;XFUm#lE<xF7H;Y
zr`Xh^cuj_UmY8dv{=L7cF|$3szB#n_Z2{T(zZ<eDDn9y7Zcg${!Y9Z&yYs*_ad9Cx
z-6C1tvn{KaMZZ!td9_Qo5Zhs*gbuc?Gty^FY+Ft|S1Vji@l49NZKj$28;%2?0z#1T
zqO<O3rQYbgw|FfoOWZXlgHk%_+5Dv;8RG@x>|aGYSEUj<zNmck7a>$zAqeT(#C)+s
zIWf?}W%RYgFRJDx8-(8)tt>&zjt`WVl|`sAXoOA?U_B^lIegh=@=9+rDf%4hg_70{
zXJcec6!y=Pb*fWw6sw%_^1AIlJ_7kPx^L1Zc77u_U<#EMjz$hXvs+8(@H{WuBOT`_
zh~NF5tI>T;I-%bRO_+o|9C%oWMfMpw!iYaBf#g>$*)Oc0PZy!ixwUGG;yAdF*Tq|j
zfAtvW4_i4VUvfhDD@9(PO(Ct`4=6<UDj<!S*IK=b{ya`u40$sR6D4AW@EarSvn><b
z1V36M_bH{bt;3hD7&lrl>jUIDVostE*P^Wrxlycpi#l&UdK@XsZzdVppj2aPJ%zmz
z2O4+TG8g7!{WX%#iXmg1qf}CzL)LEb6*BQ;=DEL*s?g4sXaWM33mx~MOU3L%BG2=j
zePQesdb(~Yyam=g>)PCvlpnsOI-2`x4m09g#F6}pDe;B(KUPko5m4c;Q7r0#i+0~9
zG|DX7<(!1wtPA(lAltfS$GR+{wK<Zui6MI&4$%fa!elLQH7fkAK35mNv{!nys>&LP
z!J%+>Y|EXj(&J59e>jUiCVN>T+l_<0`YTKPzx~Y=l0{-ppm0a41zC)5DY=r&O<c}T
zz_G4)ES*OO+5R>p?wQ+zdufFv;Rcpd?YA+nxBlqgFGi3YF~%8hm0ua;)8-RC4;Gjn
z+IZN(zkiDx!E9R;(Eug<i1zcD*KS$lbsi#P0H^-F$+E*a&FkHFQC!Y~V0`ZqrJJJ#
zl!?dc@LHfQqenP#RpTNC3}|dpLUHi54trT=2H1_n5YFZzGN?K-k$iCBtXDG0uPAFb
zS(<GqW@3X@lR`N52x);>Lv88^gKt<xV(Qd)OXSIzJ(_nsF-Ci<FrOIGa(1G=r)YU>
zFXhcoImKpD4sx*QElY3y4z91~lJz#c%}6!jV?HAD9PIp<66APy{VMCX0-|Rls554V
zZZqXMtAAadV^=(yunkoDTqT(}uITM~SCXqyeoEvuE3Dqf3N5@Fo@2WDRAOZz^i2SN
zWekO?selM7x(F3_<}{lh<-uiIBEq{%n~7CRyD6E`XkJ2o$M<6ivSWIoV<BcEsBj|~
zr(B2rYQ;E}XqPEuWq@)Izs~b9ar6`qZrKVE=9s{;5-?0b>`DTieeeCn3Ho^^1eWG~
zOSEvH7;-#wiAuU1p(T_Ti54b&Gj61{NQ-jo@*=xlLdY=^$(jq`$48)rg~8@^@lcsi
z+Yy6sOBi;Zu@^H^k9ovl_6jYYvY=nAfS`&oAr4nGG8LJ1;JS~Ca3NcM9buRRFMHc-
z%^6B^$v8hk_H2URS_dtOt_6Ii>L;LkH?4@=tfBi1|MFwrIbyeZ-n*UaXcU^j4SO*y
zVC3EGKr_p3K?}QCjG$3uu2Xb?y>Q#$9^@m8&%yJ;iSynt<lV-|C75V#XL?UOy4UqN
z=jEu!(Zh{$mE+rOmGEaqa>Ffi5Sd@G$wUQ=)2mI(RP2TQn4a-SbT8`NF^k$1!h;e8
z6t@a5a`dHEwYg5IeL9&que_jzF%%;R=5osTDInZ?Bk?{8h_sFN@_lA?YV2^cT;&F@
zt<uK3s(g+M$51%#twOr;7{gba#ETc1!7bx{nO4Y=mwwad3PqBBzK<0l+=QjN94p!r
z-EN`eMJFj?%En>*TreIq7qYX7N=rod%D!vvDf&Y_OnLw2lV|<efmo6_7Qq?9LW<m5
zFl-%v#&#W`!~r4Zyu3Jx>Qq9U0%}?h49`*h7afpUafu$RfLw4j#(4&$SH(jJGkt^?
zskv6)PwnAXcBN}t!YBO#;yXN!Sd5r!{OI~@`-&<+4oCSST*!s|C>C?QWjxQ!m3rA$
zGT2B*P<{)S%$^aGMqXp2CIU?;b*68=hZf%D$n!m<p{o8yok$X^hKfTCMWYGkB@L5W
z42z3&5Q&TGt9O)9N-Z9)$>5}lCmkPS58|{fk=|25^eI}Ycp_fIm42ojo03?`V~FC0
z<;x?$9WK%<xwvFr`tp4As<s^Q({SYZ7-kzLj55eWazu;EX2|%cfV%SktI2X$Cvq-w
z_s1{$3uwF8;U2ki?;>TC(*vw2&Qbw!*HmZtllEbzZp<{ZyjQDYg)EV#1Q7ywmYk>C
zm>!0xXtXu@{e@kghEipm1;l;&RRlXLq*poRjE(1DJjJ_9PTe=M*j#5X)=-U)OXk40
z>J&n*Yz=3~sjwu}s~jXpx|2!@d>Wurev!TocM~&4j^0HRa?}{wv1sALvo;skuTV7J
zsmbQtTIO4f5WH!C!V%a?IFfL^Wjxi)Z`#y0Bfwb8?vkDu!RXdLl$3csr;L^u!r3Cl
z+<hjdeLn~-HppJ<WS*oL;bR_W&S%(!NHY=E_rY_M#*ZnKfA3%_Y;8x^GwIHpPfnt6
zao3*Bzj)cKa^Oe2i6j%1gS6m2<mwi7wW=wg*m}R88p(QZySVTvPmhtkHSr!b3N0-9
z2=N6+n6QmW#-XAg+-cT!?~jPHU47aUEp)mu7L9CvN2#>=M*j2s2ia#E6O|7R%X{h_
z<=^}5Ih>6sE=2F$L57gN3TA060WExNPIm0Xf&pK&0z%ETqsukxUsgcWY<;yd?1G$g
z6<Kuu*3Bxad|ZfGG05ZFjMUHV(s3itukf=p^1$PI4+>D;SHf7&i6I9+gwnGMqgdM)
zzDGJ+BA2?WIqNotDG`!%*s4n}CW(`J40%cB-;*dKq)?=nRKj*h^qfsPV#rw=AC;0$
z>H+fiOYL6Fr^ir6(S2FxTh>1$h#-8t$mEy~L-T*Sn0S#J!v#`f(x}hUUNA_wn~&fu
zyO><f`nwbmo^d<$>0;ksE|dsqo|C9X{((PdY+T1rFKoNiOr00x#i3LFjh4<wjGm)?
z3Q<65!DRGT{ilgR^s=pqw(cstxTA+t3D}Ld^f5y;>@Lf$kaRNEK#aiYvme!ZYGb9z
z0O2`?BG^Idc;J{xi_1NMX5u<L`3$DsnuL9XXyqV#vcN<8@igmmDj=4SK>S{BdB*ut
zREXDzn-`a7+mD~oW8hyTN;kdXetH5$Xs_lp)!B{Nk%Wj5T8ejU)OA1zt0VVamC<|;
zO%MWw{rhy&*%~6a2A&frqdik(VrYt9H~blPujnHh$%F?7elBMGf5MokIjzi#xO(qL
z-CJmHiP&^07M-M!LeqnVDWbTLBFR`sF(i6M*7-pI>4#VwcB>F3dM7XLQW`lMqjMsp
zb6D(Tsc@nS_hy)Oo5NH@7V*hP_S}IXdA|#AFbJ?joF^R6f;t64m{~VzQxHVL_ma9L
z$w>TtD@0Yr8hwBxu66y(a}dl>;atuZaW0u}9rJZBJ`<bAv&dLU*e8&=C3WzhMym>N
z$-H-n!h28MrYvxfkE3w?;JHGB&eq9c+=VZS5zZ>Ie)T6bv+NhD!l`*kV`>nO*10+h
zkH!3wy(oYW(N7l>@rFY9s3ih51HZ=#89NU-#04~isHUJFBrhvtu7JFu=zw2Qz{m@S
zi6L6KoCLHmmY;PQ?so1rV@siW#DqWTWmJ0!C7gT9QB?H3zKrbNL=%<-T1kzuI}uHI
zY$K#M=XX)qn61vcdIIV5)hBc?GWOuHBxPlC;cT~2H*+E3FH#Bpt?NT_m9v{}zg&zB
zARPS&pD%&UxVA9mPp3g5d%m?@KQ9JNXta^fvPs_=CGvVnLIGuU92H&A_rPfjHp;KQ
zxQ-^c;GH-P;gsbg0%tCAT(BA24{D-ijeZOJZT+WQ<&r&HB6V)=ybBLMy+$T(#roTE
z1kp2+19%dBj$^qH4=e5Eit{|%s$)fjw}LNHFfSFwdfB<s=W9(uLUv=ob}3_AC)gKG
zPOJtmZ|BI<OM6!#^!=+zBPn|G!MmJXGRv`1PQq9xI}W}TD)D@X&TdDztad2ZZDph0
zW<==5+hMyR``_A>aDkmT6!$wyOFw12!&rzFTOCwL)jG+5+irQ4LLiC@-JCwai*r|F
zeBtLsj<hMEnx~@IBLrk+3KWpsUk4cKY~0bfK^YfcfFRXyKu~|)4*lM-0D}0K%{sn3
zTr$4AE{U;;SP)^nO-S9YQ3YgL%NS=0()bKSlwS4b5?y{f$l*m$(f&Y6!$oTq6iHl&
zFs%yDt>R~Oj(sYItddSYegLdG^sf2(2s>ddwxdS|$Q<8ng&cLRSNub?2+8~oariOH
zxX34P{%5SvyY8cVukhn5B0)(@%w|Mh2i~j7{vIGJ!%A%m-y&^*n$DWJUi^CAal!jy
zvZT%l+jcB0qY;J|X}Y+`1#yI=<MZO`)QN~aLviR{>HlddR!C!o%zD9~AKL{Bi+MzF
z&qaJO%~%vHx&z<}#^V%<p38U&;m?_05pqKj=-zYxrMDgwrdRThn@`w5TUg!BFQ6{}
zH;>IpRzRM*K<JmzvN0M-7LtPJ$B4j&Cv<~=bWxa|&D8b~_<Y%?+ls`$BHpYwpZND%
z4J?~1eh~YRi&QvGY)u&sd|H(~d^xh)av(;2qJ3*GBo!a6&_}^=N0<Uh2;q8<@}#Zh
zh1@(btAKb|E8$bgiSHq@-1V)f>EGwp&`)i3g7y&RFUZ7+TOmVDY*~z5FaJ+DVM9{C
zqb@`I$}KBnqkx3_V3<;pOe&nP=r6L)zZAW*-vUJl#w%ca$<b)x7qGPyrz~%lOQp_`
zSud$)QGXPW=sl?-N#LbY2|Y2Joxs&{w(+z6yf>NH_;!b!Xa|w^xz?xHEwueg#<-jC
zjGGu{^JkmCR3C~9hdacv59~$)Usd7H0ayf=q=30k=HSY?@;|w}dj=Mzj-G}*flc`9
zP_1aTvopj3wqk_GAQ2<aeI%LOoLtBo%aPECs_b)+jV4>fZFV~tjvjkyM^|bm<Fks*
zO1EG+2u_e9oV*G#c7yAo*On=GhBn1u`%(^~RWv~?Wh>}<{t197{CLh-G~w*tztty3
zNG}yoo(f0<q`mu<zP|Y+(GrTe33mL^N+nc=S?jpF2#O(2u#;^4`d1g3ZXc+IwJ=(f
ziF*I(jhFu4!rTV`Q_}!yBmv!fP@SRP{P}KZw=(heGykhMu3|Ua!_973p@(2Ui$&@;
zu^+6II9k-lAt*cc5oF@<^IW8}<jJZ}%8x3W@9lpUhn26;^Z&w>*Dp5I?l8v1il}0F
z3AUi{vUBG(MyV`v&AD|o;e))0NN(LcW<EZwufg4V?Tbp>W`B1v!eLu=C%^4Xz#6|d
zQpkzj5X`G7uFv0A1Q89zi3={q7@~x2`&EiMdnG9imtB-^@BdqggE4_tZP0#;yfzw<
z_fSBgc^mh2H{*X9d*iu=z;m_~?FeXm#knKMQD<6SoNJ6TB|qC=im6>HPP5MWsel;m
z`JeuT_CE)989=qz!`ry|zogPT`_0}zRVPRE!_C2#H;}Lufmfg~uO8!Z&p`qd4OuN$
z=@R~q@^h)ULNLR<RF)l}Yw?TRL+2>YZ-g7yJ~E2bKMGNAOG$!$u}R}zO4v2<GqY|2
z_gahsP_Wl(y~Jq8a{2+eOgf<dkqV;>j+)@^@ZnaUlB};r(UQ_k>`d0Ny#T#)a)YR9
zm72HGMJz+jc8I-s+>5qk#*9-*K5<nf)X$?R<arS$WTc4m7p>IXk;ljxr9j-+TbO(*
z<==?noEJ_L7^7sJ$QU(nE{KPorKNRg??tX0#y>A@ewL%{P;f?7HtHuZ4Nf@9KaCsb
zGFF^JY<I}KNzOrA1}zP)Y|OHXA5MJHZrR}D2KuJD`G4xNF$mr{h4T^Nt{75C)_)D`
zZ-5fUbr&Mh*Ds`l>{AKqt)buL-1Md{1fJNT@a6#lZMpWPESgr9BFS8z6Q{|`m;!#$
znUQT|siWSgpwv{5$<w`k8`lOuQw=Y(!A<~H$XCmd@BldaKnH2-X47A-Rfw2S+1B|U
z*GGP&J#&UQNbHfgnHEuVEMI1+Bbs?~$H52U{pj8fNI(6VyLsUWJFbaN7U5ahoJp4}
zU!8u}=id@8dQNR0(i&6PvfiV=#6!?--QeYh&`}2Lwwupqk{E8HwIaeL=+}CUWRmkJ
ze-#Vk%|bU3&`77HHY2k`Fnj-8<*N?Qb48##JRAylE?FbrN}9emQ#J<PhMy?DHHPxm
z=ctKCBc|5cjJggFd%3xCgQ8S|7jJ~ZrAy%Nv=~wcAP~Ru$G{uUQ3HtV;8!^(%j&MF
zxb>10=6(x?Puw36oyV+5)udf}X1H={94BZ$l}7dL1Zn>41Wp=%d}N;B3ACu~m%T3I
zO!RuOndfJ&Vqmo?(t3uBU@2=fTTRGfTvp1+z<d#7`X^=MQu0DpAM1s`H}?0uN1ez`
zs#+k6qXx!hTDr8Ux*~fhtxT=;!%Hjt?=hVP5|Go>6P29D-yvyaBE%ZZ*J>OgYu2mg
zvd+y#qpi>NzS9WGAVfcwsXboxXGaV@I!(AHWg~uHACMcYN+HCX*dAJ%T71o0t{_h6
zC{ZM?%PoYxE)rrzSyU0@`{txt@obT*@qZeVejW7`a-2KA$wZHoD*TX9GmB$%otr^?
zl=LMr>e}Sz#a`Z$7h4G(N{Ukl85UN6W+&Fq`|L$cGDIeIMEipNJBXG+bT9vH%#6oH
zL*zqELH%j4>mS~!X50i6rBm0WV9eFX&ypUD9sb!C+%bB9k$C+d?#R>X22NRa5d*gi
zc(X9gBx8+=cXaT2{OO${_{6G&_`N7_9jQ@gzaK9^()v}WPL_&SR>mLZ@?9AdUEEMo
zn5#2)Xm88B(UIwEY%k=l34X3n_13d0i=i}8jzhYPM0Hu`VOdI$hAY)3ff=LKc~ln7
zm7~YlAdyDP)$}4+-mTJu(X&6&Ty}yXAf<T_SBuaL*@l=qc!f=dZc2@vwNKZ4T2I?d
zvE++Sl0bZhCSEqbr$w?_teZlAWHt%1dNcxL8w0T%BjAy?wMv7uoyc$&>}2Pv6O=W(
zh{6|(+Syy8&MVxlLekXtyH>8@|2<<q3YjhYT&w%pS5Ov_2FJgvN&v6UpS5MshrHMj
zvD|p+0y@lM$E^zzedsX()_#eO;r=G2V1rST;Il*#f;p`Izu4MR37Ub_yz~%CFk;*x
z3!_n(wI5uN_xIbj+<dtGtlRVaaTLFbkAf-#5t{TtGB7z&Vz!xQfA!k?&ZSeLG6<;P
zlh0JIl|y5zV*YD*ji%a)Kf^>>!TM4jV8xRS&);S+oIdZ=t}{)o_p9gW`Kv1fnJti&
zH@3G9|NfkG*yQ{=OrtVZ(u4-la|TgakXXuX1(!1OJG2}Uce+IqNf!QeS7QQ;wmVJK
zJl)6m<8|~a2uL0q2YZUsw55pI>z=k>$o#h)d9)VQyt(}xjCgT}mfV8q+52xO)vifO
zYcHRFKOVUARz|8dx>o~CHWy<*v*+}-XOIMH@oOt`ay3dZ*Us+p*e#`gR$GIS2uVMr
z$k8dlPg^&-TpN7qD>FXZPTZ%E-%%|8q$x`fX1-<z%?~EMk2l*;Ot`T9#pJ;+f`hSu
zNP3loDNhKyd67%`dW>MVzt=T>VwmmKBYyer-LfkD?FrMDP%r9O@}uP%eHw4nh~fSl
zl~<=koISN=5eU;{!~ySp3ZnNkv|O)zWY~3RW+RnwXRqqJmGa2T!?%kNo6(Jz7-nJY
zaFZNyC6CH)X^q~YEN#YvO9F%I7N@V(TdZQ4eJej}U)9Yk&+o?fdA#4dgZ@JDBc<_1
zhO!u8QClUb@YLh?;qj{qS%I1j6<xKhA)P%%oN2p6-)3`tfdf^LVmSYGJ-G+u!AOX;
zxpk!}r*7U8LS2$i#(y~Q=KB*-e7N6T7F8+ve@mAA1g07f$~I<hSk(N~m~^@K2&sVR
z<Krz1bF%Wv#d_7EKg6D^-zWSW#xHOhZqEsy1+Bw`888B;T+E64JV>f)Q#*4wbEMeO
z-+a+6Vp-~JxIF;1D#vZ<!`FD@=;dcG0~>%$ztv#-3v)5HQ}W8%vL&p0HLYLSWcbj1
z$aRb8KHn|Ty}Uq43+q^pETVJ<xeQ<O_#2=4(v5p2JgV5l5-7|rS_&9v@Znxj%~E`-
zLdvbad&gJlHg{$wXw`nf^QcNl=W#ZI7CxY8FoNsLlE1~>0k%7uA>NwZb<#_I>1*Jy
z-p<}O^jK)8S3awJU2^i^=RUvtcOYxEW>iD|&PGa?wd$2UBUuf#Eh~8~A(uWBak@jv
zIGAW=67gOZ0<M8U8}D1M8b}QN*^6l$PbxO@pjLNv{@SCy9ybU#7M~Cx?Ke^_i(1F>
zE^K4Ar;CcGi%NXbFL`?Sf+s{8$x)>x1ojC{Rjh0#8^;JtR&@0F#q9zd3^-dCcNB%2
zP9Oa6G?F!{4JLFdp#<F;wUzaQ3ZbU5U(lI!M-drVDPGQZ@;*}C<2|`1)b}s;?MzGZ
z=)m4**@JS%USY@mA#b_1GDwt&TkjpA9A+eznCp;z1sUT9)-*r&JxC0;sEp&NK8J$E
z_@eUS599{JKQgOGgPyWEP|NYwbq2(Fw1inxNg{iNN!6WjP%($f)B@&MUk~Z!pKozC
zY?u{My%$Ol?6L{=HeF%Lmm{t&S?<)Zym|3vtbdT-o(`|b<8BZH8<&>(%U`5p&wz^e
z7hQJih<7LgzAnVf-U2zm<YGP7d{-tj?x*i)QReQOM+<Wxrv9lJJBxyZAa`7cksR<k
z<KSQ#@$3jD>`G+MLaDO5a{2IA!_67{kV#SQXLzP<nY$5bP-ST`N-~=AFIo*F!427F
z?rD};J1b*^T_GAY;az%CR&l{0{eW{;o(hm~S~|mi;e1e9j{?_G)Qc2WGIKxcb1~za
zS5Xt)MX~np>3T;#i>02VVc$~PxxlMZdkla^WJw-#hAb_9=7ao>DEzYix-{p~gLcz6
zi&yMkh`0|2=Ic35x_<81-Olp&Te=lWTE&+?!H!OiREw1s-`8%?be(@i2{Hoyb2Qvv
zdvkt}CF|SYn{tOGtV4AT3-pCX8h7c|d5Ypk3vMxeJKaO{)le+RrE7*-tj)34l}=Ja
z=AT+-IOOBcH<*sN8q6F=sZO<(CFsjBGf%lGU;XPFcK^!&JOJ|Bn&PlF^(de0#G7s9
ztH7wnmmeCJ51mJXX1Njz8Lu+ClYT$NXfv_dEev?Vb{ZM~tP10*o|=AWSm~oCMS8Fl
z?L0c|HoBm^p_BIN)>xSC*9|A>WDx{zofkHs&XRwtX5rxj-*g6ZES^^ut1K$X;UgTT
zg$6F0FZ^pRtz%&dMTA>TF7E~e>zlcLyGN4w>VOyKv)8$zO1Ie_ZcbaI^G#!LGS-4t
zc~=A>f*A@+k19SxTvK}-uiLDzFu6N*@);^MF<E-h9yM)S-KDfltv*v1debG#VBx}?
zDUa4oVikr0b&7<ANGQ*F<6i^t{_=}&bd{r1<6m&`IT9C6=*h_BQvK(DPb|WsD>v`|
zFMQc@>d3nTGw?uefOQi`v$oI4_{g1HQhP(`P7EmArs4Hby{s$PEjwdjdC`V-ADzP*
z&CDl-EXrtyyzlU+ZVZ0>A@g2$-Li8><g)ITI(DTl^e7KO8pw{DUh3SfFWV#W+tS@G
z&0I^KO)zD#7Kw(HX*659GHP;{iHlI&?9MP?HA;iz?BTjhGB&IRiN+@+srED&C8_}U
zxdjkJFIgp^Y}J@XGz+CK`Fe9&BD-=b)?F98U0sZksY}uNyvR^9KV+jV>!WRAn<DWL
zz3*zOTR0t5_aluKYKdk~%a~c|Z7JsD>9VN7kJoqIS3tI$9=TmluPTR3-k`Kq_zb{t
z6CtQM#<i@E0C_wmMu_%S1aQ98Ew%GilsibZRzfo=<Z@?-silMH#gnLLnWZfjzrEd$
z@kGn>BIvi>+UfUworZzR_%sDYBfPld=}P;J6Ad$<VdQYQbtjyEM4h3sb>2<N$JjX%
zUjR(&<?Hcl3*J|grH@32u<LadogVb;XW(GA3?5^TqBN|?eO2v<L>c6f_6|Z{z$2RQ
z?mh!qj6k!#2GH*@8?;8&Cl{?v3dqgLgN&%hFNQdYx-G!O#5+v_N?O`W0A8)ZA1VLV
zb~fv~0%RoHqXV!OkJtn<++R2!z`9b%L;0%!)m#6nw-lDlaAxmJ0L(gKIwR6pts?@Z
zndgUU%T3#<iHCS`JKp(fSQz6T!Mcc5lJSaDTM{*SaSp#ll7?@E)2rU+avlc)zjUkS
z;kIUd9tFgE(jHxv=LUmup74{jDwWL=79&(aM7nfq!P^t&ZW9~c4*A3Z;)SVerUXSx
z1N{CfHyFTiA*gORjpEFEw?eK73h`D~=RGJJuFX`79l*W=WSxPZjgQJzP8>DHMFY@{
z>!)JRzJzo+c6R4`;M|u+M^c9?OhXvMmguH9Hh?xfGrL~s|83(6++!avuBqxV0T%o=
z&sq7>n7LeJj6=CuU-z|<t)PxfY1DUM$w?65x9C$A8t;e*>xm%&9qV)7XmQO{5*|*Q
zNH{vla`Gz?@{!?ZYqNV%7Y$GZ43jo}vB9z~d$NEPdW97VE{LBOcPCI5hiz{ik2rC0
zU2$XO5kVE$yF(zW-n^Nl<0A7a>Ub`)C$oCT>*{^412SJL+#s4d2mx_7dfgGeUSGKI
zY~9VAAJ5?DLgoNK8GGwO2bD~2W+Wb8rkFUow>0WFKw=l=m8X(Nj%m4mw?fy%p_6cv
zyMsNO@$bM=7`>3q1(QZ753Te9YrCt~tgl{mw$9>42h=$SkL6h*H_>IBY?>eWUCcl1
zxP#DNczP1V4Cc+miYYs9-8~pCq#OV<`7FA0>)^3<OGG5^2s7HhH0*Z+_?qTBus|zg
z<DRn4gDaFEcOh6rEg{xV&6rsfP=wA;4k9}00kHu$-sEz!jh_T*>^EcBEa<)7`?tZ$
zK`1Q}jVKL@SPuD=S7Gj)Kt-z!k}Wt40T-s7spqV!V;J#3YJ)Q!AVrU>GJt-RZsrEh
zVZ0&mv2OF;8*mnEo(7y2V)eKF1%w!70r0--73VU$DXVp*_Xsbp6WCZ&LP_fiyG#>O
z1hHiQsgDY%zXnj5g6=9s?TX_gqZ<5pEtpD8Fl5v}wF)z0g<NV1r28m)R^=m&r#9^O
z=#?Ec=HcGKC9?^R=|D4S;$dcL+$_qBP3c=FPXBV`sWNmBV#49>mSP5-Hy-{TNlt`z
zi(ZjJ5ohI7r9^XkAtoGc=$o3VyiiOG`}uMO$%c`n2ioiF_9|gYCJRh(|Lq)iC?Dlr
zi^{f!>R5}%^=7Ie0VMY>v}+V7ZpOf}`G6byrNgLnEFfl)6C1(9q(S5ynwiJxE5apn
z=~~p_3#flVrSOy2g`xyASU1ic5D&fR8`WN3=y2lsm?on7FR2RihwTor%&C~+emM|<
zNd2L3K>z8<Orv(SjLxx3#sm&toQ-M2*g=L*#+d*orBWU?XMPW@9Vc|Mex!+5O5@Ku
z2p!<Xi9xC!SY0LUv5o1j4t}}q6=x>pLa3#^P`MS-1TzA4TX&bN{m%6KE*NtO1+wt*
z3<24kKrw=9hQn-qn2LwKlscnpovY<g_!vx^U+V?U==Q@>K6{sEKD4*4P}Ri<uNNa(
z#@@p}erY@fSOW~KcT1OG@$UodGG`|=6d2Fe_53jz?rO`F%JHKIUewLm4+@t?>Av1N
zo)v!vEte%W$iXFZcNvObF;!hRwlSyC!23IjIQgF%@T9??Y<5Jk+MbQxM*TVz{yrDU
z83(T$({3PTOt_C0-acEWw0vr~0~QweLynSzG0ty1eeLXOMU~@eAoL$@(=()>kP}Pc
z!s~2z-F`yKxG_cn*=f10`t-<2jUTzPe?CrYK>YBLLGeuw2&o`T6lMcjKX);z+4>wm
z{w_2QT>#G+@cU~H;%jxWeSlrG=YQIraZXrV47p2K{l45vS?B`>7L_gf%>?R&sa2tw
z_sEHskbCXfVbVx_dmJC~1X=)EpAN<hx3p=$lWoS5K|i8_O0fPEol=I7S8%-UTl5wn
z@Xu0a3r*$b#b)4lw`$&Qg^xlqPM;P@f*>KI$HIXJ%rLr2Go$#uE^_*|xW!vn21<t9
z^798~KDUk+1EV-qbN>ie4hN*OTPwo_nz35|Bm`7HChV8k^Bg352$W65F6B*B>k2^_
zY#cG=`R-d9kogX<)VsweYDZD-`HR!iYi@s^u0Ti|#fqQ=;XcBS4uTR$rZJ&<Pw<Ed
z!j)s@5Qz_R-qMV<g0buY5eP^R8F?2S3<g#h1d=YSx%qBmvJVHxQFiX8>bCJ2a2XcA
zzf*Ro>+q(6Lu|o&4WM{M)nAfHgOj@xz)t~mm6@yzwwHmWXq!?0#Ad3~i;ngAt#F$J
zxQ&_w>cEnr4(9x?%2y(Taj?;GfQXkOtC!2WKS?oZ(X%M_c=rql>W<r>*-JiqVk?&n
z0?v~-7~F=l7mDVFgzmEv>X^x0m+}jl#xRr<DIC~=X8Z%XdbgPn>x(wb3^&Y7-!)MS
z=m%gUnG*tBIb5!Ew@u=4`lOL<%xD3)iOMHg0($HP6ejzrDu3%QI0!|{K$`x+;hJta
z*_WK=afV$vaI~>RcBJ($yKb@&$Cp;8lkpi<7-1_m?+0vD!<i|!qxNs7aLTth==-sl
zMC&r6@Ex^sgbEB)Gm#eKdd^HmOtS|Yu0Tr_FF|Nvp}nqT`ILU5*;QH>tW66z677MA
zHLZC|bf+xo*-8@t`+_y9MVmS5An@<A#>TKF2X|hz;A1;SnfJxx%JVCIvd&(<j&skD
z&fPIy{HQ08rN4wm6ZblD2HM%`X+Vbu-H?&L69;ZTTDLMWBtzt8RFz|zB{FHLf4D`G
z;!(M`?H9ilP80z8-KwnRc(lw-X{PsK-95c~fP3vuC=4w`IvZ{C2+yHKOkstOxVjHD
zSzNZWo+`!VyggEX45E`5(Lxa%%Ke3OSoc+M!my$oA^^*eA7~z-$&RfM%l;6Z9Lmls
zAWt+IQ9a^bg%Eg_WxT^A2}56*T_EYFAe5wwcW_(q7=@tVE~6fF;ExceW1%?@mzS<d
zPuE;KrG5!;IQ>PHW1(yf5X@{yp90ozES^_6-7Y7|G|~Zc%XDh&d${njGN8q_Z5Xk^
z*@6~v!qBhn(9kt;RF^RrdmRlWe58UcVu9>Zp-{~1ZQ}!cjlcL5D+8+oYHvV8r!$>H
zA3n65y$aPAUCh;QD66Tw8szz;gp@Wr;o&T@y9d&qLld8O*!MJ(PX7|lJtfFA$}_7e
z)icoy3Ou7Gn<!6kx7es2ns~*gqT{QFURHCysc_VmEkr;#&8E~CD5$Fmi}{mex<xZQ
z9}zB#5kB1>ZU0v=d@*^rqI11~P$dT`k!lnL+CHl<vB@gC#ievma6tu0Xx7*6q;8%x
zKq32@9MP8?5%9h5jTuahALM62bbY0lo1Nhe8P!C#LLYW<DLr`}%5YVVNtYau|4Mc(
z^B&FA&CrMfopg5S#})OQE$@*uaKofQx!MKO`B*|<5aJ3v+D!2V(IHb?V<r7-gOicV
zIRs8)EU6z#jdZv;<fanJ?cFO*-&aVQ|92D37q<7{ppkmy`f~@*6Vl*%y@|>TirqUi
z{+wLuTlS#@y;AtwaEcM8ej*QH2SyA>c6X6{7VH^kXnzh-_cA9Q&oqQ#_@Gr#Z}uXd
z*h;N<vJiv|h<RswzlzAzL$i8LPX9|aXT=EYUe5W8;{vRRMDRTB(9(PJO1F9K?Pprq
zH|om!H`$<fIU%viQx`NOoM2gB<v|B-uWX~k6}u<a8qYb?_=aPyul2q|CrRs_uQLdH
z^lxNesfRUju`izzgoJ?guNF%!Yma80(U`n$zaQ157mNu(ZL{Asn&Vo1!S9Pha5`Ct
z^DY|U{IGgp<vC}S)AI&4<@lK%vX$WLR4lXqz|-o*2fh(ctcHSX9rOLaJz<Zw4FjVc
zV_()%SL&5DlscJe7WUbAN(AK0*um#{{)TSi|LyCo-@E@-o?|G-x2_t4rHgcqTv%}Q
zF9-B{Xp3~!PY9?eqb0Drh9S$(@7txms#|NtcG|NH0oL;Wy3eXGgvU^QA*7e|K1p1U
zS?X-!_aPE(G}qrAE7iYk>r&T~?ThcxKNZ($BN=?Q&PpUwU-$@=sRTNC@JFoBoxuwQ
zw_Q6tOrQSPHoxRnT;^6^@zIoBKax6R4FPvhnu^$9S~8OcwL1t+*>zHPQHXpU6nixJ
ze6~7Vtv?6--mEaDQ*l?u+5lFCzRI>Yo%vOw;GXM&c^q_vA1sAL@M#5x01+2K<A6#s
zH2HmA863{$QO%A{Zt#0v#LRlr=I*8Z`@`2GS98<r5>>f1|7a~O*R#l^638LM2RVcl
zpnczUQt@4vo~{1Vz$jwHsP~HI*UwJDcN)I3uHFAPd1+Kt2D-^zZ@y{RdCLUK7AGi!
zT_868Y_p-OY8vr*XI}`Y?3%Z3bDfP$XqTz=Mo}uef&Iot_Z@sb@x`9~8rBnyhHgJq
zmmcVnnu$(qnQ?o?mE)m+;G)u?=6~cuTBzToVs&58WRO-LG5cyUk(Lgo>p@%h;ImfO
zCqFDZshU0fMl3(i`r?YpYE3aTH>4rcIe^)MZq_~`%$lEV4?$b3`Lp}&!=B*lr(U+5
zh3lDF`VYl3KUE~TB(J2RipLYR_*su=_HD~pL7XAXn_x*QVKOW@yE~J{qHn+VK&ch4
z-fx5NafkOFOxEI)OH;)kr49b=(iZ8u7gRv3R2$?>Yw$*V*$+qi96IlFB=oA>P+G~<
zlX8J4<>SV9{r)cvS!Eh0YlsT(#-^6h$?6i1E^B5@XfeFRH3bO?Iq)(G#U9Pbyhh(>
z5F+($`^`+AGYLIse~_CUVoGu0+QBU4V&aWCR_c_T^a0{W&9-V*fs<3ktz!KZm8Pcs
z><x{Bw@qG#%H~X!$6L)|E+EXpx~dG<ZVY$MZkSYVn>Nf>C@D%!?_W$e<FmMa-<y`E
z$?+sngqzf;30qYWUIEyHhF-#}_o?612S`h#yIx}^7o#>RB9S8rXyk5mzof5Q+RW_X
zCm4I*Yw)&97HwTGq*NJo_;<!3mj<8h9Miytg%6}~&?@cFYvyY!ZPS9vzr(YfM2SCi
zI;XaF3GLa)L2978?yl)=%HEXWI)}`{rJ32)%}%Mzm1H|dUezgHg}H_g+I$a}k8w<E
z!QIf%8d?IWLkj6uZdU4&(>PwxYwIS9Ben3RPvTHbj{MKmA;l0Er?*l)%cYkuo1+}0
z@!z$}A5>T&6<c9Js%{qtQF&}3a8jJ38*Q}cg{frdTRRn}{nr28*7m~Fsnd}C5)vH3
zFKC~W1%IeN6e}mtDWsq`9bV@rp3c)bYE;woKYP`4<B(hD?J)2H8zI6YwOg%Hc_FO4
z$K%MED^cC<q2GH7qVQ|+Uqj=!{A8wy<Pfip$s)KZ)0LGS>{s57`v%dm7L)U4JkyfG
zUSfn^@WEfM=*?-a1kH4}8O?=+9eF=?3=YY>k)|N73e@h!%#W1cP66I7V*Z-H8@?`C
zZ|Kf{(iFpOgTJ|}xlIg||C5>&SdCwhN~o*f`EHMHQqT!fW1|X&Qzifw@<_tJXD8oo
z)K_Yp^wjcM#s-&~)1EOmpFp^w2qzr2=3QeU#Jauz!cb-ZC(r468xpnby5Tb{FAk_Q
zq4&shd<;`RJv<q+G4A*DN15pAZ<<8N^t6<`?&CR=`aJxLN>@e_QUi|nZo3V>xFCwj
z8X*3~A0QUN8RL#Wb0C6G<<s&C<Ke%R{7_w1PTYqAW^PH}CR8u5ikzk899AlLBL5Y<
z=CjSG%YL(%o_;wrjisWRwlq__&g)WME3~W!fiC0|^YC)s+vL88IOWWsjbop~3qCQd
z=Vkk{IZjcTvqee;>AeuT(H#HHjh%8!4Asw#$ohY8c>e$Jf~&~$eP^jGlsvk?CIb<0
Sgg1VXQzy)immYP#^M3$sTufvD

literal 6856
zcmcI}`9GBJ_y0YXEJN1t8d;L9>{(09*q0DdWM2wnFeF<t)@aC5*<~mDnl<}2q9QvZ
z%UH5C3<)vDck2Bgd>@a`5BGA;b)M&(>zw<3T<1C$+So{kksd-1005(&uI4=e0Fhro
z0PO|x!}>{yGx<T~qGqTD0JRBVq60OVrt{K$=mP*3d;VUaOQQOrWafWQwJe^RBAuW5
zJ3M&|csam5pGtZ@e#$Q=DJ>~;LxT$O696DudYWox0k-(8pjSMT!2=TVKXP<^3-wDU
zNDfH~_wR>Sl+nu-RcZ}gwOy6G&KwhKLD(rWrUZwvvWtJ|#m-Np8FtaSJxZDJ3`h5K
zI4Og`Q%qgA)u)qEul1)YQFGEB*D7EznVV<vAs^cPcXk()eb&FE%ldclZC(vKT4+hQ
zxw!bw=f{`t@JMEL+AIGzx5SJ6zZTMQhDn@%co*bNNi8)2G@n&S{@%IYCC)W<*YCjz
zXPxPyK^-(hkN>QzhZD?$IfK@6==3mA{q3@f7n7Wuo{WE6lU=<w)ivr_HfpX(yL$Hp
zC3Ve7Yhp;_5DY&2Q+r55cfkVsO|i|PW>u?pf2Mt#<`kpAkbJ_&mjS(_@EU@nFrKi5
zeI2z+f)-)E5kI&vCVxB;!}0Qnf4#<(^0BRCNLZJ5M%oxM-NQS2BL?)0rS4{dfl*R)
zFC(9p8p)bgnkif|<Txl1%I%VSWTiq`ROKx(WAZqGUnJM6I`X59jsa)5z6Kvy@wr7I
zUH2g68Vg>TEbOqcFYC;3=qoYS^F3Zvpbox#gKJJq&B%38!1Nb&a#R&ZXpGZ-V*LBD
zx%A5Ces+PnjzmwC-L$R5Cl9M@!gYbmH@0b>1syPpG~STgxbwWMZ0sBNCBT68@N@4i
z*3FY?1EL|^Uh<JQa{5bm$4w`<P_~#r%E14YZzx%c;pBydxz>uX`JSxOg7Jy_-{K4Q
z|3El8W6;lF8o@U6n1qx2ju+KzW13$<3#zH6ODK!>{GzEU=>g$^Ti&X$Od`XqABbxs
zQ?}y8RQ>*wzQ+~pp(`nKH$7(RfG&N1uKCA-`a7i$i4!w3)Ll6nV!m;a5g935j-T$Z
znRf>U3ssc9oQ|=g61W7s6iED#-Gy^0{`zj_<i+f1)4Lki^OVirQ-!;H${$ZVoaaf`
zpyx|_?E%ltj&A?yuWjXc_usZP>fV6)`9kxdZAoB}UcV05EdwJ#!L@<_8TWhf_um9D
zIK7cXsV|*nHLg)rV_Z-Jr$6V5PS)?;J|Xosj39CQ+~@j?rF7;@zk`kz0=(xtkssF+
zCXdv=ihUJRwbYH!ZbVN1TG-*_`(-=V{C)1E>#J`9!n|{u#k(C=K|wf=?>IXc`dIWu
zNzD8CnCvPH&aRQ?Cbs+GGHQ`UJi3XJul;OH<{d}SYCM!%Lo_?Y>;2Km)lTKLJaef7
z;iHcH;P@zB)cS*lE3V7(y*PJss<XYdra<MKQ~%v@CcB(xP^)Rl@*r_=sEUx}o(aU;
zP^0{CDQE>H6X3Xc-**Hp76Y3=tKr+JmQ{l5eLfsbnToaZ6!-_tnJ?sZ*rup@ol*PZ
zN)D^aM}8&bXFibFi#XUhW?NXWBdMRYg++fp|7rMBsig?1dML7mz_9Ex<t={j$vm;m
zeE?)zqB2ghO9F+i?~Ot#8Y6o1T?hwt+*{e)I+uCYJmjcXPOo;N#+gp4JP<^I$lOd(
zO?a!PclFU($n9du%O+Y5uw!QF%f1oJM!YubhDKGMTOxc5yYs$=O&{k)1&#yex2^_X
zZJ?<6UAtSh8=GOC&&pRh>ZWYLme==M(S%uS9vLX+dwI7mRomUjEW>Z|=*J{=Z={%K
z=6X9}RUNu&8KES%mwV2IZ!xhx?adURh9*+;TM6ADyIa{9k%?{z7xbaBh!aJ+K!j(n
zhw%;jY?SlZej~9cm6fMjZ{Y)e_(2cUA_9or)LTwg=mOPe5G=}57z}IFf4*EmZ8+Cm
zsfk=FicXzy7by#1q77c_oJ$YznHrswDhF#}Nl$0j7T!WzjLxjYSV+z*L}xc@KuZr%
zG111ler$i4*RxqEAEA6RCha8{SzXeYLG&5C6ss>G!kdY{q7jg}rkGk5mz-g~e3|c6
zcP}I7TMw*J{Pox_Z;z+vhA*#%ydh{9Jcw$Vb47*!70Ovz??G@&I%6BMF6(gK9hjAi
z-3d_^-aIsq#YZ+(%9~}xlg+vwQFgId&kcI_y@QR7M+PcX&W4P4>`&aCIOEhg;O&{~
z?<<@#hTqbEw^A_ALMwZMjgJ?LV#RrI_McWOcS^EXp?_0jQL$pfkjSR5vVdQ*Qd6|w
zU06lUxSyYOt*b~IULasS*=JiF_hzGR;O5Ap0s9-m;bO=UZ$sYL(<IR*9m`(;vqsqM
ziWylCCFUx4{x%;M@43_OyeVDyGySAFO3ojV+|t5(^;z@rqQW@5e;vZJrBIl;3Jrc%
ze>M@{?0KavSX_M!a?S8A`pK#5HpqaHGDhLb@i#-x$rn9BhP-F9XZ{*!?^9Pr8hLL8
z{u<r(P#R=g4cT|s{f+9cq?HrO%CNDg$y_1@V*%SK%gY;;cw#dLTyklre54W_CDu`c
zdhsy?%aSS;-88b+IV;Ly6g36z67OjIHCHR@LS-!p=$R9#9hGr|(CpI@Bed6(>x|7+
zoQbR0P`B7R&6zc!uJ`o7G^w?yPw^&p2*w7Ekfx$VHkmTg^a_o7OdsC8-0%Y0OmBin
zn}}z%ll@fGA|D4)Bz=Qun8nJ`ab1kQlRsC5&na=-OY~dlJh7#k=wP++aV@7jYTNf|
zFwv~lEe4hM;_~s?7c`H(XT1V~ZsSwiS*?8Ry^W8ZucY-OT~vV=1<#bTJeByX(9DR_
z(q!z-knbr5h{TC1R;v%6@GY#IVSc;pN#?y*yhoc;0R(O!E4m(|ix+z>pYT2H!~3v-
zYZMlSTqsmA_r;i4Obe?q7@B(ev8Yd;2XZM))c<17s>5*$*?_ntWX%mmv{9ZPAhZ^1
z%B$4l0C(R>dln@9n^k|n9qWFBd7HYP4(fM0Z|0aGDN2Ez1-;s95b8bNOC&hO=6)6f
zm3ut30fv7?-~Fv7`ODWF?Rs+T&wS5QFy@Ndv7Cd+E;ucf0`R_xtm%aK{@HEcq{!a#
zu|^lGc+H0@2*NgG_RRYRJG*XwzbG!9#?Yswjy2(136|XVwnG=$5F03lf~o9ZBWbtx
z*Sa#WcY~aK7l%`6CNbLcrUL1VPf~IVP?I8PsI3KGN!!b%m8k67TkChwj*UwT;n<p7
z*Q)jg9mdq{{MHe^U!QVxj+mNF06>_In-LsS$RVA&CTORsb$p~E+nYrJ%z!^lrvsl%
zpZ}4iJ@1eZX*LDO_VxK=oU>6}?EBA1&mZ!jis@l%8+QIuVFDRVXxPGMC^V{f*9=r5
zN17P9P*EDWjoGOVQYk*mQ`}8r3x);+olb;va8{{WH#M6xT3$tN-|TH&e)YCJ_M9lT
z<<b-Q3?C@G28SL^_Jr7<rp}83jUUe^yP3ojkQwx`Vx4+izP$E(#1DvYzUDxDuxSpR
z+lc%%seSJ`ZQOYq(L<3w^pMTzefw#Q&sI3auBdO26v;jL=%mpE+3x`++J+xK&(uB(
zOANUclyZ_@l^#@PM@2|iP_6IV6>=R>6p9AzV8w|8sKDB*)UX!gPxatoVg@9o20U^e
zb@DtjegTyZsdq!R9A|EwPPgr~bs9H0j2)eyp1M&M&dy#Z8nFX-7mVTQlK-%2L>}59
zypeIP5puygWT%u2=(`-&$oSUt7<Ua7F%A)EKqe8CO@Mm7OEMC|q<VX~dvj49R#}YA
zex3&-k%1H*+`=|~_)S!V6U(QC5}bcNU<NtWZQjc~#8yG?M~v!va6g>+dEtsTJuuPe
zfSu<?%^}@$+CyGorQs*bt<@J%9|*1YfP2uhrurjsdG?GA3D>z#J<e~#6z$}!g3mJ)
zq5#4l8W$t^TO6QM3?np&%b8LVJO$~1>mXarRH#ePf5=Wed?^q5`V6E}9DM(b!NEkl
zem&FgY^-`xPL%@`<c7-$*z9|ci)QV2uaO}!xj%)}SaJ>nksf{tp`z`;yXzC#nNg(M
zuo9L!+QMoMQiRm`Yshg8S-eD!FfnjGS#`3rsQ8mE7v?%Lh<!jtT%6#bRO2o_??DlN
znr}m{#=@Qn(?OF&oi&QWT%O1>M+Ot#AWs}oT`&5fUtc{b=8xoIi(oFM9k(Tpf3mTX
zI^ec%HmRdcQ-mMqX^yHkV$QSjKSOzJ@hSJ$|1idC@!J?i^66j37o5FQ@(_PO^8@Ek
ziTYR=ROVevTUby^&_EXiyH}j=%Kh>xCD@o}nT~f^P<?T`K{Q@=<y#<?tNilnO-!(B
zDS7|8mNsql>2Y4)sA@9iODm|Ubi0YMSJS>Zua;I&Htw$`8+U79VzBX+d|E@dro9D6
z*r9<K(O3Y^X#@!Sf0alr!TEIi9=$79Q1~RkJR;Z2B=p8_R@!W98X_N8T;3^I|7>ru
zEKVX(i$4P%&8IJj@8J&3__aXlG}TCJuyiU<(aLR6==qDn{Rj9ssxA$St(RT-GDb)T
z3^_nHR^-I!wGwDxU$&O-#=u=D<QfFL0*-{-q+|G1gN{#i|L064%lIS5*NJyrE@X$S
zK5yuTyJ;;gWfqr%HXrS!Z+Aqq|Mlx|NeU<uc}7vi9;RJP!Ts<+AW@4v_c7kv)M-^@
z<`#k?|75egcp^F%(1L-X9bmljjY{%(+Xen$8&Qf%BWi_x!glfGi@dk7p&Y2^G+6()
zQLJ}@YJeFQb0+7&80qIG#+PI7QPo|9CRtz$#*``-s7p4STP$=DUMBbhfhF~S_N*!G
z7b}LDFF!|QV>j}#rCMFd<WLu>SO9e_;3#({y8J3?SLXr&ub-cu$Xi!!-}@hmDyg!(
zLvaK<q{c=K`03y6YWRn$*Ve<wEC8P3Zw_nh2R?!)w5Q|Qq=+b+fPFKndcuk<JZJJf
z*-KZ(H_lh-yU(VxaxAaBY~?C>jTOl2y3G!fAciS$oXVLx!f6(0`wYE@q~mzQ&=lXq
ziD7KYMt)C>fL*#>!=RB#=Z92+8GcLGVNF^IfDhGsPqplNz!f);_Arx8i4Y6*Dx+O$
zUs8Fo=u&W$bDt&A6&ps)56w3Zm8a5+QEM#+<u!^oKkNCzG}<UNMVwC-$c^gUx7}U{
z`MoHHwIo?pYK~tN2mY|DP*w<aJy(0j{U*cuqBT!;*HvWBiZzQXJF0D(aGG#(bKEQ+
zPQwv8%rZ^>RYGmmjk$WN&QgyxLYsB8Q)6K72sDjbn}z>V*T3I#>DQ$8w5|lv1cQ-e
z5A*Bcn{lnu2&#Y!W%${HL{q%!VXZhOcQdN^9X?}9#Jx6cGWn&9R#y(+MPV#nz!6%A
zW15KR>Tq!`w4|!>Xw&|Rz%Yc^b7;Zx;nBY-+f^(z^0MGb6!zE2k&F!;B+y_bDOe4a
z3AR9g-F=WW52<V9^Wxz}_wy(CMlm&&{Xup4PxzM}FM1QE`w)oTYw={%zq$9<Jp_?I
z=`c5zE(DjwtqKXe{3R01>aQW1VG#RgZEAizfkr``qB<Kpl?aS<`}EGq@{nNM|0Fm<
z9ZN3(A+LDdCg71!=I+~asC)B>{8LoPzO5?sfKvYF<g!eF`+PvBKx3BnF=c~5;-mO0
z75}q*!y2fk`zY6IS2?v!tC`B%iHYzIZa8joHs3EA6`HOPqo5Oklqb7l^VsOS*zQ#C
zH&(Yf4gKA~AXOUbN?RK%_YTPw(QoAB9Q}l?VnWB^#$!`PL-2Xu9g!(HOnraQw<s#_
zegy;G7X>eO%YFoNUH==S)jYsGc*%K}T)Q9RG`*nMmf53E)r$uxS(D)}!L8Xxi#o=-
ze>Zee9HP3|b+7KMZK>bf=^Uhb%vY1X{kgLdROyd1O_q_t<#3*oVHYmZzgnBkfNWd8
z2tNKux;*u+`lU5Bb`f?OcJTvU!fgGByA?Yy-D8J$N#1D>dBoV>2@wnFbs|`Ja4Q%V
z{7rk}V-QS~Ile7grHp2g`v@xbjDBO%bx{x7vA5AO90mRPx@q{{ByVQX`+s?B1OpTa
z1p+;}FA8;+m1oYDok#@CR1FSl9@73k?<0iN2Cw_8Hcy`2G~a<n=TF7J&noVNi(}#!
zCaFVlishvO{I&JbQ^s#%3LudBsc&$^-aJluqGL|*0(tzd4x1Lt5zbVZSAP|Akk;jN
zwD9g&((sVp7~mp3HMFD>OgYp&>E)+YO*q_)!Lj`Szu^d<=DqnA*OdE!%4_JxkiS%I
zy-q8XG0N1Bp(9uZjopFw+w%a1c9pc6o56bGc$Ow$iJc=Nr*ebEzPSjW<J@udMaZq7
zVDn{7G^bJnIa7Cn%plr@IW#&)Z1cv$KU%LIYP}omVX}J!s*%8u(kNg4bK~WcyTH4l
zmDTK4$4Q4Ihp?$7*AvXOzi2rzKxykkYYx*WH!N@J(8<2J)+9(<;@^-Z<IC~8<T`Ie
z+XZYnfAQ6OWYXV&=rjXVPQjJlqt9O=#CkL+H~>ZW`+p}}LV95@mmy%CW=bU^SkjTI
z_PZT$ZB!5=D{G~Si_{?vvug1-?<XRF?{y|DiMrUeK^y`j^R_}>AOjgOs8$8?x?4%B
zD~R8prKyg0iyKH;+cR9)p3^R#;C-t|uJMAtx@64!DmziKBJcRGH?WMkGjf8^g*I&w
zYrK`Ch4@&g)!OeY)SJIG;kI?F`|Fd-(^@jEoB5q4(DAWt(v`RB(k;8t35?GCHz|sA
z4q!LyKg(V{Qz|X6UIRCuWxne4eU=@>kL)s33XC0uZ-L+XGum0onDEibEA<h&F!(xS
zKUSJw-<ZNgwBDmxw5KvSs-_V<S9{)~=J9kw!h}jN{;>8Y0}QCQcXjsea~}{@$$&8g
z)q50PX+8gQkG#%@aCzmnnIkmcw--!QUMP5tRj_9B;lKtV3o8eQ2bs)E7~?*c_Q`O!
zq4xzUS<+LeyNp0--_N7`-Tia0-%2v|**|nYkP4;lx(8Ysh5D1pUTreTe@4+&5TcsQ
z<s5xLF=SbALkJ8zp<bFfUnp0Q-fCp+buT@ja7M%pC5Z!@9HE1EvmbDC`r4uG4-I%l
z6I|myNB-kG?Mj&a<J%n;-ek82=~e?Z+c`)fl;;x9clkSrM|zJzy2XG2s?Eg1Ob)7l
z@V#5vcxMV?#rhEV!WlZ)KH@#qNtra$@?z68B6E77I7)r|N8PL-=HbGtZT@<X`tp#W
zgzYnBb@aQSzn#AZ%ygBB)P=1+1jxXap^xC7!m6k!6X?wEmfA92bwM)$Gob<^5_~Y7
z1xY0>v8CCt@;l)y><pLc*FRoYH7)<cXsQ#!`$yRnojynIc%E4nyb_}*;E^}s+JCyr
zbXt(NJvs8IEcZ|9F)60$cuP~rac8BPL+&Zg`1jeb{mVo*lkedpkDg!_?bZfnN%8lW
zlbKc@IIiHd^~YbEANh8$RzAlu(TUF+6uvyMK^YxhQb(JS67NSi;V^gJZZ3X%YeVW0
z^&XNU4Rt3;iAaW%>THMiIgQXJq&?(~AqO@0Gd)$mBXD_Nv22%M-gl2QjR=k#$L#t~
zZ!x`7F!;qw8OR<RNR&|>*)%m-9&0iCO-~<m@{MnC_u<f>ie+(MAy+`O|JNkP#La}a
z*u=bIlO$JmrcM_xa$9#AvWgl8oSuc?E)M*bi(;jrkVb~`hJWEvQhszyjEGwpwL4on
z#y1CS#S0r}sFD{R_rxB4#p~S!hc5&yB|G<lIwrpD$oLN-BzPbqr(<+I`0()YLigTy
zJ396J$(Bgg-s#RU+QlRK9z+NJLy*oQd4m(pHDtP-_P4uesy6-TxKyoZmL+wjDey$8
z_pXPiVSKY@fh~X<v6(|BHI~cWT!x%B8SqWTbdg*-S9u`NLFN6ahe^T@GPu28>$7Z3
z#{fm|liq7vuXRl=Zh0z+z~Jgd=`7PXn>|h{&N7P=%woE2J#_A2<Hy=`vz3TH>(kRj
z-B%me>^9FwdyoO%);_0pL32A<+ifFf+p{ZJm*Lijcv<+p!na(aU(;1Aw)U3;jwaWi
zabLJI+={9}8mKz!yq;8jn<|n;1%{FALHrnd&?i1|ppT1O-$YP{az#+{htvSfPBp+P
z69?ePz!6I9rhvWbrbvWZ054@MfPES;AamjW2W%4cBS!_1TaBom@{)T9)X|)}*T@xD
z;Q0(WfU%^!&m(CvGt&*ah}#Yif$zYnd&$IPHNK!m91vthA#>$i%n+Jk;(%vua}(ly
zT(Gc|P7LgWx^!FaoE3S?>mexFg33i&s2W|-4ayn(oG1`haHj|q7r9Qm)Apq5XypZG
zIb%QQGdGPsV~A<(c=tE^T;y=gX0ULkh*lrctbK8-RIV_?F|=w8YZWwc;qB|InNgBC
zSCFj)hTp!v(Xnc+rv?gopZ0d%8^Gci4!{0q6*#Wtlq`8<TZx-tUO5|x{xR~VNr(N-
zj_fSMmAF~yiD?_S_*ER{Z3bnL_XX&G+)?^xCiG#q-z84va(AF|n~GV#nN-RMnLxH_
zBaj@kb}P7DWn*4#-P^_tUP<t&X3PH~c~uzV_r@RhE-$2`s&j8tlr7NgyQpJn;=r;8
zv`>U4dR-qeRuXv_U+bK>(;cQ0rT#CDSIW{9@aI66ogFr{Ob13jbprIXj5Mp%?Zf{c
D)kGR@

diff --git a/data/web/img/cow_lock.svg b/data/web/img/cow_lock.svg
new file mode 100644
index 00000000..2be88dec
--- /dev/null
+++ b/data/web/img/cow_lock.svg
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   width="267.80917"
+   height="306.93799"
+   viewBox="0 0 267.80917 306.93799"
+   enable-background="new 0 0 1600 1200"
+   xml:space="preserve"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="cow_protected_nb.svg"><metadata
+     id="metadata175"><rdf:RDF><cc:Work
+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
+     id="defs173" /><sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="1721"
+     inkscape:window-height="1177"
+     id="namedview171"
+     showgrid="false"
+     inkscape:zoom="1.5733333"
+     inkscape:cx="29.160751"
+     inkscape:cy="110.78493"
+     inkscape:window-x="-8"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="Layer_1"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0" /><g
+     id="g3"
+     transform="translate(-661.33429,-371.905)"><g
+       id="g11"><g
+         id="g13"><g
+           id="g15" /></g><g
+         id="g19"><g
+           id="g21" /></g><g
+         id="g25"><g
+           id="g27"><g
+             id="g29" /></g></g><g
+         id="g33"><g
+           id="g35"><g
+             id="g37" /></g></g></g><polyline
+       points="702.43,498.974 684.548,546.739 697.837,612.03 723.777,638.295  "
+       id="polyline43"
+       style="fill:#3d5263" /><g
+       id="g45"><g
+         id="g47"><polyline
+           points="669.541,457.293 684.791,493.55 705.121,503.375 735.319,465.213    "
+           id="polyline49"
+           style="fill:#fef3df" /><g
+           id="g51"><path
+             d="m 721.916,479.683 c 0,0 -22.477,-25.55 -49.782,-18.971 0,0 4.666,34.11 46.339,44.009 l 2.61,8.531 c 0,0 -65.598,-9.687 -59.326,-67.578 0,0 48.997,-19.88 72.582,15.103"
+             id="path53"
+             inkscape:connector-curvature="0"
+             style="fill:#b58765" /><polyline
+             points="920.935,457.293 905.688,493.55 885.359,503.375 855.16,465.213     "
+             id="polyline55"
+             style="fill:#fef3df" /><path
+             d="m 868.564,479.683 c 0,0 22.475,-25.55 49.779,-18.971 0,0 -4.663,34.11 -46.336,44.009 l -2.612,8.531 c 0,0 65.596,-9.687 59.326,-67.578 0,0 -48.995,-19.88 -72.584,15.103"
+             id="path57"
+             inkscape:connector-curvature="0"
+             style="fill:#b58765" /></g></g><path
+         d="m 737.898,653.506 55.932,0 20.22445,-212.1817 c -55.801,0 -116.21545,37.4237 -116.21545,85.2487 0,1.454 0.085,2.786 0.121,4.174 0.127,3.933 0.448,7.583 0.856,11.132 1.689,14.813 5.45,27.171 8.459,43.373 1.451,7.829 5.001,23.369 5.001,23.369 0.056,0.408 0.165,0.804 0.224,1.211 2.533,16.542 11.829,32.019 25.398,43.674 z"
+         id="path59"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765"
+         sodipodi:nodetypes="cccscccccc" /><path
+         d="m 793.259,439.976 0,213.53 55.932,0 c 13.569,-11.654 22.862,-27.132 25.4,-43.675 0.058,-0.407 0.163,-0.803 0.221,-1.211 0,0 3.548,-15.539 5.001,-23.369 3.01,-16.202 6.773,-28.561 8.462,-43.371 0.404,-3.552 0.724,-7.202 0.846,-11.135 0.042,-1.388 0.126,-2.72 0.126,-4.174 -10e-4,-47.823 -40.183,-86.595 -95.988,-86.595 z"
+         id="path61"
+         inkscape:connector-curvature="0"
+         style="fill:#b58765" /><g
+         id="g63"><g
+           id="g65"><path
+             d="m 872.193,619.949 c 0,28.315 -35.083,51.278 -78.366,51.278 -43.289,0 -78.371,-22.963 -78.371,-51.278 0,-28.319 35.082,-51.278 78.371,-51.278 43.282,0 78.366,22.959 78.366,51.278 z"
+             id="path67"
+             inkscape:connector-curvature="0"
+             style="fill:#fef3df" /></g></g><g
+         id="g69"><g
+           id="g71"><g
+             id="g73"><path
+               d="m 758.318,612.03 c 0,6.213 -5.039,11.254 -11.258,11.254 -6.208,0 -11.25,-5.04 -11.25,-11.254 0,-6.222 5.042,-11.254 11.25,-11.254 6.218,0 11.258,5.033 11.258,11.254 z"
+               id="path75"
+               inkscape:connector-curvature="0"
+               style="fill:#5a3620" /></g></g><g
+           id="g77"><g
+             id="g79"><path
+               d="m 852.109,612.03 c 0,6.213 -5.036,11.254 -11.254,11.254 -6.216,0 -11.257,-5.04 -11.257,-11.254 0,-6.222 5.04,-11.254 11.257,-11.254 6.218,0 11.254,5.033 11.254,11.254 z"
+               id="path81"
+               inkscape:connector-curvature="0"
+               style="fill:#5a3620" /></g></g></g><g
+         id="g83"><path
+           d="m 886.474,532.301 c 0.354,-3.113 0.634,-6.31 0.743,-9.752 0.035,-1.217 0.109,-2.384 0.109,-3.66 0,-40.776 -33.361,-74.027 -80.219,-75.758 l -7.333,0.005 c -0.003,0 -0.003,0 -0.006,0 -0.007,0.018 -26.057,89.686 79.134,141.521 0.945,-4.316 2.078,-10.867 2.73,-14.369 2.638,-14.193 3.363,-25.015 4.842,-37.987 z"
+           id="path85"
+           inkscape:connector-curvature="0"
+           style="fill:#87654a" /></g><g
+         id="g87"><g
+           id="g89"><g
+             id="g91"><g
+               id="g93"><path
+                 d="m 855.16,526.149 c 0,6.963 -5.649,12.608 -12.616,12.608 -6.961,0 -12.611,-5.645 -12.611,-12.608 0,-6.969 5.65,-12.611 12.611,-12.611 6.967,-10e-4 12.616,5.642 12.616,12.611 z"
+                 id="path95"
+                 inkscape:connector-curvature="0"
+                 style="fill:#5a3620" /></g></g></g><g
+           id="g97"><g
+             id="g99"><g
+               id="g101"><path
+                 d="m 763.301,526.149 c 0,6.963 -5.647,12.608 -12.609,12.608 -6.968,0 -12.609,-5.645 -12.609,-12.608 0,-6.969 5.641,-12.611 12.609,-12.611 6.962,-10e-4 12.609,5.642 12.609,12.611 z"
+                 id="path103"
+                 inkscape:connector-curvature="0"
+                 style="fill:#5a3620" /></g></g></g><g
+           id="g105"><g
+             id="g107"><path
+               d="m 760.023,522.362 c 0,2.557 -2.07,4.628 -4.629,4.628 -2.557,0 -4.632,-2.071 -4.632,-4.628 0,-2.552 2.075,-4.625 4.632,-4.625 2.559,0.001 4.629,2.073 4.629,4.625 z"
+               id="path109"
+               inkscape:connector-curvature="0"
+               style="fill:#ffffff" /></g></g><g
+           id="g111"><g
+             id="g113"><path
+               d="m 851.024,522.362 c 0,2.557 -2.073,4.628 -4.628,4.628 -2.558,0 -4.63,-2.071 -4.63,-4.628 0,-2.552 2.072,-4.625 4.63,-4.625 2.555,0.001 4.628,2.073 4.628,4.625 z"
+               id="path115"
+               inkscape:connector-curvature="0"
+               style="fill:#ffffff" /></g></g></g></g><path
+       d="m 725.288,441.121 c 0,0 -18.232,-25.193 0,-41.628 0,0 13.123,32.005 40.233,31.495"
+       id="path117"
+       inkscape:connector-curvature="0"
+       style="fill:#fef3df" /><path
+       d="m 848.318,439.837 c 0,0 18.232,-25.193 0,-41.628 0,0 -13.123,32.005 -40.233,31.495"
+       id="path119"
+       inkscape:connector-curvature="0"
+       style="fill:#fef3df" /><path
+       d="m 797.53,438.453 c -66.381,0 -120.196,53.815 -120.196,120.196 0,66.381 53.815,120.194 120.196,120.194 66.382,0 120.196,-53.813 120.196,-120.194 C 917.725,492.268 863.912,438.453 797.53,438.453 Z m -11.958,215.653 c -52.997,0 -95.961,-43.845 -95.961,-97.931 0,-54.086 42.963,-97.931 95.961,-97.931 52.995,0 95.958,43.845 95.958,97.931 0,54.086 -42.963,97.931 -95.958,97.931 z"
+       id="path121"
+       inkscape:connector-curvature="0"
+       style="fill:#f1f2f2" /><g
+       id="g123"><path
+         d="m 793.003,443.237 c 66.381,0 120.194,53.815 120.194,120.196 0,30.711 -11.523,58.726 -30.475,79.973 21.631,-21.736 35.002,-51.697 35.002,-84.785 0,-66.38 -53.813,-120.196 -120.196,-120.196 -35.67,0 -67.706,15.545 -89.719,40.224 21.769,-21.872 51.899,-35.412 85.194,-35.412 z"
+         id="path125"
+         inkscape:connector-curvature="0"
+         style="fill:#ffffff" /></g><g
+       id="g127"><path
+         d="m 694.265,502.313 c 0,0 40.198,-14.957 95.353,-14.022 55.155,0.935 100.027,29.447 100.027,29.447 l 8.413,-57.492 c 0,0 -51.883,-35.524 -77.591,-59.829 -25.708,-24.306 -28.98,-28.512 -28.98,-28.512 0,0 -40.198,41.6 -66.373,56.557 -26.175,14.957 -35.524,20.566 -35.524,20.566 l 4.675,53.285 z"
+         id="path129"
+         inkscape:connector-curvature="0"
+         style="fill:#f1f2f2" /><path
+         d="m 752.039,427.289 c -5.218,15.301 0.741,45.305 6.446,52.941 4.565,-14.198 1.381,-39.668 -6.446,-52.941 z"
+         id="path131"
+         inkscape:connector-curvature="0"
+         style="fill:#97a3a2" /><path
+         d="m 792.297,477.645 c 8.422,-10.272 5.501,-61.687 -0.342,-73.723 -6.194,15.191 -10.634,65.438 0.342,73.723 z"
+         id="path133"
+         inkscape:connector-curvature="0"
+         style="fill:#97a3a2" /><path
+         d="m 720.593,443.412 c -3.983,12.281 1.136,36.168 5.784,42.198 3.474,-11.393 0.625,-31.693 -5.784,-42.198 z"
+         id="path135"
+         inkscape:connector-curvature="0"
+         style="fill:#97a3a2" /><path
+         d="m 832.42,429.158 c 5.218,15.301 -0.741,45.305 -6.446,52.941 -4.565,-14.197 -1.38,-39.667 6.446,-52.941 z"
+         id="path137"
+         inkscape:connector-curvature="0"
+         style="fill:#97a3a2" /><path
+         d="m 863.633,447.619 c 3.983,12.281 -1.136,36.168 -5.784,42.198 -3.474,-11.393 -0.625,-31.693 5.784,-42.198 z"
+         id="path139"
+         inkscape:connector-curvature="0"
+         style="fill:#97a3a2" /></g><g
+       id="g143" /><path
+       d="m 730.865,636.637 c 0,0 43.49,2.05 64.328,-35.861 0,0 14.758,30.223 46.61,34.759"
+       id="path157"
+       inkscape:connector-curvature="0"
+       style="opacity:0.1;fill:#3d5263" /><path
+       d="m 795.193,671.227 0,-60.691 c -13.615,27.608 -64.328,26.101 -64.328,26.101 0,0 3.306,8.89 3.788,9.853 0.482,0.963 21.508,12.52 21.508,12.52"
+       id="path159"
+       inkscape:connector-curvature="0"
+       style="fill:#f1f2f2" /><path
+       d="m 859.521,636.637 c 0,0 -50.713,1.507 -64.328,-26.101 l 0,60.691"
+       id="path161"
+       inkscape:connector-curvature="0"
+       style="fill:#f1f2f2" /><g
+       id="g163" /></g></svg>
\ No newline at end of file
diff --git a/data/web/inc/functions.docker.inc.php b/data/web/inc/functions.docker.inc.php
index 5b6afa9f..11747f25 100644
--- a/data/web/inc/functions.docker.inc.php
+++ b/data/web/inc/functions.docker.inc.php
@@ -7,6 +7,7 @@ function docker($service_name, $action, $attr1 = null, $attr2 = null, $extra_hea
       curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/json');
       curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
       curl_setopt($curl, CURLOPT_POST, 0);
+      curl_setopt($curl, CURLOPT_TIMEOUT, 4);
       $response = curl_exec($curl);
       if ($response === false) {
         $err = curl_error($curl);
@@ -32,6 +33,7 @@ function docker($service_name, $action, $attr1 = null, $attr2 = null, $extra_hea
         curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/' . $container_id . '/json');
         curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
         curl_setopt($curl, CURLOPT_POST, 0);
+        curl_setopt($curl, CURLOPT_TIMEOUT, 4);
         $response = curl_exec($curl);
         if ($response === false) {
           $err = curl_error($curl);
@@ -58,6 +60,7 @@ function docker($service_name, $action, $attr1 = null, $attr2 = null, $extra_hea
         if (ctype_xdigit($container_id) && ctype_alnum($attr1)) {
           curl_setopt($curl, CURLOPT_URL, 'http://dockerapi:8080/containers/' . $container_id . '/' . $attr1);
           curl_setopt($curl, CURLOPT_POST, 1);
+          curl_setopt($curl, CURLOPT_TIMEOUT, 4);
           if (!empty($attr2)) {
             curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($attr2));
           }
diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php
index b78fb36a..5acbf60f 100644
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -4,30 +4,26 @@ function fail2ban($_action, $_data = null) {
   global $lang;
   switch ($_action) {
     case 'get':
-      $data = array();
+      $f2b_options = array();
       if ($_SESSION['mailcow_cc_role'] != "admin") {
         return false;
       }
       try {
-        $data['ban_time'] = $redis->Get('F2B_BAN_TIME');
-        $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS');
-        $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW');
-        $data['netban_ipv4'] = $redis->Get('F2B_NETBAN_IPV4');
-        $data['netban_ipv6'] = $redis->Get('F2B_NETBAN_IPV6');
+        $f2b_options = json_decode($redis->Get('F2B_OPTIONS'), true);
         $wl = $redis->hGetAll('F2B_WHITELIST');
         if (is_array($wl)) {
           foreach ($wl as $key => $value) {
             $tmp_data[] = $key;
           }
           if (isset($tmp_data)) {
-            $data['whitelist'] = implode(PHP_EOL, $tmp_data);
+            $f2b_options['whitelist'] = implode(PHP_EOL, $tmp_data);
           }
           else {
-            $data['whitelist'] = "";
+            $f2b_options['whitelist'] = "";
           }
         }
         else {
-          $data['whitelist'] = "";
+          $f2b_options['whitelist'] = "";
         }
       }
       catch (RedisException $e) {
@@ -37,7 +33,7 @@ function fail2ban($_action, $_data = null) {
         );
         return false;
       }
-      return $data;
+      return $f2b_options;
     break;
     case 'edit':
       if ($_SESSION['mailcow_cc_role'] != "admin") {
@@ -63,21 +59,16 @@ function fail2ban($_action, $_data = null) {
         return false;
       }
       $wl = $_data['whitelist'];
-      $ban_time = ($ban_time < 60) ? 60 : $ban_time;
-
-      $netban_ipv4 = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
-      $netban_ipv6 = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
-      $netban_ipv4 = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
-      $netban_ipv6 = ($netban_ipv6 > 128) ? 128 : $netban_ipv6;
-
-      $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts;
-      $retry_window = ($retry_window < 1) ? 1 : $retry_window;
+      $f2b_options = array();
+      $f2b_options['ban_time'] = ($ban_time < 60) ? 60 : $ban_time;
+      $f2b_options['netban_ipv4'] = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
+      $f2b_options['netban_ipv6'] = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
+      $f2b_options['netban_ipv4'] = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
+      $f2b_options['netban_ipv6'] = ($netban_ipv6 > 128) ? 128 : $netban_ipv6;
+      $f2b_options['max_attempts'] = ($max_attempts < 1) ? 1 : $max_attempts;
+      $f2b_options['retry_window'] = ($retry_window < 1) ? 1 : $retry_window;
       try {
-        $redis->Set('F2B_BAN_TIME', $ban_time);
-        $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts);
-        $redis->Set('F2B_RETRY_WINDOW', $retry_window);
-        $redis->Set('F2B_NETBAN_IPV4', $netban_ipv4);
-        $redis->Set('F2B_NETBAN_IPV6', $netban_ipv6);
+        $redis->Set('F2B_OPTIONS', json_encode($f2b_options));
         $redis->Del('F2B_WHITELIST');
         if(!empty($wl)) {
           $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f7f08403..54ca415e 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1134,13 +1134,13 @@ function get_logs($container, $lines = false) {
       return $data_array;
     }
   }
-  if ($container == "fail2ban-mailcow") {
+  if ($container == "netfilter-mailcow") {
     if (!is_numeric($lines)) {
       list ($from, $to) = explode('-', $lines);
-      $data = $redis->lRange('F2B_LOG', intval($from), intval($to));
+      $data = $redis->lRange('NETFILTER_LOG', intval($from), intval($to));
     }
     else {
-      $data = $redis->lRange('F2B_LOG', 0, intval($lines));
+      $data = $redis->lRange('NETFILTER_LOG', 0, intval($lines));
     }
     if ($data) {
       foreach ($data as $json_line) {
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index f3577d50..f059ced0 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "27012018_1721";
+    $db_version = "30012018_1521";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -21,10 +21,6 @@ function init_db_schema() {
       AND active = '1'
       AND address NOT LIKE '@%'
       GROUP BY goto;",
-    "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
-      SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
-      WHERE send_as NOT LIKE '@%'
-      GROUP BY logged_in_as;",
     "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
       SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
       LEFT OUTER JOIN alias_domain ON target_domain=domain
@@ -193,7 +189,6 @@ function init_db_schema() {
           "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "wants_tagged_subject" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
@@ -250,7 +245,8 @@ function init_db_schema() {
           "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "quarantaine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "recipient_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
         ),
         "keys" => array(
           "fkey" => array(
diff --git a/data/web/js/debug.js b/data/web/js/debug.js
index 48ebd5e9..4ffcc044 100644
--- a/data/web/js/debug.js
+++ b/data/web/js/debug.js
@@ -31,9 +31,9 @@ jQuery(function($){
     e.preventDefault();
     draw_acme_logs();
   });
-  $("#refresh_fail2ban_log").on('click', function(e) {
+  $("#refresh_netfilter_log").on('click', function(e) {
     e.preventDefault();
-    draw_fail2ban_logs();
+    draw_netfilter_logs();
   });
   $("#refresh_rspamd_history").on('click', function(e) {
     e.preventDefault();
@@ -206,8 +206,8 @@ jQuery(function($){
       }
     });
   }
-  function draw_fail2ban_logs() {
-    ft_fail2ban_logs = FooTable.init('#fail2ban_log', {
+  function draw_netfilter_logs() {
+    ft_netfilter_logs = FooTable.init('#netfilter_log', {
       "columns": [
         {"name":"time","formatter":function unix_time_format(tm) { var date = new Date(tm ? tm * 1000 : 0); return date.toLocaleString();},"title":lang.time,"style":{"width":"170px"}},
         {"name":"priority","title":lang.priority,"style":{"width":"80px"}},
@@ -215,10 +215,10 @@ jQuery(function($){
       ],
       "rows": $.ajax({
         dataType: 'json',
-        url: '/api/v1/get/logs/fail2ban',
+        url: '/api/v1/get/logs/netfilter',
         jsonp: false,
         error: function () {
-          console.log('Cannot draw fail2ban log table');
+          console.log('Cannot draw netfilter log table');
         },
         success: function (data) {
           return process_table_data(data, 'general_syslog');
@@ -497,7 +497,7 @@ jQuery(function($){
   draw_watchdog_logs();
   draw_acme_logs();
   draw_api_logs();
-  draw_fail2ban_logs();
+  draw_netfilter_logs();
   draw_rspamd_history();
 
-});
\ No newline at end of file
+});
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 8c2c5b44..9d6e9761 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -880,14 +880,14 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
                   echo '{}';
                 }
               break;
-              case "fail2ban":
+              case "netfilter":
                 // 0 is first record, so empty is fine
                 if (isset($extra)) {
                   $extra = preg_replace('/[^\d\-]/i', '', $extra);
-                  $logs = get_logs('fail2ban-mailcow', $extra);
+                  $logs = get_logs('netfilter-mailcow', $extra);
                 }
                 else {
-                  $logs = get_logs('fail2ban-mailcow');
+                  $logs = get_logs('netfilter-mailcow');
                 }
                 if (isset($logs) && !empty($logs)) {
                   echo json_encode($logs, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index a874eea1..71587fcf 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -666,3 +666,14 @@ $lang['mailbox']['bcc_to_rcpt'] = "Map empfängerabhängig verwenden";
 $lang['mailbox']['add_bcc_entry'] = "BCC-Eintrag hinzufügen";
 $lang['mailbox']['bcc_info'] = "Eine empfängerabhängige Map wird verwendet, wenn die BCC-Map Eintragung auf den Eingang einer E-Mail auf das lokale Ziel reagieren soll. Senderabhängige Maps verfahren nach dem gleichen Prinzip.<br/>
   Das lokale Ziel wird bei Fehlzustellungen an ein BCC-Ziel nicht informiert.";
+$lang['mailbox']['address_rewriting'] = 'Adressumschreibung';
+$lang['mailbox']['recipient_maps'] = 'Empfängerumschreibungen';
+$lang['mailbox']['recipient_map_info'] = 'Empfängerumschreibung ersetzen den Empfänger einer E-Mail vor dem Versand.';
+$lang['mailbox']['recipient_map_old'] = 'Original Empfänger';
+$lang['mailbox']['recipient_map_new'] = 'Neuer Empfänger';
+$lang['mailbox']['add_recipient_map_entry'] = 'Empfängerumschreibung hinzufügen';
+$lang['mailbox']['sender_maps'] = 'Senderumschreibungen';
+$lang['mailbox']['sender_map_info'] = 'Senderumschreibungen werden verwendet, um den Absender einer E-Mail noch vor dem Versand umzuschreiben.';
+$lang['mailbox']['sender_map_old'] = 'Original Absender';
+$lang['mailbox']['sender_map_new'] = 'Neuer Absender';
+$lang['mailbox']['add_sender_map_entry'] = 'Senderumschreibung hinzufügen';
\ No newline at end of file
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 41795bc3..50eb64f9 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -666,4 +666,9 @@ $lang['mailbox']['recipient_maps'] = 'Recipient maps';
 $lang['mailbox']['recipient_map_info'] = 'Recipient maps are used to replace the destination address on a message before it is delivered.';
 $lang['mailbox']['recipient_map_old'] = 'Original recipient';
 $lang['mailbox']['recipient_map_new'] = 'New recipient';
-$lang['mailbox']['add_recipient_map_entry'] = 'Add recipient map';
\ No newline at end of file
+$lang['mailbox']['add_recipient_map_entry'] = 'Add recipient map';
+$lang['mailbox']['sender_maps'] = 'Sender maps';
+$lang['mailbox']['sender_map_info'] = 'Sender maps are used to replace the sender address on a message before it is sent.';
+$lang['mailbox']['sender_map_old'] = 'Original sender';
+$lang['mailbox']['sender_map_new'] = 'New sender';
+$lang['mailbox']['add_sender_map_entry'] = 'Add sender map';
\ No newline at end of file

From 5862e4fb03ba04c373c141ff5c1b0c1d3c100ea3 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:29:54 +0100
Subject: [PATCH 007/107] [Helper] Nextcloud: Use correct IPv6 subnet

---
 data/assets/nextcloud/nextcloud.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/assets/nextcloud/nextcloud.conf b/data/assets/nextcloud/nextcloud.conf
index 2fa9d9d8..1e6c3726 100644
--- a/data/assets/nextcloud/nextcloud.conf
+++ b/data/assets/nextcloud/nextcloud.conf
@@ -54,7 +54,7 @@ server {
   gzip_min_length 256;
   gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
   gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-  set_real_ip_from fd00::/8;
+  set_real_ip_from fc00::/7;
   set_real_ip_from 10.0.0.0/8;
   set_real_ip_from 172.16.0.0/12;
   set_real_ip_from 192.168.0.0/16;

From 875b9294054ba7a3bb92101ea745643187795867 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:30:27 +0100
Subject: [PATCH 008/107] [Helper] Fail on curl error, add help

---
 helper-scripts/nextcloud.sh | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index a1b9eb5d..a1420f40 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -1,23 +1,32 @@
 #!/bin/bash
 
-[[ -z ${1} ]] && { echo "No parameters given"; exit 1; }
-
 for bin in curl dirmngr; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
+[[ -z ${1} ]] && NC_HELP=y
+
 while [ "$1" != '' ]; do
   case "${1}" in
     -p|--purge) NC_PURGE=y && shift;;
     -i|--install) NC_INSTALL=y && shift;;
+    -h|--help) NC_HELP=y && shift;;
     *) echo "Unknown parameter: ${1}" && shift;;
   esac
 done
 
+if [[ ${NC_HELP} == "y" ]]; then
+  printf 'Usage:\n\n'
+  printf '  -p|--purge\n    Purge Nextcloud\n'
+  printf '  -i|--install\n    Install Nextcloud\n\n'
+  exit 0
+fi
+
 [[ ${NC_PURGE} == "y" ]] && [[ ${NC_INSTALL} == "y" ]] && { echo "Cannot use -p and -i at the same time"; }
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-source ${SCRIPT_DIR}/../mailcow.conf
+cd ${SCRIPT_DIR}/../
+source mailcow.conf
 
 if [[ ${NC_PURGE} == "y" ]]; then
 
@@ -55,7 +64,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
 
 	ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-	curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-12.tar.bz2" \
+	curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-12.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
 	  && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
 	  && rm nextcloud.tar.bz2 \
 	  && rm -rf ./data/web/nextcloud/updater \

From 90fe52cc72692ad134c7f5dd90a94a4cf42d091c Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:32:28 +0100
Subject: [PATCH 009/107] [Update] Use correct subnet for IPv6, allow --ours
 parameter to merge by gits ours strategy [Update/config] Allow to set
 SNAT_TO_SOURCE

---
 generate_config.sh | 6 ++----
 update.sh          | 3 ---
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index 5b2d23f4..280d66c7 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -87,12 +87,10 @@ ADDITIONAL_SAN=
 
 # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
 SKIP_LETS_ENCRYPT=n
+
 # Skip IPv4 check in ACME container - y/n
 SKIP_IP_CHECK=n
 
-# Skip Fail2ban implementation (fail2ban-mailcow) - y/n
-SKIP_FAIL2BAN=n
-
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 SKIP_CLAMD=n
 
@@ -107,7 +105,7 @@ LOG_LINES=9999
 # Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)
 IPV4_NETWORK=172.22.1
 
-# Internal IPv6 subnet in fd00::/8
+# Internal IPv6 subnet in fc00::/7
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
 
diff --git a/update.sh b/update.sh
index 3054e757..d541e683 100755
--- a/update.sh
+++ b/update.sh
@@ -40,7 +40,6 @@ CONFIG_ARRAY=(
   "WATCHDOG_NOTIFY_EMAIL"
   "SKIP_CLAMD"
   "SKIP_IP_CHECK"
-  "SKIP_NETFILTER"
   "ADDITIONAL_SAN"
   "DOVEADM_PORT"
   "IPV4_NETWORK"
@@ -101,8 +100,6 @@ for option in ${CONFIG_ARRAY[@]}; do
   fi
 done
 
-sed -i 's#SKIP_FAIL2BAN#SKIP_NETFILTER#g' mailcow.conf
-
 echo -en "Checking internet connection... "
 curl -o /dev/null google.com -sm3
 if [[ $? != 0 ]]; then

From fd849681cc58b59fbbd47daba5c56549d09b4fd5 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:33:41 +0100
Subject: [PATCH 010/107] [Compose] Rename fail2ban to netfilter; Add SNAT
 option; New PHP-FPM image

---
 docker-compose.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4a6a53de..edebff71 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -91,7 +91,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.9
+      image: mailcow/phpfpm:1.10
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
@@ -287,9 +287,9 @@ services:
           aliases:
             - acme
 
-    fail2ban-mailcow:
-      image: mailcow/fail2ban:1.11
-      build: ./data/Dockerfiles/fail2ban
+    netfilter-mailcow:
+      image: mailcow/netfilter:1.11
+      build: ./data/Dockerfiles/netfilter
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -301,8 +301,8 @@ services:
       privileged: true
       environment:
         - TZ=${TZ}
-        - SKIP_FAIL2BAN=${SKIP_FAIL2BAN:-n}
         - IPV4_NETWORK=${IPV4_NETWORK}
+        - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
       network_mode: "host"
       dns:
         - ${IPV4_NETWORK}.254

From 5527d6fb946983193e008702ad48537d551c92e8 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:35:18 +0100
Subject: [PATCH 011/107] [Update] Assume worker-controller-password.inc as
 unchanged on update

---
 update.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/update.sh b/update.sh
index d541e683..335566bf 100755
--- a/update.sh
+++ b/update.sh
@@ -140,6 +140,7 @@ docker-compose down
 # Silently fixing remote url from andryyy to mailcow
 git remote set-url origin https://github.com/mailcow/mailcow-dockerized
 echo -e "\e[32mCommitting current status...\e[0m"
+git update-index --assume-unchanged data/conf/rspamd/override.d/worker-controller-password.inc
 git add -u
 git commit -am "Before update on ${DATE}" > /dev/null
 echo -e "\e[32mFetching updated code from remote...\e[0m"

From 70ac65d794b7a3bda0f40cf0d91cfb51250ad520 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:36:01 +0100
Subject: [PATCH 012/107] [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when
 request is not internal

---
 data/conf/nginx/site.conf | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 8a896264..84f27728 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -7,11 +7,12 @@ map $http_x_forwarded_proto $client_req_scheme {
      https https;
 }
 
-server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
-  include /etc/nginx/conf.d/server_name.active;
-  return 301 https://$host$request_uri;
+geo $non_internal {
+    default         1;
+    10.0.0.0/8      0;
+    172.16.0.0/12   0;
+    192.168.0.0/16  0;
+    fc00::/7        0;
 }
 
 server {
@@ -32,6 +33,10 @@ server {
   include /etc/nginx/conf.d/listen_plain.active;
   include /etc/nginx/conf.d/server_name.active;
 
+  if ($non_internal) {
+    return 302 https://$server_name$request_uri;
+  }
+
   error_log  /var/log/nginx/error.log;
   access_log /var/log/nginx/access.log;
   absolute_redirect off;
@@ -50,7 +55,7 @@ server {
   set_real_ip_from 10.0.0.0/8;
   set_real_ip_from 172.16.0.0/12;
   set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fd00::/8;
+  set_real_ip_from fc00::/7;
   real_ip_header X-Forwarded-For;
   real_ip_recursive on;
 
@@ -232,7 +237,7 @@ server {
   set_real_ip_from 10.0.0.0/8;
   set_real_ip_from 172.16.0.0/12;
   set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fd00::/8;
+  set_real_ip_from fc00::/7;
   real_ip_header X-Forwarded-For;
   real_ip_recursive on;
 

From 36cb6d288d6972ced2c7110ce1230b9c22c211c0 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:36:24 +0100
Subject: [PATCH 013/107] [Rspamd] Fix IPv6 subnet

---
 data/conf/rspamd/override.d/worker-controller.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/rspamd/override.d/worker-controller.inc b/data/conf/rspamd/override.d/worker-controller.inc
index 7f17485d..04c3f6a1 100644
--- a/data/conf/rspamd/override.d/worker-controller.inc
+++ b/data/conf/rspamd/override.d/worker-controller.inc
@@ -4,6 +4,6 @@ secure_ip = "172.16.0.0/12";
 secure_ip = "10.0.0.0/8";
 secure_ip = "127.0.0.1";
 secure_ip = "::1";
-secure_ip = "fd00::/8"
+secure_ip = "fc00::/7"
 .include(try=true; priority=10) "$CONFDIR/override.d/worker-controller-password.inc"
 .include(try=true; priority=20) "$CONFDIR/override.d/worker-controller.custom.inc" 

From d6cbe5b10abc283dc4b98bc6d8f3880d3686ea1e Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:37:50 +0100
Subject: [PATCH 014/107] [Unbound] Fix IPv6 subnet

---
 data/conf/unbound/unbound.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 16952ff2..b3c77671 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -11,7 +11,7 @@ server:
   access-control: 10.0.0.0/8 allow
   access-control: 172.16.0.0/12 allow
   access-control: 192.168.0.0/16 allow
-  access-control: fd00::/8 allow
+  access-control: fc00::/7 allow
   access-control: fe80::/10 allow
   directory: "/etc/unbound"
   username: unbound
@@ -20,7 +20,7 @@ server:
   private-address: 172.16.0.0/12
   private-address: 192.168.0.0/16
   private-address: 169.254.0.0/16
-  private-address: fd00::/8
+  private-address: fc00::/7
   private-address: fe80::/10
   root-hints: "/etc/unbound/root.hints"
   hide-identity: yes

From 0773448b3547b7ebea6e733424ee6aca921835ab Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:38:42 +0100
Subject: [PATCH 015/107] [Dockerapi] Fix jsonify output

---
 data/Dockerfiles/dockerapi/server.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/server.py b/data/Dockerfiles/dockerapi/server.py
index 7410c0ff..e0f43ef9 100644
--- a/data/Dockerfiles/dockerapi/server.py
+++ b/data/Dockerfiles/dockerapi/server.py
@@ -22,7 +22,7 @@ class containers_get(Resource):
         containers.update({container.attrs['Id']: container.attrs})
       return containers
     except Exception as e:
-      return jsonify(type='danger', msg=e)
+      return jsonify(type='danger', msg=str(e))
 
 class container_get(Resource):
   def get(self, container_id):
@@ -31,7 +31,7 @@ class container_get(Resource):
         for container in docker_client.containers.list(all=True, filters={"id": container_id}):
           return container.attrs
       except Exception as e:
-          return jsonify(type='danger', msg=e)
+          return jsonify(type='danger', msg=str(e))
     else:
       return jsonify(type='danger', msg='no or invalid id defined')
 
@@ -44,7 +44,7 @@ class container_post(Resource):
             container.stop()
           return jsonify(type='success', msg='command completed successfully')
         except Exception as e:
-          return jsonify(type='danger', msg=e)
+          return jsonify(type='danger', msg=str(e))
 
       elif post_action == 'start':
         try:
@@ -52,7 +52,7 @@ class container_post(Resource):
             container.start()
           return jsonify(type='success', msg='command completed successfully')
         except Exception as e:
-          return jsonify(type='danger', msg=e)
+          return jsonify(type='danger', msg=str(e))
 
       elif post_action == 'restart':
         try:
@@ -60,7 +60,7 @@ class container_post(Resource):
             container.restart()
           return jsonify(type='success', msg='command completed successfully')
         except Exception as e:
-          return jsonify(type='danger', msg=e)
+          return jsonify(type='danger', msg=str(e))
 
       elif post_action == 'exec':
 
@@ -72,13 +72,13 @@ class container_post(Resource):
             for container in docker_client.containers.list(filters={"id": container_id}):
               return container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
           except Exception as e:
-            return jsonify(type='danger', msg=e)
+            return jsonify(type='danger', msg=str(e))
         elif request.json['cmd'] == 'sieve_print' and request.json['script_name'] and request.json['username']:
           try:
             for container in docker_client.containers.list(filters={"id": container_id}):
               return container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"], user='vmail')
           except Exception as e:
-            return jsonify(type='danger', msg=e)
+            return jsonify(type='danger', msg=str(e))
         elif request.json['cmd'] == 'worker_password' and request.json['raw']:
           try:
             for container in docker_client.containers.list(filters={"id": container_id}):
@@ -89,7 +89,7 @@ class container_post(Resource):
               container.restart()
               return jsonify(type='success', msg='command completed successfully')
           except Exception as e:
-            return jsonify(type='danger', msg=e)
+            return jsonify(type='danger', msg=str(e))
 
         else:
           return jsonify(type='danger', msg='Unknown command')

From 38a819771bfdb49500f59048419c7ff170aa9737 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:39:27 +0100
Subject: [PATCH 016/107] [Netfilter] Rename fail2ban to netfilter, use
 iptables-python

---
 data/Dockerfiles/fail2ban/Dockerfile          |   8 -
 data/Dockerfiles/netfilter/Dockerfile         |   9 +
 .../logwatch.py => netfilter/server.py}       | 460 ++++++++++--------
 3 files changed, 277 insertions(+), 200 deletions(-)
 delete mode 100644 data/Dockerfiles/fail2ban/Dockerfile
 create mode 100644 data/Dockerfiles/netfilter/Dockerfile
 rename data/Dockerfiles/{fail2ban/logwatch.py => netfilter/server.py} (51%)

diff --git a/data/Dockerfiles/fail2ban/Dockerfile b/data/Dockerfiles/fail2ban/Dockerfile
deleted file mode 100644
index 26fe9414..00000000
--- a/data/Dockerfiles/fail2ban/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM python:2-alpine
-LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
-
-RUN apk add -U --no-cache iptables ip6tables
-RUN pip install redis ipaddress
-
-COPY logwatch.py /
-CMD ["python2", "-u", "/logwatch.py"]
diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile
new file mode 100644
index 00000000..fc75433e
--- /dev/null
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine:3.7
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+
+RUN apk add -U python2 python-dev py-pip gcc musl-dev iptables ip6tables \
+  && pip2 install --upgrade python-iptables redis ipaddress \
+  && apk del python-dev py2-pip gcc
+
+COPY server.py /
+CMD ["python2", "-u", "/server.py"]
diff --git a/data/Dockerfiles/fail2ban/logwatch.py b/data/Dockerfiles/netfilter/server.py
similarity index 51%
rename from data/Dockerfiles/fail2ban/logwatch.py
rename to data/Dockerfiles/netfilter/server.py
index e6f6d099..93e62b58 100644
--- a/data/Dockerfiles/fail2ban/logwatch.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -1,192 +1,268 @@
-#!/usr/bin/env python2
-
-import re
-import os
-import time
-import atexit
-import signal
-import ipaddress
-import subprocess
-from threading import Thread
-import redis
-import time
-import json
-
-yes_regex = re.compile(r'([yY][eE][sS]|[yY])+$')
-if re.search(yes_regex, os.getenv('SKIP_FAIL2BAN', 0)):
-  print 'SKIP_FAIL2BAN=y, Skipping Fail2ban container...'
-  time.sleep(31536000)
-  raise SystemExit
-
-r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
-pubsub = r.pubsub()
-
-RULES = {}
-RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
-RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
-
-r.setnx('F2B_BAN_TIME', '1800')
-r.setnx('F2B_MAX_ATTEMPTS', '10')
-r.setnx('F2B_RETRY_WINDOW', '600')
-r.setnx('F2B_NETBAN_IPV6', '64')
-r.setnx('F2B_NETBAN_IPV4', '24')
-
-bans = {}
-log = {}
-quit_now = False
-
-def ban(address):
-  BAN_TIME = int(r.get('F2B_BAN_TIME'))
-  MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
-  RETRY_WINDOW = int(r.get('F2B_RETRY_WINDOW'))
-  WHITELIST = r.hgetall('F2B_WHITELIST')
-  NETBAN_IPV6 = '/' + str(r.get('F2B_NETBAN_IPV6'))
-  NETBAN_IPV4 = '/' + str(r.get('F2B_NETBAN_IPV4'))
-
-  ip = ipaddress.ip_address(address.decode('ascii'))
-  if type(ip) is ipaddress.IPv6Address and ip.ipv4_mapped:
-    ip = ip.ipv4_mapped
-    address = str(ip)
-  if ip.is_private or ip.is_loopback:
-    return
-
-  self_network = ipaddress.ip_network(address.decode('ascii'))
-  if WHITELIST:
-    for wl_key in WHITELIST:
-      wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
-      if wl_net.overlaps(self_network):
-        log['time'] = int(round(time.time()))
-        log['priority'] = 'info'
-        log['message'] = 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
-        r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-        print 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
-        return
-
-  net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)).decode('ascii'), strict=False)
-  net = str(net)
-
-  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
-    bans[net] = { 'attempts': 0 }
-    active_window = RETRY_WINDOW
-  else:
-    active_window = time.time() - bans[net]['last_attempt']
-
-  bans[net]['attempts'] += 1
-  bans[net]['last_attempt'] = time.time()
-
-  active_window = time.time() - bans[net]['last_attempt']
-
-  if bans[net]['attempts'] >= MAX_ATTEMPTS:
-    log['time'] = int(round(time.time()))
-    log['priority'] = 'crit'
-    log['message'] = 'Banning %s' % net
-    r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-    print 'Banning %s for %d minutes' % (net, BAN_TIME / 60)
-    if type(ip) is ipaddress.IPv4Address:
-      subprocess.call(['iptables', '-I', 'INPUT', '-s', net, '-j', 'REJECT'])
-      subprocess.call(['iptables', '-I', 'FORWARD', '-s', net, '-j', 'REJECT'])
-    else:
-      subprocess.call(['ip6tables', '-I', 'INPUT', '-s', net, '-j', 'REJECT'])
-      subprocess.call(['ip6tables', '-I', 'FORWARD', '-s', net, '-j', 'REJECT'])
-    r.hset('F2B_ACTIVE_BANS', '%s' % net, log['time'] + BAN_TIME)
-  else:
-    log['time'] = int(round(time.time()))
-    log['priority'] = 'warn'
-    log['message'] = '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
-    r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-    print '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
-
-def unban(net):
-  log['time'] = int(round(time.time()))
-  log['priority'] = 'info'
-  r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-  if not net in bans:
-    log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
-    r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-    print '%s is not banned, skipping unban and deleting from queue (if any)' % net
-    r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
-    return
-  log['message'] = 'Unbanning %s' % net
-  r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-  print 'Unbanning %s' % net
-  if type(ipaddress.ip_network(net.decode('ascii'))) is ipaddress.IPv4Network:
-    subprocess.call(['iptables', '-D', 'INPUT', '-s', net, '-j', 'REJECT'])
-    subprocess.call(['iptables', '-D', 'FORWARD', '-s', net, '-j', 'REJECT'])
-  else:
-    subprocess.call(['ip6tables', '-D', 'INPUT', '-s', net, '-j', 'REJECT'])
-    subprocess.call(['ip6tables', '-D', 'FORWARD', '-s', net, '-j', 'REJECT'])
-  r.hdel('F2B_ACTIVE_BANS', '%s' % net)
-  r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
-  del bans[net]
-
-def quit(signum, frame):
-  global quit_now
-  quit_now = True
-
-def clear():
-  log['time'] = int(round(time.time()))
-  log['priority'] = 'info'
-  log['message'] = 'Clearing all bans'
-  r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-  print 'Clearing all bans'
-  for net in bans.copy():
-    unban(net)
-  pubsub.unsubscribe()
-
-def watch():
-  log['time'] = int(round(time.time()))
-  log['priority'] = 'info'
-  log['message'] = 'Watching Redis channel F2B_CHANNEL'
-  r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-  pubsub.subscribe('F2B_CHANNEL')
-  print 'Subscribing to Redis channel F2B_CHANNEL'
-  while True:
-    for item in pubsub.listen():
-      for rule_id, rule_regex in RULES.iteritems():
-        if item['data'] and item['type'] == 'message':
-          result = re.search(rule_regex, item['data'])
-          if result:
-            addr = result.group(1)
-            ip = ipaddress.ip_address(addr.decode('ascii'))
-            if ip.is_private or ip.is_loopback:
-              continue
-            print '%s matched rule id %d' % (addr, rule_id)
-            log['time'] = int(round(time.time()))
-            log['priority'] = 'warn'
-            log['message'] = '%s matched rule id %d' % (addr, rule_id)
-            r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
-            ban(addr)
-
-def autopurge():
-  while not quit_now:
-    BAN_TIME = int(r.get('F2B_BAN_TIME'))
-    MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
-    QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
-    if QUEUE_UNBAN:
-      for net in QUEUE_UNBAN:
-        unban(str(net))
-    for net in bans.copy():
-      if bans[net]['attempts'] >= MAX_ATTEMPTS:
-        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
-          unban(net)
-    time.sleep(10)
-
-if __name__ == '__main__':
-
-  watch_thread = Thread(target=watch)
-  watch_thread.daemon = True
-  watch_thread.start()
-
-  autopurge_thread = Thread(target=autopurge)
-  autopurge_thread.daemon = True
-  autopurge_thread.start()
-
-  signal.signal(signal.SIGTERM, quit)
-  atexit.register(clear)
-
-  while not quit_now:
-    time.sleep(0.5)
+#!/usr/bin/env python2
+
+import re
+import os
+import time
+import atexit
+import signal
+import ipaddress
+import subprocess
+from threading import Thread
+import redis
+import time
+import json
+import iptc
+
+r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
+pubsub = r.pubsub()
+
+RULES = {}
+RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
+RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
+
+if not r.get('F2B_OPTIONS'):
+  f2options['ban_time'] = int(r.get('F2B_BAN_TIME')) or 1800
+  f2options['max_attempts'] = int(r.get('F2B_MAX_ATTEMPTS')) or 10
+  f2options['retry_window'] = int(r.get('F2B_RETRY_WINDOW')) or 600
+  f2options['netban_ipv4'] = int(r.get('F2B_NETBAN_IPV4')) or 24
+  f2options['netban_ipv6'] = int(r.get('F2B_NETBAN_IPV6')) or 64
+  r.set('F2B_OPTIONS', json.dumps(f2options, ensure_ascii=False))
+else:
+  try:
+    f2options = json.loads(r.get('F2B_OPTIONS'))
+  except ValueError, e:
+    print 'Error loading F2B options: F2B_OPTIONS is not json'
+    raise SystemExit(1)
+
+if r.exists('F2B_LOG'):
+  r.rename('F2B_LOG', 'NETFILTER_LOG')
+
+bans = {}
+log = {}
+quit_now = False
+
+def ban(address):
+  BAN_TIME = int(f2options['ban_time'])
+  MAX_ATTEMPTS = int(f2options['max_attempts'])
+  RETRY_WINDOW = int(f2options['retry_window'])
+  NETBAN_IPV4 = '/' + str(f2options['netban_ipv4'])
+  NETBAN_IPV6 = '/' + str(f2options['netban_ipv6'])
+  WHITELIST = r.hgetall('F2B_WHITELIST')
+
+  ip = ipaddress.ip_address(address.decode('ascii'))
+  if type(ip) is ipaddress.IPv6Address and ip.ipv4_mapped:
+    ip = ip.ipv4_mapped
+    address = str(ip)
+  if ip.is_private or ip.is_loopback:
+    return
+
+  self_network = ipaddress.ip_network(address.decode('ascii'))
+  if WHITELIST:
+    for wl_key in WHITELIST:
+      wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
+      if wl_net.overlaps(self_network):
+        log['time'] = int(round(time.time()))
+        log['priority'] = 'info'
+        log['message'] = 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
+        r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+        print 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
+        return
+
+  net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)).decode('ascii'), strict=False)
+  net = str(net)
+
+  if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
+    bans[net] = { 'attempts': 0 }
+    active_window = RETRY_WINDOW
+  else:
+    active_window = time.time() - bans[net]['last_attempt']
+
+  bans[net]['attempts'] += 1
+  bans[net]['last_attempt'] = time.time()
+
+  active_window = time.time() - bans[net]['last_attempt']
+
+  if bans[net]['attempts'] >= MAX_ATTEMPTS:
+    log['time'] = int(round(time.time()))
+    log['priority'] = 'crit'
+    log['message'] = 'Banning %s' % net
+    r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+    print 'Banning %s for %d minutes' % (net, BAN_TIME / 60)
+    if type(ip) is ipaddress.IPv4Address:
+      for c in ['INPUT', 'FORWARD']:
+        chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), c)
+        rule = iptc.Rule()
+        rule.src = net
+        target = iptc.Target(rule, "REJECT")
+        rule.target = target
+        if rule not in chain.rules:
+          chain.insert_rule(rule)
+    else:
+      for c in ['INPUT', 'FORWARD']:
+        chain = iptc.Chain(iptc.Table6(iptc.Table6.FILTER), c)
+        rule = iptc.Rule6()
+        rule.src = net
+        target = iptc.Target(rule, "REJECT")
+        rule.target = target
+        if rule not in chain.rules:
+          chain.insert_rule(rule)
+    r.hset('F2B_ACTIVE_BANS', '%s' % net, log['time'] + BAN_TIME)
+  else:
+    log['time'] = int(round(time.time()))
+    log['priority'] = 'warn'
+    log['message'] = '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
+    r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+    print '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
+
+def unban(net):
+  log['time'] = int(round(time.time()))
+  log['priority'] = 'info'
+  r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+  #if not net in bans:
+  #  log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
+  #  r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+  #  print '%s is not banned, skipping unban and deleting from queue (if any)' % net
+  #  r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
+  #  return
+  log['message'] = 'Unbanning %s' % net
+  r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+  print 'Unbanning %s' % net
+  if type(ipaddress.ip_network(net.decode('ascii'))) is ipaddress.IPv4Network:
+    for c in ['INPUT', 'FORWARD']:
+      chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), c)
+      rule = iptc.Rule()
+      rule.src = net
+      target = iptc.Target(rule, "REJECT")
+      rule.target = target
+      if rule in chain.rules:
+        chain.delete_rule(rule)
+  else:
+    for c in ['INPUT', 'FORWARD']:
+      chain = iptc.Chain(iptc.Table6(iptc.Table6.FILTER), c)
+      rule = iptc.Rule6()
+      rule.src = net
+      target = iptc.Target(rule, "REJECT")
+      rule.target = target
+      if rule in chain.rules:
+        chain.delete_rule(rule)
+  r.hdel('F2B_ACTIVE_BANS', '%s' % net)
+  r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
+  if net in bans:
+    del bans[net]
+
+def quit(signum, frame):
+  global quit_now
+  quit_now = True
+
+def clear():
+  log['time'] = int(round(time.time()))
+  log['priority'] = 'info'
+  log['message'] = 'Clearing all bans'
+  r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+  print 'Clearing all bans'
+  for net in bans.copy():
+    unban(net)
+  pubsub.unsubscribe()
+
+def watch():
+  log['time'] = int(round(time.time()))
+  log['priority'] = 'info'
+  log['message'] = 'Watching Redis channel F2B_CHANNEL'
+  r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+  pubsub.subscribe('F2B_CHANNEL')
+  print 'Subscribing to Redis channel F2B_CHANNEL'
+  while True:
+    for item in pubsub.listen():
+      for rule_id, rule_regex in RULES.iteritems():
+        if item['data'] and item['type'] == 'message':
+          result = re.search(rule_regex, item['data'])
+          if result:
+            addr = result.group(1)
+            ip = ipaddress.ip_address(addr.decode('ascii'))
+            if ip.is_private or ip.is_loopback:
+              continue
+            print '%s matched rule id %d' % (addr, rule_id)
+            log['time'] = int(round(time.time()))
+            log['priority'] = 'warn'
+            log['message'] = '%s matched rule id %d' % (addr, rule_id)
+            r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+            ban(addr)
+
+def snat(snat_target):
+  def get_snat_rule():
+    rule = iptc.Rule()
+    rule.position = 1
+    rule.src = os.getenv('IPV4_NETWORK', '172.22.1') + '.0/24'
+    rule.dst = '!' + rule.src
+    target = rule.create_target("SNAT")
+    target.to_source = snat_target
+    return rule
+
+  while True:
+    table = iptc.Table('nat')
+    table.autocommit = False
+    chain = iptc.Chain(table, 'POSTROUTING')
+    if get_snat_rule() not in chain.rules:
+      log['time'] = int(round(time.time()))
+      log['priority'] = 'info'
+      log['message'] = 'Added POSTROUTING rule for source network ' + get_snat_rule().src + ' to SNAT target ' + snat_target
+      r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
+      print log['message']
+      chain.insert_rule(get_snat_rule())
+      table.commit()
+      table.refresh()
+    time.sleep(10)
+
+def autopurge():
+  while not quit_now:
+    BAN_TIME = int(r.get('F2B_BAN_TIME'))
+    MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
+    QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
+    if QUEUE_UNBAN:
+      for net in QUEUE_UNBAN:
+        unban(str(net))
+    for net in bans.copy():
+      if bans[net]['attempts'] >= MAX_ATTEMPTS:
+        if time.time() - bans[net]['last_attempt'] > BAN_TIME:
+          unban(net)
+    time.sleep(10)
+
+def cleanPrevious():
+  print "Cleaning previously cached bans"
+  F2B_ACTIVE_BANS = r.hgetall('F2B_ACTIVE_BANS')
+  if F2B_ACTIVE_BANS:
+   for net in F2B_ACTIVE_BANS:
+     unban(str(net))
+
+if __name__ == '__main__':
+
+  cleanPrevious()
+
+  watch_thread = Thread(target=watch)
+  watch_thread.daemon = True
+  watch_thread.start()
+
+  if os.getenv('SNAT_TO_SOURCE'):
+    try:
+      snat_ip = os.getenv('SNAT_TO_SOURCE').decode('ascii')
+      snat_ipo = ipaddress.ip_address(snat_ip)
+      if type(snat_ipo) is ipaddress.IPv4Address:
+        snat_thread = Thread(target=snat,args=(snat_ip,))
+        snat_thread.daemon = True
+        snat_thread.start()
+    except ValueError:
+      print os.getenv('SNAT_TO_SOURCE') + ' is not a valid IPv4 address'
+
+  autopurge_thread = Thread(target=autopurge)
+  autopurge_thread.daemon = True
+  autopurge_thread.start()
+
+  signal.signal(signal.SIGTERM, quit)
+  atexit.register(clear)
+
+  while not quit_now:
+    time.sleep(0.5)

From f4ae354c0cc16d6f916b0dbe7a8bbe4889e5ce2d Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:40:13 +0100
Subject: [PATCH 017/107] [SOGo] Do not try to use foreign mailboxes as alias

---
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 59877927..301dd562 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -18,10 +18,9 @@ done
 mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
 
 mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
-CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, sa_aliases, ad_aliases, home, kind, multiple_bookings) AS
-SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gsa.send_as_acl, ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
+CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, home, kind, multiple_bookings) AS
+SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
 LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
-LEFT OUTER JOIN grouped_sender_acl gsa ON gsa.username = mailbox.username
 LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
 WHERE mailbox.active = '1'
 GROUP BY mailbox.username;
@@ -69,7 +68,6 @@ while read line
                     <key>MailFieldNames</key>
                     <array>
                         <string>aliases</string>
-                        <string>sa_aliases</string>
                         <string>ad_aliases</string>
                     </array>
                     <key>KindFieldName</key>

From a0d9efba00c319f26a670066fa2bbfabe7ad3c5d Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 13:40:59 +0100
Subject: [PATCH 018/107] [PHP-FPM] Remove old migration scripts

---
 data/Dockerfiles/phpfpm/docker-entrypoint.sh | 54 --------------------
 1 file changed, 54 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
index dc4197b4..8e8d507c 100755
--- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh
+++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh
@@ -15,7 +15,6 @@ until [ $(redis-cli -h redis-mailcow PING) == "PONG" ]; do
 done
 
 # Migrate domain map
-
 declare -a DOMAIN_ARR
 redis-cli -h redis-mailcow DEL DOMAIN_MAP
 while read line
@@ -34,57 +33,4 @@ for domain in "${DOMAIN_ARR[@]}"; do
 done
 fi
 
-# Migrate tag settings map
-
-declare -a SUBJ_TAG_ARR
-redis-cli -h redis-mailcow DEL SUBJ_TAG_ARR
-while read line
-do
-  SUBJ_TAG_ARR+=("$line")
-done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT username FROM mailbox WHERE wants_tagged_subject='1'" -Bs)
-
-if [[ ! -z ${SUBJ_TAG_ARR} ]]; then
-for user in "${SUBJ_TAG_ARR[@]}"; do
-  redis-cli -h redis-mailcow HSET RCPT_WANTS_SUBJECT_TAG ${user} 1
-  mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE mailbox SET wants_tagged_subject='2' WHERE username = '${user}'"
-done
-fi
-
-# Migrate DKIM keys
-
-for file in $(ls /data/dkim/keys/); do
-  domain=${file%.dkim}
-  if [[ -f /data/dkim/txt/${file} ]]; then
-    redis-cli -h redis-mailcow HSET DKIM_PUB_KEYS "${domain}" "$(cat /data/dkim/txt/${file})"
-    redis-cli -h redis-mailcow HSET DKIM_PRIV_KEYS "dkim.${domain}" "$(cat /data/dkim/keys/${file})"
-    redis-cli -h redis-mailcow HSET DKIM_SELECTORS "${domain}" "dkim"
-  fi
-  rm /data/dkim/{keys,txt}/${file}
-done
-
-# Fix DKIM keys
-
-# Fetch domains
-declare -a DOMAIN_ARRAY
-while read line
-do
- DOMAIN_ARRAY+=("$line")
-done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
-while read line
-do
- DOMAIN_ARRAY+=("$line")
-done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
-
-# Loop through array and fix keys
-if [[ ! -z ${DOMAIN_ARRAY} ]]; then
- for domain in "${DOMAIN_ARRAY[@]}"; do
-   WRONG_KEY=$(redis-cli -h redis-mailcow HGET DKIM_PRIV_KEYS ${domain} | tr -d \")
-   if [[ ! -z ${WRONG_KEY} ]]; then
-     echo "Migrating defect key for domain ${domain}"
-     redis-cli -h redis-mailcow HSET DKIM_PRIV_KEYS "dkim.${domain}" ${WRONG_KEY}
-     redis-cli -h redis-mailcow HDEL DKIM_PRIV_KEYS "${domain}"
-   fi
- done
-fi
-
 exec "$@"

From 631214d601e68666608c946c33ea97a95bf5afa4 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 18:23:05 +0100
Subject: [PATCH 019/107] [Compose] New images

---
 docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index edebff71..4d4a926c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -91,7 +91,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.10
+      image: mailcow/phpfpm:1.11
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
@@ -129,7 +129,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.15
+      image: mailcow/sogo:1.16
       build: ./data/Dockerfiles/sogo
       environment:
         - DBNAME=${DBNAME}
@@ -332,7 +332,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.6
+      image: mailcow/dockerapi:1.7
       restart: always
       build: ./data/Dockerfiles/dockerapi
       oom_score_adj: -10

From 6be0577638ec384d21776cb30e2d868b6abdcca2 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 21:45:49 +0100
Subject: [PATCH 020/107] [Compose] Allow to disable IPv6

---
 docker-compose.yml | 30 ++++++++++++++++++++++++++++++
 generate_config.sh |  5 +++++
 update.sh          | 10 ++++++++++
 3 files changed, 45 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 4d4a926c..69624805 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,8 @@ services:
       volumes:
         - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           ipv4_address: ${IPV4_NETWORK}.254
@@ -30,6 +32,8 @@ services:
       restart: always
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           aliases:
@@ -44,6 +48,8 @@ services:
         - TZ=${TZ}
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           ipv4_address: ${IPV4_NETWORK}.249
@@ -61,6 +67,8 @@ services:
         - ./data/conf/clamav/:/etc/clamav/
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
           aliases:
@@ -82,6 +90,8 @@ services:
         - dkim-vol-1:/data/dkim
         - rspamd-vol-1:/var/lib/rspamd
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       hostname: rspamd
@@ -121,6 +131,8 @@ services:
         - SMTPS_PORT=${SMTPS_PORT:-465}
         - SMTP_PORT=${SMTP_PORT:-25}
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -141,6 +153,8 @@ services:
       volumes:
         - ./data/conf/sogo/:/etc/sogo/
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -180,6 +194,8 @@ services:
           hard: 40000
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
       networks:
         mailcow-network:
@@ -209,6 +225,8 @@ services:
       restart: always
       dns:
         - ${IPV4_NETWORK}.254
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
       networks:
         mailcow-network:
@@ -218,6 +236,8 @@ services:
     memcached-mailcow:
       image: memcached:alpine
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -253,6 +273,8 @@ services:
         - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
         - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
       restart: always
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       networks:
@@ -266,6 +288,8 @@ services:
         - mysql-mailcow
       image: mailcow/acme:1.28
       build: ./data/Dockerfiles/acme
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       environment:
@@ -304,6 +328,8 @@ services:
         - IPV4_NETWORK=${IPV4_NETWORK}
         - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
       network_mode: "host"
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
         - ${IPV4_NETWORK}.254
       volumes:
@@ -314,6 +340,8 @@ services:
       # Debug
       #command: /watchdog.sh
       build: ./data/Dockerfiles/watchdog
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       volumes:
         - vmail-vol-1:/vmail:ro
       restart: always
@@ -335,6 +363,8 @@ services:
       image: mailcow/dockerapi:1.7
       restart: always
       build: ./data/Dockerfiles/dockerapi
+      sysctls:
+        - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       oom_score_adj: -10
       environment:
         - TZ=${TZ}
diff --git a/generate_config.sh b/generate_config.sh
index 280d66c7..b3a71f2c 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -108,6 +108,11 @@ IPV4_NETWORK=172.22.1
 # Internal IPv6 subnet in fc00::/7
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
+# Disable IPv6
+# mailcow-network will still be created as IPv6 enabled, all containers will be created
+# without IPv6 support.
+# Use 1 for disabled, 0 for enabled
+SYSCTL_IPV6_DISABLED=0
 
 EOF
 
diff --git a/update.sh b/update.sh
index 335566bf..788b9e82 100755
--- a/update.sh
+++ b/update.sh
@@ -46,6 +46,7 @@ CONFIG_ARRAY=(
   "IPV6_NETWORK"
   "LOG_LINES"
   "SNAT_TO_SOURCE"
+  "SYSCTL_IPV6_DISABLED"
 )
 
 sed -i '$a\' mailcow.conf
@@ -55,6 +56,15 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "${option}=" >> mailcow.conf
     fi
+  if [[ ${option} == "SYSCTL_IPV6_DISABLED" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo "# Disable IPv6" >> mailcow.conf
+      echo "# mailcow-network will still be created as IPv6 enabled, all containers will be created" >> mailcow.conf
+      echo "# without IPv6 support." >> mailcow.conf
+      echo "# Use 1 for disabled, 0 for enabled" >> mailcow.conf
+      echo "SYSCTL_IPV6_DISABLED=0" >> mailcow.conf
+    fi
   elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"

From 96c0fbe78fa6ff673a18c46d5fbb16f0e2f2eb07 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 21:51:23 +0100
Subject: [PATCH 021/107] [Update] Remove dc_params

---
 update.sh | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/update.sh b/update.sh
index 788b9e82..37acbdce 100755
--- a/update.sh
+++ b/update.sh
@@ -8,7 +8,6 @@ set -o pipefail
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
 BRANCH=$(git rev-parse --abbrev-ref HEAD)
-declare -a DC_PARAMS
 
 while (($#)); do
   case "${1}" in
@@ -23,9 +22,6 @@ while (($#)); do
         exit 3
       fi
     ;;
-    --no-start)
-      DC_PARAMS=(${DC_PARAMS[@]} "--no-start")
-    ;;
     --ours)
       MERGE_STRATEGY=ours
     ;;
@@ -198,7 +194,7 @@ cp -n data/assets/ssl-example/*.pem data/assets/ssl/
 
 echo -e "\e[32mStarting mailcow...\e[0m"
 sleep 2
-docker-compose up -d --remove-orphans ${DC_PARAMS[@]}
+docker-compose up -d --remove-orphans
 
 echo -e "\e[32mCollecting garbage...\e[0m"
 IMGS_TO_DELETE=()

From c5f9b065f6cc2c5b1978b7e30db55f3c241446af Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 22:27:48 +0100
Subject: [PATCH 022/107] [Dovecot] Fixes CVE-2017-15132

---
 data/Dockerfiles/dovecot/Dockerfile | 1 +
 docker-compose.yml                  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index 10604748..aec56676 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -65,6 +65,7 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
 
 RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
   && cd dovecot-$DOVECOT_VERSION \
+  && sed '/call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);/a   pool_unref(&request->pool);' src/lib-auth/auth-client-request.c \
   && ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
   && make -j3 \
   && make install \
diff --git a/docker-compose.yml b/docker-compose.yml
index 69624805..dfa5cba7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -163,7 +163,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.18
+      image: mailcow/dovecot:1.19
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE

From cf1e46723a76565c0a9dbf682f6dfd7a68882452 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Thu, 1 Feb 2018 23:37:10 +0100
Subject: [PATCH 023/107] [Dovecot] Fixes CVE-2017-15132 - take 2

---
 data/Dockerfiles/dovecot/Dockerfile | 4 +++-
 docker-compose.yml                  | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index aec56676..8afb72d6 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -65,7 +65,9 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
 
 RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
   && cd dovecot-$DOVECOT_VERSION \
-  && sed '/call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);/a   pool_unref(&request->pool);' src/lib-auth/auth-client-request.c \
+  && curl -o src/lib-auth/auth-client-request.c https://mailcow.email/dovecot-patch1/auth-client-request.c \
+  && curl -o src/lib-auth/auth-server-connection.c https://mailcow.email/dovecot-patch1/auth-server-connection.c \
+  && curl -o src/lib-auth/auth-server-connection.h https://mailcow.email/dovecot-patch1/auth-server-connection.h \
   && ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
   && make -j3 \
   && make install \
diff --git a/docker-compose.yml b/docker-compose.yml
index dfa5cba7..23d16949 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -163,7 +163,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.19
+      image: mailcow/dovecot:1.20
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE

From 64fbc735829e405e676a03603f9fa0818cdf22f8 Mon Sep 17 00:00:00 2001
From: Alireza <alireza@amouzadeh.net>
Date: Fri, 2 Feb 2018 17:42:19 +0330
Subject: [PATCH 024/107] Added expires directive and map to nginx, allowing
 browser to cache rspamd JS,CSS and image files.

---
 data/conf/nginx/site.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 8a896264..cf81c0b0 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -7,6 +7,13 @@ map $http_x_forwarded_proto $client_req_scheme {
      https https;
 }
 
+map $sent_http_content_type $expires {
+        default off;
+        text/css 1d;
+        application/javascript 1d;
+        ~image/ 1d;
+}
+
 server {
   listen 80 default_server;
   listen [::]:80 default_server;
@@ -81,6 +88,7 @@ server {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_redirect off;
+    expires $expires;
   }
 
   location ~* ^/Autodiscover/Autodiscover.xml {
@@ -263,6 +271,7 @@ server {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_redirect off;
+    expires $expires;
   }
 
   location ~* ^/Autodiscover/Autodiscover.xml {

From 1b898b1c7b6edb564a5980e3d22e11ffbf7370c2 Mon Sep 17 00:00:00 2001
From: Alireza <alireza@amouzadeh.net>
Date: Fri, 2 Feb 2018 17:46:49 +0330
Subject: [PATCH 025/107] Added expires directive and map to nginx, allowing
 browser to cache rspamd JS,CSS and image files.

---
 data/conf/nginx/site.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index cf81c0b0..25516fda 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -9,9 +9,11 @@ map $http_x_forwarded_proto $client_req_scheme {
 
 map $sent_http_content_type $expires {
         default off;
+        text/html off;
         text/css 1d;
         application/javascript 1d;
-        ~image/ 1d;
+        application/json off;
+        image/png       1d;
 }
 
 server {

From 781a5eb69aa650414e2d125e7696173c38137c4e Mon Sep 17 00:00:00 2001
From: Alireza <alireza@amouzadeh.net>
Date: Fri, 2 Feb 2018 18:38:18 +0330
Subject: [PATCH 026/107] Added expires directive and map to nginx, allowing
 browser to cache SOGO JS,CSS,WOFF files.

---
 data/conf/nginx/site.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 25516fda..72f8a5af 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -161,6 +161,7 @@ server {
     proxy_cache_valid 200 1d;
     proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
     #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+    expires $expires;
     allow all;
   }
 
@@ -171,6 +172,7 @@ server {
     proxy_cache_valid 200 1d;
     proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
     #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+    expires $expires;
     allow all;
   }
 
@@ -344,6 +346,7 @@ server {
     proxy_cache_valid 200 1d;
     proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
     #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+    expires $expires;
     allow all;
   }
 
@@ -354,6 +357,7 @@ server {
     proxy_cache_valid 200 1d;
     proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
     #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+    expires $expires;
     allow all;
   }
 

From 9069a6f35832961ed64b054857b791ad72363d9c Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Sat, 3 Feb 2018 07:47:52 +0100
Subject: [PATCH 027/107] [Postfix] BCC destination must be single email
 address, fixes #993

---
 .../inc/functions.address_rewriting.inc.php   | 28 ++++++-------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/data/web/inc/functions.address_rewriting.inc.php b/data/web/inc/functions.address_rewriting.inc.php
index 9dbc5673..b731e16b 100644
--- a/data/web/inc/functions.address_rewriting.inc.php
+++ b/data/web/inc/functions.address_rewriting.inc.php
@@ -15,7 +15,7 @@ function bcc($_action, $_data = null, $attr = null) {
         return false;
       }
       $local_dest = strtolower(trim($_data['local_dest']));
-      $bcc_dest = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['bcc_dest']));
+      $bcc_dest = $_data['bcc_dest'];
       $active = intval($_data['active']);
       $type = $_data['type'];
       if ($type != 'sender' && $type != 'rcpt') {
@@ -60,18 +60,10 @@ function bcc($_action, $_data = null, $attr = null) {
       else {
         return false;
       }
-      foreach ($bcc_dest as &$bcc_dest_e) {
-        if (!filter_var($bcc_dest_e, FILTER_VALIDATE_EMAIL)) {
-          $bcc_dest_e = null;;
-        }
-        $bcc_dest_e = strtolower($bcc_dest_e);
-      }
-      $bcc_dest = array_filter($bcc_dest);
-      $bcc_dest = implode(",", $bcc_dest);
-      if (empty($bcc_dest)) {
+      if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
         $_SESSION['return'] = array(
           'type' => 'danger',
-          'msg' => 'BCC map destination cannot be empty'
+          'msg' => 'BCC map must be a valid email address'
         );
         return false;
       }
@@ -142,16 +134,14 @@ function bcc($_action, $_data = null, $attr = null) {
           );
           return false;
         }
-        $bcc_dest = array_map('trim', preg_split( "/( |,|;|\n)/", $bcc_dest));
         $active = intval($_data['active']);
-        foreach ($bcc_dest as &$bcc_dest_e) {
-          if (!filter_var($bcc_dest_e, FILTER_VALIDATE_EMAIL)) {
-            $bcc_dest_e = null;;
-          }
-          $bcc_dest_e = strtolower($bcc_dest_e);
+        if (!filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
+          $_SESSION['return'] = array(
+            'type' => 'danger',
+            'msg' => 'BCC map must be a valid email address'
+          );
+          return false;
         }
-        $bcc_dest = array_filter($bcc_dest);
-        $bcc_dest = implode(",", $bcc_dest);
         if (empty($bcc_dest)) {
           $_SESSION['return'] = array(
             'type' => 'danger',

From 0e7cd4eeebf5e6db2572b7f94f1be297e7e0c293 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Sat, 3 Feb 2018 07:49:31 +0100
Subject: [PATCH 028/107] [Postfix] BCC destination must be single email
 address, fixes #993

---
 data/web/edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index 1611a6af..8049386a 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -621,7 +621,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
               <label class="control-label col-sm-2" for="bcc_dest">BCC destination</label>
               <div class="col-sm-10">
                 <textarea id="bcc_dest" class="form-control" autocapitalize="none" autocorrect="off" rows="10" id="bcc_dest" name="bcc_dest" required><?=$result['bcc_dest'];?></textarea>
-                <small>BCC destinations can only be valid email addresses. Separated by whitespace, semicolon, new line or comma.</small>
+                <small>BCC destination must be a single valid email address.</small>
               </div>
             </div>
             <div class="form-group">

From 3feabe00a287c56ab73e206bb16f27a0371c86d3 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Sat, 3 Feb 2018 19:13:15 +0100
Subject: [PATCH 029/107] [Web] Fixes TLSA for self-signed certs, closes #997

---
 data/web/inc/ajax/dns_diagnostics.php | 30 +++++++++++++--------------
 data/web/inc/functions.inc.php        |  3 ++-
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index 23d99041..4744023e 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
 foreach(mailbox('get', 'domains') as $dn) {
   $domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
 }
-
-if (isset($_GET['domain'])) {
-  if (is_valid_domain_name($_GET['domain'])) {
-    if (in_array($_GET['domain'], $domains)) {
       $domain = $_GET['domain'];
-    }
-    else {
-      echo "No such domain in context";
-      die();
-    }
-  }
-  else {
-    echo "Invalid domain name";
-    die();
-  }
-}
+
+// if (isset($_GET['domain'])) {
+  // if (is_valid_domain_name($_GET['domain'])) {
+    // if (in_array($_GET['domain'], $domains)) {
+    // }
+    // else {
+      // echo "No such domain in context";
+      // die();
+    // }
+  // }
+  // else {
+    // echo "Invalid domain name";
+    // die();
+  // }
+// }
 
 $ch = curl_init('http://ip4.mailcow.email');
 curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 54ca415e..6eb30e2f 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -74,7 +74,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
     return "Not a valid hostname";
   }
   if (empty($starttls)) {
-    $context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'allow_self_signed' => true)));
+    $context = stream_context_create(array("ssl" => array("capture_peer_cert" => true, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)));
     $stream = stream_socket_client('ssl://' . $hostname . ':' . $port, $error_nr, $error_msg, 5, STREAM_CLIENT_CONNECT, $context);
     if (!$stream) {
       $error_msg = isset($error_msg) ? $error_msg : '-';
@@ -112,6 +112,7 @@ function generate_tlsa_digest($hostname, $port, $starttls = null) {
     stream_set_blocking($stream, true);
     stream_context_set_option($stream, 'ssl', 'capture_peer_cert', true);
     stream_context_set_option($stream, 'ssl', 'verify_peer', false);
+    stream_context_set_option($stream, 'ssl', 'verify_peer_name', false);
     stream_context_set_option($stream, 'ssl', 'allow_self_signed', true);
     stream_socket_enable_crypto($stream, true, STREAM_CRYPTO_METHOD_ANY_CLIENT);
     stream_set_blocking($stream, false);

From 520bc6950f95512541e9f750f13a766ed1461b02 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Sat, 3 Feb 2018 19:14:14 +0100
Subject: [PATCH 030/107] [Web] Fixes TLSA for self-signed certs, closes #997

---
 data/web/inc/ajax/dns_diagnostics.php | 30 +++++++++++++--------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index 4744023e..23d99041 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -13,22 +13,22 @@ $domains = mailbox('get', 'domains');
 foreach(mailbox('get', 'domains') as $dn) {
   $domains = array_merge($domains, mailbox('get', 'alias_domains', $dn));
 }
-      $domain = $_GET['domain'];
 
-// if (isset($_GET['domain'])) {
-  // if (is_valid_domain_name($_GET['domain'])) {
-    // if (in_array($_GET['domain'], $domains)) {
-    // }
-    // else {
-      // echo "No such domain in context";
-      // die();
-    // }
-  // }
-  // else {
-    // echo "Invalid domain name";
-    // die();
-  // }
-// }
+if (isset($_GET['domain'])) {
+  if (is_valid_domain_name($_GET['domain'])) {
+    if (in_array($_GET['domain'], $domains)) {
+      $domain = $_GET['domain'];
+    }
+    else {
+      echo "No such domain in context";
+      die();
+    }
+  }
+  else {
+    echo "Invalid domain name";
+    die();
+  }
+}
 
 $ch = curl_init('http://ip4.mailcow.email');
 curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);

From 6118085890f0c0aab6aee0341904820d9f08613e Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Mon, 5 Feb 2018 21:42:13 +0100
Subject: [PATCH 031/107] [Compose] Expose SQL to 13306 on 127.0.0.1

---
 docker-compose.yml | 2 ++
 generate_config.sh | 4 ++++
 update.sh          | 7 +++++++
 3 files changed, 13 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 23d16949..5188bde8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,6 +32,8 @@ services:
       restart: always
       dns:
         - ${IPV4_NETWORK}.254
+      ports:
+        - "${SQL_PORT:-127.0.0.1:13306}:3306"
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
diff --git a/generate_config.sh b/generate_config.sh
index b3a71f2c..c65f658b 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -74,6 +74,7 @@ POP_PORT=110
 POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
+SQL_PORT=127.0.0.1:13306
 
 # Your timezone
 TZ=${TZ}
@@ -108,6 +109,9 @@ IPV4_NETWORK=172.22.1
 # Internal IPv6 subnet in fc00::/7
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
+# Use this IP for outgoing connections (SNAT)' >> mailcow.conf
+#SNAT_TO_SOURCE=" >> mailcow.conf
+
 # Disable IPv6
 # mailcow-network will still be created as IPv6 enabled, all containers will be created
 # without IPv6 support.
diff --git a/update.sh b/update.sh
index 37acbdce..56ec3ab9 100755
--- a/update.sh
+++ b/update.sh
@@ -43,6 +43,7 @@ CONFIG_ARRAY=(
   "LOG_LINES"
   "SNAT_TO_SOURCE"
   "SYSCTL_IPV6_DISABLED"
+  "SQL_PORT"
 )
 
 sed -i '$a\' mailcow.conf
@@ -94,6 +95,12 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
       echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
     fi
+  elif [[ ${option} == "SQL_PORT" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
+      echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
+    fi
   elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"

From dda2768f1013d87c6cf1d115cfe7d43867483777 Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Mon, 5 Feb 2018 21:42:23 +0100
Subject: [PATCH 032/107] [Dovecot] Enable IMAP metadata

---
 data/conf/dovecot/dovecot.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index d35f0186..69633a6b 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -239,8 +239,10 @@ userdb {
   driver = sql
 }
 protocol imap {
+  imap_metadata = yes
   mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape #mail_crypt
 }
+mail_attribute_dict = file:%h/dovecot-attributes
 protocol lmtp {
   mail_plugins = quota sieve acl zlib listescape #mail_crypt
   auth_socket_path = /usr/local/var/run/dovecot/auth-master

From e8fe5282b24edfe16cc89254ef27f2d0366bd10d Mon Sep 17 00:00:00 2001
From: "andre.peters" <andre.peters@servercow.de>
Date: Mon, 5 Feb 2018 21:55:37 +0100
Subject: [PATCH 033/107] [Dovecot] Inconsistent view fix

---
 data/conf/dovecot/dovecot.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index 69633a6b..054c40cb 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -174,7 +174,7 @@ namespace {
     type = shared
     separator = /
     prefix = Shared/%%u/
-    location = maildir:%%h/:INDEXPVT=~/Shared/%%u
+    location = maildir:%%h/:INDEX=~/Shared/%%u:INDEXPVT=~/Shared/%%u
     subscriptions = no
     list = children
 }

From 436aca330fdbef7cf25962391bc72b7972fc21a6 Mon Sep 17 00:00:00 2001
From: Phoenix Eve Aspacio <aspaciop@gmail.com>
Date: Thu, 8 Feb 2018 00:03:03 +0800
Subject: [PATCH 034/107] Added Theme Color

---
 data/web/inc/header.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 369cc47a..f0fd832a 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -4,6 +4,7 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
+<meta name="theme-color" content="#F5D76E"/>
 <meta http-equiv="Referrer-Policy" content="same-origin">
 <title><?=$UI_TEXTS['title_name'];?></title>
 <!--[if lt IE 9]>

From a50036477eee7d80d58c3147c5b1dfbe013f4380 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 20:13:36 +0100
Subject: [PATCH 035/107] [Web] Mind was set to french, reverting to english

---
 .../rspamd/local.d/metadata_exporter.conf     |  2 +-
 data/conf/rspamd/meta_exporter/pipe.php       | 16 +++---
 data/web/admin.php                            | 18 +++----
 .../css/{quarantaine.css => quarantine.css}   |  4 +-
 data/web/inc/ajax/qitem_details.php           |  2 +-
 data/web/inc/functions.quarantaine.inc.php    | 28 +++++-----
 data/web/inc/header.inc.php                   |  4 +-
 data/web/inc/init_db.inc.php                  | 15 ++++--
 data/web/inc/prerequisites.inc.php            |  2 +-
 data/web/js/{quarantaine.js => quarantine.js} | 16 +++---
 data/web/json_api.php                         | 14 ++---
 data/web/lang/lang.de.php                     | 46 ++++++++--------
 data/web/lang/lang.en.php                     | 54 +++++++++----------
 .../{quarantaine.php => quarantine.php}       | 10 ++--
 data/web/{quarantaine.php => quarantine.php}  | 22 ++++----
 15 files changed, 130 insertions(+), 123 deletions(-)
 rename data/web/css/{quarantaine.css => quarantine.css} (90%)
 rename data/web/js/{quarantaine.js => quarantine.js} (92%)
 rename data/web/modals/{quarantaine.php => quarantine.php} (70%)
 rename data/web/{quarantaine.php => quarantine.php} (69%)

diff --git a/data/conf/rspamd/local.d/metadata_exporter.conf b/data/conf/rspamd/local.d/metadata_exporter.conf
index 0c0ce1d8..f1600708 100644
--- a/data/conf/rspamd/local.d/metadata_exporter.conf
+++ b/data/conf/rspamd/local.d/metadata_exporter.conf
@@ -1,5 +1,5 @@
 rules {
-        QUARANTAINE {
+        QUARANTINE {
                 backend = "http";
                 url = "http://nginx:9081/pipe.php";
                 selector = "is_reject";
diff --git a/data/conf/rspamd/meta_exporter/pipe.php b/data/conf/rspamd/meta_exporter/pipe.php
index 31f5daac..5c9026af 100644
--- a/data/conf/rspamd/meta_exporter/pipe.php
+++ b/data/conf/rspamd/meta_exporter/pipe.php
@@ -133,12 +133,12 @@ foreach (json_decode($rcpts, true) as $rcpt) {
 
       // Loop through all found gotos
       foreach ($gotos_array as $index => &$goto) {
-        error_log("quarantaine pipe: query " . $goto . " as username from mailbox");
+        error_log("quarantine pipe: query " . $goto . " as username from mailbox");
         $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :goto AND `active`= '1';");
         $stmt->execute(array(':goto' => $goto));
         $username = $stmt->fetch(PDO::FETCH_ASSOC)['username'];
         if (!empty($username)) {
-          error_log("quarantaine pipe: mailbox found: " . $username);
+          error_log("quarantine pipe: mailbox found: " . $username);
           // Current goto is a mailbox, save to rcpt_final_mailboxes if not a duplicate
           if (!in_array($username, $rcpt_final_mailboxes)) {
             $rcpt_final_mailboxes[] = $username;
@@ -153,7 +153,7 @@ foreach (json_decode($rcpts, true) as $rcpt) {
             $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :goto AND `active` = '1'");
             $stmt->execute(array(':goto' => $goto));
             $goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
-            error_log("quarantaine pipe: goto address " . $goto . " is a alias branch for " . $goto_branch);
+            error_log("quarantine pipe: goto address " . $goto . " is a alias branch for " . $goto_branch);
             $goto_branch_array = explode(',', $goto_branch);
           }
         }
@@ -173,7 +173,7 @@ foreach (json_decode($rcpts, true) as $rcpt) {
       // Force exit if loop cannot be solved
       // Postfix does not allow for alias loops, so this should never happen.
       $loop_c++;
-      error_log("quarantaine pipe: goto array count on loop #". $loop_c . " is " . count($gotos_array));
+      error_log("quarantine pipe: goto array count on loop #". $loop_c . " is " . count($gotos_array));
     }
   }
   catch (PDOException $e) {
@@ -184,9 +184,9 @@ foreach (json_decode($rcpts, true) as $rcpt) {
 }
 
 foreach ($rcpt_final_mailboxes as $rcpt) {
-  error_log("quarantaine pipe: processing quarantaine message for rcpt " . $rcpt);
+  error_log("quarantine pipe: processing quarantine message for rcpt " . $rcpt);
   try {
-    $stmt = $pdo->prepare("INSERT INTO `quarantaine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
+    $stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
       VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
     $stmt->execute(array(
       ':qid' => $qid,
@@ -199,11 +199,11 @@ foreach ($rcpt_final_mailboxes as $rcpt) {
       ':msg' => $raw_data,
       ':action' => $action
     ));
-    $stmt = $pdo->prepare('DELETE FROM `quarantaine` WHERE `rcpt` = :rcpt AND `id` NOT IN (
+    $stmt = $pdo->prepare('DELETE FROM `quarantine` WHERE `rcpt` = :rcpt AND `id` NOT IN (
       SELECT `id`
       FROM (
         SELECT `id`
-        FROM `quarantaine`
+        FROM `quarantine`
         WHERE `rcpt` = :rcpt2
         ORDER BY id DESC
         LIMIT :retention_size
diff --git a/data/web/admin.php b/data/web/admin.php
index 0d4affd0..06881fa0 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -147,7 +147,7 @@ $tfa_data = get_tfa();
         <a href="#fwdhosts" class="list-group-item"><?=$lang['admin']['forwarding_hosts'];?></a>
         <a href="#f2bparams" class="list-group-item"><?=$lang['admin']['f2b_parameters'];?></a>
         <a href="#relayhosts" class="list-group-item">Relayhosts</a>
-        <a href="#quarantaine" class="list-group-item"><?=$lang['admin']['quarantaine'];?></a>
+        <a href="#quarantine" class="list-group-item"><?=$lang['admin']['quarantine'];?></a>
         <a href="#customize" class="list-group-item"><?=$lang['admin']['customize'];?></a>
         <a href="#top" class="list-group-item" style="border-top:1px dashed #dadada">↸ <?=$lang['admin']['to_top'];?></a>
       </div>
@@ -414,28 +414,28 @@ $tfa_data = get_tfa();
       </div>
     </div>
 
-    <span class="anchor" id="quarantaine"></span>
+    <span class="anchor" id="quarantine"></span>
     <div class="panel panel-default">
-      <div class="panel-heading"><?=$lang['admin']['quarantaine'];?></div>
+      <div class="panel-heading"><?=$lang['admin']['quarantine'];?></div>
       <div class="panel-body">
-       <?php $q_data = quarantaine('settings'); ?>
-        <form class="form" data-id="quarantaine" role="form" method="post">
+       <?php $q_data = quarantine('settings'); ?>
+        <form class="form" data-id="quarantine" role="form" method="post">
           <div class="row">
             <div class="col-sm-6">
               <div class="form-group">
-                <label for="retention_size"><?=$lang['admin']['quarantaine_retention_size'];?></label>
+                <label for="retention_size"><?=$lang['admin']['quarantine_retention_size'];?></label>
                 <input type="number" class="form-control" id="retention_size" name="retention_size" value="<?=$q_data['retention_size'];?>" required>
               </div>
             </div>
             <div class="col-sm-6">
               <div class="form-group">
-                <label for="max_size"><?=$lang['admin']['quarantaine_max_size'];?></label>
+                <label for="max_size"><?=$lang['admin']['quarantine_max_size'];?></label>
                 <input type="number" class="form-control" id="max_size" name="max_size" value="<?=$q_data['max_size'];?>" required>
               </div>
             </div>
           </div>
           <div class="form-group">
-            <label for="exclude_domains"><?=$lang['admin']['quarantaine_exclude_domains'];?></label><br />
+            <label for="exclude_domains"><?=$lang['admin']['quarantine_exclude_domains'];?></label><br />
             <select data-width="100%" id="exclude_domains" name="exclude_domains" class="selectpicker" title="<?=$lang['tfa']['select'];?>" multiple>
               <?php
               foreach (array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains')) as $domain):
@@ -446,7 +446,7 @@ $tfa_data = get_tfa();
               ?>
             </select>
           </div>
-          <button class="btn btn-default" id="edit_selected" data-item="self" data-id="quarantaine" data-api-url='edit/quarantaine' data-api-attr='{"action":"settings"}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
+          <button class="btn btn-default" id="edit_selected" data-item="self" data-id="quarantine" data-api-url='edit/quarantine' data-api-attr='{"action":"settings"}' href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
         </form>
       </div>
     </div>
diff --git a/data/web/css/quarantaine.css b/data/web/css/quarantine.css
similarity index 90%
rename from data/web/css/quarantaine.css
rename to data/web/css/quarantine.css
index 7a5ee761..2f7c5ecb 100644
--- a/data/web/css/quarantaine.css
+++ b/data/web/css/quarantine.css
@@ -28,10 +28,10 @@ table.footable>tbody>tr.footable-empty>td {
       width: 80%;
   }
 }
-.mass-actions-quarantaine {
+.mass-actions-Quarantine {
   user-select: none;
   padding:10px 0 10px 10px;
 }
 .inputMissingAttr {
   border-color: #FF4136;
-}
\ No newline at end of file
+}
diff --git a/data/web/inc/ajax/qitem_details.php b/data/web/inc/ajax/qitem_details.php
index fc6434ed..801fd3d0 100644
--- a/data/web/inc/ajax/qitem_details.php
+++ b/data/web/inc/ajax/qitem_details.php
@@ -23,7 +23,7 @@ function rrmdir($src) {
 }
 if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
   $tmpdir = '/tmp/' . $_GET['id'] . '/';
-  $mailc = quarantaine('details', $_GET['id']);
+  $mailc = quarantine('details', $_GET['id']);
   if (strlen($mailc['msg']) > 10485760) {
     echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
     exit;
diff --git a/data/web/inc/functions.quarantaine.inc.php b/data/web/inc/functions.quarantaine.inc.php
index 15b8b94f..057ebb57 100644
--- a/data/web/inc/functions.quarantaine.inc.php
+++ b/data/web/inc/functions.quarantaine.inc.php
@@ -1,5 +1,5 @@
 <?php
-function quarantaine($_action, $_data = null) {
+function quarantine($_action, $_data = null) {
 	global $pdo;
 	global $redis;
 	global $lang;
@@ -12,7 +12,7 @@ function quarantaine($_action, $_data = null) {
       else {
         $ids = $_data['id'];
       }
-      if (!isset($_SESSION['acl']['quarantaine']) || $_SESSION['acl']['quarantaine'] != "1" ) {
+      if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
         $_SESSION['return'] = array(
           'type' => 'danger',
           'msg' => sprintf($lang['danger']['access_denied'])
@@ -28,12 +28,12 @@ function quarantaine($_action, $_data = null) {
           return false;
         }
         try {
-          $stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantaine` WHERE `id` = :id');
+          $stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id');
           $stmt->execute(array(':id' => $id));
           $row = $stmt->fetch(PDO::FETCH_ASSOC);
           if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
             try {
-              $stmt = $pdo->prepare("DELETE FROM `quarantaine` WHERE `id` = :id");
+              $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
               $stmt->execute(array(
                 ':id' => $id
               ));
@@ -67,7 +67,7 @@ function quarantaine($_action, $_data = null) {
       );
     break;
     case 'edit':
-      if (!isset($_SESSION['acl']['quarantaine']) || $_SESSION['acl']['quarantaine'] != "1" ) {
+      if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
         $_SESSION['return'] = array(
           'type' => 'danger',
           'msg' => sprintf($lang['danger']['access_denied'])
@@ -121,7 +121,7 @@ function quarantaine($_action, $_data = null) {
             return false;
           }
           try {
-            $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantaine` WHERE `id` = :id');
+            $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
             $stmt->execute(array(':id' => $id));
             $row = $stmt->fetch(PDO::FETCH_ASSOC);
             if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
@@ -167,13 +167,13 @@ function quarantaine($_action, $_data = null) {
             $mail->Port = 590;
             $mail->setFrom($sender);
             $mail->CharSet = 'UTF-8';
-            $mail->Subject = sprintf($lang['quarantaine']['release_subject'], $row['qid']);
+            $mail->Subject = sprintf($lang['quarantine']['release_subject'], $row['qid']);
             $mail->addAddress($row['rcpt']);
             $mail->IsHTML(false);
             $msg_tmpf = tempnam("/tmp", $row['qid']);
             file_put_contents($msg_tmpf, $row['msg']);
             $mail->addAttachment($msg_tmpf, $row['qid'] . '.eml');
-            $mail->Body = sprintf($lang['quarantaine']['release_body']);
+            $mail->Body = sprintf($lang['quarantine']['release_body']);
             $mail->send();
             unlink($msg_tmpf);
           }
@@ -186,7 +186,7 @@ function quarantaine($_action, $_data = null) {
             return false;
           }
           try {
-            $stmt = $pdo->prepare("DELETE FROM `quarantaine` WHERE `id` = :id");
+            $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
             $stmt->execute(array(
               ':id' => $id
             ));
@@ -209,7 +209,7 @@ function quarantaine($_action, $_data = null) {
     case 'get':
       try {
         if ($_SESSION['mailcow_cc_role'] == "user") {
-          $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantaine` WHERE `rcpt` = :mbox');
+          $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox');
           $stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username']));
           $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
           while($row = array_shift($rows)) {
@@ -217,7 +217,7 @@ function quarantaine($_action, $_data = null) {
           }
         }
         elseif ($_SESSION['mailcow_cc_role'] == "admin") {
-          $stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantaine`');
+          $stmt = $pdo->query('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`');
           $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
           while($row = array_shift($rows)) {
             $q_meta[] = $row;
@@ -226,7 +226,7 @@ function quarantaine($_action, $_data = null) {
         else {
           $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
           foreach ($domains as $domain) {
-            $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantaine` WHERE `rcpt` REGEXP :domain');
+            $stmt = $pdo->prepare('SELECT `id`, `qid`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain');
             $stmt->execute(array(':domain' => '@' . $domain . '$'));
             $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
             while($row = array_shift($rows)) {
@@ -270,7 +270,7 @@ function quarantaine($_action, $_data = null) {
         return false;
       }
       try {
-        $stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantaine` WHERE `id`= :id');
+        $stmt = $pdo->prepare('SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id');
         $stmt->execute(array(':id' => $_data));
         $row = $stmt->fetch(PDO::FETCH_ASSOC);
         if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt'])) {
@@ -287,4 +287,4 @@ function quarantaine($_action, $_data = null) {
       return false;
     break;
   }
-}
\ No newline at end of file
+}
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index f0fd832a..253692fc 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -30,7 +30,7 @@
 <?= (preg_match("/admin.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/admin.css">' : null; ?>
 <?= (preg_match("/user.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/user.css">' : null; ?>
 <?= (preg_match("/edit.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/edit.css">' : null; ?>
-<?= (preg_match("/quarantaine.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/quarantaine.css">' : null; ?>
+<?= (preg_match("/quarantine.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/quarantine.css">' : null; ?>
 <?= (preg_match("/debug.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/debug.css">' : null; ?>
 <link rel="shortcut icon" href="/favicon.png" type="image/png">
 <link rel="icon" href="/favicon.png" type="image/png">
@@ -96,7 +96,7 @@
         <?php
         if (isset($_SESSION['mailcow_cc_role'])) {
         ?>
-        <li<?= (preg_match("/quarantaine/i", $_SERVER['REQUEST_URI'])) ? ' class="active"' : ''; ?>><a href="/quarantaine.php"><span class="glyphicon glyphicon-briefcase"></span> <?= $lang['header']['quarantaine']; ?></a></li>
+        <li<?= (preg_match("/quarantine/i", $_SERVER['REQUEST_URI'])) ? ' class="active"' : ''; ?>><a href="/quarantine.php"><span class="glyphicon glyphicon-briefcase"></span> <?= $lang['header']['quarantine']; ?></a></li>
         <?php
         }
         if ($_SESSION['mailcow_cc_role'] == 'admin') {
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index bc2017d6..11b486cb 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "08022018_1219";
+    $db_version = "08022018_2019";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -154,7 +154,7 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "quarantaine" => array(
+      "quarantine" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
           "qid" => "VARCHAR(30) NOT NULL",
@@ -244,7 +244,7 @@ function init_db_schema() {
           "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantaine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "recipient_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
         ),
@@ -621,7 +621,14 @@ function init_db_schema() {
     );
 
     foreach ($tables as $table => $properties) {
-      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
+      if ($table == 'quarantine') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+        }
+      }
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
         $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index c7a75fdc..f7041d07 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -83,7 +83,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.customize.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.address_rewriting.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.domain_admin.inc.php';
-require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.quarantaine.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.quarantine.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php';
diff --git a/data/web/js/quarantaine.js b/data/web/js/quarantine.js
similarity index 92%
rename from data/web/js/quarantaine.js
rename to data/web/js/quarantine.js
index 09a3b2df..bc2c4975 100644
--- a/data/web/js/quarantaine.js
+++ b/data/web/js/quarantine.js
@@ -6,8 +6,8 @@ jQuery(function($){
   function escapeHtml(n){return String(n).replace(/[&<>"'`=\/]/g,function(n){return entityMap[n]})}
   function humanFileSize(i){if(Math.abs(i)<1024)return i+" B";var B=["KiB","MiB","GiB","TiB","PiB","EiB","ZiB","YiB"],e=-1;do{i/=1024,++e}while(Math.abs(i)>=1024&&e<B.length-1);return i.toFixed(1)+" "+B[e]}
 
-  function draw_quarantaine_table() {
-    ft_quarantainetable = FooTable.init('#quarantainetable', {
+  function draw_quarantine_table() {
+    ft_quarantinetable = FooTable.init('#quarantinetable', {
       "columns": [
         {"name":"chkbox","title":"","style":{"maxWidth":"40px","width":"40px"},"filterable": false,"sortable": false,"type":"html"},
         {"name":"id","type":"ID","filterable": false,"sorted": true,"direction":"DESC","title":"ID","style":{"width":"50px"}},
@@ -19,10 +19,10 @@ jQuery(function($){
       ],
       "rows": $.ajax({
         dataType: 'json',
-        url: '/api/v1/get/quarantaine/all',
+        url: '/api/v1/get/quarantine/all',
         jsonp: false,
         error: function () {
-          console.log('Cannot draw quarantaine table');
+          console.log('Cannot draw quarantine table');
         },
         success: function (data) {
           $.each(data, function (i, item) {
@@ -38,14 +38,14 @@ jQuery(function($){
       "paging": {"enabled": true,"limit": 5,"size": pagination_size},
       "sorting": {"enabled": true},
       "on": {
-        "ready.ft.table": btn_group_quarantaine,
-        "after.ft.paging": btn_group_quarantaine
+        "ready.ft.table": btn_group_quarantine,
+        "after.ft.paging": btn_group_quarantine
       },
       "filtering": {"enabled": true,"position": "left","connectors": false,"placeholder": lang.filter_table},
     });
   }
 
-  btn_group_quarantaine = function(ev, ft){
+  btn_group_quarantine = function(ev, ft){
     $('.show_qid_info').on('click', function (e) {
       e.preventDefault();
       var qitem = $(this).data('item');
@@ -80,5 +80,5 @@ jQuery(function($){
     })
   }
   // Initial table drawings
-  draw_quarantaine_table();
+  draw_quarantine_table();
 });
diff --git a/data/web/json_api.php b/data/web/json_api.php
index 9d6e9761..d43d8a4c 100644
--- a/data/web/json_api.php
+++ b/data/web/json_api.php
@@ -1386,11 +1386,11 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               break;
             }
           break;
-          case "quarantaine":
+          case "quarantine":
             // "all" will not print details
             switch ($object) {
               case "all":
-                $data = quarantaine('get');
+                $data = quarantine('get');
                 if (!isset($data) || empty($data)) {
                   echo '{}';
                 }
@@ -1399,7 +1399,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
                 }
               break;
               default:
-                $data = quarantaine('details', $object);
+                $data = quarantine('details', $object);
                 if (!isset($data) || empty($data)) {
                   echo '{}';
                 }
@@ -1729,7 +1729,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
             if (isset($_POST['items'])) {
               $items = (array)json_decode($_POST['items'], true);
               if (is_array($items)) {
-                if (quarantaine('delete', array('id' => $items)) === false) {
+                if (quarantine('delete', array('id' => $items)) === false) {
                   if (isset($_SESSION['return'])) {
                     echo json_encode($_SESSION['return']);
                   }
@@ -2615,7 +2615,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               $attr = (array)json_decode($_POST['attr'], true);
               $postarray = array_merge(array('id' => $items), $attr);
               if (is_array($postarray['id'])) {
-                if (quarantaine('edit', $postarray) === false) {
+                if (quarantine('edit', $postarray) === false) {
                   if (isset($_SESSION['return'])) {
                     echo json_encode($_SESSION['return']);
                   }
@@ -2653,11 +2653,11 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u
               ));
             }
           break;
-          case "quarantaine":
+          case "quarantine":
             // Edit settings, does not need IDs
             if (isset($_POST['attr'])) {
               $postarray = json_decode($_POST['attr'], true);
-              if (quarantaine('edit', $postarray) === false) {
+              if (quarantine('edit', $postarray) === false) {
                 if (isset($_SESSION['return'])) {
                   echo json_encode($_SESSION['return']);
                 }
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 71587fcf..29451679 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -625,32 +625,32 @@ $lang['success']['reset_main_logo'] = "Standardgrafik wurde wiederhergestellt";
 $lang['success']['items_released'] = "Ausgewählte Objekte wurden an Mailbox versendet";
 $lang['danger']['imagick_exception'] = "Fataler Bildverarbeitungsfehler";
 
-$lang['quarantaine']['quarantaine'] = "Quarantäne";
-$lang['quarantaine']['qinfo'] = "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank. Dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde.";
-$lang['quarantaine']['release'] = "Freigeben";
-$lang['quarantaine']['empty'] = 'Keine Einträge';
-$lang['quarantaine']['toggle_all'] = 'Alle auswählen';
-$lang['quarantaine']['quick_actions'] = 'Aktionen';
-$lang['quarantaine']['remove'] = 'Entfernen';
-$lang['quarantaine']['received'] = "Empfangen";
-$lang['quarantaine']['action'] = "Aktion";
-$lang['quarantaine']['rcpt'] = "Empfänger";
-$lang['quarantaine']['qid'] = "Rspamd QID";
-$lang['quarantaine']['sender'] = "Sender";
-$lang['quarantaine']['show_item'] = "Details";
-$lang['quarantaine']['check_hash'] = "Checksumme auf VirusTotal suchen";
-$lang['quarantaine']['qitem'] = "Quarantäneeintrag";
-$lang['quarantaine']['subj'] = "Betreff";
-$lang['quarantaine']['text_plain_content'] = "Inhalt (text/plain)";
-$lang['quarantaine']['text_from_html_content'] = "Inhalt (html, konvertiert)";
-$lang['quarantaine']['atts'] = "Anhänge";
+$lang['quarantine']['quarantine'] = "Quarantäne";
+$lang['quarantine']['qinfo'] = "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank. Dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde.";
+$lang['quarantine']['release'] = "Freigeben";
+$lang['quarantine']['empty'] = 'Keine Einträge';
+$lang['quarantine']['toggle_all'] = 'Alle auswählen';
+$lang['quarantine']['quick_actions'] = 'Aktionen';
+$lang['quarantine']['remove'] = 'Entfernen';
+$lang['quarantine']['received'] = "Empfangen";
+$lang['quarantine']['action'] = "Aktion";
+$lang['quarantine']['rcpt'] = "Empfänger";
+$lang['quarantine']['qid'] = "Rspamd QID";
+$lang['quarantine']['sender'] = "Sender";
+$lang['quarantine']['show_item'] = "Details";
+$lang['quarantine']['check_hash'] = "Checksumme auf VirusTotal suchen";
+$lang['quarantine']['qitem'] = "Quarantäneeintrag";
+$lang['quarantine']['subj'] = "Betreff";
+$lang['quarantine']['text_plain_content'] = "Inhalt (text/plain)";
+$lang['quarantine']['text_from_html_content'] = "Inhalt (html, konvertiert)";
+$lang['quarantine']['atts'] = "Anhänge";
 
-$lang['header']['quarantaine'] = "Quarantäne";
+$lang['header']['quarantine'] = "Quarantäne";
 $lang['header']['debug'] = "Debugging";
 
-$lang['quarantaine']['release_body'] = "Die ursprüngliche Nachricht wurde als EML-Datei im Anhang hinterlegt.";
+$lang['quarantine']['release_body'] = "Die ursprüngliche Nachricht wurde als EML-Datei im Anhang hinterlegt.";
 $lang['danger']['release_send_failed'] = "Die Nachricht konnte nicht versendet werden: %s";
-$lang['quarantaine']['release_subject'] = "Potentiell schädliche Nachricht aus Quarantäne: %s";
+$lang['quarantine']['release_subject'] = "Potentiell schädliche Nachricht aus Quarantäne: %s";
 
 $lang['mailbox']['bcc_map_type'] = "BCC Typ";
 $lang['mailbox']['bcc_type'] = "BCC Typ";
@@ -676,4 +676,4 @@ $lang['mailbox']['sender_maps'] = 'Senderumschreibungen';
 $lang['mailbox']['sender_map_info'] = 'Senderumschreibungen werden verwendet, um den Absender einer E-Mail noch vor dem Versand umzuschreiben.';
 $lang['mailbox']['sender_map_old'] = 'Original Absender';
 $lang['mailbox']['sender_map_new'] = 'Neuer Absender';
-$lang['mailbox']['add_sender_map_entry'] = 'Senderumschreibung hinzufügen';
\ No newline at end of file
+$lang['mailbox']['add_sender_map_entry'] = 'Senderumschreibung hinzufügen';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 0765d1e7..9dc91eb4 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -576,10 +576,10 @@ $lang['admin']['api_key'] = "API key";
 $lang['admin']['activate_api'] = "Activate API";
 $lang['admin']['regen_api_key'] = "Regenerate API key";
 
-$lang['admin']['quarantaine'] = "Quarantine";
-$lang['admin']['quarantaine_retention_size'] = "Retentions per mailbox:";
-$lang['admin']['quarantaine_max_size'] = "Maximum size in MiB (larger elements are discarded):";
-$lang['admin']['quarantaine_exclude_domains'] = "Exclude domains and alias-domains:";
+$lang['admin']['quarantine'] = "Quarantine";
+$lang['admin']['quarantine_retention_size'] = "Retentions per mailbox:";
+$lang['admin']['quarantine_max_size'] = "Maximum size in MiB (larger elements are discarded):";
+$lang['admin']['quarantine_exclude_domains'] = "Exclude domains and alias-domains:";
 
 $lang['admin']['ui_texts'] = "UI labels and texts";
 $lang['admin']['help_text'] = "Override help text below login mask (HTML allowed)";
@@ -620,32 +620,32 @@ $lang['success']['reset_main_logo'] = "Reset to default logo";
 $lang['success']['items_released'] = "Selected items were released";
 $lang['danger']['imagick_exception'] = "Error: Imagick exception while reading image";
 
-$lang['quarantaine']['quarantaine'] = "Quarantine";
-$lang['quarantaine']['qinfo'] = "The quarantine system will save rejected mail to the database, while the sender will <em>not</em> be given the impression of a delivered mail.";
-$lang['quarantaine']['release'] = "Release";
-$lang['quarantaine']['empty'] = 'No results';
-$lang['quarantaine']['toggle_all'] = 'Toggle all';
-$lang['quarantaine']['quick_actions'] = 'Actions';
-$lang['quarantaine']['remove'] = 'Remove';
-$lang['quarantaine']['received'] = "Received";
-$lang['quarantaine']['action'] = "Action";
-$lang['quarantaine']['rcpt'] = "Recipient";
-$lang['quarantaine']['qid'] = "Rspamd QID";
-$lang['quarantaine']['sender'] = "Sender";
-$lang['quarantaine']['show_item'] = "Show item";
-$lang['quarantaine']['check_hash'] = "Search file hash @ VT";
-$lang['quarantaine']['qitem'] = "Quarantine item";
-$lang['quarantaine']['subj'] = "Subject";
-$lang['quarantaine']['text_plain_content'] = "Content (text/plain)";
-$lang['quarantaine']['text_from_html_content'] = "Content (converted html)";
-$lang['quarantaine']['atts'] = "Attachments";
+$lang['quarantine']['quarantine'] = "Quarantine";
+$lang['quarantine']['qinfo'] = "The quarantine system will save rejected mail to the database, while the sender will <em>not</em> be given the impression of a delivered mail.";
+$lang['quarantine']['release'] = "Release";
+$lang['quarantine']['empty'] = 'No results';
+$lang['quarantine']['toggle_all'] = 'Toggle all';
+$lang['quarantine']['quick_actions'] = 'Actions';
+$lang['quarantine']['remove'] = 'Remove';
+$lang['quarantine']['received'] = "Received";
+$lang['quarantine']['action'] = "Action";
+$lang['quarantine']['rcpt'] = "Recipient";
+$lang['quarantine']['qid'] = "Rspamd QID";
+$lang['quarantine']['sender'] = "Sender";
+$lang['quarantine']['show_item'] = "Show item";
+$lang['quarantine']['check_hash'] = "Search file hash @ VT";
+$lang['quarantine']['qitem'] = "Quarantine item";
+$lang['quarantine']['subj'] = "Subject";
+$lang['quarantine']['text_plain_content'] = "Content (text/plain)";
+$lang['quarantine']['text_from_html_content'] = "Content (converted html)";
+$lang['quarantine']['atts'] = "Attachments";
 
-$lang['header']['quarantaine'] = "Quarantine";
+$lang['header']['quarantine'] = "Quarantine";
 $lang['header']['debug'] = "Debug";
 
-$lang['quarantaine']['release_body'] = "We have attached your message as eml file to this message.";
+$lang['quarantine']['release_body'] = "We have attached your message as eml file to this message.";
 $lang['danger']['release_send_failed'] = "Message could not be released: %s";
-$lang['quarantaine']['release_subject'] = "Potentially damaging quarantine item %s";
+$lang['quarantine']['release_subject'] = "Potentially damaging quarantine item %s";
 
 $lang['mailbox']['bcc_map_type'] = "BCC type";
 $lang['mailbox']['bcc_type'] = "BCC type";
@@ -671,4 +671,4 @@ $lang['mailbox']['sender_maps'] = 'Sender maps';
 $lang['mailbox']['sender_map_info'] = 'Sender maps are used to replace the sender address on a message before it is sent.';
 $lang['mailbox']['sender_map_old'] = 'Original sender';
 $lang['mailbox']['sender_map_new'] = 'New sender';
-$lang['mailbox']['add_sender_map_entry'] = 'Add sender map';
\ No newline at end of file
+$lang['mailbox']['add_sender_map_entry'] = 'Add sender map';
diff --git a/data/web/modals/quarantaine.php b/data/web/modals/quarantine.php
similarity index 70%
rename from data/web/modals/quarantaine.php
rename to data/web/modals/quarantine.php
index 698e3c36..41a63413 100644
--- a/data/web/modals/quarantaine.php
+++ b/data/web/modals/quarantine.php
@@ -9,24 +9,24 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
     <div class="modal-content">
       <div class="modal-header">
         <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span></button>
-        <h3 class="modal-title"><span class="glyphicon glyphicon-info"></span> <?=$lang['quarantaine']['qitem'];?></h3>
+        <h3 class="modal-title"><span class="glyphicon glyphicon-info"></span> <?=$lang['quarantine']['qitem'];?></h3>
       </div>
       <div class="modal-body">
         <div id="qid_error" style="display:none" class="alert alert-danger"></div>
         <div class="form-group">
-          <label for="qid_detail_subj"><h4><?=$lang['quarantaine']['subj'];?>:</h4></label>
+          <label for="qid_detail_subj"><h4><?=$lang['quarantine']['subj'];?>:</h4></label>
           <p id="qid_detail_subj"></p>
         </div>
         <div class="form-group">
-          <label for="qid_detail_text"><h4><?=$lang['quarantaine']['text_plain_content'];?>:</h4></label>
+          <label for="qid_detail_text"><h4><?=$lang['quarantine']['text_plain_content'];?>:</h4></label>
           <pre id="qid_detail_text"></pre>
         </div>
         <div class="form-group">
-          <label for="qid_detail_text_from_html"><h4><?=$lang['quarantaine']['text_from_html_content'];?>:</h4></label>
+          <label for="qid_detail_text_from_html"><h4><?=$lang['quarantine']['text_from_html_content'];?>:</h4></label>
           <pre id="qid_detail_text_from_html"></pre>
         </div>
         <div class="form-group">
-          <label for="qid_detail_atts"><h4><?=$lang['quarantaine']['atts'];?>:</h4></label>
+          <label for="qid_detail_atts"><h4><?=$lang['quarantine']['atts'];?>:</h4></label>
           <div id="qid_detail_atts">-</div>
         </div>
       </div>
diff --git a/data/web/quarantaine.php b/data/web/quarantine.php
similarity index 69%
rename from data/web/quarantaine.php
rename to data/web/quarantine.php
index 2d436d8d..ec3ebb44 100644
--- a/data/web/quarantaine.php
+++ b/data/web/quarantine.php
@@ -11,20 +11,20 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 		<div class="col-md-12">
       <div class="panel panel-default">
         <div class="panel-heading">
-          <h3 class="panel-title"><?=$lang['quarantaine']['quarantaine'];?></h3>
+          <h3 class="panel-title"><?=$lang['quarantine']['quarantine'];?></h3>
         </div>
-        <p style="margin:10px" class="help-block"><?=$lang['quarantaine']['qinfo'];?></p>
+        <p style="margin:10px" class="help-block"><?=$lang['quarantine']['qinfo'];?></p>
         <div class="table-responsive">
-          <table id="quarantainetable" class="table table-striped"></table>
+          <table id="quarantinetable" class="table table-striped"></table>
         </div>
-        <div class="mass-actions-quarantaine">
+        <div class="mass-actions-quarantine">
           <div class="btn-group">
-            <a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="qitems" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['quarantaine']['toggle_all'];?></a>
-            <a class="btn btn-sm btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['quarantaine']['quick_actions'];?> <span class="caret"></span></a>
+            <a class="btn btn-sm btn-default" id="toggle_multi_select_all" data-id="qitems" href="#"><span class="glyphicon glyphicon-check" aria-hidden="true"></span> <?=$lang['quarantine']['toggle_all'];?></a>
+            <a class="btn btn-sm btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['quarantine']['quick_actions'];?> <span class="caret"></span></a>
             <ul class="dropdown-menu">
-              <li><a id="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#"><?=$lang['quarantaine']['release'];?></a></li>
+              <li><a id="edit_selected" data-id="qitems" data-api-url='edit/qitem' data-api-attr='{"action":"release"}' href="#"><?=$lang['quarantine']['release'];?></a></li>
               <li role="separator" class="divider"></li>
-              <li><a id="delete_selected" data-id="qitems" data-api-url='delete/qitem' href="#"><?=$lang['quarantaine']['remove'];?></a></li>
+              <li><a id="delete_selected" data-id="qitems" data-api-url='delete/qitem' href="#"><?=$lang['quarantine']['remove'];?></a></li>
             </ul>
           </div>
         </div>
@@ -33,11 +33,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
   </div> <!-- /row -->
 </div> <!-- /container -->
 <?php
-require_once $_SERVER['DOCUMENT_ROOT'] . '/modals/quarantaine.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/modals/quarantine.php';
 ?>
 <script type='text/javascript'>
 <?php
-$lang_mailbox = json_encode($lang['quarantaine']);
+$lang_mailbox = json_encode($lang['quarantine']);
 echo "var lang = ". $lang_mailbox . ";\n";
 echo "var csrf_token = '". $_SESSION['CSRF']['TOKEN'] . "';\n";
 $role = ($_SESSION['mailcow_cc_role'] == "admin") ? 'admin' : 'domainadmin';
@@ -46,7 +46,7 @@ echo "var pagination_size = '". $PAGINATION_SIZE . "';\n";
 ?>
 </script>
 <script src="js/footable.min.js"></script>
-<script src="js/quarantaine.js"></script>
+<script src="js/quarantine.js"></script>
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
 } else {

From e3854a803700f9de379e0afb276d68746d69db66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:29:06 +0100
Subject: [PATCH 036/107] [Dockerapi] Fixes recent chang in exec_run return

---
 data/Dockerfiles/dockerapi/Dockerfile |  2 +-
 data/Dockerfiles/dockerapi/server.py  | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile
index a5b3301d..3f205b8b 100644
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -2,7 +2,7 @@ FROM python:2-alpine
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 RUN apk add -U --no-cache iptables ip6tables
-RUN pip install docker flask flask-restful
+RUN pip install docker==3.0.1 flask flask-restful
 
 COPY server.py /
 CMD ["python2", "-u", "/server.py"]
diff --git a/data/Dockerfiles/dockerapi/server.py b/data/Dockerfiles/dockerapi/server.py
index e0f43ef9..eae472ed 100644
--- a/data/Dockerfiles/dockerapi/server.py
+++ b/data/Dockerfiles/dockerapi/server.py
@@ -83,11 +83,15 @@ class container_post(Resource):
           try:
             for container in docker_client.containers.list(filters={"id": container_id}):
               hash = container.exec_run(["/bin/bash", "-c", "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null"], user='_rspamd')
-              f = open("/access.inc", "w")
-              f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash.rstrip()) + '";\n')
-              f.close()
-              container.restart()
-              return jsonify(type='success', msg='command completed successfully')
+              if hash.exit_code == 0:
+                hash = str(hash.output)
+                f = open("/access.inc", "w")
+                f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash.rstrip()) + '";\n')
+                f.close()
+                container.restart()
+                return jsonify(type='success', msg='command completed successfully')
+              else:
+                return jsonify(type='danger', msg='command did not complete, exit code was ' + int(hash.exit_code))
           except Exception as e:
             return jsonify(type='danger', msg=str(e))
 

From a2ca550aa05afd9cbee97b3e25c3e8ababe55b44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:29:43 +0100
Subject: [PATCH 037/107] [Dovecot] Use socket instead of worker IP

---
 data/Dockerfiles/dovecot/rspamd-pipe-ham  | 2 +-
 data/Dockerfiles/dovecot/rspamd-pipe-spam | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-ham b/data/Dockerfiles/dovecot/rspamd-pipe-ham
index 7c3ab03f..7dbb99c1 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-ham
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-ham
@@ -1,4 +1,4 @@
 #!/bin/bash
-/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnham < /dev/stdin
+/usr/bin/curl -s --data-binary @- --unix-socket /rspamd/rspamd.sock http://rspamd:11334/learnham < /dev/stdin
 # Always return 0 to satisfy Dovecot...
 exit 0
diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-spam b/data/Dockerfiles/dovecot/rspamd-pipe-spam
index 67cccb2c..8bb3fe7f 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-spam
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-spam
@@ -1,4 +1,4 @@
 #!/bin/bash
-/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
+/usr/bin/curl -s --data-binary @- --unix-socket /rspamd/rspamd.sock http://rspamd:11334/learnspam < /dev/stdin
 # Always return 0 to satisfy Dovecot...
 exit 0

From 557fa4385c0645bbdecf0fe0e4bcbc4b7479a596 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:55:34 +0100
Subject: [PATCH 038/107] [Rspamd] Also listen on socket for internal
 communication

---
 data/conf/rspamd/override.d/worker-controller-password.inc | 1 -
 data/conf/rspamd/override.d/worker-controller.inc          | 6 ++----
 2 files changed, 2 insertions(+), 5 deletions(-)
 delete mode 100644 data/conf/rspamd/override.d/worker-controller-password.inc

diff --git a/data/conf/rspamd/override.d/worker-controller-password.inc b/data/conf/rspamd/override.d/worker-controller-password.inc
deleted file mode 100644
index dcf2c804..00000000
--- a/data/conf/rspamd/override.d/worker-controller-password.inc
+++ /dev/null
@@ -1 +0,0 @@
-# Placeholder
diff --git a/data/conf/rspamd/override.d/worker-controller.inc b/data/conf/rspamd/override.d/worker-controller.inc
index 04c3f6a1..60338e15 100644
--- a/data/conf/rspamd/override.d/worker-controller.inc
+++ b/data/conf/rspamd/override.d/worker-controller.inc
@@ -1,9 +1,7 @@
 bind_socket = "*:11334";
-secure_ip = "192.168.0.0/16";
-secure_ip = "172.16.0.0/12";
-secure_ip = "10.0.0.0/8";
+count = 2;
 secure_ip = "127.0.0.1";
 secure_ip = "::1";
-secure_ip = "fc00::/7"
+bind_socket = "/rspamd-sock/rspamd.sock mode=0666 owner=nobody";
 .include(try=true; priority=10) "$CONFDIR/override.d/worker-controller-password.inc"
 .include(try=true; priority=20) "$CONFDIR/override.d/worker-controller.custom.inc" 

From 77c7c1fe07c94fad2b4edec008532d10553ac435 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:56:07 +0100
Subject: [PATCH 039/107] [Web] Fix css; Use socket for Rspamd history; Fix
 function file name

---
 data/web/css/quarantine.css                                  | 2 +-
 data/web/inc/functions.inc.php                               | 5 +++--
 ...ions.quarantaine.inc.php => functions.quarantine.inc.php} | 0
 3 files changed, 4 insertions(+), 3 deletions(-)
 rename data/web/inc/{functions.quarantaine.inc.php => functions.quarantine.inc.php} (100%)

diff --git a/data/web/css/quarantine.css b/data/web/css/quarantine.css
index 2f7c5ecb..6690ab90 100644
--- a/data/web/css/quarantine.css
+++ b/data/web/css/quarantine.css
@@ -28,7 +28,7 @@ table.footable>tbody>tr.footable-empty>td {
       width: 80%;
   }
 }
-.mass-actions-Quarantine {
+.mass-actions-quarantine {
   user-select: none;
   padding:10px 0 10px 10px;
 }
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 6eb30e2f..f4e8d039 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1167,12 +1167,13 @@ function get_logs($container, $lines = false) {
   }
   if ($container == "rspamd-history") {
     $curl = curl_init();
+    curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock');
     if (!is_numeric($lines)) {
       list ($from, $to) = explode('-', $lines);
-      curl_setopt($curl, CURLOPT_URL,"http://rspamd-mailcow:11334/history?from=" . intval($from) . "&to=" . intval($to));
+      curl_setopt($curl, CURLOPT_URL,"http://rspamd/history?from=" . intval($from) . "&to=" . intval($to));
     }
     else {
-      curl_setopt($curl, CURLOPT_URL,"http://rspamd-mailcow:11334/history?to=" . intval($lines));
+      curl_setopt($curl, CURLOPT_URL,"http://rspamd/history?to=" . intval($lines));
     }
     curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
     $history = curl_exec($curl);
diff --git a/data/web/inc/functions.quarantaine.inc.php b/data/web/inc/functions.quarantine.inc.php
similarity index 100%
rename from data/web/inc/functions.quarantaine.inc.php
rename to data/web/inc/functions.quarantine.inc.php

From ac4982d706b09305662611eebfc5078bc7c00464 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:56:43 +0100
Subject: [PATCH 040/107] [Dovecot] Use socket to pipe to Rspamd

---
 data/Dockerfiles/dovecot/rspamd-pipe-ham  | 2 +-
 data/Dockerfiles/dovecot/rspamd-pipe-spam | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-ham b/data/Dockerfiles/dovecot/rspamd-pipe-ham
index 7dbb99c1..cca3d8a0 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-ham
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-ham
@@ -1,4 +1,4 @@
 #!/bin/bash
-/usr/bin/curl -s --data-binary @- --unix-socket /rspamd/rspamd.sock http://rspamd:11334/learnham < /dev/stdin
+/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnham < /dev/stdin
 # Always return 0 to satisfy Dovecot...
 exit 0
diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-spam b/data/Dockerfiles/dovecot/rspamd-pipe-spam
index 8bb3fe7f..3adbc960 100755
--- a/data/Dockerfiles/dovecot/rspamd-pipe-spam
+++ b/data/Dockerfiles/dovecot/rspamd-pipe-spam
@@ -1,4 +1,4 @@
 #!/bin/bash
-/usr/bin/curl -s --data-binary @- --unix-socket /rspamd/rspamd.sock http://rspamd:11334/learnspam < /dev/stdin
+/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnspam < /dev/stdin
 # Always return 0 to satisfy Dovecot...
 exit 0

From 004d262e4142d1b523ef5eb60f7f1dbaad9cc908 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:57:17 +0100
Subject: [PATCH 041/107] [Rspamd] Create missing password include as
 placeholder

---
 data/Dockerfiles/rspamd/docker-entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index ae216570..15ae73da 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
 chown -R _rspamd:_rspamd /var/lib/rspamd
+[[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Placeholder' > /etc/rspamd/override.d/worker-controller-password.inc
 
 exec /sbin/tini -- "$@"

From 83094a773e134f3cd23d880943e37f6ce8706fc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:57:29 +0100
Subject: [PATCH 042/107] [Watchdog] Use socket to pipe to Rspamd

---
 data/Dockerfiles/watchdog/watchdog.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
index bed11907..39760ec0 100755
--- a/data/Dockerfiles/watchdog/watchdog.sh
+++ b/data/Dockerfiles/watchdog/watchdog.sh
@@ -211,7 +211,7 @@ rspamd_checks() {
   while [ ${err_count} -lt ${THRESHOLD} ]; do
     host_ip=$(get_container_ip rspamd-mailcow)
     err_c_cur=${err_count}
-    SCORE=$(curl --silent ${host_ip}:11333/scan -d '
+    SCORE=$(/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/scan -d '
 To: null@localhost
 From: watchdog@localhost
 

From 1f98c42d4f20f5e448e213698bbd8dc538f0555f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 22:58:27 +0100
Subject: [PATCH 043/107] [Compose] New images; mount Rspamd sockets; mount
 override.d as rw

---
 docker-compose.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5188bde8..df77ba9c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -77,7 +77,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.16
+      image: mailcow/rspamd:1.17
       build: ./data/Dockerfiles/rspamd
       stop_grace_period: 30s
       depends_on:
@@ -86,11 +86,10 @@ services:
         - TZ=${TZ}
       volumes:
         - ./data/conf/rspamd/custom/:/etc/rspamd/custom:ro
-        - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro
+        - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:rw
         - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro
         - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro
-        - dkim-vol-1:/data/dkim
-        - rspamd-vol-1:/var/lib/rspamd
+        - rspamd-sock:/rspamd-sock
       restart: always
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
@@ -111,7 +110,7 @@ services:
       volumes:
         - ./data/web:/web:rw
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro
-        - dkim-vol-1:/data/dkim
+        - rspamd-sock:/rspamd-sock
         - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro
         - ./data/conf/phpfpm/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf
         - ./data/conf/phpfpm/php-fpm.d/system.conf:/usr/local/etc/php-fpm.d/system.conf
@@ -165,7 +164,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.20
+      image: mailcow/dovecot:1.21
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE
@@ -175,6 +174,7 @@ services:
         - ./data/conf/sogo/:/etc/sogo/
         - vmail-vol-1:/var/vmail
         - crypt-vol-1:/mail_crypt/
+        - rspamd-sock:/rspamd-sock
       environment:
         - LOG_LINES=${LOG_LINES}
         - DBNAME=${DBNAME}
@@ -338,7 +338,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:1.13
+      image: mailcow/watchdog:1.14
       # Debug
       #command: /watchdog.sh
       build: ./data/Dockerfiles/watchdog
@@ -346,6 +346,7 @@ services:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       volumes:
         - vmail-vol-1:/vmail:ro
+        - rspamd-sock:/rspamd-sock
       restart: always
       environment:
         - LOG_LINES=${LOG_LINES}
@@ -362,7 +363,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.7
+      image: mailcow/dockerapi:1.8
       restart: always
       build: ./data/Dockerfiles/dockerapi
       sysctls:
@@ -400,8 +401,8 @@ networks:
 volumes:
   vmail-vol-1:
   mysql-vol-1:
-  dkim-vol-1:
   redis-vol-1:
   rspamd-vol-1:
   postfix-vol-1:
   crypt-vol-1:
+  rspamd-sock:

From 7714cbc7c640515016d63594a70715e755f51012 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 23:17:50 +0100
Subject: [PATCH 044/107] Remove unused ignore

---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 69c24f9e..798d9603 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,4 +22,3 @@ data/conf/nginx/*.conf
 data/conf/nginx/*.custom
 data/conf/nginx/*.bak
 data/conf/dovecot/extra.conf
-data/conf/rspamd/override.d/worker-controller-password.inc

From 3e9ad820bf5ce2654ee458300eb2190a2d620a83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 8 Feb 2018 23:53:06 +0100
Subject: [PATCH 045/107] Make sure workercontrollerpassword exists

---
 generate_config.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/generate_config.sh b/generate_config.sh
index c65f658b..27b91967 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -28,6 +28,8 @@ else
   read -p "Timezone: " -ei ${TZ} TZ
 fi
 
+[[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ]] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
+
 cat << EOF > mailcow.conf
 # ------------------------------
 # mailcow web ui configuration

From 3a1e7b4ee15080e6042b0ed1ee3a5c2fe9ac1751 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 09:11:59 +0100
Subject: [PATCH 046/107] [Nginx] Pass args when redirecting to https

---
 data/conf/nginx/site.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 84f27728..5e35cdcf 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -34,7 +34,7 @@ server {
   include /etc/nginx/conf.d/server_name.active;
 
   if ($non_internal) {
-    return 302 https://$server_name$request_uri;
+    return 302 https://$server_name$uri$is_args$args;
   }
 
   error_log  /var/log/nginx/error.log;

From e5031accbb960c112116de6b6915522054548911 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 09:59:35 +0100
Subject: [PATCH 047/107] [Nginx] Remove auto-redirect to not break rp

---
 data/conf/nginx/site.conf | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 5e35cdcf..b84d3205 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -7,14 +7,6 @@ map $http_x_forwarded_proto $client_req_scheme {
      https https;
 }
 
-geo $non_internal {
-    default         1;
-    10.0.0.0/8      0;
-    172.16.0.0/12   0;
-    192.168.0.0/16  0;
-    fc00::/7        0;
-}
-
 server {
   include /etc/nginx/mime.types;
   charset utf-8;
@@ -33,10 +25,6 @@ server {
   include /etc/nginx/conf.d/listen_plain.active;
   include /etc/nginx/conf.d/server_name.active;
 
-  if ($non_internal) {
-    return 302 https://$server_name$uri$is_args$args;
-  }
-
   error_log  /var/log/nginx/error.log;
   access_log /var/log/nginx/access.log;
   absolute_redirect off;

From 66a3df16ed49c0f4c2cd6fc418c1d9435b51a2be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 10:32:12 +0100
Subject: [PATCH 048/107] [Netfilter] Fixes empty f2b options

---
 data/Dockerfiles/netfilter/server.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 93e62b58..3b03eb1b 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -25,11 +25,17 @@ RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have work
 RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
 
 if not r.get('F2B_OPTIONS'):
-  f2options['ban_time'] = int(r.get('F2B_BAN_TIME')) or 1800
-  f2options['max_attempts'] = int(r.get('F2B_MAX_ATTEMPTS')) or 10
-  f2options['retry_window'] = int(r.get('F2B_RETRY_WINDOW')) or 600
-  f2options['netban_ipv4'] = int(r.get('F2B_NETBAN_IPV4')) or 24
-  f2options['netban_ipv6'] = int(r.get('F2B_NETBAN_IPV6')) or 64
+  f2options = {}
+  f2options['ban_time'] = int
+  f2options['max_attempts'] = int
+  f2options['retry_window'] = int
+  f2options['netban_ipv4'] = int
+  f2options['netban_ipv6'] = int
+  f2options['ban_time'] = r.get('F2B_BAN_TIME') or 1800
+  f2options['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
+  f2options['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
+  f2options['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 24
+  f2options['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 64
   r.set('F2B_OPTIONS', json.dumps(f2options, ensure_ascii=False))
 else:
   try:
@@ -219,8 +225,8 @@ def snat(snat_target):
 
 def autopurge():
   while not quit_now:
-    BAN_TIME = int(r.get('F2B_BAN_TIME'))
-    MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
+    BAN_TIME = f2options['ban_time']
+    MAX_ATTEMPTS = f2options['max_attempts']
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
     if QUEUE_UNBAN:
       for net in QUEUE_UNBAN:
@@ -246,7 +252,7 @@ if __name__ == '__main__':
   watch_thread.daemon = True
   watch_thread.start()
 
-  if os.getenv('SNAT_TO_SOURCE'):
+  if os.getenv('SNAT_TO_SOURCE') and os.getenv('SNAT_TO_SOURCE') is not 'n':
     try:
       snat_ip = os.getenv('SNAT_TO_SOURCE').decode('ascii')
       snat_ipo = ipaddress.ip_address(snat_ip)

From 07a05b93632a4b29ccf5e242a9d928a6447748b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 10:32:42 +0100
Subject: [PATCH 049/107] [Rspamd] Enable more modules

---
 data/conf/rspamd/local.d/asn.conf            |  6 +++++
 data/conf/rspamd/local.d/ip_score.conf       | 24 ++++++++++++++++++
 data/conf/rspamd/local.d/url_reputation.conf | 26 ++++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 data/conf/rspamd/local.d/asn.conf
 create mode 100644 data/conf/rspamd/local.d/ip_score.conf
 create mode 100644 data/conf/rspamd/local.d/url_reputation.conf

diff --git a/data/conf/rspamd/local.d/asn.conf b/data/conf/rspamd/local.d/asn.conf
new file mode 100644
index 00000000..42b67806
--- /dev/null
+++ b/data/conf/rspamd/local.d/asn.conf
@@ -0,0 +1,6 @@
+provider_type = "rspamd";
+provider_info {
+  ip4 = "asn.rspamd.com";
+  ip6 = "asn6.rspamd.com";
+}
+symbol = "ASN";
diff --git a/data/conf/rspamd/local.d/ip_score.conf b/data/conf/rspamd/local.d/ip_score.conf
new file mode 100644
index 00000000..1ea2c3cd
--- /dev/null
+++ b/data/conf/rspamd/local.d/ip_score.conf
@@ -0,0 +1,24 @@
+# how each action is treated in scoring
+actions {
+  reject = 1.0;
+  "add header" = 0.25;
+  "rewrite subject" = 0.25;
+  "no action" = 1.0;
+}
+# how each component is evaluated
+scores {
+  asn = 0.5;
+  country = 0.1;
+  ipnet = 0.8;
+  ip = 1.0;
+}
+asn_prefix = "a:";
+country_prefix = "c:";
+hash = "ip_score";
+ipnet_prefix = "n:";
+lower_bound = 10;
+metric = "default";
+max_score = 10;
+min_score = -5;
+score_divisor = 10;
+symbol = "IP_SCORE";
diff --git a/data/conf/rspamd/local.d/url_reputation.conf b/data/conf/rspamd/local.d/url_reputation.conf
new file mode 100644
index 00000000..f2881ac0
--- /dev/null
+++ b/data/conf/rspamd/local.d/url_reputation.conf
@@ -0,0 +1,26 @@
+# Key prefix for redis - default "Ur."
+key_prefix = "Ur.";
+# Symbols to insert - defaults as shown
+symbols {
+  white = "URL_REPUTATION_WHITE";
+  black = "URL_REPUTATION_BLACK";
+  grey = "URL_REPUTATION_GREY";
+  neutral = "URL_REPUTATION_NEUTRAL";
+}
+# DKIM/DMARC/SPF allow symbols - defaults as shown
+foreign_symbols {
+  dmarc = "DMARC_POLICY_ALLOW";
+  dkim = "R_DKIM_ALLOW";
+  spf = "R_SPF_ALLOW";
+}
+# SURBL metatags to ignore - default as shown
+ignore_surbl = ["URIBL_BLOCKED", "DBL_PROHIBIT", "SURBL_BLOCKED"];
+# Amount of samples required for scoring - default 5
+threshold = 5;
+# Maximum number of TLDs to update reputation on (default 1)
+update_limit = 1;
+# Maximum number of TLDs to query reputation on (default 100)
+query_limit = 100;
+# If true, try to find most 'relevant' URL (default true)
+relevance = true;
+enabled = true;

From 8ae5077775ebe3d03509b3a951fc9dccb8d38369 Mon Sep 17 00:00:00 2001
From: David Escala <descala@ingent.net>
Date: Fri, 9 Feb 2018 18:56:06 +0100
Subject: [PATCH 050/107] Remove unused language keys from
 data/web/lang/lang.*.php

helper-scripts/check_translations.rb checks if keys present in the master
translation file are used in any php or js code.  Writes a sed comand to
stdout to remove unused keys from all lang files.

This saves unnecessary work when translating.
---
 data/web/lang/lang.de.php            | 140 -------------------------
 data/web/lang/lang.en.php            | 148 ---------------------------
 data/web/lang/lang.es.php            | 108 -------------------
 data/web/lang/lang.fr.php            | 140 -------------------------
 data/web/lang/lang.it.php            | 132 ------------------------
 data/web/lang/lang.nl.php            | 108 -------------------
 data/web/lang/lang.pl.php            | 136 ------------------------
 data/web/lang/lang.pt.php            | 110 --------------------
 data/web/lang/lang.ru.php            | 140 -------------------------
 helper-scripts/check_translations.rb |  34 ++++++
 10 files changed, 34 insertions(+), 1162 deletions(-)
 create mode 100755 helper-scripts/check_translations.rb

diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 29451679..cd3a5ec1 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -14,16 +14,10 @@ $lang['footer']['delete_these_items'] = 'Sind Sie sicher, dass die Änderungen a
 $lang['footer']['delete_now'] = 'Jetzt löschen';
 $lang['footer']['cancel'] = 'Abbrechen';
 
-$lang['dkim']['confirm'] = 'Sind Sie sicher?';
-$lang['danger']['dkim_not_found'] = 'DKIM-Key nicht gefunden';
-$lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Key nicht entfernen';
-$lang['danger']['dkim_add_failed'] = 'Kann DKIM-Key nicht hinzufügen';
 $lang['danger']['dkim_domain_or_sel_invalid'] = 'DKIM-Domain oder -Selector nicht korrekt';
-$lang['danger']['dkim_key_length_invalid'] = 'DKIM Schlüssellänge ungültig';
 $lang['success']['dkim_removed'] = 'DKIM-Key wurde entfernt';
 $lang['success']['dkim_added'] = 'DKIM-Key wurde hinzugefügt';
 $lang['danger']['access_denied'] = 'Zugriff verweigert oder unvollständige/ungültige Daten';
-$lang['danger']['whitelist_from_invalid'] = 'Whitelist-Eintrag ist ungültig';
 $lang['danger']['domain_invalid'] = 'Domainname ist ungültig';
 $lang['danger']['mailbox_quota_exceeds_domain_quota'] = 'Maximale Größe für Mailboxen überschreitet das Domain Speicherlimit';
 $lang['danger']['object_is_not_numeric'] = 'Wert %s ist nicht numerisch';
@@ -50,19 +44,13 @@ $lang['success']['mailbox_modified'] = 'Änderungen an Mailbox %s wurden gespeic
 $lang['success']['resource_modified'] = "Änderungen an Ressource %s wurden gespeichert";
 $lang['success']['object_modified'] = "Änderungen an Objekt %s wurden gespeichert";
 $lang['success']['f2b_modified'] = "Änderungen an Fail2ban Parametern wurden gespeichert";
-$lang['success']['msg_size_saved'] = 'Limit wurde gesetzt';
-$lang['danger']['aliasd_not_found'] = 'Alias-Domain nicht gefunden';
 $lang['danger']['targetd_not_found'] = 'Ziel-Domain nicht gefunden';
-$lang['danger']['aliasd_exists'] = 'Alias-Domain existiert bereits';
 $lang['success']['aliasd_added'] = 'Alias-Domain %s wurde angelegt';
 $lang['success']['aliasd_modified'] = 'Änderungen an Alias-Domain %s wurden gespeichert';
 $lang['success']['domain_modified'] = 'Änderungen an Domain %s wurden gespeichert';
 $lang['success']['domain_admin_modified'] = 'Änderungen an Domain-Administrator %s wurden gespeichert';
 $lang['success']['domain_admin_added'] = 'Domain-Administrator %s wurde angelegt';
-$lang['success']['changes_general'] = 'Änderungen wurden gespeichert';
 $lang['success']['admin_modified'] = 'Änderungen am Administrator wurden gespeichert';
-$lang['danger']['exit_code_not_null'] = 'Fehler: Exit-Code ist %d';
-$lang['danger']['mailbox_not_available'] = 'Mailbox nicht verfügbar';
 $lang['danger']['username_invalid'] = 'Benutzername kann nicht verwendet werden';
 $lang['danger']['password_mismatch'] = 'Passwort-Wiederholung stimmt nicht überein';
 $lang['danger']['password_complexity'] = 'Passwort entspricht nicht den Richtlinien';
@@ -71,7 +59,6 @@ $lang['danger']['login_failed'] = 'Anmeldung fehlgeschlagen';
 $lang['danger']['mailbox_invalid'] = 'Mailboxname ist ungültig';
 $lang['danger']['resource_invalid'] = 'Ressourcenname ist ungültig';
 $lang['danger']['description_invalid'] = 'Ressourcenbeschreibung ist ungültig';
-$lang['danger']['mailbox_invalid_suggest'] = 'Mailboxname ist ungültig, meinten Sie vielleicht %s?';
 $lang['danger']['is_alias'] = '%s lautet bereits eine Alias-Adresse';
 $lang['danger']['is_alias_or_mailbox'] = "Eine Mailbox, ein Alias oder eine sich aus einer Alias-Domain ergebende Adresse mit dem Namen %s ist bereits vorhanden";
 $lang['danger']['is_spam_alias'] = '%s lautet bereits eine Spam-Alias-Adresse';
@@ -96,20 +83,15 @@ $lang['danger']['mailboxes_in_use'] = 'Maximale Anzahl an Mailboxen muss größe
 $lang['danger']['aliases_in_use'] = 'Maximale Anzahl an Aliassen muss größer oder gleich %d sein';
 $lang['danger']['sender_acl_invalid'] = 'Sender ACL Wert muss eine Adresse oder Domain sein';
 $lang['danger']['domain_not_empty'] = 'Kann nur leere Domains entfernen';
-$lang['warning']['spam_alias_temp_error'] = 'Kann zur Zeit keinen Spam-Alias erstellen, bitte versuchen Sie es später noch einmal.';
-$lang['danger']['spam_alias_max_exceeded'] = 'Maximale Anzahl an Spam-Alias-Adressen erreicht';
 $lang['danger']['validity_missing'] = 'Bitte geben Sie eine Gültigkeitsdauer an';
 $lang['user']['loading'] = "Lade...";
 $lang['user']['active_sieve'] = "Aktiver Filter";
 $lang['user']['show_sieve_filters'] = "Zeige aktiven Filter des Benutzers";
 $lang['user']['no_active_filter'] = "Kein aktiver Filter vorhanden";
-$lang['user']['on'] = 'Ein';
-$lang['user']['off'] = 'Aus';
 $lang['user']['messages'] = "Nachrichten";
 $lang['user']['in_use'] = "Verwendet";
 $lang['user']['user_change_fn'] = '';
 $lang['user']['user_settings'] = 'Benutzereinstellungen';
-$lang['user']['mailbox_settings'] = 'Mailbox-Einstellungen';
 $lang['user']['mailbox_details'] = 'Mailbox-Details';
 $lang['user']['change_password'] = 'Passwort ändern';
 $lang['user']['client_configuration'] = 'Konfigurationsanleitungen für E-Mail-Programme und Smartphones anzeigen';
@@ -118,15 +100,12 @@ $lang['user']['save_changes'] = 'Änderungen speichern';
 $lang['user']['password_now'] = 'Aktuelles Passwort (Änderungen bestätigen)';
 $lang['user']['new_password_repeat'] = 'Neues Passwort (Wiederholung)';
 $lang['user']['new_password_description'] = 'Mindestanforderung: 6 Zeichen lang, Buchstaben und Zahlen.';
-$lang['user']['did_you_know'] = '<b>Wussten Sie schon?</b> Sie können Ihre E-Mail-Adresse mit Tags versehen, etwa "ich+<b>Privat</b>@example.com", um Nachrichten automatisch in einem Unterordner (Beispiel: "Privat") abzulegen.';
 $lang['user']['spam_aliases'] = 'Temporäre E-Mail Aliasse';
 $lang['user']['alias'] = 'Alias';
-$lang['user']['aliases'] = 'Aliasse';
 $lang['user']['shared_aliases'] = 'Geteilte Alias-Adressen';
 $lang['user']['shared_aliases_desc'] = 'Geteilte Alias-Adressen werden nicht bei benutzerdefinierten Einstellungen wie die des Spam-Filters oder der Verschlüsselungsrichtlinie berücksichtigt. Entsprechende Spam-Filter können lediglich von einem Administrator vorgenommen werden.';
 $lang['user']['direct_aliases'] = 'Direkte Alias-Adressen';
 $lang['user']['direct_aliases_desc'] = 'Nur direkte Alias-Adressen werden für benutzerdefinierte Einstellungen berücksichtigt.';
-$lang['user']['domain_aliases'] = 'Domain-Alias Adressen';
 $lang['user']['is_catch_all'] = 'Ist Catch-All Adresse für Domain(s)';
 $lang['user']['aliases_also_send_as'] = 'Darf außerdem versenden als Benutzer';
 $lang['user']['aliases_send_as_all'] = 'Absender für folgende Domains und zugehörige Alias-Domains nicht prüfen';
@@ -136,7 +115,6 @@ $lang['user']['alias_valid_until'] = 'Gültig bis';
 $lang['user']['alias_remove_all'] = 'Alle entfernen';
 $lang['user']['alias_time_left'] = 'Zeit verbleibend';
 $lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
-$lang['user']['syncjob_full_date'] = 'd.m.Y, H:i:s T';
 $lang['user']['alias_select_validity'] = 'Bitte Gültigkeit auswählen';
 $lang['user']['sync_jobs'] = 'Sync Jobs';
 $lang['user']['hour'] = 'Stunde';
@@ -173,8 +151,6 @@ $lang['user']['tls_enforce_in'] = 'TLS eingehend erzwingen';
 $lang['user']['tls_enforce_out'] = 'TLS ausgehend erzwingen';
 $lang['user']['no_record'] = 'Kein Eintrag';
 
-$lang['user']['misc_settings'] = 'Sonstige Kontoeinstellungen';
-$lang['user']['misc_delete_profile'] = 'Sonstige Kontoeinstellungen';
 
 $lang['user']['tag_handling'] = 'Umgang mit getaggten E-Mails steuern';
 $lang['user']['tag_in_subfolder'] = 'In Unterordner';
@@ -189,7 +165,6 @@ $lang['user']['eas_reset_help'] = 'In vielen Fällen kann ein ActiveSync Profil
 
 $lang['user']['encryption'] = 'Verschlüsselung';
 $lang['user']['username'] = 'Benutzername';
-$lang['user']['password'] = 'Password';
 $lang['user']['last_run'] = 'Letzte Ausführung';
 $lang['user']['excludes'] = 'Ausschlüsse';
 $lang['user']['interval'] = 'Intervall';
@@ -197,41 +172,19 @@ $lang['user']['active'] = 'Aktiv';
 $lang['user']['action'] = 'Aktion';
 $lang['user']['edit'] = 'Bearbeiten';
 $lang['user']['remove'] = 'Entfernen';
-$lang['user']['delete_now'] = 'Sofort löschen';
 $lang['user']['create_syncjob'] = 'Neuen Sync-Job erstellen';
 
-$lang['start']['dashboard'] = '%s - Dashboard';
-$lang['start']['start_rc'] = 'Roundcube öffnen';
-$lang['start']['start_sogo'] = 'SOGo öffnen';
 $lang['start']['mailcow_apps_detail'] = 'Verwenden Sie mailcow Apps, um E-Mails abzurufen, Kalender- und Kontakte zu verwalten und vieles mehr.';
-$lang['start']['mailcow_panel'] = 'mailcow UI starten';
-$lang['start']['mailcow_panel_description'] = 'Die mailcow Steuerung steht sowohl für Administratoren als auch Mailbox-Benutzer zur Verfügung.';
 $lang['start']['mailcow_panel_detail'] = '<b>Domain-Administratoren</b> erstellen, verändern oder löschen Mailboxen, verwalten die Domäne und sehen sonstige Einstellungen ein.<br>
 	Als <b>Mailbox-Benutzer</b> erstellen Sie hier zeitlich limitierte Aliasse, ändern das Verhalten des Spamfilters, setzen ein neues Passwort und vieles mehr.';
-$lang['start']['recommended_config'] = 'Empfohlene Software-Konfiguration (ohne ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP- und SMTP-Server';
-$lang['start']['imap_smtp_server_description'] = 'Für eine optimale Verbindung empfehlen wir die Verwendung des <a href="%s" target="_blank"><b>Mozilla Thunderbirds</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'E-Mail lesen und schreiben';
 $lang['start']['imap_smtp_server_auth_info'] = 'Bitte verwenden Sie Ihre vollständige E-Mail-Adresse sowie das PLAIN-Authentifizierungsverfahren.<br>
 Ihre Anmeldedaten werden durch die obligatorische Verschlüsselung entgegen des Begriffes "PLAIN" nicht unverschlüsselt übertragen.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'E-Mail-Filter';
-$lang['start']['managesieve_description'] = 'Bitte verwenden Sie <b>Mozilla Thunderbirds</b> zusammen mit der <a style="text-decoration:none" target="_blank" href="%s"><b>Sieve Erweiterung</b></a>.<br>Nach dem Herunterladen der Erweiterung starten Sie Thunderbird, öffnen das Fenster für Erweiterungen und ziehen die heruntergeladene Datei in das offene Fenster.<br>Der Servername lautet <b>%s</b>, als Port konfigurieren Sie bitte <b>4190</b>. Die Anmeldedaten entsprechen dem E-Mail Login.';
-$lang['start']['service'] = 'Dienstname';
-$lang['start']['encryption'] = 'Verschlüsselungstyp';
 $lang['start']['help'] = 'Hilfe ein-/ausblenden';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Port';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Konfiguration';
 $lang['header']['administration'] = 'Administration';
 $lang['header']['mailboxes'] = 'Mailboxen';
 $lang['header']['user_settings'] = 'Benutzereinstellungen';
-$lang['header']['diagnostics'] = 'Diagnose';
-$lang['header']['login'] = 'Anmeldung';
-$lang['header']['logged_in_as_logout'] = 'Eingeloggt als <b>%s</b> (abmelden)';
 $lang['header']['logged_in_as_logout_dual'] = 'Eingeloggt als <b>%s <span class="text-info">[%s]</span></b>';
-$lang['header']['locale'] = 'Sprache';
 $lang['mailbox']['domain'] = 'Domain';
 $lang['mailbox']['spam_aliases'] = 'Temp. Alias';
 $lang['mailbox']['alias'] = 'Alias';
@@ -240,12 +193,10 @@ $lang['mailbox']['multiple_bookings'] = 'Mehrfachbuchen';
 $lang['mailbox']['kind'] = 'Art';
 $lang['mailbox']['description'] = 'Beschreibung';
 $lang['mailbox']['resources'] = 'Ressourcen';
-$lang['mailbox']['resource_name'] = 'Ressourcenname';
 $lang['mailbox']['domains'] = 'Domains';
 $lang['mailbox']['mailboxes'] = 'Mailboxen';
 $lang['mailbox']['mailbox_quota'] = 'Max. Größe einer Mailbox';
 $lang['mailbox']['domain_quota'] = 'Gesamtspeicher';
-$lang['mailbox']['ratelimit'] = 'Limit ausgehend/Stunde';
 $lang['mailbox']['active'] = 'Aktiv';
 $lang['mailbox']['action'] = 'Aktion';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
@@ -257,14 +208,10 @@ $lang['mailbox']['fname'] = 'Name';
 $lang['mailbox']['filter_table'] = 'Filtern';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Speicherplatz';
 $lang['mailbox']['in_use'] = 'Prozentualer Gebrauch';
 $lang['mailbox']['msg_num'] = 'Anzahl Nachrichten';
 $lang['mailbox']['remove'] = 'Entfernen';
 $lang['mailbox']['edit'] = 'Bearbeiten';
-$lang['mailbox']['archive'] = 'Archiv-Zugriff';
-$lang['mailbox']['no_record'] = 'Kein Eintrag für Objekt %s';
-$lang['mailbox']['no_record_single'] = 'Kein Eintrag';
 $lang['mailbox']['add_domain'] = 'Domain hinzufügen';
 $lang['mailbox']['add_domain_alias'] = 'Domain-Alias hinzufügen';
 $lang['mailbox']['add_mailbox'] = 'Mailbox hinzufügen';
@@ -284,21 +231,6 @@ Die Ausführung erfolgt in nachstehender Reihenfolge. Ein fehlgeschlagenes Scrip
 Prefilter → User scripts → Postfilter → <a href="https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/sieve_after" target="_blank">global sieve postfilter</a>';
 
 $lang['info']['no_action'] = 'Keine Aktion anwendbar';
-$lang['delete']['title'] = 'Objekt entfernen';
-$lang['delete']['remove_domain_warning'] = '<b>Warnung:</b> Sie entfernen die Domain <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Warnung:</b> Sie entfernen die Alias-Domain <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Warnung:</b> Sie entfernen den Domain-Administrator <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Warnung:</b> Sie entfernen die Alias-Adresse <b>%s</b>!';
-$lang['delete']['remove_syncjob_warning'] = '<b>Warnung:</b> Sie entfernen einen Sync-Job des Benutzers <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Warnung:</b> Sie entfernen die Mailbox <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'Die Mailbox wird <b>vollständig und permanent</b> entfernt!';
-$lang['delete']['remove_resource_warning'] = '<b>Warnung:</b> Sie entfernen die Ressource <b>%s</b>!';
-$lang['delete']['remove_resource_details'] = 'Die Ressource wird <b>vollständig und permanent</b> entfernt!';
-$lang['delete']['remove_domain_details'] = 'Diese Aktion entfernt ebenfalls Domain-Aliasse.<br><br><b>Eine Domain muss leer sein, um entfernt zu werden.</b>';
-$lang['delete']['remove_syncjob_details'] = 'Objekte dieses Sync-Jobs werden nicht mehr vom entfernten Server abgeholt.';
-$lang['delete']['remove_alias_details'] = 'Benutzer werden keine Nachrichten mehr von dieser Adresse erhalten und versenden koennen!</b>';
-$lang['delete']['remove_button'] = 'Entfernen';
-$lang['delete']['previous'] = 'Vorherige Seite';
 
 $lang['edit']['syncjob'] = 'Sync-Job bearbeiten';
 $lang['edit']['save'] = 'Änderungen speichern';
@@ -311,26 +243,20 @@ $lang['edit']['mins_interval'] = 'Intervall (min)';
 $lang['edit']['maxbytespersecond'] = 'Max. Übertragungsrate in Bytes/s (0 für unlimitiert)';
 $lang['edit']['automap'] = 'Ordner automatisch mappen ("Sent items", "Sent" => "Sent" etc.)';
 $lang['edit']['skipcrossduplicates'] = 'Duplikate auch über Ordner hinweg überspringen ("first come, first serve")';
-$lang['add']['maxbytespersecond'] = 'Max. Übertragungsrate in Bytes/s (0 für unlimitiert)';
 $lang['add']['automap'] = 'Ordner automatisch mappen ("Sent items", "Sent" => "Sent" etc.)';
 $lang['add']['skipcrossduplicates'] = 'Duplikate auch über Ordner hinweg überspringen ("first come, first serve")';
 $lang['edit']['exclude'] = 'Elemente ausschließen (Regex)';
-$lang['edit']['archive'] = 'Archiv-Zugriff';
 $lang['edit']['max_mailboxes'] = 'Max. Mailboxanzahl:';
 $lang['edit']['title'] = 'Objekt bearbeiten';
 $lang['edit']['target_address'] = 'Ziel-Adresse(n) <small>(getrennt durch Komma)</small>:';
 $lang['edit']['active'] = 'Aktiv';
 $lang['edit']['target_domain'] = 'Ziel-Domain:';
 $lang['edit']['password'] = 'Passwort:';
-$lang['edit']['ratelimit'] = 'Limit ausgehender Nachrichten/Stunde:';
-$lang['danger']['ratelimt_less_one'] = 'Limit ausgehender Nachrichten/Stunde darf nicht kleiner als 1 sein';
 $lang['edit']['password_repeat'] = 'Passwort (Wiederholung):';
 $lang['edit']['domain_admin'] = 'Domain-Administrator bearbeiten';
 $lang['edit']['domain'] = 'Domain bearbeiten';
 $lang['edit']['edit_alias_domain'] = 'Alias-Domain bearbeiten';
-$lang['edit']['alias_domain'] = 'Alias-Domain';
 $lang['edit']['domains'] = 'Domains';
-$lang['edit']['destroy'] = 'Manuelle Eingabe des Wertes';
 $lang['edit']['alias'] = 'Alias bearbeiten';
 $lang['edit']['mailbox'] = 'Mailbox bearbeiten';
 $lang['edit']['description'] = 'Beschreibung:';
@@ -340,22 +266,16 @@ $lang['edit']['domain_quota'] = 'Domain Speicherplatz gesamt (MiB):';
 $lang['edit']['backup_mx_options'] = 'Backup MX Optionen:';
 $lang['edit']['relay_domain'] = 'Relay Domain';
 $lang['edit']['relay_all'] = 'Alle Empfänger-Adressen relayen';
-$lang['edit']['dkim_signature'] = 'ARC + DKIM-Signatur:';
-$lang['edit']['dkim_record_info'] = '<small>Bitte hinterlegen Sie einen TXT-Record mit obigem Wert in den DNS-Einstellungen Ihrer Domainverwaltung.</small>';
 $lang['edit']['relay_all_info'] = '<small>Wenn Sie <b>nicht</b> alle Empfänger-Adressen relayen möchten, müssen Sie eine ("blinde") Mailbox für jede Adresse, die relayt werden soll, erstellen.</small>';
 $lang['edit']['full_name'] = 'Voller Name';
 $lang['edit']['quota_mb'] = 'Speicherplatz (MiB)';
 $lang['edit']['sender_acl'] = 'Darf Nachrichten versenden als';
-$lang['edit']['sender_acl_info'] = 'Aliasse sind nicht abwählbar und vorausgewählt.';
-$lang['edit']['dkim_txt_name'] = 'TXT-Record Name:';
-$lang['edit']['dkim_txt_value'] = 'TXT-Record Wert:';
 $lang['edit']['previous'] = 'Vorherige Seite';
 $lang['edit']['unchanged_if_empty'] = 'Unverändert, wenn leer';
 $lang['edit']['dont_check_sender_acl'] = 'Absender für Domain %s u. Alias-Dom. nicht prüfen';
 $lang['edit']['multiple_bookings'] = 'Mehrfaches Buchen';
 $lang['edit']['kind'] = 'Art';
 $lang['edit']['resource'] = 'Ressource';
-$lang['edit']['goto_null'] = 'Nachrichten sofort verwerfen';
 
 $lang['add']['syncjob'] = 'Sync-Job erstellen';
 $lang['add']['syncjob_hint'] = 'Passwörter werden unverschlüsselt abgelegt!';
@@ -363,8 +283,6 @@ $lang['add']['hostname'] = 'Servername';
 $lang['add']['port'] = 'Port';
 $lang['add']['username'] = 'Benutzername';
 $lang['add']['enc_method'] = 'Verschlüsselung';
-$lang['add']['maxage'] = 'Maximales Alter von Nachrichten, welche vom Remote abgefragt werden (0 = Alter ignorieren)';
-$lang['add']['subfolder2'] = 'Synchronisation in Unterordner am Ziel';
 $lang['add']['mins_interval'] = 'Abrufintervall (Minuten)';
 $lang['add']['exclude'] = 'Elemente ausschließen (Regex)';
 $lang['add']['delete2duplicates'] = 'Lösche Duplikate im Ziel';
@@ -374,11 +292,9 @@ $lang['edit']['delete2duplicates'] = 'Lösche Duplikate im Ziel';
 $lang['edit']['delete1'] = 'Lösche Nachricht nach Übertragung vom Quell-Server';
 $lang['edit']['delete2'] = 'Lösche Nachrichten von Ziel-Server, die nicht auf Quell-Server vorhanden sind';
 
-$lang['add']['title'] = 'Objekt anlegen';
 $lang['add']['domain'] = 'Domain';
 $lang['add']['active'] = 'Aktiv';
 $lang['add']['multiple_bookings'] = 'Mehrfaches Buchen möglich';
-$lang['add']['save'] = 'Änderungen speichern';
 $lang['add']['description'] = 'Beschreibung';
 $lang['add']['max_aliases'] = 'Max. mögliche Aliasse';
 $lang['add']['max_mailboxes'] = 'Max. mögliche Mailboxen';
@@ -388,8 +304,6 @@ $lang['add']['backup_mx_options'] = 'Backup MX Optionen';
 $lang['add']['relay_all'] = 'Alle Empfänger-Adressen relayen';
 $lang['add']['relay_domain'] = 'Relay Domain';
 $lang['add']['relay_all_info'] = '<small>Wenn Sie <b>nicht</b> alle Empfänger-Adressen relayen möchten, müssen Sie eine Mailbox für jede Adresse, die relayt werden soll, erstellen.</small>';
-$lang['add']['alias'] = 'Alias(se)';
-$lang['add']['alias_spf_fail'] = '<b>Hinweis:</b> Wählen Sie ein externes Postfach als Ziel-Adresse, kann es unter Umständen zu fehlerhaften Spam-Erkennungen <b>beim Empfänger</b> kommen. Weitere Informationen zu diesem Thema finden Sie <a href="https://www.heinlein-support.de/blog/news/gmx-de-und-web-de-haben-mail-rejects-durch-spf/" target="_blank">hier.</a>';
 $lang['add']['alias_address'] = 'Alias-Adresse(n)';
 $lang['add']['alias_address_info'] = '<small>Vollständige E-Mail-Adresse(n) oder @example.com, um alle Nachrichten einer Domain weiterzuleiten. Getrennt durch Komma. <b>Nur eigene Domains</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Nur gültige Domains. Getrennt durch Komma.</small>';
@@ -398,17 +312,13 @@ $lang['add']['target_address_info'] = '<small>Vollständige E-Mail-Adresse(n). G
 $lang['add']['alias_domain'] = 'Alias-Domain';
 $lang['add']['select'] = 'Bitte auswählen';
 $lang['add']['target_domain'] = 'Ziel-Domain';
-$lang['add']['mailbox'] = 'Mailbox';
-$lang['add']['resource'] = 'Ressource';
 $lang['add']['kind'] = 'Art';
 $lang['add']['mailbox_username'] = 'Benutzername (linker Teil der E-Mail-Adresse)';
-$lang['add']['resource_name'] = 'Ressourcenname';
 $lang['add']['full_name'] = 'Vor- und Zuname';
 $lang['add']['quota_mb'] = 'Speicherplatz (MiB)';
 $lang['add']['select_domain'] = 'Bitte zuerst eine Domain auswählen';
 $lang['add']['password'] = 'Passwort';
 $lang['add']['password_repeat'] = 'Passwort (Wiederholung)';
-$lang['add']['previous'] = 'Vorherige Seite';
 $lang['add']['restart_sogo_hint'] = 'Der SOGo Container muss nach dem Hinzufügen einer neuen Domain neugestartet werden!';
 $lang['add']['goto_null'] = 'Nachrichten sofort verwerfen';
 $lang['add']['validation_success'] = 'Erfolgreich validiert';
@@ -427,16 +337,9 @@ $lang['mailbox']['inactive'] = 'Inaktiv';
 $lang['edit']['validate_save'] = 'Validieren und speichern';
 
 
-$lang['login']['title'] = 'Anmeldung';
-$lang['login']['administration'] = 'Administration';
-$lang['login']['administration_details'] = 'Bitte verwenden Sie Ihre Administrator Anmeldedaten, um administrative Aufgaben wie das Anlegen einer Mailbox zu starten.';
-$lang['login']['user_settings'] = 'Benutzereinstellungen';
-$lang['login']['user_settings_details'] = 'Als E-Mail Benutzer vewenden Sie bitte Ihre E-Mail Anmeldedaten, um Passwörter zu verändern, temporäre (Spam-)Aliasse zu erstellen, den Spamfilter einzustellen oder auch um E-Mails zu importieren.';
 $lang['login']['username'] = 'Benutzername';
 $lang['login']['password'] = 'Passwort';
-$lang['login']['reset_password'] = 'Mein Passwort zurücksetzen';
 $lang['login']['login'] = 'Anmelden';
-$lang['login']['previous'] = 'Vorherige Seite';
 $lang['login']['delayed'] = 'Login wurde zur Sicherheit um %s Sekunde/n verzögert.';
 
 $lang['tfa']['tfa'] = "Zwei-Faktor-Authentifizierung";
@@ -446,16 +349,12 @@ $lang['tfa']['key_id'] = "Ein Name für diesen YubiKey";
 $lang['tfa']['key_id_totp'] = "Ein eindeutiger Name";
 $lang['tfa']['api_register'] = 'mailcow verwendet die Yubico Cloud API. Ein API-Key für den Yubico Stick kann <a href="https://upgrade.yubico.com/getapikey/" target="_blank">hier</a> bezogen werden.';
 $lang['tfa']['u2f'] = "U2F Authentifizierung";
-$lang['tfa']['hotp'] = "HOTP Authentifizierung";
 $lang['tfa']['totp'] = "TOTP Authentifizierung";
 $lang['tfa']['none'] = "Deaktiviert";
 $lang['tfa']['delete_tfa'] = "Deaktiviere 2FA";
 $lang['tfa']['disable_tfa'] = "Deaktiviere 2FA bis zur nächsten erfolgreichen Anmeldung";
-$lang['tfa']['confirm_tfa'] = "Bitte bestätigen Sie Ihr Einmal-Passwort im unteren Feld";
 $lang['tfa']['confirm'] = "Bestätigen";
-$lang['tfa']['otp'] = "Einmalpasswort";
 $lang['tfa']['totp'] = "Time-based OTP (Google Authenticator etc.)";
-$lang['tfa']['trash_login'] = "Login verwerfen";
 $lang['tfa']['select'] = "Bitte auswählen";
 $lang['tfa']['waiting_usb_auth'] = "<i>Warte auf USB-Gerät...</i><br><br>Bitte jetzt den vorgesehenen Taster des U2F USB-Gerätes berühren.";
 $lang['tfa']['waiting_usb_register'] = "<i>Warte auf USB-Gerät...</i><br><br>Bitte zuerst das obere Passwortfeld ausfüllen und erst dann den vorgesehenen Taster des U2F USB-Gerätes berühren.";
@@ -464,7 +363,6 @@ $lang['tfa']['enter_qr_code'] = "Falls Sie den angezeigten QR-Code nicht scannen
 $lang['tfa']['confirm_totp_token'] = "Bitte bestätigen Sie die Änderung durch Eingabe eines generierten Tokens";
 
 $lang['admin']['no_new_rows'] = 'Keine weiteren Zeilen vorhanden';
-$lang['admin']['additional_rows'] = ' zusätzliche Zeilen geladen'; // parses to 'n additional rows were added'
 $lang['admin']['private_key'] = 'Private Key';
 $lang['admin']['import'] = 'Importieren';
 $lang['admin']['import_private_key'] = 'Private Key importieren';
@@ -475,35 +373,15 @@ $lang['admin']['f2b_retry_window'] = 'Wiederholungen im Zeitraum von (s)';
 $lang['admin']['f2b_netban_ipv4'] = 'Netzbereich für IPv4 Bans (8-32)';
 $lang['admin']['f2b_netban_ipv6'] = 'Netzbereich für IPv6 Bans (8-128)';
 $lang['admin']['f2b_whitelist'] = 'Whitelist für Netzwerke und Hosts';
-$lang['admin']['restrictions'] = 'Postfix Restriktionen';
-$lang['admin']['rr'] = 'Postfix Empfänger Restriktionen';
-$lang['admin']['sr'] = 'Postfix Sender Restriktionen';
-$lang['admin']['reset_defaults'] = 'Standard wiederherstellen';
 $lang['admin']['r_inactive'] = 'Inaktive Restriktionen';
 $lang['admin']['r_active'] = 'Aktive Restriktionen';
 $lang['admin']['r_info'] = 'Ausgegraute/deaktivierte Elemente sind mailcow nicht bekannt und können nicht in die Liste inaktiver Elemente verschoben werden. Unbekannte Restriktionen werden trotzdem in Reihenfolge der Erscheinung gesetzt.<br>Sie können ein Element in der Datei <code>inc/vars.local.inc.php</code> als bekannt hinzufügen, um es zu bewegen.';
-$lang['admin']['public_folders'] = 'Öffentliche Ordner';
-$lang['admin']['public_folders_text'] = 'Ein Namespace "Public" wird erstellt. Der untenstehende Ordnername betrifft den Namen der automatisch erstellten Mailbox in diesem Namespace.';
-$lang['admin']['public_folder_name'] = 'Ordnername <small>(alphanumerisch)</small>';
-$lang['admin']['public_folder_enable'] = 'Öffentliche Ordner aktivieren';
-$lang['admin']['public_folder_enable_text'] = 'Das Umschalten dieser Option entfernt keine Nachrichten aus den öffentlichen Ordnern.';
-$lang['admin']['public_folder_pusf'] = 'Aktiviere "per-user seen flag"';
-$lang['admin']['public_folder_pusf_text'] = 'Ein "per-user seen flag"-aktiviertes System markiert Nachrichten nicht als gelesen, wenn nur ein Benutzer sie gelesen hat. Jeder Benutzer verwaltet seine eigenen "seen flags".';
-$lang['admin']['privacy'] = 'Datenschutz';
-$lang['admin']['privacy_text'] = 'Diese Option aktiviert eine PCRE-Prüfung, die die Werte der Kopfzeilen "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" sowie "Received: from" durch "localhost" bzw. "127.0.0.1" ersetzt.';
-$lang['admin']['privacy_anon_mail'] = 'Anonymisiere ausgehende Kopfzeilen';
-$lang['admin']['msg_size'] = 'Aktuelles Limit der Nachrichtengröße';
-$lang['admin']['msg_size_limit'] = 'Aktuelles Limit der Nachrichtengröße';
-$lang['admin']['msg_size_limit_details'] = 'Diese Einstellung wird Postfix und den Webserver neuladen.';
 $lang['admin']['save'] = 'Änderungen speichern';
-$lang['admin']['maintenance'] = 'Wartung und Information';
-$lang['admin']['sys_info'] = 'Systeminformation';
 $lang['admin']['dkim_add_key'] = 'ARC/DKIM-Key hinzufügen';
 $lang['admin']['dkim_keys'] = 'ARC/DKIM-Keys';
 $lang['admin']['dkim_key_valid'] = 'Key gültig';
 $lang['admin']['dkim_key_unused'] = 'Key ohne Zuweisung';
 $lang['admin']['dkim_key_missing'] = 'Key fehlt';
-$lang['admin']['dkim_key_hint'] = 'Der Selector für DKIM-Keys lautet immer <code>dkim</code>.';
 $lang['admin']['add'] = 'Hinzufügen';
 $lang['add']['add_domain_restart'] = 'Domain hinzufügen und SOGo neustarten';
 $lang['add']['add_domain_only'] = 'Nur Domain hinzufügen';
@@ -526,20 +404,12 @@ $lang['admin']['unchanged_if_empty'] = 'Unverändert, wenn leer';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Zugang';
-$lang['admin']['invalid_max_msg_size'] = 'Maximale Nachrichtengröße ungültig';
-$lang['admin']['site_not_found'] = 'Kann mailcow Seitenkonfiguration nicht finden';
-$lang['admin']['public_folder_empty'] = 'Öffentlicher Ordner-Name darf nicht leer sein';
-$lang['admin']['set_rr_failed'] = 'Kann Postfix Restriktionen nicht setzen';
 $lang['admin']['no_record'] = 'Kein Eintrag';
 $lang['admin']['filter_table'] = 'Tabelle Filtern';
 $lang['admin']['empty'] = 'Keine Einträge vorhanden';
-$lang['admin']['time'] = 'Zeit';
-$lang['admin']['priority'] = 'Gewichtung';
 $lang['admin']['refresh'] = 'Neu laden';
-$lang['admin']['logs'] = 'Logs';
 $lang['admin']['to_top'] = 'Nach oben';
 $lang['admin']['in_use_by'] = 'Verwendet von';
-$lang['admin']['message'] = 'Nachricht';
 $lang['admin']['forwarding_hosts'] = 'Weiterleitungs-Hosts';
 $lang['admin']['forwarding_hosts_hint'] = 'Eingehende Nachrichten werden von den hier gelisteten Hosts bedingungslos akzeptiert. Diese Hosts werden dann nicht mit DNSBLs abgeglichen oder Greylisting unterworfen. Von ihnen empfangener Spam wird nie abgelehnt, optional kann er aber in den Spam-Ordner einsortiert werden. Die übliche Verwendung für diese Funktion ist, um Mailserver anzugeben, auf denen eine Weiterleitung zu Ihrem mailcow-Server eingerichtet wurde.';
 $lang['admin']['forwarding_hosts_add_hint'] = 'Sie können entweder IPv4/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.';
@@ -559,7 +429,6 @@ $lang['admin']['quarantine_retention_size'] = "Rückhaltungen pro Mailbox:";
 $lang['admin']['quarantine_max_size'] = "Maximale Größe in MiB (größere Elemente werden verworfen):";
 $lang['admin']['quarantine_exclude_domains'] = "Domains und Alias-Domains ausschließen:";
 
-$lang['delete']['remove_forwardinghost_warning'] = '<b>Warnung:</b> Sie entfernen den Weiterleitungs-Host <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Weiterleitungs-Host %s wurde entfernt";
 $lang['success']['forwarding_host_added'] = "Weiterleitungs-Host %s wurde hinzugefügt";
 $lang['success']['relayhost_removed'] = "Relayhost %s wurde entfernt";
@@ -607,12 +476,8 @@ $lang['admin']['add_row'] = "Reihe hinzufügen";
 $lang['admin']['reset_default'] = "Zurücksetzen auf Standard";
 $lang['admin']['merged_vars_hint'] = 'Ausgegraute Reihen wurden aus der Datei <code>vars.inc.(local.)php</code> gelesen und können hier nicht verändert werden.';
 
-$lang['edit']['tls_policy'] = "TLS Policy ändern";
 $lang['edit']['spam_score'] = "Einen benutzerdefiniterten Spam-Score festlegen";
 $lang['edit']['spam_policy'] = "Hinzufügen und Entfernen von Einträgen in White- und Blacklists";
-$lang['edit']['delimiter_action'] = "Delimiter Aktion verändern";
-$lang['edit']['syncjobs'] = "Sync job hinzufügen oder anpassen";
-$lang['edit']['eas_reset'] = "ActiveSync Geräte-Cache zurücksetzen";
 $lang['edit']['spam_alias'] = "Anpassen temporärer Alias-Adressen";
 
 $lang['danger']['img_tmp_missing'] = "Grafik konnte nicht validiert werden: Erstellung temporärer Datei fehlgeschlagen";
@@ -672,8 +537,3 @@ $lang['mailbox']['recipient_map_info'] = 'Empfängerumschreibung ersetzen den Em
 $lang['mailbox']['recipient_map_old'] = 'Original Empfänger';
 $lang['mailbox']['recipient_map_new'] = 'Neuer Empfänger';
 $lang['mailbox']['add_recipient_map_entry'] = 'Empfängerumschreibung hinzufügen';
-$lang['mailbox']['sender_maps'] = 'Senderumschreibungen';
-$lang['mailbox']['sender_map_info'] = 'Senderumschreibungen werden verwendet, um den Absender einer E-Mail noch vor dem Versand umzuschreiben.';
-$lang['mailbox']['sender_map_old'] = 'Original Absender';
-$lang['mailbox']['sender_map_new'] = 'Neuer Absender';
-$lang['mailbox']['add_sender_map_entry'] = 'Senderumschreibung hinzufügen';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 9dc91eb4..d02f2d74 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -14,12 +14,7 @@ $lang['footer']['delete_these_items'] = 'Please confirm your changes to the foll
 $lang['footer']['delete_now'] = 'Delete now';
 $lang['footer']['cancel'] = 'Cancel';
 
-$lang['dkim']['confirm'] = "Are you sure?";
-$lang['danger']['dkim_not_found'] = "DKIM key not found";
-$lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM key";
-$lang['danger']['dkim_add_failed'] = "Cannot add given DKIM key";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "DKIM domain or selector invalid";
-$lang['danger']['dkim_key_length_invalid'] = "DKIM key length invalid";
 $lang['success']['dkim_removed'] = "DKIM key %s has been removed";
 $lang['success']['dkim_added'] = "DKIM key has been saved";
 $lang['danger']['access_denied'] = "Access denied or invalid form data";
@@ -33,8 +28,6 @@ $lang['danger']['last_key'] = 'Last key cannot be deleted';
 $lang['danger']['goto_empty'] = "Goto address must not be empty";
 $lang['danger']['policy_list_from_exists'] = "A record with given name exists";
 $lang['danger']['policy_list_from_invalid'] = "Record has invalid format";
-$lang['danger']['whitelist_exists'] = "A whitelist record with that name exists";
-$lang['danger']['whitelist_from_invalid'] = "Whitelist record has invalid format";
 $lang['danger']['alias_invalid'] = "Alias address is invalid";
 $lang['danger']['goto_invalid'] = "Goto address is invalid";
 $lang['danger']['alias_domain_invalid'] = "Alias domain is invalid";
@@ -50,19 +43,13 @@ $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['resource_modified'] = "Changes to mailbox %s have been saved";
 $lang['success']['object_modified'] = "Changes to object %s have been saved";
 $lang['success']['f2b_modified'] = "Changes to Fail2ban parameters have been saved";
-$lang['success']['msg_size_saved'] = "Message size limit has been set";
-$lang['danger']['aliasd_not_found'] = "Alias domain not found";
 $lang['danger']['targetd_not_found'] = "Target domain not found";
-$lang['danger']['aliasd_exists'] = "Alias domain already exists";
 $lang['success']['aliasd_added'] = "Added alias domain %s";
 $lang['success']['aliasd_modified'] = "Changes to alias domain %s have been saved";
 $lang['success']['domain_modified'] = "Changes to domain %s have been saved";
 $lang['success']['domain_admin_modified'] = "Changes to domain administrator %s have been saved";
 $lang['success']['domain_admin_added'] = "Domain administrator %s has been added";
-$lang['success']['changes_general'] = 'Changes have been saved';
 $lang['success']['admin_modified'] = "Changes to administrator have been saved";
-$lang['danger']['exit_code_not_null'] = "Error: Exit code was %d";
-$lang['danger']['mailbox_not_available'] = "Mailbox not available";
 $lang['danger']['username_invalid'] = "Username cannot be used";
 $lang['danger']['password_mismatch'] = "Confirmation password is not identical";
 $lang['danger']['password_complexity'] = "Password does not meet the policy";
@@ -71,7 +58,6 @@ $lang['danger']['login_failed'] = "Login failed";
 $lang['danger']['mailbox_invalid'] = "Mailbox name is invalid";
 $lang['danger']['description_invalid'] = 'Resource description is invalid';
 $lang['danger']['resource_invalid'] = "Resource name is invalid";
-$lang['danger']['mailbox_invalid_suggest'] = 'Mailbox name is invalid, did you mean to type "%s"?';
 $lang['danger']['is_alias'] = "%s is already known as an alias address";
 $lang['danger']['is_alias_or_mailbox'] = "%s is already known as an alias, a mailbox or an alias address expanded from an alias domain.";
 $lang['danger']['is_spam_alias'] = "%s is already known as a spam alias address";
@@ -96,20 +82,15 @@ $lang['danger']['mailboxes_in_use'] = "Max. mailboxes must be greater or equal t
 $lang['danger']['aliases_in_use'] = "Max. aliases must be greater or equal to %d";
 $lang['danger']['sender_acl_invalid'] = "Sender ACL value is invalid";
 $lang['danger']['domain_not_empty'] = "Cannot remove non-empty domain";
-$lang['warning']['spam_alias_temp_error'] = "Temporary error: Cannot add spam alias, please try again later.";
-$lang['danger']['spam_alias_max_exceeded'] = "Max. allowed spam alias addresses exceeded";
 $lang['danger']['validity_missing'] = 'Please assign a period of validity';
 $lang['user']['loading'] = "Loading...";
 $lang['user']['active_sieve'] = "Active filter";
 $lang['user']['show_sieve_filters'] = "Show active user sieve filter";
 $lang['user']['no_active_filter'] = "No active filter available";
-$lang['user']['on'] = "On";
-$lang['user']['off'] = "Off";
 $lang['user']['messages'] = "messages"; // "123 messages"
 $lang['user']['in_use'] = "Used";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'User settings';
-$lang['user']['mailbox_settings'] = 'Mailbox settings';
 $lang['user']['mailbox_details'] = 'Mailbox details';
 $lang['user']['change_password'] = 'Change password';
 $lang['user']['client_configuration'] = 'Show configuration guides for email clients and smartphones';
@@ -118,15 +99,12 @@ $lang['user']['save_changes'] = 'Save changes';
 $lang['user']['password_now'] = 'Current password (confirm changes)';
 $lang['user']['new_password_repeat'] = 'Confirmation password (repeat)';
 $lang['user']['new_password_description'] = 'Requirement: 6 characters long, letters and numbers.';
-$lang['user']['did_you_know'] = '<b>Did you know?</b> You can use tags in your email address ("me+<b>privat</b>@example.com") to move messages to a folder automatically (example: "privat").';
 $lang['user']['spam_aliases'] = 'Temporary email aliases';
 $lang['user']['alias'] = 'Alias';
-$lang['user']['aliases'] = 'Aliases';
 $lang['user']['shared_aliases'] = 'Shared alias addresses';
 $lang['user']['shared_aliases_desc'] = 'A shared alias address is not affected by any user specific settings. A custom spam filter setting can be archived by a domain-wide policy set by an administrator..';
 $lang['user']['direct_aliases'] = 'Direct alias addresses';
 $lang['user']['direct_aliases_desc'] = 'Direct alias addresses are affected by spam filter and TLS policy settings.';
-$lang['user']['domain_aliases'] = 'Domain alias addresses';
 $lang['user']['is_catch_all'] = 'Catch-all for domain/s';
 $lang['user']['aliases_also_send_as'] = 'Also allowed to send as user';
 $lang['user']['aliases_send_as_all'] = 'Do not check sender access for the following domain(s) and its alias domains';
@@ -136,7 +114,6 @@ $lang['user']['alias_valid_until'] = 'Valid until';
 $lang['user']['alias_remove_all'] = 'Remove all aliases';
 $lang['user']['alias_time_left'] = 'Time left';
 $lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
-$lang['user']['syncjob_full_date'] = 'd.m.Y, H:i:s T';
 $lang['user']['alias_select_validity'] = 'Period of validity';
 $lang['user']['sync_jobs'] = 'Sync jobs';
 $lang['user']['hour'] = 'Hour';
@@ -172,8 +149,6 @@ $lang['user']['tls_enforce_in'] = 'Enforce TLS incoming';
 $lang['user']['tls_enforce_out'] = 'Enforce TLS outgoing';
 $lang['user']['no_record'] = 'No record';
 
-$lang['user']['misc_settings'] = 'Other profile settings';
-$lang['user']['misc_delete_profile'] = 'Other profile settings';
 
 $lang['user']['tag_handling'] = 'Set handling for tagged mail';
 $lang['user']['tag_in_subfolder'] = 'In subfolder';
@@ -188,7 +163,6 @@ $lang['user']['eas_reset_help'] = 'In many cases a device cache reset will help
 
 $lang['user']['encryption'] = 'Encryption';
 $lang['user']['username'] = 'Username';
-$lang['user']['password'] = 'Password';
 $lang['user']['last_run'] = 'Last run';
 $lang['user']['excludes'] = 'Excludes';
 $lang['user']['interval'] = 'Interval';
@@ -196,48 +170,25 @@ $lang['user']['active'] = 'Active';
 $lang['user']['action'] = 'Action';
 $lang['user']['edit'] = 'Edit';
 $lang['user']['remove'] = 'Remove';
-$lang['user']['delete_now'] = 'Remove now';
 $lang['user']['create_syncjob'] = 'Create new sync job';
 
-$lang['start']['dashboard'] = '%s - dashboard';
-$lang['start']['start_rc'] = 'Open Roundcube';
-$lang['start']['start_sogo'] = 'Open SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Use a mailcow app to access your mails, calendar, contacts and more.';
-$lang['start']['mailcow_panel'] = 'Start mailcow UI';
-$lang['start']['mailcow_panel_description'] = 'The mailcow UI is available for administrators and mailbox users.';
 $lang['start']['mailcow_panel_detail'] = '<b>Domain administrators</b> create, modify or delete mailboxes and aliases, change domains and read further information about their assigned domains.<br>
 	<b>Mailbox users</b> are able to create time-limited aliases (spam aliases), change their password and spam filter settings.';
-$lang['start']['recommended_config'] = 'Recommended configuration (without ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP- and SMTP server data';
-$lang['start']['imap_smtp_server_description'] = 'For the best experience we recommend to use <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Read/Write emails';
 $lang['start']['imap_smtp_server_auth_info'] = 'Please use your full email address and the PLAIN authentication mechanism.<br>
 Your login data will be encrypted by the server-side mandatory encryption.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Email filter';
-$lang['start']['managesieve_description'] = 'Please use <b>Mozilla Thunderbird</b> with the <a style="text-decoration:none" target="_blank" href="%s"><b>nightly sieve extension</b></a>.<br>Start Thunderbird, open the add-on settings and drop the newly downloaded xpi file into the opened window.<br>The server name is <b>%s</b>, use port <b>4190</b> if you are asked for. The login data match your email login.';
-$lang['start']['service'] = 'Service';
-$lang['start']['encryption'] = 'Encryption method';
 $lang['start']['help'] = 'Show/Hide help panel';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Port';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Configuration';
 $lang['header']['administration'] = 'Administration';
 $lang['header']['mailboxes'] = 'Mailboxes';
 $lang['header']['user_settings'] = 'User settings';
-$lang['header']['diagnostics'] = 'Diagnostics';
-$lang['header']['login'] = 'Login';
-$lang['header']['logged_in_as_logout'] = 'Logged in as <b>%s</b> (logout)';
 $lang['header']['logged_in_as_logout_dual'] = 'Logged in as <b>%s <span class="text-info">[%s]</span></b>';
-$lang['header']['locale'] = 'Language';
 $lang['mailbox']['domain'] = 'Domain';
 $lang['mailbox']['spam_aliases'] = 'Temp. alias';
 $lang['mailbox']['multiple_bookings'] = 'Multiple bookings';
 $lang['mailbox']['kind'] = 'Kind';
 $lang['mailbox']['description'] = 'Description';
 $lang['mailbox']['alias'] = 'Alias';
-$lang['mailbox']['resource_name'] = 'Resource name';
 $lang['mailbox']['aliases'] = 'Aliases';
 $lang['mailbox']['domains'] = 'Domains';
 $lang['mailbox']['mailboxes'] = 'Mailboxes';
@@ -246,7 +197,6 @@ $lang['mailbox']['mailbox_quota'] = 'Max. size of a mailbox';
 $lang['mailbox']['domain_quota'] = 'Quota';
 $lang['mailbox']['active'] = 'Active';
 $lang['mailbox']['action'] = 'Action';
-$lang['mailbox']['ratelimit'] = 'Outgoing rate limit/h';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
 $lang['mailbox']['domain_aliases'] = 'Domain aliases';
 $lang['mailbox']['target_domain'] = 'Target domain';
@@ -256,20 +206,15 @@ $lang['mailbox']['fname'] = 'Full name';
 $lang['mailbox']['filter_table'] = 'Filter table';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Quota';
 $lang['mailbox']['in_use'] = 'In use (%)';
 $lang['mailbox']['msg_num'] = 'Message #';
 $lang['mailbox']['remove'] = 'Remove';
 $lang['mailbox']['edit'] = 'Edit';
-$lang['mailbox']['archive'] = 'Archive';
-$lang['mailbox']['no_record'] = 'No record for object %s';
-$lang['mailbox']['no_record_single'] = 'No record';
 $lang['mailbox']['add_domain'] = 'Add domain';
 $lang['mailbox']['add_domain_alias'] = 'Add domain alias';
 $lang['mailbox']['add_mailbox'] = 'Add mailbox';
 $lang['mailbox']['add_resource'] = 'Add resource';
 $lang['mailbox']['add_alias'] = 'Add alias';
-$lang['mailbox']['add_domain_record_first'] = 'Please add a domain first';
 $lang['mailbox']['empty'] = 'No results';
 $lang['mailbox']['toggle_all'] = 'Toggle all';
 $lang['mailbox']['quick_actions'] = 'Actions';
@@ -285,21 +230,6 @@ Each filter will be processed in the described order. Neither a failed script no
 Prefilter → User scripts → Postfilter → <a href="https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/sieve_after" target="_blank">global sieve postfilter</a>';
 $lang['info']['no_action'] = 'No action applicable';
 
-$lang['delete']['title'] = 'Remove object';
-$lang['delete']['remove_domain_warning'] = '<b>Warning:</b> You are about to remove the domain <b>%s</b>!';
-$lang['delete']['remove_syncjob_warning'] = '<b>Warning:</b> You are about to remove a sync job for user <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Warning:</b> You are about to remove the domain alias <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Warning:</b> You are about to remove the domain administrator <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Warning:</b> You are about to remove the alias address <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Warning:</b> You are about to remove the mailbox <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'The mailbox will be <b>purged permanently</b>!';
-$lang['delete']['remove_resource_warning'] = '<b>Warning:</b> You are about to remove the resource <b>%s</b>!';
-$lang['delete']['remove_resource_details'] = 'The resource will be <b>purged permanently</b>!';
-$lang['delete']['remove_domain_details'] = 'This also removes domain aliases.<br><br><b>A domain must be empty to be removed.</b>';
-$lang['delete']['remove_syncjob_details'] = 'Objects from this sync job will not be pulled from the remote server anymore.';
-$lang['delete']['remove_alias_details'] = 'Users will no longer be able to receive mail for or send mail from this address.</b>';
-$lang['delete']['remove_button'] = 'Remove';
-$lang['delete']['previous'] = 'Previous page';
 
 $lang['edit']['syncjob'] = 'Edit sync job';
 $lang['edit']['username'] = 'Username';
@@ -309,29 +239,23 @@ $lang['edit']['maxage'] = 'Maximum age of messages in days that will be polled f
 $lang['edit']['maxbytespersecond'] = 'Max. bytes per second (0 equals to unlimited)';
 $lang['edit']['automap'] = 'Try to automap folders ("Sent items", "Sent" => "Sent" etc.)';
 $lang['edit']['skipcrossduplicates'] = 'Skip duplicate messages across folders (first come, first serve)';
-$lang['add']['maxbytespersecond'] = 'Max. bytes per second (0 equals to unlimited)';
 $lang['add']['automap'] = 'Try to automap folders ("Sent items", "Sent" => "Sent" etc.)';
 $lang['add']['skipcrossduplicates'] = 'Skip duplicate messages across folders (first come, first serve)';
 $lang['edit']['subfolder2'] = 'Sync into subfolder on destination<br><small>(empty = do not use subfolder)</small>';
 $lang['edit']['mins_interval'] = 'Interval (min)';
 $lang['edit']['exclude'] = 'Exclude objects (regex)';
 $lang['edit']['save'] = 'Save changes';
-$lang['edit']['archive'] = 'Archive access';
 $lang['edit']['max_mailboxes'] = 'Max. possible mailboxes';
 $lang['edit']['title'] = 'Edit object';
 $lang['edit']['target_address'] = 'Goto address/es <small>(comma-separated)</small>';
 $lang['edit']['active'] = 'Active';
 $lang['edit']['target_domain'] = 'Target domain';
 $lang['edit']['password'] = 'Password';
-$lang['edit']['ratelimit'] = 'Outgoing rate limit/h';
-$lang['danger']['ratelimt_less_one'] = 'Outgoing rate limit/h must not be less than 1';
 $lang['edit']['password_repeat'] = 'Confirmation password (repeat)';
 $lang['edit']['domain_admin'] = 'Edit domain administrator';
 $lang['edit']['domain'] = 'Edit domain';
-$lang['edit']['alias_domain'] = 'Alias domain';
 $lang['edit']['edit_alias_domain'] = 'Edit Alias domain';
 $lang['edit']['domains'] = 'Domains';
-$lang['edit']['destroy'] = 'Manual data input';
 $lang['edit']['alias'] = 'Edit alias';
 $lang['edit']['mailbox'] = 'Edit mailbox';
 $lang['edit']['description'] = 'Description';
@@ -341,22 +265,16 @@ $lang['edit']['domain_quota'] = 'Domain quota';
 $lang['edit']['backup_mx_options'] = 'Backup MX options';
 $lang['edit']['relay_domain'] = 'Relay domain';
 $lang['edit']['relay_all'] = 'Relay all recipients';
-$lang['edit']['dkim_signature'] = 'ARC + DKIM signature';
-$lang['edit']['dkim_record_info'] = '<small>Please add a TXT record with the given value to your DNS settings.</small>';
 $lang['edit']['relay_all_info'] = '<small>If you choose <b>not</b> to relay all recipients, you will need to add a ("blind") mailbox for every single recipient that should be relayed.</small>';
 $lang['edit']['full_name'] = 'Full name';
 $lang['edit']['quota_mb'] = 'Quota (MiB)';
 $lang['edit']['sender_acl'] = 'Allow to send as';
-$lang['edit']['sender_acl_info'] = 'Aliases cannot be deselected.';
-$lang['edit']['dkim_txt_name'] = 'TXT record name:';
-$lang['edit']['dkim_txt_value'] = 'TXT record value:';
 $lang['edit']['previous'] = 'Previous page';
 $lang['edit']['unchanged_if_empty'] = 'If unchanged leave blank';
 $lang['edit']['dont_check_sender_acl'] = "Disable sender check for domain %s + alias domains";
 $lang['edit']['multiple_bookings'] = 'Multiple bookings';
 $lang['edit']['kind'] = 'Kind';
 $lang['edit']['resource'] = 'Resource';
-$lang['edit']['goto_null'] = 'Silently discard mail';
 
 $lang['add']['syncjob'] = 'Add sync job';
 $lang['add']['syncjob_hint'] = 'Be aware that passwords need to be saved plain-text!';
@@ -365,8 +283,6 @@ $lang['add']['port'] = 'Port';
 $lang['add']['username'] = 'Username';
 $lang['add']['enc_method'] = 'Encryption method';
 $lang['add']['mins_interval'] = 'Polling interval (minutes)';
-$lang['add']['maxage'] = 'Maximum age of messages that will be polled from remote (0 = ignore age)';
-$lang['add']['subfolder2'] = 'Sync into subfolder on destination';
 $lang['add']['exclude'] = 'Exclude objects (regex)';
 $lang['add']['delete2duplicates'] = 'Delete duplicates on destination';
 $lang['add']['delete1'] = 'Delete from source when completed';
@@ -375,14 +291,11 @@ $lang['edit']['delete2duplicates'] = 'Delete duplicates on destination';
 $lang['edit']['delete1'] = 'Delete from source when completed';
 $lang['edit']['delete2'] = 'Delete messages on destination that are not on source';
 
-$lang['add']['title'] = 'Add object';
 $lang['add']['domain'] = 'Domain';
 $lang['add']['active'] = 'Active';
 $lang['add']['multiple_bookings'] = 'Multiple bookings';
-$lang['add']['save'] = 'Save changes';
 $lang['add']['description'] = 'Description';
 $lang['add']['max_aliases'] = 'Max. possible aliases';
-$lang['add']['resource_name'] = 'Resource name';
 $lang['add']['max_mailboxes'] = 'Max. possible mailboxes';
 $lang['add']['mailbox_quota_m'] = 'Max. quota per mailbox (MiB)';
 $lang['add']['domain_quota_m'] = 'Total domain quota (MiB)';
@@ -390,8 +303,6 @@ $lang['add']['backup_mx_options'] = 'Backup MX options';
 $lang['add']['relay_all'] = 'Relay all recipients';
 $lang['add']['relay_domain'] = 'Relay this domain';
 $lang['add']['relay_all_info'] = '<small>If you choose <b>not</b> to relay all recipients, you will need to add a ("blind") mailbox for every single recipient that should be relayed.</small>';
-$lang['add']['alias'] = 'Alias(es)';
-$lang['add']['alias_spf_fail'] = '<b>Note:</b> If your chosen destination address is an external mailbox, the <b>receiving mailserver</b> may reject your message due to an SPF failure.</a>';
 $lang['add']['alias_address'] = 'Alias address/es';
 $lang['add']['alias_address_info'] = '<small>Full email address/es or @example.com, to catch all messages for a domain (comma-separated). <b>mailcow domains only</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Valid domain names only (comma-separated).</small>';
@@ -400,8 +311,6 @@ $lang['add']['target_address_info'] = '<small>Full email address/es (comma-separ
 $lang['add']['alias_domain'] = 'Alias domain';
 $lang['add']['select'] = 'Please select...';
 $lang['add']['target_domain'] = 'Target domain';
-$lang['add']['mailbox'] = 'Mailbox';
-$lang['add']['resource'] = 'Resource';
 $lang['add']['kind'] = 'Kind';
 $lang['add']['mailbox_username'] = 'Username (left part of an email address)';
 $lang['add']['full_name'] = 'Full name';
@@ -409,7 +318,6 @@ $lang['add']['quota_mb'] = 'Quota (MiB)';
 $lang['add']['select_domain'] = 'Please select a domain first';
 $lang['add']['password'] = 'Password';
 $lang['add']['password_repeat'] = 'Confirmation password (repeat)';
-$lang['add']['previous'] = 'Previous page';
 $lang['add']['restart_sogo_hint'] = 'You will need to restart the SOGo service container after adding a new domain!';
 $lang['add']['goto_null'] = 'Silently discard mail';
 $lang['add']['validation_success'] = 'Validated successfully';
@@ -428,16 +336,9 @@ $lang['mailbox']['inactive'] = 'Inactive';
 $lang['edit']['validate_save'] = 'Validate and save';
 
 
-$lang['login']['title'] = 'Login';
-$lang['login']['administration'] = 'Administration';
-$lang['login']['administration_details'] = 'Please use your Administrator login to perform administrative tasks.';
-$lang['login']['user_settings'] = 'User settings';
-$lang['login']['user_settings_details'] = 'Mailbox users can use mailcow UI to change their passwords, create temporary aliases (spam aliases), adjust the spam filter behaviour or import messages from a remote IMAP server.';
 $lang['login']['username'] = 'Username';
 $lang['login']['password'] = 'Password';
-$lang['login']['reset_password'] = 'Reset my password';
 $lang['login']['login'] = 'Login';
-$lang['login']['previous'] = "Previous page";
 $lang['login']['delayed'] = 'Login was delayed by %s seconds.';
 
 $lang['tfa']['tfa'] = "Two-factor authentication";
@@ -447,15 +348,11 @@ $lang['tfa']['key_id'] = "An identifier for your YubiKey";
 $lang['tfa']['key_id_totp'] = "An identifier for your key";
 $lang['tfa']['api_register'] = 'mailcow uses the Yubico Cloud API. Please get an API key for your key <a href="https://upgrade.yubico.com/getapikey/" target="_blank">here</a>';
 $lang['tfa']['u2f'] = "U2F authentication";
-$lang['tfa']['hotp'] = "HOTP authentication";
 $lang['tfa']['none'] = "Deactivate";
 $lang['tfa']['delete_tfa'] = "Disable TFA";
 $lang['tfa']['disable_tfa'] = "Disable TFA until next successful login";
-$lang['tfa']['confirm_tfa'] = "Please confirm your one-time password in the below field";
 $lang['tfa']['confirm'] = "Confirm";
-$lang['tfa']['otp'] = "One-time password";
 $lang['tfa']['totp'] = "Time-based OTP (Google Authenticator etc.)";
-$lang['tfa']['trash_login'] = "Trash login";
 $lang['tfa']['select'] = "Please select";
 $lang['tfa']['waiting_usb_auth'] = "<i>Waiting for USB device...</i><br><br>Please tap the button on your U2F USB device now.";
 $lang['tfa']['waiting_usb_register'] = "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your U2F registration by tapping the button on your U2F USB device.";
@@ -464,7 +361,6 @@ $lang['tfa']['enter_qr_code'] = "Your TOTP code if your device cannot scan QR co
 $lang['tfa']['confirm_totp_token'] = "Please confirm your changes by entering the generated token";
 
 $lang['admin']['no_new_rows'] = 'No further rows available';
-$lang['admin']['additional_rows'] = ' additional rows were added'; // parses to 'n additional rows were added'
 $lang['admin']['private_key'] = 'Private key';
 $lang['admin']['import'] = 'Import';
 $lang['admin']['import_private_key'] = 'Import private key';
@@ -476,38 +372,13 @@ $lang['admin']['f2b_netban_ipv4'] = 'IPv4 subnet size to apply ban on (8-32)';
 $lang['admin']['f2b_netban_ipv6'] = 'IPv6 subnet size to apply ban on (8-128)';
 $lang['admin']['f2b_whitelist'] = 'Whitelisted networks/hosts';
 $lang['admin']['search_domain_da'] = 'Search domains';
-$lang['admin']['restrictions'] = 'Postfix Restrictions';
-$lang['admin']['rr'] = 'Postfix Recipient Restrictions';
-$lang['admin']['reset_defaults'] = 'Reset to defaults';
-$lang['admin']['sr'] = 'Postfix Sender Restrictions';
 $lang['admin']['r_inactive'] = 'Inactive restrictions';
 $lang['admin']['r_active'] = 'Active restrictions';
 $lang['admin']['r_info'] = 'Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.';
-$lang['admin']['public_folders'] = 'Public Folders';
-$lang['admin']['public_folders_text'] = 'A namespace "Public" is created. Below\'s public folder name indicates the name of the first auto-created mailbox within this namespace.';
-$lang['admin']['public_folder_name'] = 'Folder name <small>(alphanumeric)</small>';
-$lang['admin']['public_folder_enable'] = 'Enable public folder';
-$lang['admin']['public_folder_enable_text'] = 'Toggling this option does not delete mail in any public folder.';
-$lang['admin']['public_folder_pusf'] = 'Enable per-user seen flag';
-$lang['admin']['public_folder_pusf_text'] = 'A "per-user seen flag"-enabled system will not mark a mail as read for User B, when User A has seen it, but User B did not.';
-$lang['admin']['privacy'] = 'Privacy';
-$lang['admin']['privacy_text'] = 'This option enables a PCRE table to remove "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" and replaces "Received: from" headers with localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Anonymize outgoing mail';
-$lang['admin']['dkim_txt_name'] = 'TXT record name:';
-$lang['admin']['dkim_txt_value'] = 'TXT record value:';
 $lang['admin']['dkim_key_length'] = 'DKIM key length (bits)';
 $lang['admin']['dkim_key_valid'] = 'Key valid';
 $lang['admin']['dkim_key_unused'] = 'Key unused';
 $lang['admin']['dkim_key_missing'] = 'Key missing';
-$lang['admin']['dkim_key_hint'] = 'Selector for DKIM keys is always <code>dkim</code>.';
-$lang['admin']['previous'] = 'Previous page';
-$lang['admin']['quota_mb'] = 'Quota (MiB):';
-$lang['admin']['sender_acl'] = 'Allow to send as:';
-$lang['admin']['msg_size'] = 'Message size';
-$lang['admin']['msg_size_limit'] = 'Message size limit now';
-$lang['admin']['msg_size_limit_details'] = 'Applying a new limit will reload Postfix and the webserver.';
-$lang['admin']['maintenance'] = 'Maintenance and Information';
-$lang['admin']['sys_info'] = 'System information';
 $lang['admin']['dkim_add_key'] = 'Add ARC/DKIM key';
 $lang['admin']['dkim_keys'] = 'ARC/DKIM keys';
 $lang['admin']['add'] = 'Add';
@@ -532,20 +403,12 @@ $lang['admin']['unchanged_if_empty'] = 'If unchanged leave blank';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Access';
-$lang['admin']['invalid_max_msg_size'] = 'Invalid max. message size';
-$lang['admin']['site_not_found'] = 'Cannot locate mailcow site configuration';
-$lang['admin']['public_folder_empty'] = 'Public folder name must not be empty';
-$lang['admin']['set_rr_failed'] = 'Cannot set Postfix restrictions';
 $lang['admin']['no_record'] = 'No record';
 $lang['admin']['filter_table'] = 'Filter table';
 $lang['admin']['empty'] = 'No results';
-$lang['admin']['time'] = 'Time';
-$lang['admin']['priority'] = 'Priority';
-$lang['admin']['message'] = 'Message';
 $lang['admin']['refresh'] = 'Refresh';
 $lang['admin']['to_top'] = 'Back to top';
 $lang['admin']['in_use_by'] = 'In use by';
-$lang['admin']['logs'] = 'Logs';
 $lang['admin']['forwarding_hosts'] = 'Forwarding Hosts';
 $lang['admin']['forwarding_hosts_hint'] = 'Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected, but optionally it can be filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your mailcow server.';
 $lang['admin']['forwarding_hosts_add_hint'] = 'You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).';
@@ -555,7 +418,6 @@ $lang['admin']['host'] = 'Host';
 $lang['admin']['source'] = 'Source';
 $lang['admin']['add_forwarding_host'] = 'Add Forwarding Host';
 $lang['admin']['add_relayhost'] = 'Add Relayhost';
-$lang['delete']['remove_forwardinghost_warning'] = '<b>Warning:</b> You are about to remove the forwarding host <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Forwarding host %s has been removed";
 $lang['success']['forwarding_host_added'] = "Forwarding host %s has been added";
 $lang['success']['relayhost_removed'] = "Relayhost %s has been removed";
@@ -568,7 +430,6 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data';
 $lang['diagnostics']['dns_records_status'] = 'Current State';
 $lang['diagnostics']['optional'] = 'This record is optional.';
 $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.';
-$lang['diagnostics']['allow'] = 'Allow %s';
 
 $lang['admin']['relay_from'] = '"From:" address';
 $lang['admin']['api_allow_from'] = "Allow API access from these IPs";
@@ -602,12 +463,8 @@ $lang['mailbox']['waiting'] = "Waiting";
 $lang['mailbox']['status'] = "Status";
 $lang['mailbox']['running'] = "Running";
 
-$lang['edit']['tls_policy'] = "Change TLS policy";
 $lang['edit']['spam_score'] = "Set a custom spam score";
 $lang['edit']['spam_policy'] = "Add or remove items to white-/blacklist";
-$lang['edit']['delimiter_action'] = "Change delimiter action";
-$lang['edit']['syncjobs'] = "Add or change sync jobs";
-$lang['edit']['eas_reset'] = "Reset EAS devices";
 $lang['edit']['spam_alias'] = "Create or change time limited alias addresses";
 
 $lang['danger']['img_tmp_missing'] = "Cannot validate image file: Temporary file not found";
@@ -667,8 +524,3 @@ $lang['mailbox']['recipient_map_info'] = 'Recipient maps are used to replace the
 $lang['mailbox']['recipient_map_old'] = 'Original recipient';
 $lang['mailbox']['recipient_map_new'] = 'New recipient';
 $lang['mailbox']['add_recipient_map_entry'] = 'Add recipient map';
-$lang['mailbox']['sender_maps'] = 'Sender maps';
-$lang['mailbox']['sender_map_info'] = 'Sender maps are used to replace the sender address on a message before it is sent.';
-$lang['mailbox']['sender_map_old'] = 'Original sender';
-$lang['mailbox']['sender_map_new'] = 'New sender';
-$lang['mailbox']['add_sender_map_entry'] = 'Add sender map';
diff --git a/data/web/lang/lang.es.php b/data/web/lang/lang.es.php
index 3cc93bdb..226d2a38 100644
--- a/data/web/lang/lang.es.php
+++ b/data/web/lang/lang.es.php
@@ -8,12 +8,7 @@ $lang['header']['restart_sogo'] = 'Reiniciar SOGo';
 $lang['footer']['restart_sogo'] = 'Reiniciar SOGo';
 $lang['footer']['restart_now'] = 'Reiniciar ahora';
 $lang['footer']['restart_sogo_info'] = 'Algunas tareas, por ejemplo agregar un dominio, requieren que reinicies SOGo para detectar cambios hechos en la UI de mailcow.<br><br><b>Importante:</b> Un reinicio sencillo puede tardar un poco en completarse, por favor espere a que termine.';
-$lang['dkim']['confirm'] = "¿Estás Seguro?";
-$lang['danger']['dkim_not_found'] = "Registro DKIM no encontrado";
-$lang['danger']['dkim_remove_failed'] = "No se puede eliminar el registro DKIM seleccionado";
-$lang['danger']['dkim_add_failed'] = "No se puede agregar el registro DKIM dado";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "Dominio DKIM ó selector inválido";
-$lang['danger']['dkim_key_length_invalid'] = "Longitud de la llave DKIM inválida";
 $lang['success']['dkim_removed'] = "Registro DKIM removido";
 $lang['success']['dkim_added'] = "Registro DKIM guardado";
 $lang['danger']['access_denied'] = "Acceso denegado o datos del formulario inválidos";
@@ -25,8 +20,6 @@ $lang['danger']['alias_empty'] = "Dirección alias no debe estar vacía";
 $lang['danger']['goto_empty'] = "Dirección \"goto\" no debe estar vacía";
 $lang['danger']['policy_list_from_exists'] = "Un registro con ese nombre ya existe";
 $lang['danger']['policy_list_from_invalid'] = "El registro tiene formato inválido";
-$lang['danger']['whitelist_exists'] = "Ya existe un registro con ese nombre en la lista blanca";
-$lang['danger']['whitelist_from_invalid'] = "Formato inválido para el registro de lista blanca";
 $lang['danger']['alias_invalid'] = "Dirección alias inválida";
 $lang['danger']['goto_invalid'] = "Dirección \"goto\" inválida";
 $lang['danger']['alias_domain_invalid'] = "El dominio alias es inválido";
@@ -38,26 +31,19 @@ $lang['danger']['aliasd_targetd_identical'] = "El dominio alias no debe ser igua
 $lang['success']['alias_added'] = "Dirección/es alias ha/han sidgo agregada";
 $lang['success']['alias_modified'] = "Cambios al alias guardados";
 $lang['success']['mailbox_modified'] = "Cambios al buzón %s guardados";
-$lang['success']['msg_size_saved'] = "Limite del mensaje establecido";
-$lang['danger']['aliasd_not_found'] = "Dominio alias no encontrado";
 $lang['danger']['targetd_not_found'] = "Dominio destino no encontrado";
-$lang['danger']['aliasd_exists'] = "Dominio alias ya existe";
 $lang['success']['aliasd_added'] = "Agregado dominio alias %s";
 $lang['success']['aliasd_modified'] = "Cambios al dominio alias %s guardados";
 $lang['success']['domain_modified'] = "Cambios al dominio %s guardados";
 $lang['success']['domain_admin_modified'] = "Cambios al administrador del dominio %s guardados";
 $lang['success']['domain_admin_added'] = "Administrador del dominio %s agregado";
-$lang['success']['changes_general'] = 'Cambios guardados';
 $lang['success']['admin_modified'] = "Cambios al administrador guardados";
-$lang['danger']['exit_code_not_null'] = "Error: Código de salida es %d";
-$lang['danger']['mailbox_not_available'] = "Buzón no disponible";
 $lang['danger']['username_invalid'] = "Nombre de usuario no se puede utilizar";
 $lang['danger']['password_mismatch'] = "Confirmación de contraseña no es identica";
 $lang['danger']['password_complexity'] = "La contraseña no cumple con los requisitos";
 $lang['danger']['password_empty'] = "El campo de la contraseña no debe estar vacío";
 $lang['danger']['login_failed'] = "Inicio de sesión fallido";
 $lang['danger']['mailbox_invalid'] = "Nombre de buzón inválido";
-$lang['danger']['mailbox_invalid_suggest'] = 'El nombre del buzón es inválido, ¿pretendías escribir "%s"?';
 $lang['info']['fetchmail_planned'] = "La tarea para buscar correos se ha planeado. Por favor verifica el proceso más tarde.";
 $lang['danger']['fetchmail_source_empty'] = "Por favor define una carpeta fuente";
 $lang['danger']['fetchmail_dest_empty'] = "Por favor define una carpeta destino";
@@ -81,14 +67,10 @@ $lang['danger']['mailboxes_in_use'] = "Máx. de buzones debe ser mayor o igual a
 $lang['danger']['aliases_in_use'] = "Máx. de alias debe ser mayor o igual a %d";
 $lang['danger']['sender_acl_invalid'] = "Valor del remitente ACL inválido";
 $lang['danger']['domain_not_empty'] = "No se puede eliminar un dominio que no esté vacío";
-$lang['warning']['spam_alias_temp_error'] = "Error temporal: No se puede agregar ese \"spam alias\", inténtelo más tarde.";
-$lang['danger']['spam_alias_max_exceeded'] = "Máx. direcciones \"spam alias\" permitidas excedido";
 $lang['danger']['fetchmail_active'] = "Un proceso ya se está ejecutando, por favor espera a que termine.";
 $lang['danger']['validity_missing'] = 'Por favor asigna un periodo de validez';
-$lang['user']['off'] = "Apagado";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Configuración del usuario';
-$lang['user']['mailbox_settings'] = 'Configuración del buzón';
 $lang['user']['mailbox_details'] = 'Detalles del buzón';
 $lang['user']['change_password'] = 'Cambiar contraseña';
 $lang['user']['new_password'] = 'Nueva contraseña:';
@@ -96,10 +78,8 @@ $lang['user']['save_changes'] = 'Guardar cambios';
 $lang['user']['password_now'] = 'Contraseña actual (confirmar cambios):';
 $lang['user']['new_password_repeat'] = 'Confirmación de contraseña (repetir):';
 $lang['user']['new_password_description'] = 'Requisitos: longitud de 6 caracteres, letras y números.';
-$lang['user']['did_you_know'] = '<b>¿Sabías qué?</b> Puedes utilizar etiquetas en tu dirección email ("me+<b>privat</b>@example.com") para mover mensajes a una carpeta automáticamente (ejemplo: "privat").';
 $lang['user']['spam_aliases'] = 'Alias de email temporales';
 $lang['user']['alias'] = 'Alias';
-$lang['user']['aliases'] = 'Alias';
 $lang['user']['is_catch_all'] = 'Atrapa-Todo para el/los dominio/s';
 $lang['user']['aliases_also_send_as'] = 'También permitido para mandarse como';
 $lang['user']['aliases_send_as_all'] = 'No verifiques el acceso del remitente para los siguientes dominios';
@@ -138,8 +118,6 @@ $lang['user']['tls_enforce_in'] = 'Aplicar TLS entrante';
 $lang['user']['tls_enforce_out'] = 'Aplicar TLS saliente';
 $lang['user']['no_record'] = 'Sin registro';
 
-$lang['user']['misc_settings'] = 'Otras configuraciones de usuario';
-$lang['user']['misc_delete_profile'] = 'Otras configuraciones de usuario';
 
 $lang['user']['tag_handling'] = 'Establecer manejo para el correo etiquetado';
 $lang['user']['tag_in_subfolder'] = 'En subcarpeta';
@@ -149,36 +127,16 @@ $lang['user']['tag_help_explain'] = 'En subcarpeta: una nueva subcarpeta llamada
 En asunto: los nombres de las etiquetas serán añadidos al asunto de los correos, ejemplo: "[Facebook] Mis Noticias".';
 $lang['user']['tag_help_example'] = 'Ejemplo de una dirección email etiquetada: mi<b>+Facebook</b>@ejemplo.org';
 
-$lang['start']['dashboard'] = '%s - panel';
-$lang['start']['start_rc'] = 'Abrir Roundcube';
-$lang['start']['start_sogo'] = 'Abrir SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Utiliza una aplicación de mailcow para acceder a tus correos, calendario, contactos y más.';
-$lang['start']['mailcow_panel'] = 'Iniciar mailcow UI';
-$lang['start']['mailcow_panel_description'] = 'mailcow UI está disponible para administradores y usuarios de buzón.';
 $lang['start']['mailcow_panel_detail'] = '<b>Administradores del dominio</b> crean, modifican o eliminan buzones y alias, cambia dominios y lee información más detallada sobre sus dominios asignados<br>
 	<b>Usuarios de buzón</b> son capaces de crear alias de tiempo limitado (spam alias), cambiar su contraseña y la configuración del filtro de spam.';
-$lang['start']['recommended_config'] = 'Configuración recomendada (sin ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP- y SMTP datos del servidor';
-$lang['start']['imap_smtp_server_description'] = 'Para la mejor experiencia recomendamos utilizar <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Leer/Escribir correos';
 $lang['start']['imap_smtp_server_auth_info'] = 'Por favor utiliza tu dirección de correo completa y el mecanismo de autenticación PLANO.<br>
 Tus datos para iniciar sesión serán encriptados por la encriptación obligatoria del servidor';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Filtro de correos';
-$lang['start']['managesieve_description'] = 'Por favor utiliza <b>Mozilla Thunderbird</b> con la <a style="text-decoration:none" target="_blank" href="%s"><b>extensión nightly sieve</b></a>.<br>Inicia Thunderbird, abre la configuración de complementos y suelta el archivo xpi descargado en la ventana abierta.<br>El servidor es <b>%s</b>, utiliza el puerto <b>4190</b> si se te pregunta. Los datos para iniciar sesión coinciden con los datos de tu correo.';
-$lang['start']['service'] = 'Servicio';
-$lang['start']['encryption'] = 'Método de encriptación';
 $lang['start']['help'] = 'Mostrar/Ocultar panel de ayuda';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Port';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Configuracion';
 $lang['header']['administration'] = 'Administración';
 $lang['header']['mailboxes'] = 'Buzones';
 $lang['header']['user_settings'] = 'Configuraciones de usuario';
-$lang['header']['login'] = 'Inicio de sesión';
-$lang['header']['logged_in_as_logout'] = 'Sesión iniciada como <b>%s</b> (cerrar sesión)';
-$lang['header']['locale'] = 'Idioma';
 $lang['mailbox']['domain'] = 'Dominio';
 $lang['mailbox']['alias'] = 'Alias';
 $lang['mailbox']['aliases'] = 'Alias';
@@ -188,7 +146,6 @@ $lang['mailbox']['mailbox_quota'] = 'Tamaño máx. de cuota';
 $lang['mailbox']['domain_quota'] = 'Cuota';
 $lang['mailbox']['active'] = 'Activo';
 $lang['mailbox']['action'] = 'Acción';
-$lang['mailbox']['ratelimit'] = 'Límite de la tarifa saliente/h';
 $lang['mailbox']['backup_mx'] = 'Respaldar MX';
 $lang['mailbox']['domain_aliases'] = 'Alias de dominio';
 $lang['mailbox']['target_domain'] = 'Dominio destino';
@@ -198,13 +155,10 @@ $lang['mailbox']['fname'] = 'Nombre completo';
 $lang['mailbox']['filter_table'] = 'Filtrar tabla';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Cuota';
 $lang['mailbox']['in_use'] = 'En uso (%)';
 $lang['mailbox']['msg_num'] = 'Mensaje #';
 $lang['mailbox']['remove'] = 'Eliminar';
 $lang['mailbox']['edit'] = 'Editar';
-$lang['mailbox']['archive'] = 'Archivar';
-$lang['mailbox']['no_record'] = 'Sin registro';
 $lang['mailbox']['add_domain'] = 'Agregar dominio';
 $lang['mailbox']['add_domain_alias'] = 'Agregar alias de dominio';
 $lang['mailbox']['add_mailbox'] = 'Agregar buzón';
@@ -212,35 +166,19 @@ $lang['mailbox']['add_alias'] = 'Agregar alias';
 
 $lang['info']['no_action'] = 'No hay acción aplicable';
 
-$lang['delete']['title'] = 'Eliminar objeto';
-$lang['delete']['remove_domain_warning'] = '<b>Advertencia:</b> ¡Estás a punto de eliminar el dominio <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Advertencia:</b> ¡Estás a punto de eliminar el alias de dominio <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Advertencia:</b> ¡Estás a punto de eliminar el administrador de dominio <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Advertencia:</b> ¡Estás a punto de eliminar la dirección alias <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Advertencia:</b> ¡Estás a punto de eliminar el buzón <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'El buzón será <b>purgado permanentemente</b>!';
-$lang['delete']['remove_domain_details'] = 'Esto también eliminará alias de dominio.<br><br><b>Un dominio debe estar vacío para poder ser eliminado.</b>';
-$lang['delete']['remove_alias_details'] = 'Los usuarios ya no serán capaces de recibir correos o enviar correos desde esta dirección.</b>';
-$lang['delete']['remove_button'] = 'Eliminar';
-$lang['delete']['previous'] = 'Página anterior';
 
 $lang['edit']['save'] = 'Guardar cambios';
-$lang['edit']['archive'] = 'Acceso a archivos';
 $lang['edit']['max_mailboxes'] = 'Máx. buzones posibles:';
 $lang['edit']['title'] = 'Editas objeto';
 $lang['edit']['target_address'] = 'Dirección/es goto <small>(separadas por coma)</small>:';
 $lang['edit']['active'] = 'Activo';
 $lang['edit']['target_domain'] = 'Dominio destino:';
 $lang['edit']['password'] = 'Contraseña:';
-$lang['edit']['ratelimit'] = 'Límite de la tarifa saliente/h:';
-$lang['danger']['ratelimt_less_one'] = 'El límite de la tarifa saliente/h no puede ser menos que 1';
 $lang['edit']['password_repeat'] = 'Confirmación de contraseña (repetir):';
 $lang['edit']['domain_admin'] = 'Editar administrador del dominio';
 $lang['edit']['domain'] = 'Editar dominio';
-$lang['edit']['alias_domain'] = 'Alias de dominio';
 $lang['edit']['edit_alias_domain'] = 'Editar alias de dominio';
 $lang['edit']['domains'] = 'Dominios';
-$lang['edit']['destroy'] = 'Entrada manual de datos';
 $lang['edit']['alias'] = 'Editar alias';
 $lang['edit']['mailbox'] = 'Editar buzón';
 $lang['edit']['description'] = 'Descripción:';
@@ -250,24 +188,17 @@ $lang['edit']['domain_quota'] = 'Cuota de dominio:';
 $lang['edit']['backup_mx_options'] = 'Opciones del respaldo MX:';
 $lang['edit']['relay_domain'] = 'Dominio de retransmisión';
 $lang['edit']['relay_all'] = 'Retransmitir todos los recipientes';
-$lang['edit']['dkim_signature'] = 'Firma ARC + DKIM:';
-$lang['edit']['dkim_record_info'] = '<small>Por favor agrega un registro TXT con el siguiente valor a tu configuración DNS.</small>';
 $lang['edit']['relay_all_info'] = '<small>Si eliges <b>no</b> retransmitir a todos los recipientes, necesitas agregar un buzón "blind"("ciego") por cada recipiente que debe ser retransmitido.</small>';
 $lang['edit']['full_name'] = 'Nombre completo';
 $lang['edit']['full_name'] = 'Nombre completo';
 $lang['edit']['quota_mb'] = 'Cuota (MiB)';
 $lang['edit']['sender_acl'] = 'Permitir envío como:';
-$lang['edit']['sender_acl_info'] = 'Los alias no pueden deseleccionarse.';
-$lang['edit']['dkim_txt_name'] = 'Nombre del registro TXT:';
-$lang['edit']['dkim_txt_value'] = 'Valor del registro TXT:';
 $lang['edit']['previous'] = 'Página anterior';
 $lang['edit']['unchanged_if_empty'] = 'Si no hay cambios dejalo en blanco';
 $lang['edit']['dont_check_sender_acl'] = 'No verifiques remitente para el dominio %s';
 
-$lang['add']['title'] = 'Agregar objeto';
 $lang['add']['domain'] = 'Dominio';
 $lang['add']['active'] = 'Activo';
-$lang['add']['save'] = 'Guardar cambios';
 $lang['add']['description'] = 'Descripción:';
 $lang['add']['max_aliases'] = 'Máx. alias posibles:';
 $lang['add']['max_mailboxes'] = 'Máx. buzones posibles:';
@@ -277,8 +208,6 @@ $lang['add']['backup_mx_options'] = 'Opciones del respaldo MX:';
 $lang['add']['relay_all'] = 'Retransmitir todos los recipientes';
 $lang['add']['relay_domain'] = 'Retransmitir este dominio';
 $lang['add']['relay_all_info'] = '<small>Si eliges <b>no</b> retransmitir a todos los recipientes, necesitas agregar un buzón "blind"("ciego") por cada recipiente que debe ser retransmitido.</small>';
-$lang['add']['alias'] = 'Alias';
-$lang['add']['alias_spf_fail'] = '<b>Nota:</b> Si tu dirección destino está en un buzón externo, el <b>servidor de correo que recibe</b> puede rechazar tu mensaje por una falla SPF.</a>';
 $lang['add']['alias_address'] = 'Dirección/es alias:';
 $lang['add']['alias_address_info'] = '<small>Dirección/es de correo completa/s ó @ejemplo.com, para atrapar todos los mensajes para un dominio (separado por coma). <b>Dominios mailcow solamente</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Nombres de dominio válidos solamente (separado por coma).</small>';
@@ -287,26 +216,17 @@ $lang['add']['target_address_info'] = '<small>Dirección/es de correo completa/s
 $lang['add']['alias_domain'] = 'Dominio alias';
 $lang['add']['select'] = 'Por favor selecciona...';
 $lang['add']['target_domain'] = 'Dominio destino:';
-$lang['add']['mailbox'] = 'Buzón';
 $lang['add']['mailbox_username'] = 'Nombre de usuario (parte izquierda de una dirección de correo):';
 $lang['add']['full_name'] = 'Nombre completo:';
 $lang['add']['quota_mb'] = 'Cuota (MiB):';
 $lang['add']['select_domain'] = 'Por favor elige un dominio primero';
 $lang['add']['password'] = 'Constraseña:';
 $lang['add']['password_repeat'] = 'Confirmación de contraseña (repetir):';
-$lang['add']['previous'] = 'Página anterior';
 $lang['add']['restart_sogo_hint'] = '¡Necesitas reiniciar el contenedor del servicio SOGo antes de agregar un nuevo dominio!';
 $lang['add']['port'] = 'Port';
-$lang['login']['title'] = 'Inicio de sesión';
-$lang['login']['administration'] = 'Administración';
-$lang['login']['administration_details'] = 'Por favor utiliza tu inicio de sesión de Administrador para realizar tareas administrativas.';
-$lang['login']['user_settings'] = 'Configuración de usuario';
-$lang['login']['user_settings_details'] = 'Usuarios de buzón pueden utilizar mailcow UI para cambiar sus contraseñas, crear alias temporales (alias de spam), ajustar el comportamiento del filtro de spam ó importar mensajes desde un servidor IMAP remoto.';
 $lang['login']['username'] = 'Nombre de usuario';
 $lang['login']['password'] = 'Contraseña';
-$lang['login']['reset_password'] = 'Reiniciar mi contraseña';
 $lang['login']['login'] = 'Inicio de sesión';
-$lang['login']['previous'] = "Página anterior";
 $lang['login']['delayed'] = 'El inicio de sesión ha sido retrasado %s segundos.';
 
 $lang['login']['tfa'] = "Autenticación de dos factores";
@@ -316,34 +236,10 @@ $lang['login']['otp'] = "Contraseña de un solo uso";
 $lang['login']['trash_login'] = "Inicio de sesión basura";
 
 $lang['admin']['search_domain_da'] = 'Buscar dominios';
-$lang['admin']['restrictions'] = 'Restricciones Postfix';
-$lang['admin']['rr'] = 'Restricciones Postfix para recipientes';
-$lang['admin']['reset_defaults'] = 'Restablecer los valores predeterminados';
-$lang['admin']['sr'] = 'Restricciones Postfix para remitentes';
 $lang['admin']['r_inactive'] = 'Restricciones inactivas';
 $lang['admin']['r_active'] = 'Restricciones activas';
 $lang['admin']['r_info'] = 'Elementos en gris/deshabilitados en la lista de restricciones activas no son reconocidas como restricciones válidas para mailcow y no pueden ser movidas. Restricciones desconocidas serán establecidas en el orden de aparicion de todas maneras. <br>Puedes agregar nuevos elementos en <code>inc/vars.local.inc.php</code> para ser capaz de habilitarlas.';
-$lang['admin']['public_folders'] = 'Carpetas Públicas';
-$lang['admin']['public_folders_text'] = 'Un espacio de nombres "Public" (Público) será creado. Debajo del nombre de la carpeta pública se indica el nombre del primer buzón creado automáticamente dentro de este espacio de nombres';
-$lang['admin']['public_folder_name'] = 'Nombre de la carpeta <small>(alfanumérico)</small>';
-$lang['admin']['public_folder_enable'] = 'Habilitar carpeta pública';
-$lang['admin']['public_folder_enable_text'] = 'Activar ésta opción no elimina correos en cualquier otra carpeta pública.';
-$lang['admin']['public_folder_pusf'] = 'Habilitar el indicador visto por usuario';
-$lang['admin']['public_folder_pusf_text'] = 'Un sistema habilitado por indicador "por usuario visto" no marcará un correo como leído para el Usuario B, cuando el Usuario A lo haya visto, pero el Usuario B no.';
-$lang['admin']['privacy'] = 'Privacidad';
-$lang['admin']['privacy_text'] = 'Ésta opción activa una tabla PCRE para remover "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" y remplaza las cabezeras "Received: from" con localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Anonimizar correo saliente';
-$lang['admin']['dkim_txt_name'] = 'Nombre del registro TXT:';
-$lang['admin']['dkim_txt_value'] = 'Valor del registro TXT:';
 $lang['admin']['dkim_key_length'] = 'Longitud de la llave DKIM (bits)';
-$lang['admin']['previous'] = 'Página anterior';
-$lang['admin']['quota_mb'] = 'Cuota (MiB):';
-$lang['admin']['sender_acl'] = 'Permitir envío como:';
-$lang['admin']['msg_size'] = 'Tamaño del mensaje';
-$lang['admin']['msg_size_limit'] = 'Límite del tamaño del mensaje ahora';
-$lang['admin']['msg_size_limit_details'] = 'Aplicando un nuebo límite reiniciará Postfix y el servidor web.';
-$lang['admin']['maintenance'] = 'Mantenimiento e Información';
-$lang['admin']['sys_info'] = 'información del sistema';
 $lang['admin']['dkim_add_key'] = 'Agregar registro ARC/DKIM';
 $lang['admin']['dkim_keys'] = 'Registros ARC/DKIM';
 $lang['admin']['add'] = 'Agregar';
@@ -365,8 +261,4 @@ $lang['admin']['unchanged_if_empty'] = 'Si no hay cambios dejalo en blanco';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Acceso';
-$lang['admin']['invalid_max_msg_size'] = 'Tamaño máx. del mensaje no válido';
-$lang['admin']['site_not_found'] = 'No se puede localizar la configuración del sitio de mailcow';
-$lang['admin']['public_folder_empty'] = 'El nombre de la carpeta pública no debe estar vacío';
-$lang['admin']['set_rr_failed'] = 'No se pueden establecer las restricciones de Postfix';
 $lang['admin']['no_record'] = 'Sin registro';
diff --git a/data/web/lang/lang.fr.php b/data/web/lang/lang.fr.php
index afa04f3b..e496af28 100644
--- a/data/web/lang/lang.fr.php
+++ b/data/web/lang/lang.fr.php
@@ -14,16 +14,10 @@ $lang['footer']['delete_these_items'] = "Merci de confirmer les changements sur
 $lang['footer']['delete_now'] = "Effacer maintenant";
 $lang['footer']['cancel'] = "Annuler";
 
-$lang['dkim']['confirm'] = "Êtes-vous sûr ?";
-$lang['danger']['dkim_not_found'] = "Clé DKIM non trouvée";
-$lang['danger']['dkim_remove_failed'] = "Impossible de retirer la clé DKIM sélectionnée";
-$lang['danger']['dkim_add_failed'] = "Impossible d'ajouter la clé DKIM donnée";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "Domaine ou sélecteur DKIM invalide";
-$lang['danger']['dkim_key_length_invalid'] = "Longueur de clé DKIM invalide";
 $lang['success']['dkim_removed'] = "La clé DKIM %s a été retirée";
 $lang['success']['dkim_added'] = "La clé DKIM a été enregistrée";
 $lang['danger']['access_denied'] = "Accès refusé ou données de formulaire invalide";
-$lang['danger']['whitelist_from_invalid'] = "L'enregistrement liste blanche a un format non valide";
 $lang['danger']['domain_invalid'] = "Le nom de domaine n'est pas valide";
 $lang['danger']['mailbox_quota_exceeds_domain_quota'] = "Le quota max. dépasse la limite de quota du domaine";
 $lang['danger']['object_is_not_numeric'] = "La valeur %s n'est pas numérique";
@@ -34,7 +28,6 @@ $lang['danger']['last_key'] = "La dernière clé ne peut pas être effacée";
 $lang['danger']['goto_empty'] = "L'adresse de destination ne peut pas être vide";
 $lang['danger']['policy_list_from_exists'] = "Une entrée avec ce nom existe";
 $lang['danger']['policy_list_from_invalid'] = "L'entrée a un format non valide";
-$lang['danger']['whitelist_exists'] = "Une entrée liste-blanche existe avec ce nom";
 $lang['danger']['alias_invalid'] = "L'adresse alias est non valide";
 $lang['danger']['goto_invalid'] = "L'adresse de destination est non valide";
 $lang['danger']['alias_domain_invalid'] = "Le domaine alias est non valide";
@@ -51,18 +44,12 @@ $lang['success']['mailbox_modified'] = "Les changement sur la boîte %s ont ét
 $lang['success']['resource_modified'] = "Les changement sur la boîte %s ont été enregistrés";
 $lang['success']['object_modified'] = "Les changement sur l'objet %s ont été enregistrés";
 $lang['success']['f2b_modified'] = "Les changement sur les paramètres Fail2ban ont été enregistrés";
-$lang['success']['msg_size_saved'] = "La limite de taille de message a été définie";
-$lang['danger']['aliasd_not_found'] = "Domaine alias non trouvé";
 $lang['danger']['targetd_not_found'] = "Domaine cible non trouvé";
-$lang['danger']['aliasd_exists'] = "Le domaine alias existe déjà";
 $lang['success']['aliasd_added'] = "Domaine alias %s ajouté";
 $lang['success']['domain_modified'] = "Les changement sur le domaine %s ont été enregistrés";
 $lang['success']['domain_admin_modified'] = "Les changement sur l'administrateur de domaine %s ont été enregistrés";
 $lang['success']['domain_admin_added'] = "L'administrateur de domaine %s a été ajouté";
-$lang['success']['changes_general'] = "Les changements ont été enregistrés";
 $lang['success']['admin_modified'] = "Les changements sur l'administrateur ont été enregistrés";
-$lang['danger']['exit_code_not_null'] = "Erreur : Le code de sortie était %d";
-$lang['danger']['mailbox_not_available'] = "Boîte non disponible";
 $lang['danger']['username_invalid'] = "L'identifiant ne peut pas être utilisé";
 $lang['danger']['password_mismatch'] = "La confirmation du mot de passe n'est pas identique";
 $lang['danger']['password_complexity'] = "Le mot de passe ne respecte pas les règles";
@@ -71,7 +58,6 @@ $lang['danger']['login_failed'] = "La connexion a échoué";
 $lang['danger']['mailbox_invalid'] = "Le nom de la boîte n'est pas valide";
 $lang['danger']['description_invalid'] = "La description de la ressource n'est pas valide";
 $lang['danger']['resource_invalid'] = "Le nom de la ressource n'est pas valide";
-$lang['danger']['mailbox_invalid_suggest'] = "Le nom de la boîte n'est pas valide. Vouliez-vous taper \"%s\" ?";
 $lang['danger']['is_alias'] = "%s est déjà enregistré comme adresse alias";
 $lang['danger']['is_alias_or_mailbox'] = "%s est déjà enregistré comme un alias ou une boîte";
 $lang['danger']['is_spam_alias'] = "%s est déjà enregistré comme une adresse alias de pourriel";
@@ -96,16 +82,11 @@ $lang['danger']['mailboxes_in_use'] = "Boîtes max. doit être doit être supér
 $lang['danger']['aliases_in_use'] = "Alias max. doit être supérieur ou égal à %d";
 $lang['danger']['sender_acl_invalid'] = "La valeur ACL de l'expéditeur n'est pas valide";
 $lang['danger']['domain_not_empty'] = "Impossible de retiré un domaine non-vide";
-$lang['warning']['spam_alias_temp_error'] = "Erreur temporaire : impossible d'ajouter des alias de spam, merci d'essayer plus tard.";
-$lang['danger']['spam_alias_max_exceeded'] = "Nombre max d'adresses pour les alias de spam dépassé";
 $lang['danger']['validity_missing'] = "Merci d'attribuer une période de validité";
-$lang['user']['on'] = "On";
-$lang['user']['off'] = "Off";
 $lang['user']['messages'] = "messages"; // "123 messages"
 $lang['user']['in_use'] = "Utilisé";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = "Paramètres utilisateur";
-$lang['user']['mailbox_settings'] = "Paramètres des boîtes";
 $lang['user']['mailbox_details'] = "Détails des boîtes";
 $lang['user']['change_password'] = "Changement de mot de passe";
 $lang['user']['client_configuration'] = "Montrer les guides de configuration pour les programmes de courriels et les smartphones";
@@ -114,11 +95,8 @@ $lang['user']['save_changes'] = "Sauvegarder les changements";
 $lang['user']['password_now'] = "Mot de passe actuel (confirmation des changements)";
 $lang['user']['new_password_repeat'] = "Confirmation du mot de passe (répéter)";
 $lang['user']['new_password_description'] = "Critère : 6 caractères de long, lettres et nombres.";
-$lang['user']['did_you_know'] = "<b>Le saviez-vous ?</b> Vous pouvez utiliser des étiquettes dans vos adresses de courriel (\"moi+<b>prive</b>@exemple.com\") afin de déplacer les messages automatiquement vers un dossier (exemple: \"prive\").";
 $lang['user']['spam_aliases'] = "Alias de courriel temporaires";
 $lang['user']['alias'] = "Alias";
-$lang['user']['aliases'] = "Alias";
-$lang['user']['domain_aliases'] = "Adresses d'alias de domaine";
 $lang['user']['is_catch_all'] = "Attrape-tout pour domaine(s)";
 $lang['user']['aliases_also_send_as'] = "Peut également envoyer en tant qu'utilisateur";
 $lang['user']['aliases_send_as_all'] = "Ne pas vérifier les accès d'expéditeur pour le(s) domaine(s) suivant(s) et leurs alias de domaine";
@@ -128,7 +106,6 @@ $lang['user']['alias_valid_until'] = "Valide jusqu'à";
 $lang['user']['alias_remove_all'] = "Retirer tous les alias";
 $lang['user']['alias_time_left'] = "Temps restant";
 $lang['user']['alias_full_date'] = "d/m/Y, H:i:s T";
-$lang['user']['syncjob_full_date'] = "d/m/Y, H:i:s T";
 $lang['user']['alias_select_validity'] = "Période de validité";
 $lang['user']['sync_jobs'] = "Travaux de synchronisation";
 $lang['user']['hour'] = "Heure";
@@ -161,8 +138,6 @@ $lang['user']['tls_enforce_in'] = "Imposer le TLS entrant";
 $lang['user']['tls_enforce_out'] = "Imposer le TLS sortant";
 $lang['user']['no_record'] = "Aucun enregistrement";
 
-$lang['user']['misc_settings'] = "Autre paramètres de profil";
-$lang['user']['misc_delete_profile'] = "Autre paramètres de profil";
 
 $lang['user']['tag_handling'] = "Définir la gestion des courriel étiquetés";
 $lang['user']['tag_in_subfolder'] = "Dans un sous-dossier";
@@ -176,7 +151,6 @@ $lang['user']['eas_reset_help'] = "Dans beaucoup de cas, une réinitialisation d
 
 $lang['user']['encryption'] = "Chiffrement";
 $lang['user']['username'] = "Nom d'utilisateur";
-$lang['user']['password'] = "Mot de passe";
 $lang['user']['last_run'] = "Dernière exécution";
 $lang['user']['excludes'] = "Exclu";
 $lang['user']['interval'] = "Intervalle";
@@ -184,45 +158,22 @@ $lang['user']['active'] = "Actif";
 $lang['user']['action'] = "Action";
 $lang['user']['edit'] = "Éditer";
 $lang['user']['remove'] = "Retirer";
-$lang['user']['delete_now'] = "Retirer maintenant";
 $lang['user']['create_syncjob'] = "Création d'une nouvelle tache de synchronisation";
 
-$lang['start']['dashboard'] = "%s - tableau de bord";
-$lang['start']['start_rc'] = "Ouvrir Roundcube";
-$lang['start']['start_sogo'] = "Ouvrir SOGo";
 $lang['start']['mailcow_apps_detail'] = "Utiliser l'application mailcow pour accéder à vos courriels, calendriers, contacts et bien plus.";
-$lang['start']['mailcow_panel'] = "Démarrer l'interface mailcow";
-$lang['start']['mailcow_panel_description'] = "L'interface mailcow est disponible pour les administrateurs et les utilisateurs de boîtes de courriels.";
 $lang['start']['mailcow_panel_detail'] = "Les <b>administrateurs de domaine</b> créent, modifient ou effacent les boîtes de courriel et les alias. Ils modifient les domaines et ont accès aux informations à propos des domaines qui leur sont assignés.<br>Les <b>utilisateurs de boîtes</b> peuvent créer des alias limités dans le temps (alias de pourriel), changer leur mot de passe et leurs préférences de filtre à pourriel.";
-$lang['start']['recommended_config'] = "Configuration recommandée (sans ActiveSync)";
-$lang['start']['imap_smtp_server'] = "Donnée des serveurs IMAP et SMTP";
-$lang['start']['imap_smtp_server_description'] = "Pour une expérience optimale, nous vous recommandons d'utiliser <a href=\"%s\" target=\"_blank\"><b>Mozilla Thunderbird</b></a>.";
-$lang['start']['imap_smtp_server_badge'] = "Lecture/Écriture des courriels";
-$lang['start']['imap_smtp_server_auth_info'] = "Merci d'utiliser votre adresse de courriel complète couplée au mécanisme d’authentification \"PLAIN\".<br>Vos données de connexion seront chiffrées par le chiffrement imposé coté serveur.";
-$lang['start']['managesieve'] = "ManageSieve";
-$lang['start']['managesieve_badge'] = "Filtre de courriel";
-$lang['start']['managesieve_description'] = "Merci d'utiliser <b>Mozilla Thunderbird</b> avec l'extension <a style=\"text-decoration:none\" target=\"_blank\" href=\"%s\"><b>nightly sieve</b></a>.<br>Démarrez Thunderbird, ouvrez les paramètres des extensions et déposez le fichier xpi fraîchement téléchargé dans la fenêtre ouverte.<br>Le nom du serveur est <b>%s</b>, utilisez le port <b>4190</b> si on vous le demande. Les données de connexion correspondent à celles de votre courriel.";
-$lang['start']['service'] = "Service";
-$lang['start']['encryption'] = "Méthode de chiffrement";
 $lang['start']['help'] = "Montrer/Cacher le panneau d'aide";
-$lang['start']['hostname'] = "Nom d'hôte";
-$lang['start']['port'] = "Port";
-$lang['start']['footer'] = "";
 $lang['header']['mailcow_settings'] = "Configuration";
 $lang['header']['administration'] = "Administration";
 $lang['header']['mailboxes'] = "Boîtes de courriel";
 $lang['header']['user_settings'] = "Paramètres utilisateur";
-$lang['header']['login'] = "Identifiant";
-$lang['header']['logged_in_as_logout'] = "Connecté en tant que <b>%s</b> (déconnexion)";
 $lang['header']['logged_in_as_logout_dual'] = "Connecté en tant que <b>%s <span class=\"text-info\">[%s]</span></b>";
-$lang['header']['locale'] = "Langue";
 $lang['mailbox']['domain'] = "Domaine";
 $lang['mailbox']['spam_aliases'] = "Alias temp.";
 $lang['mailbox']['multiple_bookings'] = "Réservations multiples";
 $lang['mailbox']['kind'] = "Type";
 $lang['mailbox']['description'] = "Description";
 $lang['mailbox']['alias'] = "Alias";
-$lang['mailbox']['resource_name'] = "Nom des ressources";
 $lang['mailbox']['aliases'] = "Alias";
 $lang['mailbox']['domains'] = "Domaines";
 $lang['mailbox']['mailboxes'] = "Boîtes";
@@ -231,7 +182,6 @@ $lang['mailbox']['mailbox_quota'] = "Taille max. d'une boîte";
 $lang['mailbox']['domain_quota'] = "Quota";
 $lang['mailbox']['active'] = "Actif";
 $lang['mailbox']['action'] = "Action";
-$lang['mailbox']['ratelimit'] = "Limite de vitesse en sortie/h";
 $lang['mailbox']['backup_mx'] = "MX de secours";
 $lang['mailbox']['domain_aliases'] = "Alias de domaine";
 $lang['mailbox']['target_domain'] = "Domaine cible";
@@ -241,20 +191,15 @@ $lang['mailbox']['fname'] = "Nom complet";
 $lang['mailbox']['filter_table'] = "Table de filtrage";
 $lang['mailbox']['yes'] = "&#10004;";
 $lang['mailbox']['no'] = "&#10008;";
-$lang['mailbox']['quota'] = "Quota";
 $lang['mailbox']['in_use'] = "Utilisation (%)";
 $lang['mailbox']['msg_num'] = "Message";
 $lang['mailbox']['remove'] = "Retirer";
 $lang['mailbox']['edit'] = "Éditer";
-$lang['mailbox']['archive'] = "Archiver";
-$lang['mailbox']['no_record'] = "Aucun enregistrement pour l'objet %s";
-$lang['mailbox']['no_record_single'] = "Aucun enregistrement";
 $lang['mailbox']['add_domain'] = "Ajouter un domaine";
 $lang['mailbox']['add_domain_alias'] = "Ajouter un alias de domaine";
 $lang['mailbox']['add_mailbox'] = "Ajouter une boîte de courriel";
 $lang['mailbox']['add_resource'] = "Ajouter une ressource";
 $lang['mailbox']['add_alias'] = "Ajouter un alias";
-$lang['mailbox']['add_domain_record_first'] = "Merci de d'abord ajouter un domaine";
 $lang['mailbox']['empty'] = "Aucun résultat";
 $lang['mailbox']['toggle_all'] = "Basculer tout";
 $lang['mailbox']['quick_actions'] = "Actions";
@@ -266,21 +211,6 @@ $lang['mailbox']['last_run'] = "Dernière exécution";
 
 $lang['info']['no_action'] = "Aucune action applicable";
 
-$lang['delete']['title'] = "Retirer un objet";
-$lang['delete']['remove_domain_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer le domaine <b>%s</b> !";
-$lang['delete']['remove_syncjob_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer une tâche de synchronisation pour l'utilisateur <b>%s</b> !";
-$lang['delete']['remove_domainalias_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer l'alias de domaine <b>%s</b> !";
-$lang['delete']['remove_domainadmin_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer l'administrateur de domaine <b>%s</b> !";
-$lang['delete']['remove_alias_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer l'alias d'adresse <b>%s</b> !";
-$lang['delete']['remove_mailbox_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer la boîte de courriel <b>%s</b> !";
-$lang['delete']['remove_mailbox_details'] = "La boîte de courriel sera <b>supprimée définitivement</b> !";
-$lang['delete']['remove_resource_warning'] = "<b>Attention :</b> vous êtes sur le point de retirer la ressource <b>%s</b> !";
-$lang['delete']['remove_resource_details'] = "La ressource sera <b>supprimée définitivement</b> !";
-$lang['delete']['remove_domain_details'] = "Cela retire également les alias de domaine.<br><br><b>Un domaine doit être vide pour être retiré.</b>";
-$lang['delete']['remove_syncjob_details'] = "Les objets de cette tâche de synchronisation ne seront plus récupérés depuis le serveur distant.";
-$lang['delete']['remove_alias_details'] = "Les utilisateurs ne pourront plus recevoir ni envoyer de courriels depuis cette adresse.</b>";
-$lang['delete']['remove_button'] = "Retirer";
-$lang['delete']['previous'] = "Page précédente";
 
 $lang['edit']['syncjob'] = "Éditer la tâche de synchronisation";
 $lang['edit']['save'] = "Enregistrer les changements";
@@ -291,22 +221,17 @@ $lang['edit']['maxage'] = "Age maximum en jours des messages qui seront récupé
 $lang['edit']['subfolder2'] = "Sous-dossier où synchroniser à destination<br><small>(vide = ne pas utiliser de sous-dossier)</small>";
 $lang['edit']['mins_interval'] = "Intervalle (min)";
 $lang['edit']['exclude'] = "Objets à exclure (expression régulière)";
-$lang['edit']['archive'] = "Accès aux archives";
 $lang['edit']['max_mailboxes'] = "Nombre max. de boîtes";
 $lang['edit']['title'] = "Éditer l'objet";
 $lang['edit']['target_address'] = "Adresse(s) de destination <small>(séparés par des virgules)</small>";
 $lang['edit']['active'] = "Activer";
 $lang['edit']['target_domain'] = "Domaine cible";
 $lang['edit']['password'] = "Mot de passe";
-$lang['edit']['ratelimit'] = "Limite de vitesse sortante/h";
-$lang['danger']['ratelimt_less_one'] = "La limite de vitesse sortante/h ne peut pas être inférieure à 1";
 $lang['edit']['password_repeat'] = "Confirmation du mot de passe (répéter)";
 $lang['edit']['domain_admin'] = "Éditer l'administrateur de domaine";
 $lang['edit']['domain'] = "Éditer le domaine";
-$lang['edit']['alias_domain'] = "Alias de domaine";
 $lang['edit']['edit_alias_domain'] = "Éditer l'alias de domaine";
 $lang['edit']['domains'] = "Domaines";
-$lang['edit']['destroy'] = "Entrée des donnés manuelle";
 $lang['edit']['alias'] = "Éditer l'alias";
 $lang['edit']['mailbox'] = "Éditer la boîte";
 $lang['edit']['description'] = "Description";
@@ -316,22 +241,16 @@ $lang['edit']['domain_quota'] = "Quota de domaine";
 $lang['edit']['backup_mx_options'] = "Option de MX secondaire";
 $lang['edit']['relay_domain'] = "Domaine de relais";
 $lang['edit']['relay_all'] = "Relayer tous les destinataires";
-$lang['edit']['dkim_signature'] = "Signature ARC + DKIM";
-$lang['edit']['dkim_record_info'] = "<small>Merci d'ajouter une entrée TXT avec la valeur donnée à votre configuration DNS.</small>";
 $lang['edit']['relay_all_info'] = "<small>Si vous choisissez de ne <b>pas</b> relayer tous les destinataires, vous devrez ajouter une boîte \"aveugle\" pour chaque destinataire qui doit être relayé.</small>";
 $lang['edit']['full_name'] = "Nom complet";
 $lang['edit']['quota_mb'] = "Quota (Mo)";
 $lang['edit']['sender_acl'] = "Autorisé à envoyé en tant que";
-$lang['edit']['sender_acl_info'] = "Les alias ne peuvent pas être désélectionnés.";
-$lang['edit']['dkim_txt_name'] = "Nom de l'enregistrement TXT :";
-$lang['edit']['dkim_txt_value'] = "Valeur de l'enregistrement TXT :";
 $lang['edit']['previous'] = "Page précédente";
 $lang['edit']['unchanged_if_empty'] = "Si aucun changement, laisser vide";
 $lang['edit']['dont_check_sender_acl'] = "Désactiver la vérification de l'émetteur pour le domaine %s + les domaines alias";
 $lang['edit']['multiple_bookings'] = "Inscriptions multiples";
 $lang['edit']['kind'] = "Type";
 $lang['edit']['resource'] = "Resource";
-$lang['edit']['goto_null'] = "Ignorer silencieusement le courriel";
 
 $lang['add']['syncjob'] = "Ajouter une tâche de synchronisation";
 $lang['add']['syncjob_hint'] = "Soyez prévenus que les mots de passe doivent être sauvés en clair !";
@@ -340,8 +259,6 @@ $lang['add']['port'] = "Port";
 $lang['add']['username'] = "Identifiant";
 $lang['add']['enc_method'] = "Méthode de chiffrement";
 $lang['add']['mins_interval'] = "Période de relève (minutes)";
-$lang['add']['maxage'] = "Age maximum des messages qui seront relevés depuis le distant (0 = ignorer l'age)";
-$lang['add']['subfolder2'] = "Synchronisation dans un sous-dossier à destination";
 $lang['add']['exclude'] = "Exclure des objets (expression régulière)";
 $lang['add']['delete2duplicates'] = "Supprimer les doubles à destination";
 $lang['add']['delete1'] = "Supprimer à la source une fois terminé";
@@ -350,14 +267,11 @@ $lang['edit']['delete2duplicates'] = "Supprimer les doubles à destination";
 $lang['edit']['delete1'] = "Supprimer à la source une fois terminé";
 $lang['edit']['delete2'] = "Supprimer les messages à destination qui ne sont pas présent à la source";
 
-$lang['add']['title'] = "Ajouter un objet";
 $lang['add']['domain'] = "Domaine";
 $lang['add']['active'] = "Actif";
 $lang['add']['multiple_bookings'] = "Inscriptions multiples";
-$lang['add']['save'] = "Sauvegarder les changements";
 $lang['add']['description'] = "Description";
 $lang['add']['max_aliases'] = "Nombre max. des alias";
-$lang['add']['resource_name'] = "Nom de la ressource";
 $lang['add']['max_mailboxes'] = "Nombre max. de boîtes";
 $lang['add']['mailbox_quota_m'] = "Quota max par boîte (Mo)";
 $lang['add']['domain_quota_m'] = "Quota total du domaine (Mo)";
@@ -365,8 +279,6 @@ $lang['add']['backup_mx_options'] = "Options de MX secondaire";
 $lang['add']['relay_all'] = "Relayer tous les destinataires";
 $lang['add']['relay_domain'] = "Relayer ce domaine";
 $lang['add']['relay_all_info'] = "<small>Si vous choisissez de ne <b>pas</b> relayer tous les destinataires, vous devrez ajouter une boîte \"aveugle\" pour chaque destinataire qui doit être relayé.</small>";
-$lang['add']['alias'] = "Alias";
-$lang['add']['alias_spf_fail'] = "<b>Note :</b> Si l'adresse de destination choisie est une boîte externe, la <b>serveur de réception</b> peut rejeter votre message pour cause d'échec SPF.</a>";
 $lang['add']['alias_address'] = "Adresse(s) alias";
 $lang['add']['alias_address_info'] = "<small>Adresse de courriel complète ou @exemple.com pour recevoir tous les messages d'un domaine (séparés par de virgules). <b>Domaines mailcow seulement</b></small>";
 $lang['add']['alias_domain_info'] = "<small>Nom de domaine valide seulement (séparés par des virgules).</small>";
@@ -375,8 +287,6 @@ $lang['add']['target_address_info'] = "<small>Adresse(s) de courriel complète(s
 $lang['add']['alias_domain'] = "Alias de domaine";
 $lang['add']['select'] = "Merci de sélectionner...";
 $lang['add']['target_domain'] = "Domaine cible";
-$lang['add']['mailbox'] = "Boîte de courriel";
-$lang['add']['resource'] = "Ressource";
 $lang['add']['kind'] = "Type";
 $lang['add']['mailbox_username'] = "Identifiant (côté gauche d'une adresse de courriel)";
 $lang['add']['full_name'] = "Nom complet";
@@ -384,20 +294,12 @@ $lang['add']['quota_mb'] = "Quota (Mo)";
 $lang['add']['select_domain'] = "Merci de d'abord sélectionner un domaine";
 $lang['add']['password'] = "Mot de passe";
 $lang['add']['password_repeat'] = "Confirmation du mot de passe (répéter)";
-$lang['add']['previous'] = "Page précédente";
 $lang['add']['restart_sogo_hint'] = "Vous devrez redémarrer le container du service SOGo après l'ajout d'un nouveau domaine !";
 $lang['add']['goto_null'] = "Ignorer silencieusement le courriel";
 
-$lang['login']['title'] = "Connexion";
-$lang['login']['administration'] = "Administration";
-$lang['login']['administration_details'] = "Merci d'utiliser votre identifiant d'administrateur pour effectuer les taches administratives.";
-$lang['login']['user_settings'] = "Paramètres utilisateur";
-$lang['login']['user_settings_details'] = "Les propriétaires de boîte de courriel peuvent utiliser l'interface mailcow pour changer leur mot de passe, créer des alias temporaires (alias de pourriel), ajuster le comportement du filtre à pourriel ou importer des messages depuis un serveur IMAP distant.";
 $lang['login']['username'] = "Identifiant";
 $lang['login']['password'] = "Mot de passe";
-$lang['login']['reset_password'] = "Réinitialiser mon mot de passe";
 $lang['login']['login'] = "Connexion";
-$lang['login']['previous'] = "Page précédente";
 $lang['login']['delayed'] = "La connexion a été différée de %s seconds.";
 
 $lang['tfa']['tfa'] = "Authentification à double facteur";
@@ -407,15 +309,11 @@ $lang['tfa']['key_id'] = "Un identifiant pour votre YubiKey";
 $lang['tfa']['key_id_totp'] = "Un identifiant pour votre clé";
 $lang['tfa']['api_register'] = "mailcow utilise Yubico Cloud API. Merci d'obtenir un clé API pour votre clé <a href=\"https://upgrade.yubico.com/getapikey/\" target=\"_blank\">ici</a>";
 $lang['tfa']['u2f'] = "Authentification U2F";
-$lang['tfa']['hotp'] = "Authentification HOTP";
 $lang['tfa']['totp'] = "Mot de passe à usage unique basé sur le temps (Google Authenticator etc.)";
 $lang['tfa']['none'] = "Désactivé";
 $lang['tfa']['delete_tfa'] = "Invalider TFA";
 $lang['tfa']['disable_tfa'] = "Désactiver TFA jusqu'à la prochaine connexion réussie";
-$lang['tfa']['confirm_tfa'] = "Merci de confirmer votre mot de passe à usage unique dans le champ ci-dessous";
 $lang['tfa']['confirm'] = "Confirmer";
-$lang['tfa']['otp'] = "Mot de passe à usage unique";
-$lang['tfa']['trash_login'] = "Trash login";
 $lang['tfa']['select'] = "Merci de sélectionner";
 $lang['tfa']['waiting_usb_auth'] = "<i>En attente du périphérique USB...</i><br><br>Merci de presser le bouton de votre périphérique U2F USB maintenant.";
 $lang['tfa']['waiting_usb_register'] = "<i>En attente du périphérique USB...</i><br><br>Merci de confirmer votre mot de passe au dessus et de valider votre enregistrement U2F en appuyant sur le bouton de votre périphérique U2F USB.";
@@ -432,39 +330,14 @@ $lang['admin']['f2b_max_attempts'] = "Nb max de tentatives";
 $lang['admin']['f2b_retry_window'] = "Fenêtre de nouvel essai (s) pour le nb max de tentatives";
 $lang['admin']['f2b_whitelist'] = "Réseau/hôtes en liste blanche";
 $lang['admin']['search_domain_da'] = "Chercher des domaines";
-$lang['admin']['restrictions'] = "Restrictions Postfix";
-$lang['admin']['rr'] = "Restrictions Postfix sur les destinataires";
-$lang['admin']['sr'] = "Restriction Postfix sur les expéditeurs";
-$lang['admin']['reset_defaults'] = "Réinitialiser aux valeurs par défaut";
 $lang['admin']['r_inactive'] = "Restrictions inactives";
 $lang['admin']['r_active'] = "Restrictions actives";
 $lang['admin']['r_info'] = "Les éléments grisé/invalidés dans la liste des restrictions active ne sont pas reconnus comme des restrictions valide par mailcow et ne peuvent pas être déplacés. Les restriction inconnues seront enregistrées dans leur ordre d'apparence.<br>Vous pouvez ajouter de nouveaux élément dans <code>inc/vars.local.inc.php</code> pour pouvoir les sélectionner.";
-$lang['admin']['public_folders'] = "Dossiers publiques";
-$lang['admin']['public_folders_text'] = "Un espace de nommage \"Public\" a été crée. Le nom du dossier publique ci-dessous indique le nom de la première boîte crée automatiquement à l'intérieur de cet espace de nommage.";
-$lang['admin']['public_folder_name'] = "Nom de dossier <small>(alphanumérique)</small>";
-$lang['admin']['public_folder_enable'] = "Activer le dossier publique";
-$lang['admin']['public_folder_enable_text'] = "Changer cette option ne supprime aucun courriel dans les dossiers publiques.";
-$lang['admin']['public_folder_pusf'] = "Activer le statut vu par utilisateur";
-$lang['admin']['public_folder_pusf_text'] = "Lorsque le \"statut vu par utilisateur\" est activé, le système ne marquera pas un courriel comme lu pour l'utilisateur B si l'utilisateur l'a lu mais pas B.";
-$lang['admin']['privacy'] = "Vie privée";
-$lang['admin']['privacy_text'] = "Cette option active une table PCRE pour retirer \"User-Agent\", \"X-Enigmail\", \"X-Mailer\", \"X-Originating-IP\" et remplace les en-têtes \"Received: from\" avec localhost/127.0.0.1.";
-$lang['admin']['privacy_anon_mail'] = "Anonymiser les courriels sortants";
-$lang['admin']['dkim_txt_name'] = "Nom de l'enregistrement TXT :";
-$lang['admin']['dkim_txt_value'] = "Valeur de l'enregistrement TXT :";
 $lang['admin']['dkim_key_length'] = "Longueur de la clé DKIM (bits)";
 $lang['admin']['dkim_key_valid'] = "Clé valide";
 $lang['admin']['dkim_key_unused'] = "Clé non utilisée";
 $lang['admin']['dkim_key_missing'] = "Clé manquante";
-$lang['admin']['dkim_key_hint'] = "Le sélecteur des clés DKIM est toujours <code>dkim</code>.";
-$lang['admin']['previous'] = "Page précédente";
-$lang['admin']['quota_mb'] = "Quota (Mo) :";
-$lang['admin']['sender_acl'] = "Autoriser à envoyer en tant que :";
-$lang['admin']['msg_size'] = "Taille du message";
-$lang['admin']['msg_size_limit'] = "Taille de message limite actuelle";
-$lang['admin']['msg_size_limit_details'] = "Appliquer une nouvelle limite rechargera Postfix et le serveur web.";
 $lang['admin']['save'] = "Enregistrer les changements";
-$lang['admin']['maintenance'] = "Maintenance et Information";
-$lang['admin']['sys_info'] = "Information système";
 $lang['admin']['dkim_add_key'] = "Ajouter un clé ARC/DKIM";
 $lang['admin']['dkim_keys'] = "Clés ARC/DKIM";
 $lang['admin']['add'] = "Ajouter";
@@ -486,20 +359,12 @@ $lang['admin']['unchanged_if_empty'] = "Si aucun changement, laisser vide";
 $lang['admin']['yes'] = "&#10004;";
 $lang['admin']['no'] = "&#10008;";
 $lang['admin']['access'] = "Accès";
-$lang['admin']['invalid_max_msg_size'] = "Mauvaise taille de message max.";
-$lang['admin']['site_not_found'] = "Impossible de trouver la configuration du site mailcow";
-$lang['admin']['public_folder_empty'] = "Le nom du dossier publique ne peut pas être vide";
-$lang['admin']['set_rr_failed'] = "Impossible de définir les restrictions Postfix";
 $lang['admin']['no_record'] = "Aucun enregistrement";
 $lang['admin']['filter_table'] = "Table de filtrage";
 $lang['admin']['empty'] = "Aucun résultat";
-$lang['admin']['time'] = "Temps";
-$lang['admin']['priority'] = "Priorité";
-$lang['admin']['message'] = "Message";
 $lang['admin']['refresh'] = "Rafraîchir";
 $lang['admin']['to_top'] = "Retour en haut";
 $lang['admin']['in_use_by'] = "Utilisé par";
-$lang['admin']['logs'] = "Journaux";
 $lang['admin']['forwarding_hosts'] = "Hôtes de réexpédition";
 $lang['admin']['forwarding_hosts_hint'] = "Tous les messages entrant sont acceptés sans condition depuis les hôtes listés ici. Ces hôtes ne sont pas validés par DNSBLs ou sujets à un greylisting. Les pourriels reçus de ces hôtes ne sont jamais rejetés, mais occasionnellement, ils peuvent se retrouver dans le dossier Junk. L'usage le plus courant est pour les serveurs de courriels qui ont été configurés pour réexpédier leurs courriels entrant vers votre serveur mailcow.";
 $lang['admin']['forwarding_hosts_add_hint'] = "Vous pouvez aussi bien indiquer des adresses IPv4/IPv6, des réseaux en notation CIDR, des noms d'hôtes (qui se seront convertit en adresses IP), ou des noms de domaine (qui seront convertit en adresses IP par une requête SPF ou, en son absence, l'enregistrement MX).";
@@ -509,7 +374,6 @@ $lang['admin']['host'] = "Hôte";
 $lang['admin']['source'] = "Source";
 $lang['admin']['add_forwarding_host'] = "Ajouter un hôte de réexpédition";
 $lang['admin']['add_relayhost'] = "Ajouter un hôte de relai";
-$lang['delete']['remove_forwardinghost_warning'] = "<b>Attention :</b>vous êtes sur le point de retirer l'hôte de réexpédition <b>%s</b> !";
 $lang['success']['forwarding_host_removed'] = "L'hôte de réexpédition %s a été retiré";
 $lang['success']['forwarding_host_added'] = "L'hôte de réexpédition %s a été ajouté";
 $lang['success']['relayhost_removed'] = "L'hôte de relai %s a été retiré";
@@ -529,10 +393,6 @@ $lang['admin']['add_row'] = "Ajouter une ligne";
 $lang['admin']['reset_default'] = "Remise à zéro par défaut";
 $lang['admin']['merged_vars_hint'] = "Les lignes grisées ont été importées depuis <code>vars.inc.(local.)php</code> et ne peuvent pas être modifiées.";
 
-$lang['edit']['tls_policy'] = "Changer la politique TLS";
 $lang['edit']['spam_score'] = "Définir un score personnalisé de pourriel";
 $lang['edit']['spam_policy'] = "Ajouter ou retirer des éléments des listes blanches/noires";
-$lang['edit']['delimiter_action'] = "Modifier l'action des séparateurs";
-$lang['edit']['syncjobs'] = "Ajouter ou modifier des tâches de synchronisation";
-$lang['edit']['eas_reset'] = "Ré-initialisation des appareils EAS";
 $lang['edit']['spam_alias'] = "Créer ou changer les adresses alias à temps limité";
diff --git a/data/web/lang/lang.it.php b/data/web/lang/lang.it.php
index d9b03e8a..efa69512 100644
--- a/data/web/lang/lang.it.php
+++ b/data/web/lang/lang.it.php
@@ -15,16 +15,10 @@ $lang['footer']['delete_these_items'] = 'Sicuro di voler eliminare gli oggetti s
 $lang['footer']['delete_now'] = 'Elimina ora';
 $lang['footer']['cancel'] = 'Annulla';
 
-$lang['dkim']['confirm'] = "Sicuro?";
-$lang['danger']['dkim_not_found'] = "Chiave DKIM non trovata";
-$lang['danger']['dkim_remove_failed'] = "Impossibile rimuovere la chiave DKIM selezionata";
-$lang['danger']['dkim_add_failed'] = "Impossibile aggiungere la chiave DKIM selezionata";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "DKIM domain or selector invalid";
-$lang['danger']['dkim_key_length_invalid'] = "Lunghezza della chiave DKIM non valida";
 $lang['success']['dkim_removed'] = "La chiave DKIM è stata rimossa";
 $lang['success']['dkim_added'] = "La chiave DKIM è stata salvata";
 $lang['danger']['access_denied'] = "Accesso negato o form di login non corretto";
-$lang['danger']['whitelist_from_invalid'] = "Elemento Whitelist non valido";
 $lang['danger']['domain_invalid'] = "Il nome di dominio non è valido";
 $lang['danger']['mailbox_quota_exceeds_domain_quota'] = "La quota massima eccede la quota di dominio";
 $lang['danger']['object_is_not_numeric'] = "Il valore %s non è numerico";
@@ -34,8 +28,6 @@ $lang['danger']['last_key'] = "L'ultima chiave non può essere rimossa";
 $lang['danger']['goto_empty'] = "L'indirizzo di destinazione non può restare vuoto";
 $lang['danger']['policy_list_from_exists'] = "Un elemento con lo stesso nome è già presente";
 $lang['danger']['policy_list_from_invalid'] = "L'elemento ha un formato non valido";
-$lang['danger']['whitelist_exists'] = "Un elemento è già presente con lo stesso nome tra i whitelist";
-$lang['danger']['whitelist_from_invalid'] = "L'elemento Whitelist ha un formato non valido";
 $lang['danger']['alias_invalid'] = "L'indirizzo alias non è valido";
 $lang['danger']['goto_invalid'] = "Goto address non è valido";
 $lang['danger']['alias_domain_invalid'] = "Alias domain non è valido";
@@ -51,19 +43,13 @@ $lang['success']['aliasd_modified'] = "I cambiamenti all'alias domain è stato s
 $lang['success']['mailbox_modified'] = "I cambiamenti alla mailbox %s è stato salvato";
 $lang['success']['resource_modified'] = "I cambiamenti alla mailbox %s è stato salvato";
 $lang['success']['object_modified'] = "I cambiamenti all'oggetto %s è stato salvato";
-$lang['success']['msg_size_saved'] = "Il limite di dimensione messaggio è stato impostato";
-$lang['danger']['aliasd_not_found'] = "l'alias del dominio non è stato trovato";
 $lang['danger']['targetd_not_found'] = "Il target del dominio non è stato trovato";
-$lang['danger']['aliasd_exists'] = "L'Alias di dominio esiste già";
 $lang['success']['aliasd_added'] = 'Aggiunto l\'alias per il dominio %s';
 $lang['success']['aliasd_modified'] = "I cambiamenti a alias domain %s è stato salvato";
 $lang['success']['domain_modified'] = "I cambiamenti a domain %s è stato salvato";
 $lang['success']['domain_admin_modified'] = "I cambiamenti a domain administrator %s è stato salvato";
 $lang['success']['domain_admin_added'] = "L'amministratore di dominio %s è stato aggiunto";
-$lang['success']['changes_general'] = 'I cambiamenti sono stati salvati';
 $lang['success']['admin_modified'] = "I cambiamenti a administrator è stato salvato";
-$lang['danger']['exit_code_not_null'] = 'Errore: Il codice di uscita è %d';
-$lang['danger']['mailbox_not_available'] = "Casella non disponibile";
 $lang['danger']['username_invalid'] = "Username non può essere utilizzato";
 $lang['danger']['password_mismatch'] = "La password di conferma non corrisponde";
 $lang['danger']['password_complexity'] = "La password non soddisfa le regole di sicurezza";
@@ -72,7 +58,6 @@ $lang['danger']['login_failed'] = "Login fallito";
 $lang['danger']['mailbox_invalid'] = "Il nome della casella non è valido";
 $lang['danger']['description_invalid'] = 'La descrizione della risorsa non è valido';
 $lang['danger']['resource_invalid'] = "Il nome della risorsa non è valido";
-$lang['danger']['mailbox_invalid_suggest'] = 'Il nome della casella non è valido, avevi in mente "%s"?';
 $lang['danger']['is_alias'] = "%s è già presente come alias";
 $lang['danger']['is_alias_or_mailbox'] = "%s è già presente come alias o casella";
 $lang['danger']['is_spam_alias'] = "%s è già presente come indirizzo spam alias";
@@ -97,16 +82,11 @@ $lang['danger']['mailboxes_in_use'] = "La quota della casella massima deve esser
 $lang['danger']['aliases_in_use'] = "Il numero massimo di alias must deve essere maggiore o uguale a %d";
 $lang['danger']['sender_acl_invalid'] = "Il valore di Sender ACL non è valido";
 $lang['danger']['domain_not_empty'] = "Non posso rimuovere domini in non vuoti";
-$lang['warning']['spam_alias_temp_error'] = "Errore temporaneo: Impossibile aggiungere alias di spam, provare più tardi.";
-$lang['danger']['spam_alias_max_exceeded'] = "Il numero massimo di indirizzi come spam alias superato";
 $lang['danger']['validity_missing'] = 'Assegnare un periodo di validità';
-$lang['user']['on'] = "On";
-$lang['user']['off'] = "Off";
 $lang['user']['messages'] = "messaggi"; // "123 messages"
 $lang['user']['in_use'] = "Utilizzati";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Impostazioni utente';
-$lang['user']['mailbox_settings'] = 'Impostazioni casella';
 $lang['user']['mailbox_details'] = 'Dettagli casella';
 $lang['user']['change_password'] = 'Cambia password';
 $lang['user']['new_password'] = 'Nuova password';
@@ -114,11 +94,8 @@ $lang['user']['save_changes'] = 'Salva modifiche';
 $lang['user']['password_now'] = 'Password attuale (conferma modifiche)';
 $lang['user']['new_password_repeat'] = 'Conferma password (ripeti)';
 $lang['user']['new_password_description'] = 'Requisiti: Lunghezza di 6 caratteri, lettere e numeri.';
-$lang['user']['did_you_know'] = '<b>Lo sapevi?</b> Puoi usare i tags nell\'indirizzo di posta ("me+<b>privat</b>@example.com") per muovere i messaggi automaticamente nelle cartelle (esempio: "privat").';
 $lang['user']['spam_aliases'] = 'Indirizzi mail temporanei';
 $lang['user']['alias'] = 'Alias';
-$lang['user']['aliases'] = 'Aliases';
-$lang['user']['domain_aliases'] = 'Indirizzi alias del dominio';
 $lang['user']['is_catch_all'] = 'Catch-all per il dominio/i';
 $lang['user']['aliases_also_send_as'] = 'Può inviare come utente';
 $lang['user']['aliases_send_as_all'] = 'Do not check sender access for the following domain(s) and its alias domains';
@@ -128,7 +105,6 @@ $lang['user']['alias_valid_until'] = 'Valido fino a';
 $lang['user']['alias_remove_all'] = 'Rimuovi tutti gli alias';
 $lang['user']['alias_time_left'] = 'Tempo rimanente';
 $lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
-$lang['user']['syncjob_full_date'] = 'd.m.Y, H:i:s T';
 $lang['user']['alias_select_validity'] = 'Periodo di validità';
 $lang['user']['sync_jobs'] = 'Processi di sync';
 $lang['user']['hour'] = 'Ora';
@@ -161,8 +137,6 @@ $lang['user']['tls_enforce_in'] = 'Imponi TLS in ingresso';
 $lang['user']['tls_enforce_out'] = 'Imponi TLS in uscita';
 $lang['user']['no_record'] = 'Nessun elemento';
 
-$lang['user']['misc_settings'] = 'Impostazioni di altri profili';
-$lang['user']['misc_delete_profile'] = 'Impostazioni di altri profili';
 
 $lang['user']['tag_handling'] = 'Imposta le gestione della mail evidenziate';
 $lang['user']['tag_in_subfolder'] = 'Nella sotto cartella';
@@ -177,7 +151,6 @@ $lang['user']['eas_reset_help'] = 'In molti casi un ripristino risolve i problem
 
 $lang['user']['encryption'] = 'Crittografia';
 $lang['user']['username'] = 'Nome utente';
-$lang['user']['password'] = 'Password';
 $lang['user']['last_run'] = 'Ultima esecuzione';
 $lang['user']['excludes'] = 'Esclude';
 $lang['user']['interval'] = 'Intervallo';
@@ -185,47 +158,25 @@ $lang['user']['active'] = 'Attiva';
 $lang['user']['action'] = 'Azione';
 $lang['user']['edit'] = 'Modifica';
 $lang['user']['remove'] = 'Elimina';
-$lang['user']['delete_now'] = 'Elimina ora';
 $lang['user']['create_syncjob'] = 'Crea un azione di sync';
 
-$lang['start']['dashboard'] = '%s - dashboard';
-$lang['start']['start_rc'] = 'Apri Roundcube';
-$lang['start']['start_sogo'] = 'Apri SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Usa l\'app mailcow per accedere alla posta, calendari, contatti ed altro.';
-$lang['start']['mailcow_panel'] = 'Avvia UI mailcow';
-$lang['start']['mailcow_panel_description'] = 'L\'UI di mailcow per gli amministratori e gli utenti di caselle.';
 $lang['start']['mailcow_panel_detail'] = '<b>Amministratori di dominio</b> crea, modifica o cancella caselle e alias, cambia i domini e informazioni relative ai domini associati.<br />
 	<b>Utenti di caselle</b> possono creare degli alias temporanei (spam aliases), cambiare la loro password e le impostazioni relative ai filtri spam.';
-$lang['start']['recommended_config'] = 'Configurazioni consigliate (senza ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'Dati server IMAP e SMTP';
-$lang['start']['imap_smtp_server_description'] = 'Per l\'esperienza migliore utilizzare <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Leggi e scrivi le email';
 $lang['start']['imap_smtp_server_auth_info'] = 'Please use your full email address and the PLAIN authentication mechanism.<br />
 Your login data will be encrypted by the server-side mandatory encryption.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Filtri email';
-$lang['start']['managesieve_description'] = 'Please use <b>Mozilla Thunderbird</b> with the <a style="text-decoration:none" target="_blank" href="%s"><b>nightly sieve extension</b></a>.<br />Start Thunderbird, open the add-on settings and drop the newly downloaded xpi file into the opened window.<br />The server name is <b>%s</b>, use port <b>4190</b> if you are asked for. The login data match your email login.';
-$lang['start']['service'] = 'Servizio';
-$lang['start']['encryption'] = 'Metodo di criptazione';
 $lang['start']['help'] = 'Mostra/Nascondi pannello di aiuto';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Porta';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Configurazione';
 $lang['header']['administration'] = 'Amministrazione';
 $lang['header']['mailboxes'] = 'Caselle';
 $lang['header']['user_settings'] = 'Impostazioni utente';
-$lang['header']['login'] = 'Accedi';
-$lang['header']['logged_in_as_logout'] = 'Accesso come <b>%s</b> (esci)';
 $lang['header']['logged_in_as_logout_dual'] = 'Accesso come <b>%s <span class="text-info">[%s]</span></b>';
-$lang['header']['locale'] = 'Lingua';
 $lang['mailbox']['domain'] = 'Dominio';
 $lang['mailbox']['spam_aliases'] = 'Alias temporanei';
 $lang['mailbox']['multiple_bookings'] = 'Multiple bookings';
 $lang['mailbox']['kind'] = 'Tipo';
 $lang['mailbox']['description'] = 'Descrizione';
 $lang['mailbox']['alias'] = 'Alias';
-$lang['mailbox']['resource_name'] = 'Nome risorsa';
 $lang['mailbox']['aliases'] = 'Aliases';
 $lang['mailbox']['domains'] = 'Domini';
 $lang['mailbox']['mailboxes'] = 'Caselle';
@@ -234,7 +185,6 @@ $lang['mailbox']['mailbox_quota'] = 'Massima dimensione della casella';
 $lang['mailbox']['domain_quota'] = 'Quota';
 $lang['mailbox']['active'] = 'Attiva';
 $lang['mailbox']['action'] = 'Azione';
-$lang['mailbox']['ratelimit'] = 'limite invio msg/h';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
 $lang['mailbox']['domain_aliases'] = 'Alias di domini';
 $lang['mailbox']['target_domain'] = 'Target domain';
@@ -244,20 +194,15 @@ $lang['mailbox']['fname'] = 'Nome completo';
 $lang['mailbox']['filter_table'] = 'Filra tabella';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Quota';
 $lang['mailbox']['in_use'] = 'In uso (%)';
 $lang['mailbox']['msg_num'] = 'Messaggio #';
 $lang['mailbox']['remove'] = 'Rimuovi';
 $lang['mailbox']['edit'] = 'Modifica';
-$lang['mailbox']['archive'] = 'Archivio';
-$lang['mailbox']['no_record'] = 'Nessun record per l\' oggetto %s';
-$lang['mailbox']['no_record_single'] = 'Nessun record';
 $lang['mailbox']['add_domain'] = 'Aggiungi Dominio';
 $lang['mailbox']['add_domain_alias'] = 'Aggiungi alias Dominio';
 $lang['mailbox']['add_mailbox'] = 'Aggiungi casella mail';
 $lang['mailbox']['add_resource'] = 'Aggiungi risorsa';
 $lang['mailbox']['add_alias'] = 'Aggiungi alias';
-$lang['mailbox']['add_domain_record_first'] = 'Perfavore aggiungi il dominio prima';
 $lang['mailbox']['empty'] = 'Nessun risultato';
 $lang['mailbox']['toggle_all'] = 'Inverti tutti';
 $lang['mailbox']['quick_actions'] = 'Azione veloce';
@@ -266,21 +211,6 @@ $lang['mailbox']['deactivate'] = 'Disattiva';
 
 $lang['info']['no_action'] = 'Azione non applicabile';
 
-$lang['delete']['title'] = 'Rimuovi oggetti';
-$lang['delete']['remove_domain_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere il dominio <b>%s</b>!';
-$lang['delete']['remove_syncjob_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere la sincronizzazione per l\'utente <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere l\' alias di dominio <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere l\' amministratore di dominio <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere l\' alias <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Attenzione:</b> Sei sicuro di voler rimuovere la casella di posta <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'La casella di posta sarà <b>eliminata definitivamente</b>!';
-$lang['delete']['remove_resource_warning'] = '<b>Attenzione:</b> Stai per rimuovere la risorsa <b>%s</b>!';
-$lang['delete']['remove_resource_details'] = 'La risorsa sarà <b>eliminata definitivamente</b>!';
-$lang['delete']['remove_domain_details'] = 'Questo rimuoverà anche gli alias di dominio.<br /><br /><b>Un dominio deve essere vuoto per essere rinmosso.</b>';
-$lang['delete']['remove_syncjob_details'] = 'Gli oggetti provenienti da questa sincronizzazione non verranno più estratti dal server remoto.';
-$lang['delete']['remove_alias_details'] = 'Gli utenti non potranno più ricevere posta per o inviare posta da questo indirizzo.</b>';
-$lang['delete']['remove_button'] = 'Rimuovi';
-$lang['delete']['previous'] = 'Pagina precedente';
 
 $lang['edit']['syncjob'] = 'Modifica sincronizzazione';
 $lang['edit']['save'] = 'Salva modifiche';
@@ -292,22 +222,17 @@ $lang['edit']['subfolder2'] = 'Sincronizza in una sottocartella<br /><small>(vuo
 $lang['edit']['mins_interval'] = 'Intervallo (min)';
 $lang['edit']['exclude'] = 'Escludi oggetti (regex)';
 $lang['edit']['save'] = 'Salva modifiche';
-$lang['edit']['archive'] = 'Archivia accesso';
 $lang['edit']['max_mailboxes'] = 'Caselle di posta massime';
 $lang['edit']['title'] = 'Modifica oggetto';
 $lang['edit']['target_address'] = 'Vai all\'indirizzo/es <small>(comma-separated)</small>';
 $lang['edit']['active'] = 'Attivo';
 $lang['edit']['target_domain'] = 'Target dominio';
 $lang['edit']['password'] = 'Password';
-$lang['edit']['ratelimit'] = 'Traffico uscita limite/ora';
-$lang['danger']['ratelimt_less_one'] = 'Traffico uscita limite/ora non deve essere inferiore a 1';
 $lang['edit']['password_repeat'] = 'Conferma password (riscrivila)';
 $lang['edit']['domain_admin'] = 'Modifica amministratore dominio';
 $lang['edit']['domain'] = 'Modifica dominio';
-$lang['edit']['alias_domain'] = 'Alias dominio';
 $lang['edit']['edit_alias_domain'] = 'Modifica Alias dominio';
 $lang['edit']['domains'] = 'Dominio';
-$lang['edit']['destroy'] = 'inserimento manuale dati';
 $lang['edit']['alias'] = 'Modifica alias';
 $lang['edit']['mailbox'] = 'Modifica casella di posta';
 $lang['edit']['description'] = 'Descrizione';
@@ -317,15 +242,10 @@ $lang['edit']['domain_quota'] = 'Spazio Dominio';
 $lang['edit']['backup_mx_options'] = 'Backup MX options';
 $lang['edit']['relay_domain'] = 'Relay dominio';
 $lang['edit']['relay_all'] = 'Relay tutti i destinatari';
-$lang['edit']['dkim_signature'] = 'Firma ARC + DKIM';
-$lang['edit']['dkim_record_info'] = '<small>Aggiungere un record TXT con il valore specificato nell\' pannello DNS.</small>';
 $lang['edit']['relay_all_info'] = '<small>Se si sceglie di <b>non</b> inviare tutti i destinatari, è necessario aggiungere una cassetta postale ("blind") per ogni singolo destinatario a cui deve essere inoltrato.</small>';
 $lang['edit']['full_name'] = 'Nome completo';
 $lang['edit']['quota_mb'] = 'Spazio (MiB)';
 $lang['edit']['sender_acl'] = 'Consenti di inviare come';
-$lang['edit']['sender_acl_info'] = 'Gli alias non possono essere deselezionati';
-$lang['edit']['dkim_txt_name'] = 'TXT record name:';
-$lang['edit']['dkim_txt_value'] = 'TXT record value:';
 $lang['edit']['previous'] = 'Pagina precedente';
 $lang['edit']['unchanged_if_empty'] = 'Se immutato lasciare vuoto';
 $lang['edit']['dont_check_sender_acl'] = "Disattiva il controllo del mittente per il dominio %s + alias domains";
@@ -340,22 +260,17 @@ $lang['add']['port'] = 'Porta';
 $lang['add']['username'] = 'Username';
 $lang['add']['enc_method'] = 'Metodo di criptazione';
 $lang['add']['mins_interval'] = 'intervallo di Pooling (minuti)';
-$lang['add']['maxage'] = 'Età massima dei messaggi che verranno interrogati dal server remoto (0 = ignora l\'età)';
-$lang['add']['subfolder2'] = 'Sincronizza in una sottocartella nella destinazione';
 $lang['add']['exclude'] = 'Escludi oggetti (regex)';
 $lang['add']['delete2duplicates'] = 'Elimina duplicati nella destinazione';
 $lang['add']['delete1'] = 'Elimina dalla sorgente al termine';
 $lang['edit']['delete2duplicates'] = 'Elimina duplicati nella destinazione';
 $lang['edit']['delete1'] = 'Elimina dalla sorgente al termine';
 
-$lang['add']['title'] = 'Aggiungi oggetti';
 $lang['add']['domain'] = 'Dominio';
 $lang['add']['active'] = 'Attiva';
 $lang['add']['multiple_bookings'] = 'Prenotazioni multiple';
-$lang['add']['save'] = 'Salva modifiche';
 $lang['add']['description'] = 'Descrizione:';
 $lang['add']['max_aliases'] = 'Numero massimo alias:';
-$lang['add']['resource_name'] = 'Nome della risorsa';
 $lang['add']['max_mailboxes'] = 'Numero massimo caselle di posta:';
 $lang['add']['mailbox_quota_m'] = 'Spazio massimo per casella di posta (MiB):';
 $lang['add']['domain_quota_m'] = 'Spazio totale dominio (MiB):';
@@ -363,8 +278,6 @@ $lang['add']['backup_mx_options'] = 'Backup MX options:';
 $lang['add']['relay_all'] = 'Trasmettere a tutti i destinatari';
 $lang['add']['relay_domain'] = 'Trasmetti questo dominio';
 $lang['add']['relay_all_info'] = '<small>Se si sceglie di <b>non</b> inviare tutti i destinatari, è necessario aggiungere una cassetta postale ("blind") per ogni singolo destinatario a cui deve essere inoltrato.</small>';
-$lang['add']['alias'] = 'Alias(es)';
-$lang['add']['alias_spf_fail'] = '<b>Nota:</b> Se l\'indirizzo di destinazione scelto è una casella mail esterna, il <b>server mail ricevente</b> potrebbe rifiutare il messaggio a causa dell\' SPF.</a>';
 $lang['add']['alias_address'] = 'Indirizzo alias/es:';
 $lang['add']['alias_address_info'] = '<small>Indirizzo e-mail completo/es @example.com, per catturare tutti i messaggi di un dominio (separati da virgola). <b>solo domini mailcow</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Solo nomi di dominio validi (cseparati da virgola).</small>';
@@ -373,8 +286,6 @@ $lang['add']['target_address_info'] = '<small>Indirizzo e-mail completo/es (sepa
 $lang['add']['alias_domain'] = 'Dominio alias';
 $lang['add']['select'] = 'Perfavore seleziona...';
 $lang['add']['target_domain'] = 'Target dominio:';
-$lang['add']['mailbox'] = 'Casella di posta';
-$lang['add']['resource'] = 'Risorsa';
 $lang['add']['kind'] = 'Genere';
 $lang['add']['mailbox_username'] = 'Username (parte a sinistra della @):';
 $lang['add']['full_name'] = 'Nome completo:';
@@ -382,19 +293,11 @@ $lang['add']['quota_mb'] = 'Spazio (MiB):';
 $lang['add']['select_domain'] = 'Perfavore seleziona il dominio prima';
 $lang['add']['password'] = 'Password:';
 $lang['add']['password_repeat'] = 'Conferma password (riscrivi):';
-$lang['add']['previous'] = 'Pagina precedente';
 $lang['add']['restart_sogo_hint'] = 'Dovrai riavviare il servizio SOGo dopo aver aggiunto un nuovo dominio!';
 
-$lang['login']['title'] = 'Accedi';
-$lang['login']['administration'] = 'Amministrazione';
-$lang['login']['administration_details'] = 'Utilizza il login di amministratore per eseguire attività amministrative.';
-$lang['login']['user_settings'] = 'Settaggi utente';
-$lang['login']['user_settings_details'] = 'Gli utenti delle caselle mail possono utilizzare l\'interfaccia utente di mailcow per modificare le password, creare alias temporanei e regolare il comportamento del filtro anti-spam o importare messaggi da un server IMAP remoto.';
 $lang['login']['username'] = 'Username';
 $lang['login']['password'] = 'Password';
-$lang['login']['reset_password'] = 'Reset password';
 $lang['login']['login'] = 'Login';
-$lang['login']['previous'] = "Pagina precendente";
 $lang['login']['delayed'] = 'L\'accesso è stato ritardato di %s secondi.';
 $lang['tfa']['tfa'] = "Autenticazione a due fattori";
 $lang['tfa']['set_tfa'] = "Imposta il metodo di autenticazione a due fattori";
@@ -403,16 +306,12 @@ $lang['tfa']['key_id'] = "Identificatore per il tuo YubiKey";
 $lang['tfa']['key_id_totp'] = "Identificatore per la tua chiave";
 $lang['tfa']['api_register'] = 'mailcow usa le Api Yubico Cloud. Richiedi una Chiave API <a href="https://upgrade.yubico.com/getapikey/" target="_blank">qui</a>';
 $lang['tfa']['u2f'] = "Autenticazione U2F";
-$lang['tfa']['hotp'] = "Autenticazione HOTP";
 $lang['tfa']['totp'] = "Autenticazione TOTP";
 $lang['tfa']['none'] = "Disattiva";
 $lang['tfa']['delete_tfa'] = "Disabilita TFA";
 $lang['tfa']['disable_tfa'] = "Disabilita TFA fino al prossimo accesso";
-$lang['tfa']['confirm_tfa'] = "Conferma la password nel capo sottostante";
 $lang['tfa']['confirm'] = "Conferma";
-$lang['tfa']['otp'] = "Password provvisoria";
 $lang['tfa']['totp'] = "Time-based OTP (Google Authenticator etc.)";
-$lang['tfa']['trash_login'] = "Trash login";
 $lang['tfa']['select'] = "Seleziona";
 $lang['tfa']['waiting_usb_auth'] = "<i>Attendo il device USB...</i><br /><br />Tocca ora il pulsante sul dispositivo U2F USB.";
 $lang['tfa']['waiting_usb_register'] = "<i>Attendo il device USB...</i><br /><br />Inserisci la tua password sopra e conferma la tua registrazione U2F toccando il pulsante del dispositivo U2F USB.";
@@ -421,40 +320,14 @@ $lang['tfa']['enter_qr_code'] = "Il codice TOTP se il tuo dispositivo non è in
 $lang['tfa']['confirm_totp_token'] = "Conferma le modifiche inserendo il token generato";
 
 $lang['admin']['search_domain_da'] = 'Ricerca domini';
-$lang['admin']['restrictions'] = 'Restrizioni Postfix';
-$lang['admin']['rr'] = 'Restrizioni del destinatario di Postfix';
-$lang['admin']['sr'] = 'Restrizioni del mittente di Postfix';
-$lang['admin']['reset_defaults'] = 'Ripristina i valori di default';
-$lang['admin']['sr'] = 'Restrizioni del mittente di Postfix';
 $lang['admin']['r_inactive'] = 'Restrizioni inattive';
 $lang['admin']['r_active'] = 'Restrizioni attive';
 $lang['admin']['r_info'] = 'Gli elementi disabilitati nell\'elenco delle restrizioni attive non sono conosciute come restrizioni valide per la posta e non possono essere spostate. Le restrizioni sconosciute verranno comunque impostate in ordine di aspetto. <br />Puoi aggiungere nuovi elementi in <code>inc/vars.local.inc.php</code> per poterli attivare.';
-$lang['admin']['public_folders'] = 'Cartelle pubbliche';
-$lang['admin']['public_folders_text'] = 'Verrà creato uno spazio "Public". Di seguito il nome della cartella pubblica indica il nome della prima casella di posta automaticamente creata all\'interno di questo spazio.';
-$lang['admin']['public_folder_name'] = 'Nome cartella <small>(alfanumerico)</small>';
-$lang['admin']['public_folder_enable'] = 'Abilita cartella public';
-$lang['admin']['public_folder_enable_text'] = 'Procedere con questa operazione, non eliminerà nessuna cartella pubblica.';
-$lang['admin']['public_folder_pusf'] = 'Abilita flag per utente';
-$lang['admin']['public_folder_pusf_text'] = 'Quando è abilitato il flag per utente, un messaggio non verrà contrassegnato come letto per l\'utente B, quando l\'utente A lo ha visto, ma l\'utente B non lo ha fatto.';
-$lang['admin']['privacy'] = 'Privacy';
-$lang['admin']['privacy_text'] = 'Questa opzione abilita una tabella per rimuovere "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" e sostituisce "Ricevuta: da" con intestazione localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Rende anonima la posta in uscita';
-$lang['admin']['dkim_txt_name'] = 'Nome TXT record:';
-$lang['admin']['dkim_txt_value'] = 'Valore TXT record:';
 $lang['admin']['dkim_key_length'] = 'DKIM key length (bits)';
 $lang['admin']['dkim_key_valid'] = 'Key valida';
 $lang['admin']['dkim_key_unused'] = 'Key non usata';
 $lang['admin']['dkim_key_missing'] = 'Key mancante';
-$lang['admin']['dkim_key_hint'] = 'Il selettore per chiave DKIM è sempre <code>dkim</code>.';
-$lang['admin']['previous'] = 'Pagina precedente';
-$lang['admin']['quota_mb'] = 'Spazio (MiB):';
-$lang['admin']['sender_acl'] = 'Consenti di inviare come:';
-$lang['admin']['msg_size'] = 'Dimensione del messaggio';
-$lang['admin']['msg_size_limit'] = 'Limita la dimensione del messaggio';
-$lang['admin']['msg_size_limit_details'] = 'Applicare un nuovo limite richiede il riavvio di Postfix e del webserver.';
 $lang['admin']['save'] = 'Salva modifiche';
-$lang['admin']['maintenance'] = 'Manutenzione e informazione';
-$lang['admin']['sys_info'] = 'Informazioni di sistema';
 $lang['admin']['dkim_add_key'] = 'Aggiungi chiave ARC/DKIM';
 $lang['admin']['dkim_keys'] = 'chiave ARC/DKIM';
 $lang['admin']['add'] = 'Aggiungi';
@@ -476,10 +349,6 @@ $lang['admin']['unchanged_if_empty'] = 'Se immutato lasciare vuoto';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Accedi';
-$lang['admin']['invalid_max_msg_size'] = 'Valore non valido della massima dimensione del messaggio';
-$lang['admin']['site_not_found'] = 'Impossibile torvare la configurazione di mailcow';
-$lang['admin']['public_folder_empty'] = 'Il nome della cartella pubblica non può essere vuoto';
-$lang['admin']['set_rr_failed'] = 'Impossibile impostare restrizioni Postfix';
 $lang['admin']['no_record'] = 'Nessun risultato';
 $lang['admin']['filter_table'] = 'Tabella filtro';
 $lang['admin']['empty'] = 'Nessun risultato';
@@ -489,7 +358,6 @@ $lang['admin']['forwarding_hosts_add_hint'] = 'È possibile specificare indirizz
 $lang['edit']['host'] = 'Host';
 $lang['edit']['source'] = 'Sorgente';
 $lang['admin']['add_forwarding_host'] = 'Aggiungi host inoltro';
-$lang['delete']['remove_forwardinghost_warning'] = '<b>Attenzione:</b> Stai per rimuovere l\'host di inoltro <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Inoltro dell' host %s è stato rimosso";
 $lang['success']['forwarding_host_added'] = "Inoltro dell' host %s è stato aggiunto";
 ?>
diff --git a/data/web/lang/lang.nl.php b/data/web/lang/lang.nl.php
index 415d271f..9ee43cc8 100644
--- a/data/web/lang/lang.nl.php
+++ b/data/web/lang/lang.nl.php
@@ -8,12 +8,7 @@ $lang['header']['restart_sogo'] = 'SOGo herstarten';
 $lang['footer']['restart_sogo'] = 'SOGo herstarten';
 $lang['footer']['restart_now'] = 'Nu opnieuw starten';
 $lang['footer']['restart_sogo_info'] = 'Sommige taken, zoals het toevoegen van een domein, vereisen een herstart van SOGo om de veranderingen door te voeren.<br><br><b>Belangrijk:</b> Het opnieuw opstarten kan een poos duren, wacht a.u.b. totdat dit volledig voltooid is.';
-$lang['dkim']['confirm'] = "Weet u het zeker?";
-$lang['danger']['dkim_not_found'] = "DKIM record niet gevonden.";
-$lang['danger']['dkim_remove_failed'] = "Kan geselecteerde DKIM record niet verwijderen.";
-$lang['danger']['dkim_add_failed'] = "Kan  DKIM record niet toevoegen.";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "DKIM domein of selector zijn ongeldig.";
-$lang['danger']['dkim_key_length_invalid'] = "Lengte DKIM sleutel ongeldig.";
 $lang['success']['dkim_removed'] = "DKIM record is verwijderd.";
 $lang['success']['dkim_added'] = "DKIM record is opgeslagen.";
 $lang['danger']['access_denied'] = "Toegang geweigerd of ongeldige gegevens.";
@@ -25,8 +20,6 @@ $lang['danger']['alias_empty'] = "Aliasadres mag niet leeg blijven.";
 $lang['danger']['goto_empty'] = "Doeladres mag niet leeg blijven.";
 $lang['danger']['policy_list_from_exists'] = "Deze invoer bestaat al.";
 $lang['danger']['policy_list_from_invalid'] = "Deze invoer heeft een ongeldig format.";
-$lang['danger']['whitelist_exists'] = "Deze invoer staat op de witte lijst.";
-$lang['danger']['whitelist_from_invalid'] = "Witte lijst invoer heeft een ongeldig format.";
 $lang['danger']['alias_invalid'] = "Aliasadres is ongeldig.";
 $lang['danger']['goto_invalid'] = "Doeladres is ongeldig.";
 $lang['danger']['alias_domain_invalid'] = "Aliasdomein is ongeldig.";
@@ -38,26 +31,19 @@ $lang['danger']['aliasd_targetd_identical'] = "Het Aliasdomein kan niet gelijk z
 $lang['success']['alias_added'] = "Aliasadres(sen) toegevoegd.";
 $lang['success']['alias_modified'] = "Wijzigingen aan Alias zijn opgeslagen.";
 $lang['success']['mailbox_modified'] = "Wijzigingen aan postvak %s zijn opgeslagen.";
-$lang['success']['msg_size_saved'] = "Maximale berichtgrootte opgeslagen.";
-$lang['danger']['aliasd_not_found'] = "Aliasdomein werd niet gevonden.";
 $lang['danger']['targetd_not_found'] = "Doeldomein werd niet gevonden.";
-$lang['danger']['aliasd_exists'] = "Aliasdomein bestaat al.";
 $lang['success']['aliasd_added'] = "Aliasdomein %s toegevoegd.";
 $lang['success']['aliasd_modified'] = "Wijzigingen aan aliasdomein %s zijn opgeslagen.";
 $lang['success']['domain_modified'] = "Wijzigingen aan domein %s zijn opgeslagen.";
 $lang['success']['domain_admin_modified'] = "Wijzigingen aan domeinbeheerder %s zijn opgeslagen.";
 $lang['success']['domain_admin_added'] = "Domeinbeheerder %s is toegevoegd.";
-$lang['success']['changes_general'] = 'Wijzigingen zijn opgeslagen.';
 $lang['success']['admin_modified'] = "Wijzigingen aan de beheerder zijn opgeslagen.";
-$lang['danger']['exit_code_not_null'] = "Fout: Exitcode was %d.";
-$lang['danger']['mailbox_not_available'] = "Postvak niet beschikbaar.";
 $lang['danger']['username_invalid'] = "Gebruikersnaam kan niet worden gebruikt.";
 $lang['danger']['password_mismatch'] = "Bevestigingswachtwoord verschilt.";
 $lang['danger']['password_complexity'] = "Het wachtwoord voldoet niet aan de vereisten.";
 $lang['danger']['password_empty'] = "Er moet een wachtwoord worden ingesteld.";
 $lang['danger']['login_failed'] = "Aanmelding mislukt.";
 $lang['danger']['mailbox_invalid'] = "De naam van het postvak is ongeldig.";
-$lang['danger']['mailbox_invalid_suggest'] = "De naam van het postvak is ongeldig, bedoelde u \"%s\"?";
 $lang['info']['fetchmail_planned'] = "Taak voor het ophalen van e-mails is gepland. Controleer dit proces later.";
 $lang['danger']['fetchmail_source_empty'] = "Geef een bron-map op.";
 $lang['danger']['fetchmail_dest_empty'] = "Geef een doel-map op.";
@@ -81,15 +67,10 @@ $lang['danger']['mailboxes_in_use'] = "Maximaal aantal postvakken moet >= %d.";
 $lang['danger']['aliases_in_use'] = "Maximaal aantal aliassen moet >= %d.";
 $lang['danger']['sender_acl_invalid'] = "Verzender ACL-waarde is ongeldig.";
 $lang['danger']['domain_not_empty'] = "Kan domein in gebruik niet verwijderen.";
-$lang['warning']['spam_alias_temp_error'] = "Tijdelijke fout: Kan geen spam-alias toevoegen. Probeer het later nogmaals.";
-$lang['danger']['spam_alias_max_exceeded'] = "Maximaal aantal spam-aliassen bereikt.";
 $lang['danger']['fetchmail_active'] = "Er draait reeds een proces, wacht tot deze klaar is.";
 $lang['danger']['validity_missing'] = 'Voer een geldigheidstermijn in.';
-$lang['user']['on'] = "Aan";
-$lang['user']['off'] = "Uit";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Gebruikersinstellingen';
-$lang['user']['mailbox_settings'] = 'Postvakinstellingen';
 $lang['user']['mailbox_details'] = 'Postvakdetails';
 $lang['user']['change_password'] = 'Verander wachtwoord';
 $lang['user']['new_password'] = 'Nieuw wachtwoord';
@@ -97,7 +78,6 @@ $lang['user']['save_changes'] = 'Wijzigingen opslaan';
 $lang['user']['password_now'] = 'Huidig wachtwoord (bevestig wijzigingen)';
 $lang['user']['new_password_repeat'] = 'Bevestig wachtwoord (herhalen)';
 $lang['user']['new_password_description'] = 'Vereisten: 6 karakters lang, letters en nummers.';
-$lang['user']['did_you_know'] = '<b>Wist u dat?</b> U kunt tags in het e-mailadres gebruiken ("me+<b>prive</b>@voorbeeld.nl") om berichten automatisch naar een bijbehorende map te sturen (voorbeeld: "prive").';
 $lang['user']['spam_aliases'] = 'Tijdelijk e-mailadres';
 $lang['user']['alias'] = 'Alias';
 $lang['user']['alias_create_random'] = 'Creëer willekeurige alias';
@@ -135,8 +115,6 @@ $lang['user']['tls_enforce_in'] = 'Forceer TLS-gebruik inkomend';
 $lang['user']['tls_enforce_out'] = 'Forceer TLS-gebruik uitgaand';
 $lang['user']['no_record'] = 'Geen vermelding.';
 
-$lang['user']['misc_settings'] = 'Andere profielinstellingen';
-$lang['user']['misc_delete_profile'] = 'Andere profielinstellingen';
 $lang['user']['tag_handling'] = 'Omgaan met e-mail tags';
 $lang['user']['tag_in_subfolder'] = 'In onderliggende map';
 $lang['user']['tag_in_subject'] = 'In onderwerp';
@@ -144,36 +122,16 @@ $lang['user']['tag_in_none'] = 'Niets doen';
 $lang['user']['tag_help_explain'] = 'In onderliggende map: maakt onder INBOX een nieuwe map aan met de naam van de tag (bijv.: "INBOX/Facebook").<br>
 In onderwerp: de tag wordt vóór het oorspronkelijke e-mail onderwerp geplaatst (bijv.: "[Facebook] Mijn nieuws").';
 $lang['user']['tag_help_example'] = 'Voorbeeld van een e-mailadres met tag: ik<b>+Facebook</b>@voorbeeld.org';
-$lang['start']['dashboard'] = '%s - startpagina';
-$lang['start']['start_rc'] = 'Open Roundcube';
-$lang['start']['start_sogo'] = 'Open SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Gebruik een mailcow app om toegang te hebben tot uw e-mails, kalender, contactpersonen en meer.';
-$lang['start']['mailcow_panel'] = 'Start mailcow UI';
-$lang['start']['mailcow_panel_description'] = 'De mailcow UI is beschikbaar voor zowel beheerders als gebruikers.';
 $lang['start']['mailcow_panel_detail'] = '<b>Domeinbeheerders</b> kunnen postvakken en aliassen aanmaken, wijzigen of verwijderen, domeinen veranderen of informatie krijgen over hun domein.<br>
 	<b>Gebruikers</b> kunnen tijdsgelimiteerde aliassen (spam-aliasses) aanmaken, hun wachtwoord wijzigen en spamfilterinstellingen wijzigen.';
-$lang['start']['recommended_config'] = 'Aanbevoen instellingen (zonder ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP- en SMTP-server gegevens';
-$lang['start']['imap_smtp_server_description'] = 'Voor de best mogelijke ervaring bevelen wij <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a> aan.';
-$lang['start']['imap_smtp_server_badge'] = 'Lees/schrijf e-mails';
 $lang['start']['imap_smtp_server_auth_info'] = 'Gebruik uw volledige e-mailadres en de onversleutelde (PLAIN) verificatiemechanisme.<br>
 De aanmeldgegevens zullen door de server worden versleuteld.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Emailfilter';
-$lang['start']['managesieve_description'] = 'Gebruik <b>Mozilla Thunderbird</b> met een <a style="text-decoration:none" target="_blank" href="%s"><b>nightly sieve addon</b></a>.<br>Start Thunderbird, open de add-on instellingen en sleep het gedownloadde xpi-bestand naar dit venster.<br>Servernaam <b>%s</b>, Poort <b>4190</b>. De aanmeldgegevens zijn gelijk aan de gegevens voor uw e-mail.';
-$lang['start']['service'] = 'Service';
-$lang['start']['encryption'] = 'Versleutelmethode';
 $lang['start']['help'] = 'Toon/Verberg Hulppaneel';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Poort';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Instellingen';
 $lang['header']['administration'] = 'Beheer';
 $lang['header']['mailboxes'] = 'Postvakken';
 $lang['header']['user_settings'] = 'Gebruikersinstellingen';
-$lang['header']['login'] = 'Aanmelden';
-$lang['header']['logged_in_as_logout'] = 'Aangemeld als <b>%s</b> (Afmelden)';
-$lang['header']['locale'] = 'Taal';
 $lang['mailbox']['domain'] = 'Domein';
 $lang['mailbox']['alias'] = 'Alias';
 $lang['mailbox']['aliases'] = 'Aliassen';
@@ -183,7 +141,6 @@ $lang['mailbox']['mailbox_quota'] = 'Max. grootte van een postvak';
 $lang['mailbox']['domain_quota'] = 'Quotum';
 $lang['mailbox']['active'] = 'Actief';
 $lang['mailbox']['action'] = 'Handeling';
-$lang['mailbox']['ratelimit'] = 'Maximale snelheid uitgaand/uur';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
 $lang['mailbox']['domain_aliases'] = 'Domein-aliassen';
 $lang['mailbox']['target_domain'] = 'Doeldomein';
@@ -193,13 +150,10 @@ $lang['mailbox']['fname'] = 'Volledige naam';
 $lang['mailbox']['filter_table'] = 'Filter tabel';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Quotum';
 $lang['mailbox']['in_use'] = 'In gebruik (%)';
 $lang['mailbox']['msg_num'] = 'Berichten #';
 $lang['mailbox']['remove'] = 'Verwijder';
 $lang['mailbox']['edit'] = 'Wijzig';
-$lang['mailbox']['archive'] = 'Archief';
-$lang['mailbox']['no_record'] = 'Geen vermelding';
 $lang['mailbox']['add_domain'] = 'Toevoegen domein';
 $lang['mailbox']['add_domain_alias'] = 'Toevoegen domein-alias';
 $lang['mailbox']['add_mailbox'] = 'Toevoegen postvak';
@@ -207,35 +161,19 @@ $lang['mailbox']['add_alias'] = 'Toevoegen alias';
 
 $lang['info']['no_action'] = 'Geen handelingen uitvoerbaar';
 
-$lang['delete']['title'] = 'Verwijder object';
-$lang['delete']['remove_domain_warning'] = '<b>Let op:</b> U staat op het punt domein <b>%s</b> te verwijderen!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Let op:</b> U staat op het punt domeinalias <b>%s</b> te verwijderen!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Let op:</b> U staat op het punt domeinbeheerder <b>%s</b> te verwijderen!';
-$lang['delete']['remove_alias_warning'] = '<b>Let op:</b> U staat op het punt alias <b>%s</b> te verwijderen!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Let op::</b> U staat op het punt postvak <b>%s</b> te verwijderen!';
-$lang['delete']['remove_mailbox_details'] = 'Het postvak zal <b>permanent</b> worden verwijderd!';
-$lang['delete']['remove_domain_details'] = 'Dit verwijdert ook de domeinaliassen. <br><br><b>Een domein moet leeg zijn alvorens deze verwijderd kan worden.</b>';
-$lang['delete']['remove_alias_details'] = '<b>Gebruikers zullen niet meer in staat zijn e-mails te ontvangen op -of te versturen vanaf- dit adres.</b>';
-$lang['delete']['remove_button'] = 'Verwijder';
-$lang['delete']['previous'] = 'Vorige pagina';
 
 $lang['edit']['save'] = 'Wijzigingen opslaan';
-$lang['edit']['archive'] = 'Toegang tot archief';
 $lang['edit']['max_mailboxes'] = 'Max. aantal postvakken:';
 $lang['edit']['title'] = 'Wijzig object';
 $lang['edit']['target_address'] = 'Doeladres(sen) <small>(scheiden met komma)</small>:';
 $lang['edit']['active'] = 'Actief';
 $lang['edit']['target_domain'] = 'Doeldomein:';
 $lang['edit']['password'] = 'Wachtwoord:';
-$lang['edit']['ratelimit'] = 'Uitgaande e-mail beperking (aantal/uur):';
-$lang['danger']['ratelimt_less_one'] = 'De uitgaande e-mail beperking moet >= 1';
 $lang['edit']['password_repeat'] = 'Bevestig wachtwoord (herhalen):';
 $lang['edit']['domain_admin'] = 'Wijzig domeinbeheerder';
 $lang['edit']['domain'] = 'Wijzig domein';
-$lang['edit']['alias_domain'] = 'Aliasdomein';
 $lang['edit']['edit_alias_domain'] = 'Wijzig aliasdomein';
 $lang['edit']['domains'] = 'Domeinen';
-$lang['edit']['destroy'] = 'Handmatige invoer';
 $lang['edit']['alias'] = 'Wijzig alias';
 $lang['edit']['mailbox'] = 'Wijzig postvak';
 $lang['edit']['description'] = 'Beschrijving:';
@@ -245,24 +183,17 @@ $lang['edit']['domain_quota'] = 'Domeinquotum';
 $lang['edit']['backup_mx_options'] = 'Backup MX opties:';
 $lang['edit']['relay_domain'] = 'Doorschakeldomein';
 $lang['edit']['relay_all'] = 'Schakel alle ontvangers door';
-$lang['edit']['dkim_signature'] = 'ARC + DKIM handtekening:';
-$lang['edit']['dkim_record_info'] = '<small>Voeg de volgende TXT-record toe aan de DNS-instellingen van uw domein.</small>';
 $lang['edit']['relay_all_info'] = '<small>Indien u ervoor kiest om <b>niet</b> alle ontvangers door te schakelen, dient u per ontvanger die u wenst door te schakelen een (lege) postvak aan te maken.</small>';
 $lang['edit']['full_name'] = 'Volledige naam';
 $lang['edit']['quota_mb'] = 'Quotum (MiB)';
 $lang['edit']['sender_acl'] = 'Toestaan te verzenden als:';
-$lang['edit']['sender_acl_info'] = 'Aliassen kunnen niet worden deselecteerd.';
-$lang['edit']['dkim_txt_name'] = 'Naam TXT-record:';
-$lang['edit']['dkim_txt_value'] = 'Waarde TXT-record:';
 $lang['edit']['previous'] = 'Vorige pagina';
 $lang['edit']['unchanged_if_empty'] = 'Leeg laten indien niet veranderd.';
 $lang['edit']['dont_check_sender_acl'] = 'Geen zenderverificatie uitvoeren voor domein %s.';
 
 $lang['add']['port'] = 'Port';
-$lang['add']['title'] = 'Object toevoegen';
 $lang['add']['domain'] = 'Domein';
 $lang['add']['active'] = 'Actief';
-$lang['add']['save'] = 'Wijzigingen opslaan';
 $lang['add']['description'] = 'Beschrijving:';
 $lang['add']['max_aliases'] = 'Max. aantal aliassen:';
 $lang['add']['max_mailboxes'] = 'Max. aantal postvakken:';
@@ -272,8 +203,6 @@ $lang['add']['backup_mx_options'] = 'Backup MX opties:';
 $lang['add']['relay_all'] = 'Doorschakelen van alle ontvangers';
 $lang['add']['relay_domain'] = 'Schakel dit domein door';
 $lang['add']['relay_all_info'] = '<small>Indien u ervoor kiest om <b>niet</b> alle ontvangers door te schakelen, moet u voor iedere ontvanger die u wenst door te schakelen een een (lege) mailbox aanmaken.</small>';
-$lang['add']['alias'] = 'Alias(sen)';
-$lang['add']['alias_spf_fail'] = '<b>Opmerking:</b> Als het gekozen doeladres een extern postvak is, kan de <b>ontvangende mailservver</b> mogelijk het bericht weigeren vanwege niet kloppende SPF-gegevens.</a>';
 $lang['add']['alias_address'] = 'Aliasadres(sen):';
 $lang['add']['alias_address_info'] = '<small>Volledig(e) emailadres(sen) of @voorbeeld.nl om alle berichten op te vangen van een domein (scheiden met komma). <b>Alleen mailcow-domeinen!</b></small>';
 $lang['add']['alias_domain_info'] = '<small>Alleen geldige domeinen (scheiden met komma).</small>';
@@ -282,26 +211,17 @@ $lang['add']['target_address_info'] = '<small>Volledig(e) e-mailadres(sen) (sche
 $lang['add']['alias_domain'] = 'Aliasdomein';
 $lang['add']['select'] = 'Kies uit...';
 $lang['add']['target_domain'] = 'Doeldomein:';
-$lang['add']['mailbox'] = 'Postvak';
 $lang['add']['mailbox_username'] = 'Gebruikersnaam (linker deel van het e-mailadres):';
 $lang['add']['full_name'] = 'Volledige naam:';
 $lang['add']['quota_mb'] = 'Quotum (MiB):';
 $lang['add']['select_domain'] = 'Selecteer eerst een domein';
 $lang['add']['password'] = 'Wachtwoord:';
 $lang['add']['password_repeat'] = 'Bevestig wachtwoord (herhalen):';
-$lang['add']['previous'] = 'Vorige pagina';
 $lang['add']['restart_sogo_hint'] = 'SOGo dient opnieuw te worden gestart nadat een domein is toegevoegd!';
 
-$lang['login']['title'] = 'Aanmelden';
-$lang['login']['administration'] = 'Beheer';
-$lang['login']['administration_details'] = 'Gebruik uw beheerders-login om administratieve taken uit te voeren.';
-$lang['login']['user_settings'] = 'Gebruikersinstellingen';
-$lang['login']['user_settings_details'] = 'Mailbox-gebruikers kunnen in het mailcow-gebruikersbeheer hun wachtwoorden wijzigen, tijdelijke aliassen aanmaken (tegengaan van spam), de spamfilter aanpassen of berichten van externe IMAP-servers importeren.';
 $lang['login']['username'] = 'Gebruikersnaam';
 $lang['login']['password'] = 'Wachtwoord';
-$lang['login']['reset_password'] = 'Wijzig mijn wachtwoord';
 $lang['login']['login'] = 'Aanmelden';
-$lang['login']['previous'] = "Vorige pagina";
 $lang['login']['delayed'] = 'Aanmelding met %s sec. vertraagd.';
 
 $lang['login']['tfa'] = "Two-factor authentication";
@@ -311,34 +231,10 @@ $lang['login']['otp'] = "Eenmalig wachtwoord";
 $lang['login']['trash_login'] = "Verwijder login";
 
 $lang['admin']['search_domain_da'] = 'Doorzoek domeinen';
-$lang['admin']['restrictions'] = 'Postfix beperkingen';
-$lang['admin']['rr'] = 'Postfix ontvangersbeperkingen';
-$lang['admin']['sr'] = 'Postifx verzendersbeperkingen';
-$lang['admin']['reset_defaults'] = 'Herstel standaardwaarden';
 $lang['admin']['r_inactive'] = 'Inactieve beperkingen';
 $lang['admin']['r_active'] = 'Actieve beperkignen';
 $lang['admin']['r_info'] = 'Grijze, uitgeschakelde, elementen in de lijst met actieve beperkingen zijn voor mailcow niet bekend als valide en kunnen daarom niet verplaatst worden.<br>U kunt nieuwe elementen toevoegen in <code>inc/vars.inc.php</code> om ze te (de)activeren.';
-$lang['admin']['public_folders'] = 'Gemeenschappelijke mappen';
-$lang['admin']['public_folders_text'] = 'Een namespace "Public" wordt aangemaakt. Onder deze map worden de automatisch aangemaakte postvakken in deze namespace weergegeven.';
-$lang['admin']['public_folder_name'] = 'Mapnaam <small>(alphanumeriek)</small>';
-$lang['admin']['public_folder_enable'] = 'Inschakelen gemeenschappelijke map';
-$lang['admin']['public_folder_enable_text'] = 'Deze optie uitschakelen verwijderd géén e-mails uit de gemeenschappelijke mappen.';
-$lang['admin']['public_folder_pusf'] = 'De \'gelezen\'-markering per gebruiker';
-$lang['admin']['public_folder_pusf_text'] = 'Deze "\'gelezen\'-markering per gebruiker"-optie zorgt ervoor dat er per gebruiker afzonderlijk wordt bepaald of deze het bericht heeft gelezen.';
-$lang['admin']['privacy'] = 'Privacy';
-$lang['admin']['privacy_text'] = 'Deze optie activeert een PCRE-tabel die de "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP"-headers verwijderd en de "Received: from"-headers vervangt met localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Anonimiseer uitgaande e-mails';
-$lang['admin']['dkim_txt_name'] = 'Naam TXT-record:';
-$lang['admin']['dkim_txt_value'] = 'Waarde TXT-record:';
 $lang['admin']['dkim_key_length'] = 'DKIM sleutel lengte (bits)';
-$lang['admin']['previous'] = 'Vorige pagina';
-$lang['admin']['quota_mb'] = 'Quotum (MiB):';
-$lang['admin']['sender_acl'] = 'Toestaan te verzenden als:';
-$lang['admin']['msg_size'] = 'Berichtgrootte';
-$lang['admin']['msg_size_limit'] = 'Huidige limiet berichtgroote';
-$lang['admin']['msg_size_limit_details'] = 'Een nieuw limiet doorvoeren zal Postfix en de webserver herladen.';
-$lang['admin']['maintenance'] = 'Onderhoud en informatie';
-$lang['admin']['sys_info'] = 'Systeeminformatie';
 $lang['admin']['dkim_add_key'] = 'ARC/DKIM-record toevoegen';
 $lang['admin']['dkim_keys'] = 'ARC/DKIM records';
 $lang['admin']['add'] = 'Toevoegen';
@@ -360,8 +256,4 @@ $lang['admin']['unchanged_if_empty'] = 'Leeg laten indien onveranderd';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Toegang';
-$lang['admin']['invalid_max_msg_size'] = 'Ongeldige max. berichtgrootte';
-$lang['admin']['site_not_found'] = 'Kan mailcow instellingenbeheer niet vinden';
-$lang['admin']['public_folder_empty'] = 'Namen van gemeenschappelijke mappen mogen niet leeg blijven.';
-$lang['admin']['set_rr_failed'] = 'Kan Postfix beperkingen niet opleggen.';
 $lang['admin']['no_record'] = 'Geen vermelding';
diff --git a/data/web/lang/lang.pl.php b/data/web/lang/lang.pl.php
index 497fe42b..322e0925 100644
--- a/data/web/lang/lang.pl.php
+++ b/data/web/lang/lang.pl.php
@@ -14,16 +14,10 @@ $lang['footer']['delete_these_items'] = 'Czy jesteś pewien, że chcesz usunąć
 $lang['footer']['delete_now'] = 'Usuń teraz';
 $lang['footer']['cancel'] = 'Anuluj';
 
-$lang['dkim']['confirm'] = 'Na pewno?';
-$lang['danger']['dkim_not_found'] = 'Nie znaleziono klucza DKIM';
-$lang['danger']['dkim_remove_failed'] = 'Nie można usunšć wybranego klucza DKIM';
-$lang['danger']['dkim_add_failed'] = 'Nie można dodać danego klucza DKIM';
 $lang['danger']['dkim_domain_or_sel_invalid'] = 'Nieprawidłowa domena lub selektor DKIM';
-$lang['danger']['dkim_key_length_invalid'] = 'Nieprawidłowa długość klucza DKIM';
 $lang['success']['dkim_removed'] = 'Klucz DKIM %s został usunięty';
 $lang['success']['dkim_added'] = 'Klucz DKIM został zapisany';
 $lang['danger']['access_denied'] = 'Odmowa dostępu lub nieprawidłowe dane w formularzu';
-$lang['danger']['whitelist_from_invalid'] = 'Nieprawidłowy wpis na białą listę';
 $lang['danger']['domain_invalid'] = 'Błędna nazwa domeny';
 $lang['danger']['mailbox_quota_exceeds_domain_quota'] = 'Maksymalna wartość przekracza limit domeny';
 $lang['danger']['object_is_not_numeric'] = 'Wartość %s nie jest liczbą';
@@ -34,8 +28,6 @@ $lang['danger']['last_key'] = 'Nie można usunšć ostatniego klucza';
 $lang['danger']['goto_empty'] = "Adres Idź do nie może być pusty";
 $lang['danger']['policy_list_from_exists'] = "Rekord o danej nazwie już istnieje";
 $lang['danger']['policy_list_from_invalid'] = "Rekord posiada nieprawidłowy format";
-$lang['danger']['whitelist_exists'] = "Wpis na białej liście o danej nazwie już istnieje";
-$lang['danger']['whitelist_from_invalid'] = "Rekord na białej liście posiada nieprawidłowy format";
 $lang['danger']['alias_invalid'] = "Alias nieprawidłowy";
 $lang['danger']['goto_invalid'] = "Adres Idź do jest nieprawidłowy";
 $lang['danger']['alias_domain_invalid'] = "Alias domeny nieprawidłowy";
@@ -52,19 +44,13 @@ $lang['success']['mailbox_modified'] = "Zapisano zmiany w skrzynce %s";
 $lang['success']['resource_modified'] = "Zapisano zmiany w skrzynce %s";
 $lang['success']['object_modified'] = "Zapisano zmiany w obiekcie %s";
 $lang['success']['f2b_modified'] = "Zmiany w Fail2ban zostały zapisane"; 
-$lang['success']['msg_size_saved'] = "Ustawiono limit rozmiaru wiadomości";
-$lang['danger']['aliasd_not_found'] = "Nie znaleziono aliasu domeny";
 $lang['danger']['targetd_not_found'] = "Nie znaleziono domeny docelowej";
-$lang['danger']['aliasd_exists'] = "Alias domeny już istnieje";
 $lang['success']['aliasd_added'] = "Dodano alias domeny %s";
 $lang['success']['aliasd_modified'] = "Zapisano zmiany w aliasie domeny %s";
 $lang['success']['domain_modified'] = "Zapisano zmiany w domenie %s";
 $lang['success']['domain_admin_modified'] = "Zapisano zmiany w administratorze domeny %s";
 $lang['success']['domain_admin_added'] = "Dodano administratora domeny %s";
-$lang['success']['changes_general'] = 'Zapisano zmiany';
 $lang['success']['admin_modified'] = "Zapisano zmiany w administratorze";
-$lang['danger']['exit_code_not_null'] = "Błšd: kod zakończenia wyniósł %d";
-$lang['danger']['mailbox_not_available'] = "Skrzynka niedostępna";
 $lang['danger']['username_invalid'] = "Nie można użyć nazwy użytkownika";
 $lang['danger']['password_mismatch'] = "Powtórzone hasło jest niezgodne";
 $lang['danger']['password_complexity'] = "Hasło niezgodne z polityką";
@@ -73,7 +59,6 @@ $lang['danger']['login_failed'] = "Niepowodzenie logowania";
 $lang['danger']['mailbox_invalid'] = "Nieprawidłowa nazwa skrzynki";
 $lang['danger']['description_invalid'] = 'Nieprawidłowy opis źródła';
 $lang['danger']['resource_invalid'] = "Nieprawidłowa nazwa zasobu";
-$lang['danger']['mailbox_invalid_suggest'] = 'Nazwa skrzynki jest nieprawidłowa, czy chciałeś wpisać "%s"?';
 $lang['danger']['is_alias'] = "%s został już podany jako alias";
 $lang['danger']['is_alias_or_mailbox'] = "%s podano wcześniej jako alias lub skrzynkę";
 $lang['danger']['is_spam_alias'] = "%s podano wcześniej jako alias dla spam";
@@ -98,16 +83,11 @@ $lang['danger']['mailboxes_in_use'] = "Maks. liczba skrzynek musi być większa
 $lang['danger']['aliases_in_use'] = "Maks. liczba aliasów musi być większa od lub równa %d";
 $lang['danger']['sender_acl_invalid'] = "ACL Nadawcy jest nieprawidłowy";
 $lang['danger']['domain_not_empty'] = "Nie można usunšć niepustej domeny";
-$lang['warning']['spam_alias_temp_error'] = "Tymczasowy błąd: nie można dodać spam aliasu, proszę spróbować później.";
-$lang['danger']['spam_alias_max_exceeded'] = "Przekroczono maks. dopuszczalną liczbę spam aliasów";
 $lang['danger']['validity_missing'] = 'Proszę wyznaczyć termin ważności';
-$lang['user']['on'] = "Aktywny";
-$lang['user']['off'] = "Nieaktywny";
 $lang['user']['messages'] = "wiadomości"; // "123 wiadomości"
 $lang['user']['in_use'] = "Użyte";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Ustawienia użytkownika';
-$lang['user']['mailbox_settings'] = ' Ustawienia skrzynki';
 $lang['user']['mailbox_details'] = ' Szczegóły skrzynki';
 $lang['user']['change_password'] = 'Zmień hasło';
 $lang['user']['new_password'] = 'Nowe hasło';
@@ -115,11 +95,8 @@ $lang['user']['save_changes'] = 'Zapisz zmiany';
 $lang['user']['password_now'] = 'Bieżące hasło(potwierdź zmiany)';
 $lang['user']['new_password_repeat'] = 'Potwierdź hasło(powtórz)';
 $lang['user']['new_password_description'] = 'Wymagania: 6 znaków, litery i liczby.';
-$lang['user']['did_you_know'] = '<b>Czy wiedziałeś?</b> Możesz używać oznakowań w Twoim adresie email ("ja+<b>prywatny</b>@example.com"), żeby automatycznie umieszczać wiadomości w folderach (na przykład: "prywatny").';
 $lang['user']['spam_aliases'] = 'Tymczasowy alias email';
 $lang['user']['alias'] = 'Alias';
-$lang['user']['aliases'] = 'Aliasy';
-$lang['user']['domain_aliases'] = 'Aliasy domeny';
 $lang['user']['is_catch_all'] = 'Funkcja catch-all dla domen/y';
 $lang['user']['aliases_also_send_as'] = 'Możliwe również wysłanie jako użytkownik';
 $lang['user']['aliases_send_as_all'] = 'Nie sprawdzaj dostępu nadawcy dla następujących domen(y) i ich/jej aliasów';
@@ -129,7 +106,6 @@ $lang['user']['alias_valid_until'] = 'Ważny do';
 $lang['user']['alias_remove_all'] = 'Usuń wszystkie aliasy';
 $lang['user']['alias_time_left'] = 'Pozostało';
 $lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
-$lang['user']['syncjob_full_date'] = 'd.m.Y, H:i:s T';
 $lang['user']['alias_select_validity'] = 'Okres ważności';
 $lang['user']['sync_jobs'] = 'Polecenie synchronizacji';
 $lang['user']['hour'] = 'Godzina';
@@ -163,8 +139,6 @@ $lang['user']['tls_enforce_in'] = 'Uruchom TLS przychodzące';
 $lang['user']['tls_enforce_out'] = 'Uruchom TLS wychodzące';
 $lang['user']['no_record'] = 'Brak rekordu';
 
-$lang['user']['misc_settings'] = 'Ustawienia innego profilu';
-$lang['user']['misc_delete_profile'] = 'Ustawienia innego profilu';
 
 $lang['user']['tag_handling'] = 'Ustaw obsługę znaczników pocztowych';
 $lang['user']['tag_in_subfolder'] = 'W podfolderze';
@@ -179,7 +153,6 @@ $lang['user']['eas_reset_help'] = 'W wielu przypadkach zresetowanie pamięci pod
 
 $lang['user']['encryption'] = 'Szyfrowanie';
 $lang['user']['username'] = 'Nazwa użytkownika';
-$lang['user']['password'] = 'Hasło';
 $lang['user']['last_run'] = 'Ostatnie uruchomienie';
 $lang['user']['excludes'] = 'Wyłączenia';
 $lang['user']['interval'] = 'Zakres';
@@ -187,47 +160,25 @@ $lang['user']['active'] = 'Aktywny';
 $lang['user']['action'] = 'Działanie';
 $lang['user']['edit'] = 'Edytuj';
 $lang['user']['remove'] = 'Usuń';
-$lang['user']['delete_now'] = 'Usuń teraz';
 $lang['user']['create_syncjob'] = 'Utwórz nowe polecenie synchronizacji';
 
-$lang['start']['dashboard'] = '%s - panel';
-$lang['start']['start_rc'] = 'Otwórz Roundcube';
-$lang['start']['start_sogo'] = 'Otwórz SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Użyj aplikacji mailcow, aby mieć dostęp do wiadomości, kalendarza, kontaktów i innych.';
-$lang['start']['mailcow_panel'] = 'Włącz mailcow UI';
-$lang['start']['mailcow_panel_description'] = 'Mailcow UI jest dostępny dla administratorów i użytkowników skrzynek.';
 $lang['start']['mailcow_panel_detail'] = '<b>Administratorzy domeny</b> tworzą, modyfikują lub usuwają skrzynki i aliasy, zmieniają domeny i czytają dalsze informacje o przypisanych im domenach.<br>
 	<b>Użytkownicy skrzynek</b> mogą tworzyć ograniczone czasowo aliasy (aliasy spam), zmieniać swoje hasła i ustawienia filtru spam.';
-$lang['start']['recommended_config'] = 'Zalecana konfiguracja (bez ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP- i dane serwera SMTP';
-$lang['start']['imap_smtp_server_description'] = 'Zalecamy używanie <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Przeczytaj/Napisz wiadomość';
 $lang['start']['imap_smtp_server_auth_info'] = 'Proszę korzystać z pełnego adresu email i mechanizmu uwierzytelniania PLAIN.<br>
 Twoje dane logowania zostaną zaszyfrowane przez obowiązkowe szyfrowanie po stronie serwera.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Filtruj wiadomości';
-$lang['start']['managesieve_description'] = 'Proszę używać <b>Mozilla Thunderbird</b> z <a style="text-decoration:none" target="_blank" href="%s"><b>rozszerzeniem nightly sieve </b></a>.<br>Uruchom Thunderbird, otwórz ustawienia rozszerzenia i przenieś nowo pobrany plik xpi do otwartego okna.<br>Nazwa serwera to <b>%s</b>, użyj portu <b>4190</b>, jeśli zostaniesz o to poproszony. Dane logowanie są takie same jak Twój email logowania.';
-$lang['start']['service'] = 'Usługa';
-$lang['start']['encryption'] = 'Metoda szyfrowania';
 $lang['start']['help'] = 'Pokaż/Ukryj panel pomocy';
-$lang['start']['hostname'] = 'Nazwa hosta';
-$lang['start']['port'] = 'Port';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Konfiguracja';
 $lang['header']['administration'] = 'Administrowanie';
 $lang['header']['mailboxes'] = 'Skrzynki';
 $lang['header']['user_settings'] = 'Ustawienia użytkownika';
-$lang['header']['login'] = 'Zaloguj się';
-$lang['header']['logged_in_as_logout'] = 'Zalogowano jako <b>%s</b> (wyloguj)';
 $lang['header']['logged_in_as_logout_dual'] = 'Zalogowano jako <b>%s <span class="text-info">[%s]</span></b>';
-$lang['header']['locale'] = 'Język';
 $lang['mailbox']['domain'] = 'Domena';
 $lang['mailbox']['spam_aliases'] = 'Alias tymczasowy';
 $lang['mailbox']['multiple_bookings'] = 'Wielokrotne rejestracje';
 $lang['mailbox']['kind'] = 'Rodzaj';
 $lang['mailbox']['description'] = 'Opis';
 $lang['mailbox']['alias'] = 'Alias';
-$lang['mailbox']['resource_name'] = 'Nazwa zasobu';
 $lang['mailbox']['aliases'] = 'Aliasy';
 $lang['mailbox']['domains'] = 'Domeny';
 $lang['mailbox']['mailboxes'] = 'Skrzynki';
@@ -236,7 +187,6 @@ $lang['mailbox']['mailbox_quota'] = 'Maks. wielkość skrzynki';
 $lang['mailbox']['domain_quota'] = 'Wartość';
 $lang['mailbox']['active'] = 'Aktywny';
 $lang['mailbox']['action'] = 'Działanie';
-$lang['mailbox']['ratelimit'] = ' Maksymalna prędkość wychodząca/h';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
 $lang['mailbox']['domain_aliases'] = 'Aliasy domeny';
 $lang['mailbox']['target_domain'] = 'Domena docelowa';
@@ -246,20 +196,15 @@ $lang['mailbox']['fname'] = 'Pełna nazwa';
 $lang['mailbox']['filter_table'] = 'Tabela filtru';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Wielkość';
 $lang['mailbox']['in_use'] = 'W użyciu (%)';
 $lang['mailbox']['msg_num'] = 'Wiadomość #';
 $lang['mailbox']['remove'] = 'Usuń';
 $lang['mailbox']['edit'] = 'Edytuj';
-$lang['mailbox']['archive'] = 'Archiwizuj';
-$lang['mailbox']['no_record'] = 'Brak rekordu dla obiektu %s';
-$lang['mailbox']['no_record_single'] = 'Brak rekordu';
 $lang['mailbox']['add_domain'] = 'Dodaj domenę';
 $lang['mailbox']['add_domain_alias'] = 'Dodaj alias domeny';
 $lang['mailbox']['add_mailbox'] = 'Dodaj skrzynkę';
 $lang['mailbox']['add_resource'] = 'Dodaj zasób';
 $lang['mailbox']['add_alias'] = 'Dodaj alias';
-$lang['mailbox']['add_domain_record_first'] = 'Proszę najpierw dodać domenę';
 $lang['mailbox']['empty'] = 'Brak wyników';
 $lang['mailbox']['toggle_all'] = 'Włącz wszystkie';
 $lang['mailbox']['quick_actions'] = 'Szybkie działania';
@@ -268,21 +213,6 @@ $lang['mailbox']['deactivate'] = 'Wyłącz';
 
 $lang['info']['no_action'] = 'Żadne działanie nie ma zastosowania';
 
-$lang['delete']['title'] = 'Usuń obiekt';
-$lang['delete']['remove_domain_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć domenę <b>%s</b>!';
-$lang['delete']['remove_syncjob_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć polecenie synchronizacji dla użytkownika <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć alias domeny <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć administratora domeny <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć alias <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć skrzynkę <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'Skrzynka zostanie <b>trwale opróżniona</b>!';
-$lang['delete']['remove_resource_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć zasób <b>%s</b>!';
-$lang['delete']['remove_resource_details'] = 'zasób zostanie <b trwale usunięte</b>!';
-$lang['delete']['remove_domain_details'] = 'Usuwasz również aliasy domeny.<br><br><b>Domena musi być pusta, aby móc ją usunąć.</b>';
-$lang['delete']['remove_syncjob_details'] = 'Obiekty z danego polecenia synchronizacji nie będą więcej pobierane ze zdalnego serwera.';
-$lang['delete']['remove_alias_details'] = 'Użytkownicy nie będą już mogli otrzymywać poczty na ten adres ani jej z niego wysyłać.</b>';
-$lang['delete']['remove_button'] = 'Usuń';
-$lang['delete']['previous'] = 'Poprzednia strona';
 
 $lang['edit']['syncjob'] = 'Edytuj polecenie synchronizacji';
 $lang['edit']['save'] = 'Zapisz zmiany';
@@ -294,22 +224,17 @@ $lang['edit']['subfolder2'] = 'Synchronizuj do podfolderu w skrzynce<br><small>(
 $lang['edit']['mins_interval'] = 'Zakres (min)';
 $lang['edit']['exclude'] = 'Wyklucz obiekty (regex)';
 $lang['edit']['save'] = 'Zapisz zmiany';
-$lang['edit']['archive'] = 'Dostęp do archiwum';
 $lang['edit']['max_mailboxes'] = 'Maks. liczba skrzynek';
 $lang['edit']['title'] = 'Edytuj obiekt';
 $lang['edit']['target_address'] = 'Adres/y Idź do <small>(rozdzielone przecinkiem)</small>';
 $lang['edit']['active'] = 'Aktywny';
 $lang['edit']['target_domain'] = 'Domena docelowa';
 $lang['edit']['password'] = 'Hasło';
-$lang['edit']['ratelimit'] = 'Maksymalna prędkość wychodząca/h';
-$lang['danger']['ratelimt_less_one'] = 'Maksymalna prędkość wychodząca/h nie może być mniejsza niż 1';
 $lang['edit']['password_repeat'] = 'Potwierdź hasło(powtórz)';
 $lang['edit']['domain_admin'] = 'Edytuj administratora domeny';
 $lang['edit']['domain'] = 'Edytuj domenę';
-$lang['edit']['alias_domain'] = 'Alias domeny';
 $lang['edit']['edit_alias_domain'] = 'Edytuj alias domeny';
 $lang['edit']['domains'] = 'Domeny';
-$lang['edit']['destroy'] = 'Ręczne wprowadzanie danych';
 $lang['edit']['alias'] = 'Edytuj alias';
 $lang['edit']['mailbox'] = 'Edytuj skrzynkę';
 $lang['edit']['description'] = 'Opis';
@@ -319,15 +244,10 @@ $lang['edit']['domain_quota'] = 'Wartość domeny';
 $lang['edit']['backup_mx_options'] = 'Opcje backup MX';
 $lang['edit']['relay_domain'] = 'Domena przekaźnikowa';
 $lang['edit']['relay_all'] = 'Przekaż wszystkim odbiorcom';
-$lang['edit']['dkim_signature'] = 'Sygnatura DKIM';
-$lang['edit']['dkim_record_info'] = '<small>Proszę dodać rekord TXT o podanej wartości do swoich ustawień DNS.</small>';
 $lang['edit']['relay_all_info'] = '<small>Jeśli decydujesz się <b>nie</b> przekazywać wszystkim odbiorcom, musisz dodać ("ślepą")skrzynkę dla każdego poszczególnego odbiorcy, któremu należy przekazać.</small>';
 $lang['edit']['full_name'] = 'Pełna nazwa';
 $lang['edit']['quota_mb'] = 'Wartość (MiB)';
 $lang['edit']['sender_acl'] = 'Zezwalaj na wysłanie jako';
-$lang['edit']['sender_acl_info'] = 'Nie można cofnąć wyboru aliasów.';
-$lang['edit']['dkim_txt_name'] = 'Nazwa rekordu TXT:';
-$lang['edit']['dkim_txt_value'] = 'Wartość rekordu TXT:';
 $lang['edit']['previous'] = 'Poprzednia strona';
 $lang['edit']['unchanged_if_empty'] = 'Jeżli bez zmian, nie wypełniaj';
 $lang['edit']['dont_check_sender_acl'] = "Wyłącz sprawdzanie nadawcy dla domeny %s + aliasów domeny";
@@ -342,22 +262,17 @@ $lang['add']['port'] = 'Port';
 $lang['add']['username'] = 'Nazwa użytkownika';
 $lang['add']['enc_method'] = 'Metoda szyfrowania';
 $lang['add']['mins_interval'] = 'Zakres pobierania (minuty)';
-$lang['add']['maxage'] = 'Maksymalny wiek wiadomości, które będą pobierane ze zdalnego (0 = pomiń wiek)';
-$lang['add']['subfolder2'] = 'Synchronizuj do podfolderu w miejscu docelowym';
 $lang['add']['exclude'] = 'Wyklucz obiekty (regex)';
 $lang['add']['delete2duplicates'] = 'Usuń duplikaty w miejscu docelowym';
 $lang['add']['delete1'] = 'Usuń ze źródła po zakończeniu';
 $lang['edit']['delete2duplicates'] = 'Usuń duplikaty w miejscu docelowym';
 $lang['edit']['delete1'] = 'Usuń ze źródła po zakończeniu';
 
-$lang['add']['title'] = 'Dodaj obiekt';
 $lang['add']['domain'] = 'Domena';
 $lang['add']['active'] = 'Aktywny';
 $lang['add']['multiple_bookings'] = 'Wielokrotne rejestracje';
-$lang['add']['save'] = 'Zapisz zmiany';
 $lang['add']['description'] = 'Opis:';
 $lang['add']['max_aliases'] = 'Maks. liczba aliasów:';
-$lang['add']['resource_name'] = 'Nazwa zasobu';
 $lang['add']['max_mailboxes'] = 'Maks. liczba skrzynek:';
 $lang['add']['mailbox_quota_m'] = 'Maks. wartość na skrzynkę (MiB):';
 $lang['add']['domain_quota_m'] = 'Łączna wartość domeny (MiB):';
@@ -365,8 +280,6 @@ $lang['add']['backup_mx_options'] = 'Opcje Backup MX:';
 $lang['add']['relay_all'] = 'Przekaż wszystkim odbiorcom';
 $lang['add']['relay_domain'] = 'Domena przekaźnikowa';
 $lang['add']['relay_all_info'] = '<small>Jeśli decydujesz się <b>nie</b> przekazywać wszystkim odbiorcom, musisz dodać ("ślepą")skrzynkę dla każdego poszczególnego odbiorcy, któremu należy przekazać.</small>';
-$lang['add']['alias'] = 'Alias(y)';
-$lang['add']['alias_spf_fail'] = '<b>Uwaga:</b> Jeśli Twój wybrany adres docelowy jest skrzynką zewnętrzną, <b>odbierający serwer pocztowy</b> może odrzucić wiadomość z powodu błędu SPF.</a>';
 $lang['add']['alias_address'] = 'Alias/y:';
 $lang['add']['alias_address_info'] = '<small>Pełny/e adres/y email lub @example.com, aby przejąć wszystkie wiadomości dla domeny (oddzielone przecinkami). <b>tylko domeny mailcow</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Tylko prawidłowe nazwy domen (oddzielone przecinkami).</small>';
@@ -375,8 +288,6 @@ $lang['add']['target_address_info'] = '<small> Pełny/e adres/y email (oddzielon
 $lang['add']['alias_domain'] = 'Alias domeny';
 $lang['add']['select'] = 'Proszę wybrać...';
 $lang['add']['target_domain'] = 'Domena docelowa:';
-$lang['add']['mailbox'] = 'Skrzynka';
-$lang['add']['resource'] = 'Zasób';
 $lang['add']['kind'] = 'Rodzaj';
 $lang['add']['mailbox_username'] = 'Nazwa użytkownika (lewa strona adresu email):';
 $lang['add']['full_name'] = 'Pełna nazwa:';
@@ -384,19 +295,11 @@ $lang['add']['quota_mb'] = 'Wartość (MiB):';
 $lang['add']['select_domain'] = 'Proszę najpierw wybrać domenę';
 $lang['add']['password'] = 'Hasło:';
 $lang['add']['password_repeat'] = 'Potwierdź hasło(powtórz):';
-$lang['add']['previous'] = 'Poprzednia strona';
 $lang['add']['restart_sogo_hint'] = 'Po dodaniu nowej domeny będziesz musiał ponownie uruchomić kontener serwisowy SOGo!';
 
-$lang['login']['title'] = 'Zaloguj się';
-$lang['login']['administration'] = 'Administrowanie';
-$lang['login']['administration_details'] = 'Proszę używać loginu Administratora do wykonywania zadań administracyjnych.';
-$lang['login']['user_settings'] = 'Ustawienia użytkownika';
-$lang['login']['user_settings_details'] = 'Użytkownicy skrzynek mogą używać mailcow UI do zmiany ich haseł, tworzenia tymczasowych aliasów (spam aliasów), dostosowania filtru spam lub importowania wiadomości z zdalnego serweru IMAP.';
 $lang['login']['username'] = 'Nazwa użytkownika';
 $lang['login']['password'] = 'Hasło';
-$lang['login']['reset_password'] = 'Resetuj hasło';
 $lang['login']['login'] = 'Zaloguj się';
-$lang['login']['previous'] = "Poprzednia strona";
 $lang['login']['delayed'] = 'Logowanie zostało opóźnione o %s sekund.';
 
 $lang['tfa']['tfa'] = "Uwierzytelnianie dwuetapowe";
@@ -406,16 +309,12 @@ $lang['tfa']['key_id'] = "Identyfikator dla Twojego YubiKey";
 $lang['tfa']['key_id_totp'] = "Identyfikator dla Twojego klucza";
 $lang['tfa']['api_register'] = 'mailcow używa Yubico Cloud API. Proszę pobrać klucz API dla Twojego klucza <a href="https://upgrade.yubico.com/getapikey/" target="_blank">here</a>';
 $lang['tfa']['u2f'] = "Uwierzytelnianie U2F";
-$lang['tfa']['hotp'] = "Uwierzytelnianie HOTP";
 $lang['tfa']['totp'] = "Uwierzytelnianie TOTP";
 $lang['tfa']['none'] = "Deaktywuj";
 $lang['tfa']['delete_tfa'] = "Wyłącz TFA";
 $lang['tfa']['disable_tfa'] = "Wyłącz TFA do kolejnego udanego logowania";
-$lang['tfa']['confirm_tfa'] = "Potwierdź jednorazowe hasło w polu poniżej";
 $lang['tfa']['confirm'] = "Potwierdź";
-$lang['tfa']['otp'] = "Jednorazowe hasło";
 $lang['tfa']['totp'] = "Time-based OTP (Google Authenticator itd.)";
-$lang['tfa']['trash_login'] = "Login Trash";
 $lang['tfa']['select'] = "Proszę wybrać";
 $lang['tfa']['waiting_usb_auth'] = "<i>Czekam na urządzenie USB...</i><br><br>Wciśnij teraz przycisk na urządzeniu U2F USB.";
 $lang['tfa']['waiting_usb_register'] = "<i> Czekam na urządzenie USB...</i><br><br>Wprowadź swoje  hasło powyżej i potwierdź rejestrację U2F przez naciśnięcie przycisku na urządzeniu U2F USB.";
@@ -432,40 +331,14 @@ $lang['admin']['f2b_max_attempts'] = 'Max. ilość prób';
 $lang['admin']['f2b_retry_window'] = 'Spróbuj ponownie (s) dla max. ilości prób'; // do spr
 $lang['admin']['f2b_whitelist'] = 'Biała lista sieci/hosty';
 $lang['admin']['search_domain_da'] = 'Szukaj domen';
-$lang['admin']['restrictions'] = 'Ograniczenia Postfix ';
-$lang['admin']['rr'] = 'Ograniczenia Postfix po stronie odbiorcy';
-$lang['admin']['sr'] = 'Ograniczenia Postfix po stronie nadawcy';
-$lang['admin']['reset_defaults'] = 'Przywróć domyślne';
-$lang['admin']['sr'] = 'Ograniczenia Postfix po stronie nadawcy';
 $lang['admin']['r_inactive'] = 'Nieaktywne ograniczenia';
 $lang['admin']['r_active'] = 'Aktywne ograniczenia';
 $lang['admin']['r_info'] = 'Zablokowane/Wyłączone elementy na liście aktywnych ograniczeń nie są rozpoznawane przez mailcow jako prawidłowe ograniczenia i nie można ich przesunąć. Niemniej jednak nierozpoznane ograniczenia zostaną wyświetlone w kolejności pojawiania się. <br>Nowe elementy można dodać w <code>inc/vars.local.inc.php</code>, aby móc je przełączać.';
-$lang['admin']['public_folders'] = 'Foldery publiczne';
-$lang['admin']['public_folders_text'] = 'Przestrzeń nazw "Publiczny" zostanie utworzona. Poniższa nazwa folderu publicznego wskazuje na nazwę pierwszej automatycznie utworzonej skrzynki w ramach danej przestrzeni nazw.';
-$lang['admin']['public_folder_name'] = 'Nazwa folderu <small>(alfanumeryczna)</small>';
-$lang['admin']['public_folder_enable'] = 'Włącz folder publiczny';
-$lang['admin']['public_folder_enable_text'] = 'Przełączenie tej opcji nie usunie wiadomości w żadnym folderze publicznym.';
-$lang['admin']['public_folder_pusf'] = 'Włącz flagę widoczną dla danego użytkownika';
-$lang['admin']['public_folder_pusf_text'] = 'System włączający "flagę widoczną dla danego użytkownika" nie oznaczy wiadomości jako przeczytaną dla Użytkownika B, jeśli Użytkownik A ją widział, a Użytkownik B nie.';
-$lang['admin']['privacy'] = 'Bezpieczeństwo';
-$lang['admin']['privacy_text'] = 'Ta opjca pozwala tabeli PCRE usunąć "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" i zastąpić "Otrzymano: od" nagłówkami z hosta lokalnego/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Utajnij pocztę wychodzącą';
-$lang['admin']['dkim_txt_name'] = 'Nazwa rekordu TXT:';
-$lang['admin']['dkim_txt_value'] = 'Wartość rekordu TXT:';
 $lang['admin']['dkim_key_length'] = 'Długość klucza DKIM (bity)';
 $lang['admin']['dkim_key_valid'] = 'Prawidłowy klucz';
 $lang['admin']['dkim_key_unused'] = 'Nieużywany klucz';
 $lang['admin']['dkim_key_missing'] = 'Brak klucza';
-$lang['admin']['dkim_key_hint'] = 'Selektor dla kluczy DKIM to zawsze <code>dkim</code>.';
-$lang['admin']['previous'] = 'Poprzednia strona';
-$lang['admin']['quota_mb'] = 'Wartość (MiB):';
-$lang['admin']['sender_acl'] = 'Zezwalaj na wysłanie jako:';
-$lang['admin']['msg_size'] = 'Rozmiar wiadomości';
-$lang['admin']['msg_size_limit'] = 'Aktualny limit rozmiaru wiadomości';
-$lang['admin']['msg_size_limit_details'] = 'Zastosowania nowego limitu przeładuje Postfix i serwer www.';
 $lang['admin']['save'] = 'Zapisz zmiany';
-$lang['admin']['maintenance'] = 'Konserwacja i Informacje';
-$lang['admin']['sys_info'] = 'Informacje systemowe';
 $lang['admin']['dkim_add_key'] = 'Dodaj klucz ARC/DKIM';
 $lang['admin']['dkim_keys'] = 'Klucze ARC/DKIM';
 $lang['admin']['add'] = 'Dodaj';
@@ -488,24 +361,15 @@ $lang['admin']['unchanged_if_empty'] = 'W przypadku braku zmian, nie wypełniaj'
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Dostęp';
-$lang['admin']['invalid_max_msg_size'] = 'Nieprawidłowy maks. rozmiar wiadomości';
-$lang['admin']['site_not_found'] = 'Nie można zlokalizować konfiguracji witryny mailcow';
-$lang['admin']['public_folder_empty'] = 'Nazwa folderu publicznego nie może pozostać pusta';
-$lang['admin']['set_rr_failed'] = 'Nie można ustawić ograniczeń Postfix';
 $lang['admin']['no_record'] = 'Brak rekordu';
 $lang['admin']['filter_table'] = 'Tabela filtru';
 $lang['admin']['empty'] = 'Brak wyników';
-$lang['admin']['time'] = 'Czas';
-$lang['admin']['priority'] = 'Priorytet';
-$lang['admin']['message'] = 'Wiadomość';
 $lang['admin']['refresh'] = 'Odśwież';
-$lang['admin']['logs'] = 'Logi';
 $lang['admin']['forwarding_hosts'] = 'Hosty przekazujące';
 $lang['admin']['forwarding_hosts_hint'] = 'Wiadomości przychodzące od hostów wyszczególnionych tutaj są akceptowane bezwarunkowo. Dane hosty nie są następnie sprawdzane względem list DNSBL lub poddawane metodzie szarych list. Otrzymany od nich spam nie jest nigdy odrzucany, ale opcjonalnie może zostać umieszczony w folderze spam. Najpopularniejsze zastosowanie dla takiego rozwiązania to wyszczególnienie serwerów poczty, na których ustawiono przekierowanie poczty przychodzącej na Twój serwer Mailcow.';
 $lang['admin']['forwarding_hosts_add_hint'] = 'Możesz albo wyszczególnić adresy IPv4/IPv6, sieci w notacji CIDR, nazwy hostów (które zostaną rozłożone na adresy IP), albo nazwy domen (które zostaną rozłożone na adresy IP poprzez sprawdzanie rekordów SPF lub, w razie ich braku, rekordów MX).';
 $lang['admin']['host'] = 'Host';
 $lang['admin']['source'] = 'źródło';
 $lang['admin']['add_forwarding_host'] = 'Dodaj hosta przekazującego';
-$lang['delete']['remove_forwardinghost_warning'] = '<b>Ostrzeżenie:</b> Zamierzasz usunąć hosta przekazującego <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Usunięto hosta przekazującego %s";
 $lang['success']['forwarding_host_added'] = "Dodano hosta przekazującego %s";
diff --git a/data/web/lang/lang.pt.php b/data/web/lang/lang.pt.php
index a1f567f9..117c112d 100644
--- a/data/web/lang/lang.pt.php
+++ b/data/web/lang/lang.pt.php
@@ -5,12 +5,7 @@
 
 $lang['footer']['loading'] = "Aguarde...";
 $lang['getmail']['no_status'] = "Nenhum registro anterior encontrado";
-$lang['dkim']['confirm'] = "Tem certeza?";
-$lang['danger']['dkim_not_found'] = "Registro DKIM não encontrado";
-$lang['danger']['dkim_remove_failed'] = "Não foi possível remover o registro DKIM selecionado";
-$lang['danger']['dkim_add_failed'] = "Não foi possível adicionar o registro DKIM fornecido";
 $lang['danger']['dkim_domain_or_sel_invalid'] = " Registro DKIM inválido";
-$lang['danger']['dkim_key_length_invalid'] = "Registro DKIM com tamanho inválido";
 $lang['success']['dkim_removed'] = " Registro DKIM removido com sucesso";
 $lang['success']['dkim_added'] = "Registro DKIM salvo com sucesso";
 $lang['danger']['access_denied'] = "Acesso negado ou dados inválidos";
@@ -22,8 +17,6 @@ $lang['danger']['alias_empty'] = "Você deve preencher o campo do Apelido";
 $lang['danger']['goto_empty'] = "Você deve preencher o campo Encaminhar para";
 $lang['danger']['blacklist_exists'] = "O registro já existe na BlackList";
 $lang['danger']['blacklist_from_invalid'] = "O registro Blacklist possui formato inválido";
-$lang['danger']['whitelist_exists'] = "O registro já existe na WhiteList";
-$lang['danger']['whitelist_from_invalid'] = "O registro Whitelist possui formato inválido";
 $lang['danger']['alias_invalid'] = "O endereço digitado como Apelido é inválido";
 $lang['danger']['goto_invalid'] = "O endereço digitado como Encaminhar para é inválido";
 $lang['danger']['alias_domain_invalid'] = "O endereço do Encaminhamento de Domínio é inválido";
@@ -36,26 +29,19 @@ $lang['success']['alias_added'] = "Apelido(s) adicionado(s) com sucesso";
 $lang['success']['alias_modified'] = "Apelido(s) alterados(s) com sucesso";
 $lang['success']['aliasd_modified'] = "Direcionamento de Domínio(s) alterados(s) com sucesso";
 $lang['success']['mailbox_modified'] = "A conta %s foi alterada com sucesso";
-$lang['success']['msg_size_saved'] = "Limite do tamanho de mensagem ajustado com sucesso";
-$lang['danger']['aliasd_not_found'] = "Encaminhamento de Domínio não encontrado";
 $lang['danger']['targetd_not_found'] = "Domínio de Destino não encontrado";
-$lang['danger']['aliasd_exists'] = "Encaminhamento de Domínio já existe";
 $lang['success']['aliasd_added'] = "Adicionado Encaminhamento de Domínio %s";
 $lang['success']['aliasd_modified'] = "Encaminhamento de Domínio %s alterado com sucesso";
 $lang['success']['domain_modified'] = "Domínio %s alterado com sucesso";
 $lang['success']['domain_admin_modified'] = "Changes to domain administrator %s have been saved";
 $lang['success']['domain_admin_added'] = "Domínio administrator %s has been added";
-$lang['success']['changes_general'] = 'Alteração efetuada com sucesso';
 $lang['success']['admin_modified'] = "Administrador alterado com sucesso";
-$lang['danger']['exit_code_not_null'] = "Falha: código de erro %d";
-$lang['danger']['mailbox_not_available'] = "Conta não disponível";
 $lang['danger']['username_invalid'] = "Nome de usuário inválido";
 $lang['danger']['password_mismatch'] = "As senhas não estão iguais";
 $lang['danger']['password_complexity'] = "A senha não atende aos parâmetros de segurança";
 $lang['danger']['password_empty'] = "A senha não pode ser vazia ou em branco";
 $lang['danger']['login_failed'] = "Login falhou";
 $lang['danger']['mailbox_invalid'] = "Conta inválida";
-$lang['danger']['mailbox_invalid_suggest'] = 'Conta inválida, sugestão: "%s"?';
 $lang['info']['fetchmail_planned'] = "Procedimento de retirada de emails foi agendado. Verifique o processo mais tarde.";
 $lang['danger']['fetchmail_source_empty'] = "Definir a pasta de origem";
 $lang['danger']['fetchmail_dest_empty'] = "Definir a pasta de destino";
@@ -79,15 +65,10 @@ $lang['danger']['mailboxes_in_use'] = "O máximo de Contas deve ser maior ou igu
 $lang['danger']['aliases_in_use'] = "O máximo de Apelidos deve ser maior ou igual a %d";
 $lang['danger']['sender_acl_invalid'] = "Campo Sender ACL é inválido";
 $lang['danger']['domain_not_empty'] = "Não é possível remover um domínio com Contas/Apelidos/Direcionamentos";
-$lang['warning']['spam_alias_temp_error'] = "Falha Temporária: Não foi possível adicionar Apelido para Spam.";
-$lang['danger']['spam_alias_max_exceeded'] = "O número máximo de Apelidos para Spam foi excedido";
 $lang['danger']['fetchmail_active'] = "O processo esta em andamento, aguarde o seu término.";
 $lang['danger']['validity_missing'] = 'Você deve definir um período de validade';
-$lang['user']['on'] = "On";
-$lang['user']['off'] = "Off";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Configurações do usuário';
-$lang['user']['mailbox_settings'] = 'Configrações da conta';
 $lang['user']['mailbox_details'] = 'Detalhes da conta';
 $lang['user']['change_password'] = 'Alterar senha';
 $lang['user']['new_password'] = 'Nova senha';
@@ -95,10 +76,8 @@ $lang['user']['save_changes'] = 'Salvar';
 $lang['user']['password_now'] = 'Senha atual (confirme a alteração)';
 $lang['user']['new_password_repeat'] = 'Confirmar senha (repetir)';
 $lang['user']['new_password_description'] = 'Requerido: mínimo de 6 characteres com letras e números.';
-$lang['user']['did_you_know'] = '<b>Você sabia?</b> Você pode usar tags no endereço de email ("conta+<b>privado</b>@example.com") para classificar as mensagens automaticamente para uma determinada pasta (exemplo: "privado").';
 $lang['user']['spam_aliases'] = 'Apelidos temporários';
 $lang['user']['alias'] = 'Apelido';
-$lang['user']['aliases'] = 'Apelidos';
 $lang['user']['aliases_send_as_all'] = 'Não verificar remetente para os domínios';
 $lang['user']['alias_create_random'] = 'Gerar um apelido automaticamente';
 $lang['user']['alias_extend_all'] = 'Extender apelido por 1 hora';
@@ -134,39 +113,17 @@ $lang['user']['tls_policy_warning'] = '<strong>Aviso:</strong> Se você selecion
 $lang['user']['tls_policy'] = 'Regras de Encryptação';
 $lang['user']['tls_enforce_in'] = 'Forçar TLS na entrada';
 $lang['user']['tls_enforce_out'] = 'Forçar TLS na saída';
-$lang['user']['misc_settings'] = 'Outras configurações';
-$lang['user']['misc_delete_profile'] = 'Outras configurações';
 $lang['user']['no_record'] = 'Nenhum registro';
-$lang['start']['dashboard'] = '%s - Painel';
-$lang['start']['start_rc'] = 'Webmail Roundcube';
-$lang['start']['start_sogo'] = 'Abrir SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Use um mailcow app para acessar seus emails, calendário, contatos e outras informações.';
-$lang['start']['mailcow_panel'] = 'Iniciar mailcow UI';
-$lang['start']['mailcow_panel_description'] = 'O mailcow UI está disponível para Administradores e Usuários.';
 $lang['start']['mailcow_panel_detail'] = '<b>Administradores:</b> podem criar, alterar ou apagar contas e apelidos , alterar domínios e outras informações de seus domínios atribuídos.<br>
 	<b>Usuários:</b> podem criar apelidos por tempo determinado , alterar senha e configuração do nível do filtro de spam.';
-$lang['start']['recommended_config'] = 'Configuração recomendada (sem o ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'IMAP e SMTP server data';
-$lang['start']['imap_smtp_server_description'] = 'Para uma melhor utilização use o <a href="%s" target="_blank"><b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Ler/Criar emails';
 $lang['start']['imap_smtp_server_auth_info'] = 'Utilize o endereço de email completo com o método de autentucação PLAIN.<br>
 Os dados de login serão encryptados pelo servidor.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Filtro de email';
-$lang['start']['managesieve_description'] = 'Utilize o <b>Mozilla Thunderbird</b> com a <a style="text-decoration:none" target="_blank" href="%s"><b>extensão para sieve</b></a>.<br>Inicie o Thunderbird, acesse os Complementos e solte o arquivo xpi que foi baixado, na janela aberta.<br>Preencha com o servidor <b>%s</b>, porta <b>4190</b> se for solicitado. Os dados de acesso são os mesmos da sua conta de email.';
-$lang['start']['service'] = 'Serviço';
-$lang['start']['encryption'] = 'Método de criptografia';
 $lang['start']['help'] = 'Mostrar/Ocultar painel de ajuda';
-$lang['start']['hostname'] = 'Hostname';
-$lang['start']['port'] = 'Porta';
-$lang['start']['footer'] = 'Rodapé';
 $lang['header']['mailcow_settings'] = 'Configuração';
 $lang['header']['administration'] = 'Administração';
 $lang['header']['mailboxes'] = 'Contas';
 $lang['header']['user_settings'] = 'Configurações do usuário';
-$lang['header']['login'] = 'Entrar';
-$lang['header']['logged_in_as_logout'] = 'Olá <b>%s</b> (Clique para Sair)';
-$lang['header']['locale'] = 'Idioma';
 $lang['mailbox']['domain'] = 'Domínio';
 $lang['mailbox']['alias'] = 'Apelido';
 $lang['mailbox']['aliases'] = 'Apelidos';
@@ -176,7 +133,6 @@ $lang['mailbox']['mailbox_quota'] = 'Espaço máximo da Conta';
 $lang['mailbox']['domain_quota'] = 'Espaço';
 $lang['mailbox']['active'] = 'Ativo';
 $lang['mailbox']['action'] = 'Ação';
-$lang['mailbox']['ratelimit'] = 'Limite de envios por hora';
 $lang['mailbox']['backup_mx'] = 'Backup MX';
 $lang['mailbox']['domain_aliases'] = 'Encaminhamento de Domínio';
 $lang['mailbox']['target_domain'] = 'Domínio Destino';
@@ -186,46 +142,27 @@ $lang['mailbox']['fname'] = 'Nome';
 $lang['mailbox']['filter_table'] = 'Procurar';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Espaço';
 $lang['mailbox']['in_use'] = 'Em uso (%)';
 $lang['mailbox']['msg_num'] = 'Mensagens';
 $lang['mailbox']['remove'] = 'Remover';
 $lang['mailbox']['edit'] = 'Alterar';
-$lang['mailbox']['archive'] = 'Arquivo';
-$lang['mailbox']['no_record'] = 'Nenhum registro';
 $lang['mailbox']['add_domain'] = 'Adicionar Domínio';
 $lang['mailbox']['add_domain_alias'] = 'Adicionar Apelido de Domínio';
 $lang['mailbox']['add_mailbox'] = 'Adicionar Conta de Email';
 $lang['mailbox']['add_alias'] = 'Adicionar Apelido';
 $lang['info']['no_action'] = 'Nenhuma ação foi definida';
-$lang['delete']['title'] = 'Remover objeto';
-$lang['delete']['remove_domain_warning'] = '<b>Aviso:</b> Você está prestes a remover o Domínio <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Aviso:</b> Você está prestes a remover o Encaminhamento de Domínio <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Aviso:</b> Você está prestes a remover o Administrador <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Aviso:</b> Você está prestes a remover o Apelido <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Aviso:</b> Você está prestes a remover a Conta <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'A Conta será <b>excluída permanentemente</b>!';
-$lang['delete']['remove_domain_details'] = 'Esse procedimento removerá o Encaminhamento de Domínio.<br><br><b>O Domínio deve estar sem nenhuma configuração para ser removido.</b>';
-$lang['delete']['remove_alias_details'] = 'Os usuários não poderão mais enviar ou receber emails através deste endereço.</b>';
-$lang['delete']['remove_button'] = 'Remover';
-$lang['delete']['previous'] = 'Voltar';
 $lang['edit']['save'] = 'Salvar';
-$lang['edit']['archive'] = 'Acesso ao arquivo';
 $lang['edit']['max_mailboxes'] = 'Máximo de contas:';
 $lang['edit']['title'] = 'Editar dos Objetos';
 $lang['edit']['target_address'] = 'Enviar para os emails <small>(separar por vírgula)</small>:';
 $lang['edit']['active'] = 'Ativo';
 $lang['edit']['target_domain'] = 'Domínio de Destino:';
 $lang['edit']['password'] = 'Senha:';
-$lang['edit']['ratelimit'] = 'Volume de envios por hora:';
-$lang['danger']['ratelimt_less_one'] = 'Limite da taxa de saída por hora não pode ser inferior a 1';
 $lang['edit']['password_repeat'] = 'Confirmar senha (repetir):';
 $lang['edit']['domain_admin'] = 'Editar administrador de domínio';
 $lang['edit']['domain'] = 'Editar domínio';
-$lang['edit']['alias_domain'] = 'Encaminhar domínio';
 $lang['edit']['edit_alias_domain'] = 'Editar encaminhamento de domínio';
 $lang['edit']['domains'] = 'Domínios';
-$lang['edit']['destroy'] = 'Inserir manualmente';
 $lang['edit']['alias'] = 'Editar apelido';
 $lang['edit']['mailbox'] = 'Editar conta';
 $lang['edit']['description'] = 'Descrição:';
@@ -235,22 +172,15 @@ $lang['edit']['domain_quota'] = 'Espaço do domínio:';
 $lang['edit']['backup_mx_options'] = 'Opções de Backup MX:';
 $lang['edit']['relay_domain'] = 'Relay de domínio';
 $lang['edit']['relay_all'] = 'Relay para todas as contas';
-$lang['edit']['dkim_signature'] = 'Assinatura ARC + DKIM:';
-$lang['edit']['dkim_record_info'] = '<small>Adicione um registro TXT com o mesmo a mesma configuração dos registros DNS.</small>';
 $lang['edit']['relay_all_info'] = '<small>Se você escolher <b>não</b> direcionar todas as contas de email, você deve adicionar um ("blind") para cada uma das contas.</small>';
 $lang['edit']['full_name'] = 'Nome completo';
 $lang['edit']['quota_mb'] = 'Espaço (MiB)';
 $lang['edit']['sender_acl'] = 'Permitir Enviar como';
-$lang['edit']['sender_acl_info'] = 'Apelidos não podem ser removidos.';
-$lang['edit']['dkim_txt_name'] = 'Nome do registro TXT:';
-$lang['edit']['dkim_txt_value'] = 'Valor do registro TXT:';
 $lang['edit']['previous'] = 'Voltar';
 $lang['edit']['unchanged_if_empty'] = 'Deixar em branco para não modificar';
 $lang['edit']['dont_check_sender_acl'] = 'Não verificar o remetente para o domínio %s';
-$lang['add']['title'] = 'Adicionar objeto';
 $lang['add']['domain'] = 'Domínio';
 $lang['add']['active'] = 'Ativo';
-$lang['add']['save'] = 'Salvar';
 $lang['add']['description'] = 'Descrição:';
 $lang['add']['max_aliases'] = 'Máximo de apelidos:';
 $lang['add']['max_mailboxes'] = 'Máximo de contas:';
@@ -260,8 +190,6 @@ $lang['add']['backup_mx_options'] = 'Opções Backup MX:';
 $lang['add']['relay_all'] = 'Relay para todas as contas';
 $lang['add']['relay_domain'] = 'Relay para todo domínio';
 $lang['add']['relay_all_info'] = '<small>Se <b>não</b> selecionar para retransmitir todas as contas, você deve adicionar uma ("blind") para cada conta que será direcionada.</small>';
-$lang['add']['alias'] = 'Apelido(s)';
-$lang['add']['alias_spf_fail'] = '<b>Aviso:</b> Se você escolher uma conta externa, o <b>servidor externo</b> poderá rejeitar algumas mensagens por erro de SPF.</a>';
 $lang['add']['alias_address'] = 'Apelidos:';
 $lang['add']['alias_address_info'] = '<small>Endereço de email completo ou @example.com, para uma conta coringa -catch all. (separado por vírgula). <b>apenas domínios cadastrados</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Domínios válidos apenas (separado por vírgulas).</small>';
@@ -270,25 +198,16 @@ $lang['add']['target_address_info'] = '<small>Endereço de email completo (separ
 $lang['add']['alias_domain'] = 'Encaminhamento de Domínio';
 $lang['add']['select'] = 'Selecione...';
 $lang['add']['target_domain'] = 'Domínio de Destino:';
-$lang['add']['mailbox'] = 'Conta';
 $lang['add']['mailbox_username'] = 'Usuário (primeira parte do endereço de email):';
 $lang['add']['full_name'] = 'Nome:';
 $lang['add']['quota_mb'] = 'Espaço (MiB):';
 $lang['add']['select_domain'] = 'Selecione um domínio antes';
 $lang['add']['password'] = 'Senha:';
 $lang['add']['password_repeat'] = 'Confirmar a senha (repetir):';
-$lang['add']['previous'] = 'Voltar';
 $lang['add']['port'] = 'Port';
-$lang['login']['title'] = 'Entrar';
-$lang['login']['administration'] = 'Administração';
-$lang['login']['administration_details'] = 'Utilize o login de Administrador para efetuar tarefas de administração.';
-$lang['login']['user_settings'] = 'Configuração do usuário';
-$lang['login']['user_settings_details'] = 'Usuários podem utilizar o mailcow UI para alterar suas senhas, criar apelidos temporários (Apelido Anti-Spam), adjustar a sensibilidade do filtro the spam ou importar mensagens de um servidor IMAP.';
 $lang['login']['username'] = 'Usuário';
 $lang['login']['password'] = 'Senha';
-$lang['login']['reset_password'] = 'Esqueci minha senha';
 $lang['login']['login'] = 'Entrar';
-$lang['login']['previous'] = "Voltar";
 $lang['login']['delayed'] = 'Sua entrada será atrasada por %s segundos.';
 $lang['login']['tfa'] = "Autenticação em duas etapas";
 $lang['login']['tfa_details'] = "Confirme sua senha no campo abaixo";
@@ -296,36 +215,11 @@ $lang['login']['confirm'] = "Confirmar";
 $lang['login']['otp'] = "Senha única";
 $lang['login']['trash_login'] = "Tentativas de entrada";
 $lang['admin']['search_domain_da'] = 'Selecione o(s) domínio(s)';
-$lang['admin']['restrictions'] = 'Postfix Restrictions';
-$lang['admin']['rr'] = 'Postfix Recipient Restrictions';
-$lang['admin']['sr'] = 'Postfix Sender Restrictions';
-$lang['admin']['reset_defaults'] = 'Voltar configuração padrão';
-$lang['admin']['sr'] = 'Postfix Sender Restrictions';
 $lang['admin']['r_inactive'] = 'Restrictions Inativos';
 $lang['admin']['r_active'] = 'Restrictions Ativos';
 $lang['admin']['r_info'] = 'Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.';
-$lang['admin']['public_folders'] = 'Pastas públicas';
-$lang['admin']['public_folders_text'] = 'A pasta "Public" esta criada. Abaixo a pasta pública indica o nome da primeira pasta criada automaticamente na conta, com este nome.';
-$lang['admin']['public_folder_name'] = 'Nome da Pasta <small>(alfa numérico)</small>';
-$lang['admin']['public_folder_enable'] = 'Habilitar Pasta Pública';
-$lang['admin']['public_folder_enable_text'] = 'Ao alterar esta configuração os emails das pastas públicas não serão apagados.';
-$lang['admin']['public_folder_pusf'] = 'Habilitar visualização por usuário';
-$lang['admin']['public_folder_pusf_text'] = 'A "per-user seen flag"-enabled system will not mark a mail as read for User B, when User A has seen it, but User B did not.';
-$lang['admin']['privacy'] = 'Privacidade';
-$lang['admin']['privacy_text'] = 'Esta opção habilita a tabela PCRE para remover "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" e substitui pelo Header "Received: from" localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Limpar o Cabeçalho dos emails de saída';
-$lang['admin']['dkim_txt_name'] = 'Registro TXT:';
-$lang['admin']['dkim_txt_value'] = 'Valor do TXT:';
 $lang['admin']['dkim_key_length'] = 'Tamanho do registro DKIM (bits)';
-$lang['admin']['previous'] = 'Voltar';
-$lang['admin']['quota_mb'] = 'Espaço (MiB):';
-$lang['admin']['sender_acl'] = 'Permitir Enviar como:';
-$lang['admin']['msg_size'] = 'Tamanho da mensagem';
-$lang['admin']['msg_size_limit'] = 'Tamanho limite de mensagem atual';
-$lang['admin']['msg_size_limit_details'] = 'Ao aplicar um novo limite os Serviços de Email e Web serão reiniciados.';
 $lang['admin']['save'] = 'Salvar';
-$lang['admin']['maintenance'] = 'Manutenção e Informação';
-$lang['admin']['sys_info'] = 'Informações de Sistema';
 $lang['admin']['dkim_add_key'] = 'Adicionar registro ARC/DKIM';
 $lang['admin']['dkim_keys'] = 'Registro ARC/DKIM';
 $lang['admin']['add'] = 'Salvar';
@@ -347,8 +241,4 @@ $lang['admin']['unchanged_if_empty'] = 'Deixar em branco para não alterar';
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Acessos';
-$lang['admin']['invalid_max_msg_size'] = 'Tamanho máximo da mensagem inválido';
-$lang['admin']['site_not_found'] = 'Não foi possível localizar as configuração do painel mailcow';
-$lang['admin']['public_folder_empty'] = 'O nome da Pasta Pública deve ser preenchido';
-$lang['admin']['set_rr_failed'] = 'Não foi possível alterar Postfix Restrictions';
 $lang['admin']['no_record'] = 'Nenhum registro';
diff --git a/data/web/lang/lang.ru.php b/data/web/lang/lang.ru.php
index 647fcb8b..92fa556e 100644
--- a/data/web/lang/lang.ru.php
+++ b/data/web/lang/lang.ru.php
@@ -14,12 +14,7 @@ $lang['footer']['delete_these_items'] = 'Пожалуйста, подтверд
 $lang['footer']['delete_now'] = 'Удалить';
 $lang['footer']['cancel'] = 'Отмена';
 
-$lang['dkim']['confirm'] = "Вы уверены?";
-$lang['danger']['dkim_not_found'] = "DKIM ключ не найден";
-$lang['danger']['dkim_remove_failed'] = "Не удается удалить выбранный DKIM ключ";
-$lang['danger']['dkim_add_failed'] = "Невозможно добавить данный DKIM ключ";
 $lang['danger']['dkim_domain_or_sel_invalid'] = "DKIM домен или селектор недопустимы";
-$lang['danger']['dkim_key_length_invalid'] = "Недопустимая длина DKIM ключа";
 $lang['success']['dkim_removed'] = "DKIM ключ %s удален";
 $lang['success']['dkim_added'] = "DKIM ключ сохранен";
 $lang['danger']['access_denied'] = "Доступ запрещен или указаны неверные данные";
@@ -33,8 +28,6 @@ $lang['danger']['last_key'] = 'Нельзя удалить последний к
 $lang['danger']['goto_empty'] = "Основной адрес не может быть пустым";
 $lang['danger']['policy_list_from_exists'] = "Запись с указанным именем уже существует";
 $lang['danger']['policy_list_from_invalid'] = "Запись имеет недопустимый формат";
-$lang['danger']['whitelist_exists'] = "Указанная запись уже существует в белом списке";
-$lang['danger']['whitelist_from_invalid'] = "Запись белого списка имеет неверный формат";
 $lang['danger']['alias_invalid'] = "Недопустимый псевдоним адрес";
 $lang['danger']['goto_invalid'] = "Недопустимый основной адрес";
 $lang['danger']['alias_domain_invalid'] = "Недопустимый псевдоним домена";
@@ -50,19 +43,13 @@ $lang['success']['mailbox_modified'] = "Изменения почтового я
 $lang['success']['resource_modified'] = "Изменения почтового ящика %s сохранены";
 $lang['success']['object_modified'] = "Изменения объекта %s сохранены";
 $lang['success']['f2b_modified'] = "Изменения параметров Fail2ban сохранены";
-$lang['success']['msg_size_saved'] = "Установить ограничение на размер сообщения";
-$lang['danger']['aliasd_not_found'] = "Псевдоним домена не найден";
 $lang['danger']['targetd_not_found'] = "Основной домен не найден";
-$lang['danger']['aliasd_exists'] = "Псевдоним домена уже существует";
 $lang['success']['aliasd_added'] = "Добавлен псевдоним домена %s";
 $lang['success']['aliasd_modified'] = "Сохранить изменения псевдонима домена %s";
 $lang['success']['domain_modified'] = "Сохранить изменения домена %s";
 $lang['success']['domain_admin_modified'] = "Сохранить изменения администратора домена %s";
 $lang['success']['domain_admin_added'] = "Администратор домена %s добавлен";
-$lang['success']['changes_general'] = 'Изменения сохранены';
 $lang['success']['admin_modified'] = "Изменения администратора домена сохранены";
-$lang['danger']['exit_code_not_null'] = "Ошибка: Код ошибки %d";
-$lang['danger']['mailbox_not_available'] = "Почтовый ящик недоступен";
 $lang['danger']['username_invalid'] = "Нельзя использовать это имя пользователя";
 $lang['danger']['password_mismatch'] = "Введенные пароли не совпадают";
 $lang['danger']['password_complexity'] = "Пароль не соответствует требованиям";
@@ -71,7 +58,6 @@ $lang['danger']['login_failed'] = "Введен неверный логин ил
 $lang['danger']['mailbox_invalid'] = "Недопустимый адрес почтового ящика";
 $lang['danger']['description_invalid'] = 'Недопустимое описание ресурса';
 $lang['danger']['resource_invalid'] = "Недопустимое имя ресурса";
-$lang['danger']['mailbox_invalid_suggest'] = 'Недопустимое имя почтового ящика, возможно вы имели в виду "%s"?';
 $lang['danger']['is_alias'] = "%s уже известен как псевдоним адреса";
 $lang['danger']['is_alias_or_mailbox'] = "%s уже известен как псевдоним или почтовый ящик";
 $lang['danger']['is_spam_alias'] = "%s уже известен как временный адрес псевдонима";
@@ -96,16 +82,11 @@ $lang['danger']['mailboxes_in_use'] = "Максимальный лимит по
 $lang['danger']['aliases_in_use'] = "Максимальный лимит псевдоним адресов должен быть больше или равен %d";
 $lang['danger']['sender_acl_invalid'] = "Недопустимое значение ACL отправителя";
 $lang['danger']['domain_not_empty'] = "Нельзя удалить непустой домен";
-$lang['warning']['spam_alias_temp_error'] = "Временная ошибка: не удается добавить временный псевдоним адрес, пожалуйста, попробуйте еще раз позже.";
-$lang['danger']['spam_alias_max_exceeded'] = "Превышение максимально разрешенных временных псевдоним адресов";
 $lang['danger']['validity_missing'] = 'Пожалуйста, назначьте срок действия';
-$lang['user']['on'] = "Вкл.";
-$lang['user']['off'] = "Выкл.";
 $lang['user']['messages'] = "письма"; // "123 messages"
 $lang['user']['in_use'] = "Используется";
 $lang['user']['user_change_fn'] = "";
 $lang['user']['user_settings'] = 'Настройки пользователя';
-$lang['user']['mailbox_settings'] = 'Настройки почтового ящика';
 $lang['user']['mailbox_details'] = 'Сведения о почтовом ящике';
 $lang['user']['change_password'] = 'Смена пароля';
 $lang['user']['client_configuration'] = 'Конфигурации для клиентов электронной почты и смартфонов';
@@ -114,11 +95,8 @@ $lang['user']['save_changes'] = 'Сохранить изменения';
 $lang['user']['password_now'] = 'Текущий пароль (подтверждение изменения)';
 $lang['user']['new_password_repeat'] = 'Подтверждение пароля (повтор)';
 $lang['user']['new_password_description'] = 'Требование: 6 символов, букв и цифр.';
-$lang['user']['did_you_know'] = '<b>Знаете ли вы?</b> Вы можете использовать теги в вашем адресе электронной почты ("news+<b>my</b>@example.com") для автоматического перемещения сообщений в папку (пример: "news").';
 $lang['user']['spam_aliases'] = 'Временные псевдонимы электронной почты';
 $lang['user']['alias'] = 'Псевдоним';
-$lang['user']['aliases'] = 'Псевдонимы';
-$lang['user']['domain_aliases'] = 'Адреса псевдонимов домена';
 $lang['user']['is_catch_all'] = 'Catch-all для домена';
 $lang['user']['aliases_also_send_as'] = 'Также разрешено отправлять как пользователь';
 $lang['user']['aliases_send_as_all'] = 'Не проверять доступ отправителя для следующих доменов и псевдонимов домена';
@@ -128,7 +106,6 @@ $lang['user']['alias_valid_until'] = 'Действителен до';
 $lang['user']['alias_remove_all'] = 'Удалить все псевдоним адреса';
 $lang['user']['alias_time_left'] = 'Осталось времени';
 $lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
-$lang['user']['syncjob_full_date'] = 'd.m.Y, H:i:s T';
 $lang['user']['alias_select_validity'] = 'Период действия';
 $lang['user']['sync_jobs'] = 'Задания синхронизации';
 $lang['user']['hour'] = 'Час';
@@ -161,8 +138,6 @@ $lang['user']['tls_enforce_in'] = 'Принудительное TLS входящ
 $lang['user']['tls_enforce_out'] = 'Принудительное TLS исходящих';
 $lang['user']['no_record'] = 'Нет записи';
 
-$lang['user']['misc_settings'] = 'Другие настройки профиля';
-$lang['user']['misc_delete_profile'] = 'Другие настройки профиля';
 
 $lang['user']['tag_handling'] = 'Set handling for tagged mail';
 $lang['user']['tag_in_subfolder'] = 'В подпапку';
@@ -177,7 +152,6 @@ $lang['user']['eas_reset_help'] = 'In many cases a device cache reset will help
 
 $lang['user']['encryption'] = 'Шифрование';
 $lang['user']['username'] = 'Имя пользователя';
-$lang['user']['password'] = 'Пароль';
 $lang['user']['last_run'] = 'Последний запуск';
 $lang['user']['excludes'] = 'Исключает';
 $lang['user']['interval'] = 'Интервал';
@@ -185,45 +159,22 @@ $lang['user']['active'] = 'Активный';
 $lang['user']['action'] = 'Действия';
 $lang['user']['edit'] = 'Изменить';
 $lang['user']['remove'] = 'Удалить';
-$lang['user']['delete_now'] = 'Удалить сейчас';
 $lang['user']['create_syncjob'] = 'Создание нового задания синхронизации';
 
-$lang['start']['dashboard'] = '%s - панель';
-$lang['start']['start_rc'] = 'Открыть Roundcube';
-$lang['start']['start_sogo'] = 'Открыть SOGo';
 $lang['start']['mailcow_apps_detail'] = 'Используйте приложения для доступа к вашей почте, календарю, контактам и многое другое.';
-$lang['start']['mailcow_panel'] = 'Открыть пользовательский интерфейс mailcow';
-$lang['start']['mailcow_panel_description'] = 'Пользовательский интерфейс mailcow доступен для администраторов и пользователей почтовых ящиков.';
 $lang['start']['mailcow_panel_detail'] = '<b>Администраторы домена</b> создавать, изменять или удалять почтовые ящики и псевдонимы, изменение доменов и смотреть информацию о своих назначенных доменов. <br><b>Пользователи почтовых ящиков</b> имеют возможность создавать временные псевдонимы (спам псевдонимы), менять свой пароль и настройки фильтра спама.';
-$lang['start']['recommended_config'] = 'Рекомендуемая конфигурация (без ActiveSync)';
-$lang['start']['imap_smtp_server'] = 'Данные сервера IMAP и SMTP';
-$lang['start']['imap_smtp_server_description'] = 'Для получения наилучших результатов мы рекомендуем использовать <a href="%s" target="_blank"> <b>Mozilla Thunderbird</b></a>.';
-$lang['start']['imap_smtp_server_badge'] = 'Read/Write emails';
-$lang['start']['imap_smtp_server_auth_info'] = 'Пожалуйста, используйте ваш полный адрес электронной почты и механизма обычной проверки подлинности. <br>Ваши регистрационные данные будут зашифрованы на стороне сервера обязательного шифрования.';
-$lang['start']['managesieve'] = 'ManageSieve';
-$lang['start']['managesieve_badge'] = 'Фильтр почты';
-$lang['start']['managesieve_description'] = 'Please use <b>Mozilla Thunderbird</b> with the <a style="text-decoration:none" target="_blank" href="%s"><b>nightly sieve extension</b></a>.<br>Start Thunderbird, open the add-on settings and drop the newly downloaded xpi file into the opened window.<br>The server name is <b>%s</b>, use port <b>4190</b> if you are asked for. The login data match your email login.';
-$lang['start']['service'] = 'Сервисы';
-$lang['start']['encryption'] = 'Метод шифрования';
 $lang['start']['help'] = 'Справка';
-$lang['start']['hostname'] = 'Имя хоста';
-$lang['start']['port'] = 'Порт';
-$lang['start']['footer'] = '';
 $lang['header']['mailcow_settings'] = 'Конфигурация';
 $lang['header']['administration'] = 'Администрирование';
 $lang['header']['mailboxes'] = 'Почтовые ящики';
 $lang['header']['user_settings'] = 'Настройки пользователя';
-$lang['header']['login'] = 'Логин';
-$lang['header']['logged_in_as_logout'] = 'Вы вошли как <b>%s</b> (выйти)';
 $lang['header']['logged_in_as_logout_dual'] = 'Вы вошли как <b>%s <span class="text-info">[%s]</span></b>';
-$lang['header']['locale'] = 'Язык';
 $lang['mailbox']['domain'] = 'Домен';
 $lang['mailbox']['spam_aliases'] = 'Временный псевдоним';
 $lang['mailbox']['multiple_bookings'] = 'Multiple bookings';
 $lang['mailbox']['kind'] = 'Вид';
 $lang['mailbox']['description'] = 'Описание';
 $lang['mailbox']['alias'] = 'Псевдоним';
-$lang['mailbox']['resource_name'] = 'Название ресурса';
 $lang['mailbox']['aliases'] = 'Псевдонимы';
 $lang['mailbox']['domains'] = 'Домены';
 $lang['mailbox']['mailboxes'] = 'Почтовые ящики';
@@ -232,7 +183,6 @@ $lang['mailbox']['mailbox_quota'] = 'Максимальный размер по
 $lang['mailbox']['domain_quota'] = 'Квота';
 $lang['mailbox']['active'] = 'Активный';
 $lang['mailbox']['action'] = 'Действия';
-$lang['mailbox']['ratelimit'] = 'Outgoing rate limit/h';
 $lang['mailbox']['backup_mx'] = 'Резервное копирование MX';
 $lang['mailbox']['domain_aliases'] = 'Псевдонимы доменов';
 $lang['mailbox']['target_domain'] = 'Целевой домен';
@@ -242,20 +192,15 @@ $lang['mailbox']['fname'] = 'Полное имя';
 $lang['mailbox']['filter_table'] = 'Поиск';
 $lang['mailbox']['yes'] = '&#10004;';
 $lang['mailbox']['no'] = '&#10008;';
-$lang['mailbox']['quota'] = 'Квота';
 $lang['mailbox']['in_use'] = 'Использовано (%)';
 $lang['mailbox']['msg_num'] = 'Письма #';
 $lang['mailbox']['remove'] = 'Удалить';
 $lang['mailbox']['edit'] = 'Изменить';
-$lang['mailbox']['archive'] = 'Архив';
-$lang['mailbox']['no_record'] = 'Нет записей для объекта %s';
-$lang['mailbox']['no_record_single'] = 'Нет записей';
 $lang['mailbox']['add_domain'] = 'Добавить домен';
 $lang['mailbox']['add_domain_alias'] = 'Добавить псевдоним домена';
 $lang['mailbox']['add_mailbox'] = 'Добавить почтовый ящик';
 $lang['mailbox']['add_resource'] = 'Добавить ресурс';
 $lang['mailbox']['add_alias'] = 'Добавить псевдоним';
-$lang['mailbox']['add_domain_record_first'] = 'Пожалуйста, сначала добавьте домен';
 $lang['mailbox']['empty'] = 'Нет результатов';
 $lang['mailbox']['toggle_all'] = 'Выбрать все';
 $lang['mailbox']['quick_actions'] = 'Действия';
@@ -267,21 +212,6 @@ $lang['mailbox']['last_run'] = 'Последний запуск';
 
 $lang['info']['no_action'] = 'Действий не предусмотрено';
 
-$lang['delete']['title'] = 'Удалить объект';
-$lang['delete']['remove_domain_warning'] = '<b>Внимание:</b> Вы собираетесь удалить домен <b>%s</b>!';
-$lang['delete']['remove_syncjob_warning'] = '<b>Внимание:</b> Вы собираетесь удалить задание синхронизации пользователя <b>%s</b>!';
-$lang['delete']['remove_domainalias_warning'] = '<b>Внимание:</b> Вы собираетесь удалить псевдоним домена <b>%s</b>!';
-$lang['delete']['remove_domainadmin_warning'] = '<b>Внимание:</b> Вы собираетесь удалить администратора домена <b>%s</b>!';
-$lang['delete']['remove_alias_warning'] = '<b>Внимание:</b> Вы собираетесь удалить псевдоним адреса <b>%s</b>!';
-$lang['delete']['remove_mailbox_warning'] = '<b>Внимание:</b> Вы собираетесь удалить почтовый ящик <b>%s</b>!';
-$lang['delete']['remove_mailbox_details'] = 'Почтовый ящик будет <b>очищен навсегда</b>!';
-$lang['delete']['remove_resource_warning'] = '<b>Внимание:</b> Вы собираетесь удалить ресурс <b>%s</b>!';
-$lang['delete']['remove_resource_details'] = 'Ресурс будет <b>очищен навсегда</b>!';
-$lang['delete']['remove_domain_details'] = 'Это действие также удаляет псевдонимы домена. <br><br><b>Домен должен быть пустым для удаления.</b>';
-$lang['delete']['remove_syncjob_details'] = 'Объекты из этого задания синхронизации больше не будут извлекаться с удаленного сервера.';
-$lang['delete']['remove_alias_details'] = 'Пользователи больше не смогут получать почту или отправлять почту с этого адреса.</b>';
-$lang['delete']['remove_button'] = 'Удалить';
-$lang['delete']['previous'] = 'Предыдущая страница';
 
 $lang['edit']['syncjob'] = 'Изменить задание синхронизации';
 $lang['edit']['username'] = 'Имя пользователя';
@@ -292,22 +222,17 @@ $lang['edit']['subfolder2'] = 'Sync into subfolder on destination<br><small>(emp
 $lang['edit']['mins_interval'] = 'Интервал (минуты)';
 $lang['edit']['exclude'] = 'Исключить объекты (regex)';
 $lang['edit']['save'] = 'Сохранить изменения';
-$lang['edit']['archive'] = 'Доступ в архив';
 $lang['edit']['max_mailboxes'] = 'Максимум почтовых ящиков';
 $lang['edit']['title'] = 'Изменение объекта';
 $lang['edit']['target_address'] = 'Goto address/es <small>(comma-separated)</small>';
 $lang['edit']['active'] = 'Активный';
 $lang['edit']['target_domain'] = 'Целевой домен';
 $lang['edit']['password'] = 'Пароль';
-$lang['edit']['ratelimit'] = 'Outgoing rate limit/h';
-$lang['danger']['ratelimt_less_one'] = 'Outgoing rate limit/h must not be less than 1';
 $lang['edit']['password_repeat'] = 'Подтверждение пароля (повтор)';
 $lang['edit']['domain_admin'] = 'Изменение администратора домена';
 $lang['edit']['domain'] = 'Изменение домена';
-$lang['edit']['alias_domain'] = 'Псевдоним домена';
 $lang['edit']['edit_alias_domain'] = 'Изменить псевдоним домена';
 $lang['edit']['domains'] = 'Домены';
-$lang['edit']['destroy'] = 'Ручной ввод данных';
 $lang['edit']['alias'] = 'Изменить псевдоним';
 $lang['edit']['mailbox'] = 'Изменение почтового ящика';
 $lang['edit']['description'] = 'Описание';
@@ -317,22 +242,16 @@ $lang['edit']['domain_quota'] = 'Квота домена';
 $lang['edit']['backup_mx_options'] = 'Параметры резервного копирования MX';
 $lang['edit']['relay_domain'] = 'Домен ретрансляции';
 $lang['edit']['relay_all'] = 'Ретрансляция всех получателей';
-$lang['edit']['dkim_signature'] = 'ARC + DKIM подпись';
-$lang['edit']['dkim_record_info'] = '<small>Please add a TXT record with the given value to your DNS settings.</small>';
 $lang['edit']['relay_all_info'] = '<small>If you choose <b>not</b> to relay all recipients, you will need to add a ("blind") mailbox for every single recipient that should be relayed.</small>';
 $lang['edit']['full_name'] = 'Полное имя';
 $lang['edit']['quota_mb'] = 'Квота (MiB)';
 $lang['edit']['sender_acl'] = 'Allow to send as';
-$lang['edit']['sender_acl_info'] = 'Псевдонимы не могут быть отменены.';
-$lang['edit']['dkim_txt_name'] = 'Имя TXT записи:';
-$lang['edit']['dkim_txt_value'] = 'Значение TXT записи:';
 $lang['edit']['previous'] = 'Предыдущая страница';
 $lang['edit']['unchanged_if_empty'] = 'Если без изменений оставьте пустым';
 $lang['edit']['dont_check_sender_acl'] = "Отключить проверку отправителя для домена %s + псевдонимов домена";
 $lang['edit']['multiple_bookings'] = 'Multiple bookings';
 $lang['edit']['kind'] = 'Вид';
 $lang['edit']['resource'] = 'Ресурс';
-$lang['edit']['goto_null'] = 'Отключить почту';
 
 $lang['add']['syncjob'] = 'Добавить задание синхронизации';
 $lang['add']['syncjob_hint'] = 'Имейте в виду, что пароли должны быть сохранены в виде простого текста!';
@@ -341,8 +260,6 @@ $lang['add']['port'] = 'Порт';
 $lang['add']['username'] = 'Имя пользователя';
 $lang['add']['enc_method'] = 'Метод шифрования';
 $lang['add']['mins_interval'] = 'Интервал опроса (в минутах)';
-$lang['add']['maxage'] = 'Максимальный возраст писем в днях, которые будут опрошены с удаленного хоста (0 = игнорировать возраст)';
-$lang['add']['subfolder2'] = 'Синхронизировать в подпапку по назначению';
 $lang['add']['exclude'] = 'Исключить объекты (regex)';
 $lang['add']['delete2duplicates'] = 'Удаление дубликатов по назначению';
 $lang['add']['delete1'] = 'Удаление из источника после завершения';
@@ -351,14 +268,11 @@ $lang['edit']['delete2duplicates'] = 'Удаление дубликатов по
 $lang['edit']['delete1'] = 'Удаление из источника после завершения';
 $lang['edit']['delete2'] = 'Удаление писем по месту назначения, которые не находятся на исходном';
 
-$lang['add']['title'] = 'Добавить объект';
 $lang['add']['domain'] = 'Домен';
 $lang['add']['active'] = 'Активный';
 $lang['add']['multiple_bookings'] = 'Multiple bookings';
-$lang['add']['save'] = 'Сохранить изменения';
 $lang['add']['description'] = 'Описание';
 $lang['add']['max_aliases'] = 'Максимум псевдонимов';
-$lang['add']['resource_name'] = 'Название ресурса';
 $lang['add']['max_mailboxes'] = 'Максимум почтовых ящиков';
 $lang['add']['mailbox_quota_m'] = 'Максимальная квота почтового ящика (MiB)';
 $lang['add']['domain_quota_m'] = 'Квота домена (MiB)';
@@ -366,8 +280,6 @@ $lang['add']['backup_mx_options'] = 'Параметры резервного к
 $lang['add']['relay_all'] = 'Ретрансляция всех получателей';
 $lang['add']['relay_domain'] = 'Ретрансляция этого домена';
 $lang['add']['relay_all_info'] = '<small>Если вы выбрали <b>не</b> для ретрансляции всех получателей, вам нужно будет добавить ("слепой") почтовый ящик для каждого получателя, который должен быть ретранслирован.</small>';
-$lang['add']['alias'] = 'Псевдоним(ы)';
-$lang['add']['alias_spf_fail'] = '<b>Note:</b> If your chosen destination address is an external mailbox, the <b>receiving mailserver</b> may reject your message due to an SPF failure.</a>';
 $lang['add']['alias_address'] = 'Псевдоним адрес(а)';
 $lang['add']['alias_address_info'] = '<small>Полный почтовый адрес(а) или @example.com, чтобы поймать все сообщения для домена (разделенных запятыми). <b>только домены mailcow</b>.</small>';
 $lang['add']['alias_domain_info'] = '<small>Действительные имена доменов (разделенные запятыми).</small>';
@@ -376,8 +288,6 @@ $lang['add']['target_address_info'] = '<small>Адрес(а) почтовых я
 $lang['add']['alias_domain'] = 'Псевдоним домена';
 $lang['add']['select'] = 'Пожалуйста, выберите...';
 $lang['add']['target_domain'] = 'Целевой домен';
-$lang['add']['mailbox'] = 'Почтовый ящик';
-$lang['add']['resource'] = 'Ресурс';
 $lang['add']['kind'] = 'Вид';
 $lang['add']['mailbox_username'] = 'Имя пользователя (часть адреса электронной почты слева)';
 $lang['add']['full_name'] = 'Полное имя';
@@ -385,20 +295,12 @@ $lang['add']['quota_mb'] = 'Квота (MiB)';
 $lang['add']['select_domain'] = 'Пожалуйста, сначала выберите домен';
 $lang['add']['password'] = 'Пароль';
 $lang['add']['password_repeat'] = 'Подтверждение пароля (повтор)';
-$lang['add']['previous'] = 'Предыдущая страница';
 $lang['add']['restart_sogo_hint'] = 'После добавления нового домена вам необходимо перезагрузить контейнер службы SOGo!';
 $lang['add']['goto_null'] = 'Отключить почту';
 
-$lang['login']['title'] = 'Логин';
-$lang['login']['administration'] = 'Администрирование';
-$lang['login']['administration_details'] = 'Пожалуйста, используйте вашу учетную запись администратора для выполнения административных задач.';
-$lang['login']['user_settings'] = 'Настройки пользователя';
-$lang['login']['user_settings_details'] = 'Пользователи почтовых ящиков могут использовать пользовательский интерфейс mailcow для изменения пароля, создавать временные псевдонимы (спам псевдонимы), настроить поведение фильтра спама или импортировать сообщения из удаленного сервера IMAP.';
 $lang['login']['username'] = 'Имя пользователя';
 $lang['login']['password'] = 'Пароль';
-$lang['login']['reset_password'] = 'Сбросить мой пароль';
 $lang['login']['login'] = 'Логин';
-$lang['login']['previous'] = "Предыдущая страница";
 $lang['login']['delayed'] = 'Вход был задержан на %s секунд.';
 
 $lang['tfa']['tfa'] = "Двухфакторная проверка подлинности";
@@ -408,15 +310,11 @@ $lang['tfa']['key_id'] = "Идентификатор вашего YubiKey";
 $lang['tfa']['key_id_totp'] = "Идентификатор для вашего ключа";
 $lang['tfa']['api_register'] = 'mailcow uses the Yubico Cloud API. Please get an API key for your key <a href="https://upgrade.yubico.com/getapikey/" target="_blank">here</a>';
 $lang['tfa']['u2f'] = "U2F аутентификация";
-$lang['tfa']['hotp'] = "HOTP аутентификация";
 $lang['tfa']['none'] = "Отключить";
 $lang['tfa']['delete_tfa'] = "Отключить TFA";
 $lang['tfa']['disable_tfa'] = "Отключить TFA до следующего успешного входа";
-$lang['tfa']['confirm_tfa'] = "Пожалуйста, подтвердите ваш одноразовый пароль в поле ниже";
 $lang['tfa']['confirm'] = "Подтвердите";
-$lang['tfa']['otp'] = "Одноразовый пароль";
 $lang['tfa']['totp'] = "На основе времени OTP (Google Authenticator и др.)";
-$lang['tfa']['trash_login'] = "Некорректный логин";
 $lang['tfa']['select'] = "Пожалуйста, выберите";
 $lang['tfa']['waiting_usb_auth'] = "<i>Waiting for USB device...</i><br><br>Please tap the button on your U2F USB device now.";
 $lang['tfa']['waiting_usb_register'] = "<i>Waiting for USB device...</i><br><br>Please enter your password above and confirm your U2F registration by tapping the button on your U2F USB device.";
@@ -433,38 +331,13 @@ $lang['admin']['f2b_max_attempts'] = 'Max. attempts';
 $lang['admin']['f2b_retry_window'] = 'Retry window (s) for max. attempts';
 $lang['admin']['f2b_whitelist'] = 'Whitelisted networks/hosts';
 $lang['admin']['search_domain_da'] = 'Поиск доменов';
-$lang['admin']['restrictions'] = 'Postfix Restrictions';
-$lang['admin']['rr'] = 'Postfix Recipient Restrictions';
-$lang['admin']['reset_defaults'] = 'Сброс по умолчанию';
-$lang['admin']['sr'] = 'Postfix Sender Restrictions';
 $lang['admin']['r_inactive'] = 'Inactive restrictions';
 $lang['admin']['r_active'] = 'Active restrictions';
 $lang['admin']['r_info'] = 'Greyed out/disabled elements on the list of active restrictions are not known as valid restrictions to mailcow and cannot be moved. Unknown restrictions will be set in order of appearance anyway. <br>You can add new elements in <code>inc/vars.local.inc.php</code> to be able to toggle them.';
-$lang['admin']['public_folders'] = 'Общие папки';
-$lang['admin']['public_folders_text'] = 'A namespace "Public" is created. Below\'s public folder name indicates the name of the first auto-created mailbox within this namespace.';
-$lang['admin']['public_folder_name'] = 'Имя папки';
-$lang['admin']['public_folder_enable'] = 'Включение общих папок';
-$lang['admin']['public_folder_enable_text'] = 'Отключение этой опции не приведет к удалению почты из общих папок.';
-$lang['admin']['public_folder_pusf'] = 'Enable per-user seen flag';
-$lang['admin']['public_folder_pusf_text'] = 'A "per-user seen flag"-enabled system will not mark a mail as read for User B, when User A has seen it, but User B did not.';
-$lang['admin']['privacy'] = 'Конфиденциальность';
-$lang['admin']['privacy_text'] = 'This option enables a PCRE table to remove "User-Agent", "X-Enigmail", "X-Mailer", "X-Originating-IP" and replaces "Received: from" headers with localhost/127.0.0.1.';
-$lang['admin']['privacy_anon_mail'] = 'Анонимизировать исходящую почту';
-$lang['admin']['dkim_txt_name'] = 'Имя TXT записи:';
-$lang['admin']['dkim_txt_value'] = 'Значение TXT записи:';
 $lang['admin']['dkim_key_length'] = 'Длина DKIM ключа (bits)';
 $lang['admin']['dkim_key_valid'] = 'Действительный ключ';
 $lang['admin']['dkim_key_unused'] = 'Ключ не используется';
 $lang['admin']['dkim_key_missing'] = 'Ключ отсутствует';
-$lang['admin']['dkim_key_hint'] = 'Селектор для DKIM ключей всегда является <code>dkim</code>.';
-$lang['admin']['previous'] = 'Предыдущая страница';
-$lang['admin']['quota_mb'] = 'Квота (MiB):';
-$lang['admin']['sender_acl'] = 'Разрешить отправлять письма от:';
-$lang['admin']['msg_size'] = 'Максимальный размер писем';
-$lang['admin']['msg_size_limit'] = 'Ограничение размера писем теперь';
-$lang['admin']['msg_size_limit_details'] = 'Применяя новый лимит будет перезагружен Postfix и веб-сервер.';
-$lang['admin']['maintenance'] = 'Техническое обслуживание и информация';
-$lang['admin']['sys_info'] = 'Сведения о системе';
 $lang['admin']['dkim_add_key'] = 'Добавить ARC/DKIM ключ';
 $lang['admin']['dkim_keys'] = 'ARC/DKIM ключи';
 $lang['admin']['add'] = 'Добавить';
@@ -487,20 +360,12 @@ $lang['admin']['unchanged_if_empty'] = 'Если без изменений ос
 $lang['admin']['yes'] = '&#10004;';
 $lang['admin']['no'] = '&#10008;';
 $lang['admin']['access'] = 'Доступ к';
-$lang['admin']['invalid_max_msg_size'] = 'Неверно указан максимальный размер писем';
-$lang['admin']['site_not_found'] = 'Не удается найти конфигурацию сайта mailcow';
-$lang['admin']['public_folder_empty'] = 'Имя общей папки не должно быть пустым';
-$lang['admin']['set_rr_failed'] = 'Не удается задать ограничения Postfix';
 $lang['admin']['no_record'] = 'Нет записей';
 $lang['admin']['filter_table'] = 'Поиск';
 $lang['admin']['empty'] = 'Нет результатов';
-$lang['admin']['time'] = 'Время';
-$lang['admin']['priority'] = 'Приоритет';
-$lang['admin']['message'] = 'Письма';
 $lang['admin']['refresh'] = 'Обновить';
 $lang['admin']['to_top'] = 'Вернуться к началу';
 $lang['admin']['in_use_by'] = 'Используемый в';
-$lang['admin']['logs'] = 'Журналы';
 $lang['admin']['forwarding_hosts'] = 'Переадресация хостов';
 $lang['admin']['forwarding_hosts_hint'] = 'Безоговорочно входящие сообщения принимаются от любых хостов, перечисленных здесь. Затем эти хосты не проверяется DNSBL и greylisting. Спам, полученный от них никогда не отклоняется, но при необходимости он может быть помещен в папку Спам. Чаще всего для этого требуется указать почтовые серверы, на которых вы создали правило перенаправления входящих сообщений электронной почты на сервер mailcow.';
 $lang['admin']['forwarding_hosts_add_hint'] = 'Можно либо указать IPv4/IPv6-адресов сетей в нотации CIDR, имена узлов (которые будут разрешаться в IP-адреса) или доменные имена (которые будут решаться с IP-адресами путем запроса SPF записей или, в случае их отсутствия, MX записей).';
@@ -510,7 +375,6 @@ $lang['admin']['host'] = 'Хост';
 $lang['admin']['source'] = 'Источник';
 $lang['admin']['add_forwarding_host'] = 'Добавить перенаправление узла';
 $lang['admin']['add_relayhost'] = 'Добавление промежуточного узла';
-$lang['delete']['remove_forwardinghost_warning'] = '<b>Внимание:</b> Вы собираетесь удалить узел пересылки <b>%s</b>!';
 $lang['success']['forwarding_host_removed'] = "Перенаправление узла %s удалено";
 $lang['success']['forwarding_host_added'] = "Перенаправление узла %s добавлено";
 $lang['success']['relayhost_removed'] = "Промежуточный узел %s удален";
@@ -530,10 +394,6 @@ $lang['admin']['add_row'] = "Добавить строку";
 $lang['admin']['reset_default'] = "Восстановить по умолчанию";
 $lang['admin']['merged_vars_hint'] = 'Серым цветом выделены строки полученные из <code>vars.inc.(local.)php</code> и не могут быть изменены.';
 
-$lang['edit']['tls_policy'] = "Изменение политики TLS";
 $lang['edit']['spam_score'] = "Задать индивидуальное определение спама";
 $lang['edit']['spam_policy'] = "Добавление или удаление элементов в белом/черном списке";
-$lang['edit']['delimiter_action'] = "Изменение разделителя действий";
-$lang['edit']['syncjobs'] = "Добавление и изменение заданий синхронизации";
-$lang['edit']['eas_reset'] = "Сброс устройства EAS";
 $lang['edit']['spam_alias'] = "Создать или изменить временные псевдоним адреса";
diff --git a/helper-scripts/check_translations.rb b/helper-scripts/check_translations.rb
new file mode 100755
index 00000000..545f978d
--- /dev/null
+++ b/helper-scripts/check_translations.rb
@@ -0,0 +1,34 @@
+#!/usr/bin/ruby
+
+MASTER="en"
+
+DIR = "#{__dir__}/.."
+
+keys = %x[sed -r 's/.*(\\['.*'\\]\\['.*'\\]).*/\\1/g' #{DIR}/data/web/lang/lang.#{MASTER}.php | grep  '^\\\[' | sed 's/\\[/\\\\[/g' | sed 's/\\]/\\\\]/g'|sort | uniq]
+
+not_used_in_php = []
+keys.split("\n").each do |key|
+  %x[git grep "#{key}" -- #{DIR}/data/web/*.php #{DIR}/data/web/inc #{DIR}/data/web/modals]
+  if $?.exitstatus > 0
+    not_used_in_php << key
+  end
+end
+
+# \['user'\]\['username'\]
+# \['user'\]\['waiting'\]
+# \['warning'\]\['spam_alias_temp_error'\]
+
+not_used = []
+not_used_in_php.each do |string|
+  section = string.scan(/([a-z]+)/)[0][0]
+  key     = string.scan(/([a-z]+)/)[1][0]
+  %x[git grep lang.#{key} -- #{DIR}/data/web/js/#{section}.js]
+  if $?.exitstatus > 0
+    not_used << string
+  end
+end
+
+puts "# Remove unused translation keys:"
+not_used.each do |key|
+  puts "sed -i \"/\\$lang#{key}.*;/d\" data/web/lang/lang.??.php"
+end

From 64dbd544784ccb6d40a4ff83d4934aae1cb0ef07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 22:45:04 +0100
Subject: [PATCH 051/107] [Web] Fix urlencoded objects in api

---
 data/web/js/api.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/web/js/api.js b/data/web/js/api.js
index 2308a595..c4d0a37d 100644
--- a/data/web/js/api.js
+++ b/data/web/js/api.js
@@ -124,6 +124,9 @@ $(document).ready(function() {
     }
     if (typeof multi_data[id] == "undefined") return;
     api_items = multi_data[id];
+    for (var i in api_items) {
+      api_items[i] = decodeURIComponent(api_items[i]);
+    }
     // alert(JSON.stringify(api_attr));
     if (Object.keys(api_items).length !== 0) {
       if (is_active($(this))) { return false; }
@@ -251,6 +254,7 @@ $(document).ready(function() {
     $(document).on('show.bs.modal', '#ConfirmDeleteModal', function() {
       $("#ItemsToDelete").empty();
       for (var i in data_array) {
+        data_array[i] = decodeURIComponent(data_array[i]);
         $("#ItemsToDelete").append("<li>" + data_array[i] + "</li>");
       }
     })

From 550888cfb403c76582e5b5017ac2108908a53c87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 9 Feb 2018 23:03:08 +0100
Subject: [PATCH 052/107] [Web] Fixes #1013 by encoding display name in XML
 request

---
 data/web/autodiscover.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index 2f5fb2c9..a8d8073b 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -148,7 +148,7 @@ else {
 ?>
   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
     <User>
-      <DisplayName><?=$displayname;?></DisplayName>
+      <DisplayName><?=htmlspecialchars($displayname, ENT_XML1 | ENT_QUOTES, 'UTF-8');?></DisplayName>
     </User>
     <Account>
       <AccountType>email</AccountType>
@@ -196,7 +196,7 @@ else {
   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
     <Culture>en:en</Culture>
     <User>
-      <DisplayName><?=$displayname;?></DisplayName>
+      <DisplayName><?=htmlspecialchars($displayname, ENT_XML1 | ENT_QUOTES, 'UTF-8');?></DisplayName>
       <EMailAddress><?=$email;?></EMailAddress>
     </User>
     <Action>

From 4163f0800952e35f3d2335b666bcf7a419708c1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 10 Feb 2018 18:16:01 +0100
Subject: [PATCH 053/107] [Web] Fixes #1017

---
 data/web/js/mailbox.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index cca7331b..1ff4066d 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -250,6 +250,7 @@ jQuery(function($){
           $.each(data, function (i, item) {
             item.quota = item.quota_used + "/" + item.quota;
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
+            item.username = escapeHtml(item.username);
             item.chkbox = '<input type="checkbox" data-id="mailbox" name="multi_select" value="' + item.username + '" />';
             if (role == "admin") {
             item.action = '<div class="btn-group">' +
@@ -359,6 +360,8 @@ jQuery(function($){
               '<a href="#" id="delete_selected" data-id="single-bcc" data-api-url="delete/bcc" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="bcc" name="multi_select" value="' + item.id + '" />';
+            item.local_dest = escapeHtml(item.local_dest);
+            item.bcc_dest = escapeHtml(item.bcc_dest);
             if (item.type == 'sender') {
               item.type = '<span id="active-script" class="label label-success">Sender</span>';
             } else {
@@ -404,6 +407,8 @@ jQuery(function($){
         success: function (data) {
           if (role == "admin") {
             $.each(data, function (i, item) {
+              item.recipient_map_old = escapeHtml(item.recipient_map_old);
+              item.recipient_map_new = escapeHtml(item.recipient_map_new);
               item.action = '<div class="btn-group">' +
                 '<a href="/edit.php?recipient_map=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
                 '<a href="#" id="delete_selected" data-id="single-recipient_map" data-api-url="delete/recipient_map" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
@@ -454,6 +459,8 @@ jQuery(function($){
               '<a href="#" id="delete_selected" data-id="single-alias" data-api-url="delete/alias" data-item="' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="alias" name="multi_select" value="' + item.address + '" />';
+            item.goto = escapeHtml(item.goto);
+            item.address = escapeHtml(item.address);
             if (item.is_catch_all == 1) {
               item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
             }
@@ -554,6 +561,7 @@ jQuery(function($){
         success: function (data) {
           $.each(data, function (i, item) {
             item.log = '<a href="#syncjobLogModal" data-toggle="modal" data-syncjob-id="' + encodeURI(item.id) + '">Open logs</a>'
+            item.user2 = escapeHtml(item.user2);
             if (!item.exclude > 0) {
               item.exclude = '-';
             } else {

From 6db217d97eaa730c7852909b4ef3757be1da111e Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Sat, 10 Feb 2018 18:26:20 +0100
Subject: [PATCH 054/107] Update update.sh

Should be `elif` instead of `if`
---
 update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/update.sh b/update.sh
index 56ec3ab9..ceb4311c 100755
--- a/update.sh
+++ b/update.sh
@@ -53,7 +53,7 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "${option}=" >> mailcow.conf
     fi
-  if [[ ${option} == "SYSCTL_IPV6_DISABLED" ]]; then
+  elif [[ ${option} == "SYSCTL_IPV6_DISABLED" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"
       echo "# Disable IPv6" >> mailcow.conf

From 8e1ac0bfbb7bbcdd9796bfeed4c5789eafe132b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 10 Feb 2018 21:00:00 +0100
Subject: [PATCH 055/107] [Web] More fixes for #1017

---
 data/web/edit.php                      | 18 ++++-----
 data/web/inc/functions.mailbox.inc.php | 10 ++---
 data/web/js/mailbox.js                 | 51 +++++++++++++-------------
 3 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/data/web/edit.php b/data/web/edit.php
index 8049386a..6652d7f3 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -20,7 +20,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
   if ($_SESSION['mailcow_cc_role'] == "admin"  || $_SESSION['mailcow_cc_role'] == "domainadmin") {
       if (isset($_GET["alias"]) &&
         !empty($_GET["alias"])) {
-          $alias = $_GET["alias"];
+          $alias = html_entity_decode(rawurldecode($_GET["alias"]));
           $result = mailbox('get', 'alias_details', $alias);
           if (!empty($result)) {
           ?>
@@ -46,7 +46,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
               </div>
               <div class="form-group">
                 <div class="col-sm-offset-2 col-sm-10">
-                  <button class="btn btn-success" id="edit_selected" data-id="editalias" data-item="<?=$alias;?>" data-api-url='edit/alias' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
+                  <button class="btn btn-success" id="edit_selected" data-id="editalias" data-item="<?=htmlspecialchars($alias);?>" data-api-url='edit/alias' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
                 </div>
               </div>
             </form>
@@ -313,9 +313,9 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         }
     }
     elseif (isset($_GET['aliasdomain']) &&
-      is_valid_domain_name($_GET["aliasdomain"]) &&
+      is_valid_domain_name(html_entity_decode(rawurldecode($_GET["aliasdomain"]))) &&
       !empty($_GET["aliasdomain"])) {
-        $alias_domain = $_GET["aliasdomain"];
+        $alias_domain = html_entity_decode(rawurldecode($_GET["aliasdomain"]));
         $result = mailbox('get', 'alias_domain_details', $alias_domain);
         $rl = mailbox('get', 'ratelimit', $alias_domain);
         if (!empty($result)) {
@@ -380,8 +380,8 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         <?php
         }
     }
-    elseif (isset($_GET['mailbox']) && filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
-      $mailbox = $_GET["mailbox"];
+    elseif (isset($_GET['mailbox']) && filter_var(html_entity_decode(rawurldecode($_GET["mailbox"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
+      $mailbox = html_entity_decode(rawurldecode($_GET["mailbox"]));
       $result = mailbox('get', 'mailbox_details', $mailbox);
       $rl = mailbox('get', 'ratelimit', $mailbox);
       if (!empty($result)) {
@@ -500,7 +500,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
                 </select>
               </div>
               <div class="form-group">
-                <button class="btn btn-default" id="edit_selected" data-id="mboxratelimit" data-item="<?=$mailbox;?>" data-api-url='edit/ratelimit' data-api-attr='{}' href="#"><?=$lang['admin']['save'];?></button>
+                <button class="btn btn-default" id="edit_selected" data-id="mboxratelimit" data-item="<?=htmlspecialchars($mailbox);?>" data-api-url='edit/ratelimit' data-api-attr='{}' href="#"><?=$lang['admin']['save'];?></button>
               </div>
             </div>
           </div>
@@ -555,8 +555,8 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         <?php
         }
     }
-    elseif (isset($_GET['resource']) && filter_var($_GET["resource"], FILTER_VALIDATE_EMAIL) && !empty($_GET["resource"])) {
-        $resource = $_GET["resource"];
+    elseif (isset($_GET['resource']) && filter_var(html_entity_decode(rawurldecode($_GET["resource"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["resource"])) {
+        $resource = html_entity_decode(rawurldecode($_GET["resource"]));
         $result = mailbox('get', 'resource_details', $resource);
         if (!empty($result)) {
           ?>
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 5bd9ac58..6cc5bf30 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -511,8 +511,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             if (in_array($address, $gotos)) {
               continue;
             }
-            $domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
-            $local_part   = strstr($address, '@', true);
+            $domain       = idn_to_ascii(substr(strrchr($address, '@'), 1));
+            $local_part   = substr($address, 0, strripos($address, '@'));
             $address      = $local_part.'@'.$domain;
             $stmt = $pdo->prepare("SELECT `address` FROM `alias`
               WHERE `address`= :address OR `address` IN (
@@ -1713,8 +1713,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               $gotos = array_filter($gotos);
               $goto = implode(",", $gotos);
             }
-            $domain = idn_to_ascii(substr(strstr($address, '@'), 1));
-            $local_part = strstr($address, '@', true);
+            $domain       = idn_to_ascii(substr(strrchr($address, '@'), 1));
+            $local_part   = substr($address, 0, strripos($address, '@'));
             if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
               $_SESSION['return'] = array(
                 'type' => 'danger',
@@ -3478,7 +3478,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $addresses = $_data['address'];
           }
           foreach ($addresses as $address) {
-            $local_part		= strstr($address, '@', true);
+            $local_part   = substr($address, 0, strripos($address, '@'));
             $domain = mailbox('get', 'alias_details', $address)['domain'];
             try {
               $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 1ff4066d..93418d92 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -186,16 +186,16 @@ jQuery(function($){
             item.mailboxes = item.mboxes_in_domain + " / " + item.max_num_mboxes_for_domain;
             item.quota = item.quota_used_in_domain + "/" + item.max_quota_for_domain;
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
-            item.chkbox = '<input type="checkbox" data-id="domain" name="multi_select" value="' + item.domain_name + '" />';
+            item.chkbox = '<input type="checkbox" data-id="domain" name="multi_select" value="' + encodeURIComponent(item.domain_name) + '" />';
             item.action = '<div class="btn-group">';
             if (role == "admin") {
-              item.action += '<a href="/edit.php?domain=' + encodeURI(item.domain_name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-                '<a href="#" id="delete_selected" data-id="single-domain" data-api-url="delete/domain" data-item="' + encodeURI(item.domain_name) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>';
+              item.action += '<a href="/edit.php?domain=' + encodeURIComponent(item.domain_name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+                '<a href="#" id="delete_selected" data-id="single-domain" data-api-url="delete/domain" data-item="' + encodeURIComponent(item.domain_name) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>';
             }
             else {
-              item.action += '<a href="/edit.php?domain=' + encodeURI(item.domain_name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>';
+              item.action += '<a href="/edit.php?domain=' + encodeURIComponent(item.domain_name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>';
             }
-            item.action += '<a href="#dnsInfoModal" class="btn btn-xs btn-info" data-toggle="modal" data-domain="' + encodeURI(item.domain_name) + '"><span class="glyphicon glyphicon-question-sign"></span> DNS</a></div>';
+            item.action += '<a href="#dnsInfoModal" class="btn btn-xs btn-info" data-toggle="modal" data-domain="' + encodeURIComponent(item.domain_name) + '"><span class="glyphicon glyphicon-question-sign"></span> DNS</a></div>';
           });
         }
       }),
@@ -251,18 +251,18 @@ jQuery(function($){
             item.quota = item.quota_used + "/" + item.quota;
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
             item.username = escapeHtml(item.username);
-            item.chkbox = '<input type="checkbox" data-id="mailbox" name="multi_select" value="' + item.username + '" />';
+            item.chkbox = '<input type="checkbox" data-id="mailbox" name="multi_select" value="' + encodeURIComponent(item.username) + '" />';
             if (role == "admin") {
             item.action = '<div class="btn-group">' +
-              '<a href="/edit.php?mailbox=' + encodeURI(item.username) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
-              '<a href="/index.php?duallogin=' + encodeURI(item.username) + '" class="btn btn-xs btn-success"><span class="glyphicon glyphicon-user"></span> Login</a>' +
+              '<a href="/edit.php?mailbox=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="/index.php?duallogin=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-success"><span class="glyphicon glyphicon-user"></span> Login</a>' +
               '</div>';
             }
             else {
             item.action = '<div class="btn-group">' +
-              '<a href="/edit.php?mailbox=' + encodeURI(item.username) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURI(item.username) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="/edit.php?mailbox=' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-mailbox" data-api-url="delete/mailbox" data-item="' + encodeURIComponent(item.username) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             }
             item.in_use = '<div class="progress">' +
@@ -309,11 +309,12 @@ jQuery(function($){
         },
         success: function (data) {
           $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name);
             item.action = '<div class="btn-group">' +
-              '<a href="/edit.php?resource=' + encodeURI(item.name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-resource" data-api-url="delete/resource" data-item="' + encodeURI(item.name) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="/edit.php?resource=' + encodeURIComponent(item.name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-resource" data-api-url="delete/resource" data-item="' + encodeURIComponent(item.name) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
-            item.chkbox = '<input type="checkbox" data-id="resource" name="multi_select" value="' + item.name + '" />';
+            item.chkbox = '<input type="checkbox" data-id="resource" name="multi_select" value="' + encodeURIComponent(item.name) + '" />';
           });
         }
       }),
@@ -455,14 +456,14 @@ jQuery(function($){
         success: function (data) {
           $.each(data, function (i, item) {
             item.action = '<div class="btn-group">' +
-              '<a href="/edit.php?alias=' + encodeURI(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-alias" data-api-url="delete/alias" data-item="' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="/edit.php?alias=' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-alias" data-api-url="delete/alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
-            item.chkbox = '<input type="checkbox" data-id="alias" name="multi_select" value="' + item.address + '" />';
+            item.chkbox = '<input type="checkbox" data-id="alias" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
             item.goto = escapeHtml(item.goto);
             item.address = escapeHtml(item.address);
             if (item.is_catch_all == 1) {
-              item.address = '<div class="label label-default">Catch-All</div> ' + item.address;
+              item.address = '<div class="label label-default">Catch-All</div> ' + escapeHtml(item.address);
             }
             if (item.goto == "null@localhost") {
               item.goto = '⤷ <span style="font-size:12px" class="glyphicon glyphicon-trash" aria-hidden="true"></span>';
@@ -510,11 +511,11 @@ jQuery(function($){
         success: function (data) {
           $.each(data, function (i, item) {
             item.action = '<div class="btn-group">' +
-              '<a href="/edit.php?aliasdomain=' + encodeURI(item.alias_domain) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-alias-domain" data-api-url="delete/alias-domain" data-item="' + encodeURI(item.alias_domain) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
-              '<a href="#dnsInfoModal" class="btn btn-xs btn-info" data-toggle="modal" data-domain="' + encodeURI(item.alias_domain) + '"><span class="glyphicon glyphicon-question-sign"></span> DNS</a></div>' +
+              '<a href="/edit.php?aliasdomain=' + encodeURIComponent(item.alias_domain) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-alias-domain" data-api-url="delete/alias-domain" data-item="' + encodeURIComponent(item.alias_domain) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="#dnsInfoModal" class="btn btn-xs btn-info" data-toggle="modal" data-domain="' + encodeURIComponent(item.alias_domain) + '"><span class="glyphicon glyphicon-question-sign"></span> DNS</a></div>' +
               '</div>';
-            item.chkbox = '<input type="checkbox" data-id="alias-domain" name="multi_select" value="' + item.alias_domain + '" />';
+            item.chkbox = '<input type="checkbox" data-id="alias-domain" name="multi_select" value="' + encodeURIComponent(item.alias_domain) + '" />';
           });
         }
       }),
@@ -560,7 +561,7 @@ jQuery(function($){
         },
         success: function (data) {
           $.each(data, function (i, item) {
-            item.log = '<a href="#syncjobLogModal" data-toggle="modal" data-syncjob-id="' + encodeURI(item.id) + '">Open logs</a>'
+            item.log = '<a href="#syncjobLogModal" data-toggle="modal" data-syncjob-id="' + encodeURIComponent(item.id) + '">Open logs</a>'
             item.user2 = escapeHtml(item.user2);
             if (!item.exclude > 0) {
               item.exclude = '-';
@@ -570,7 +571,7 @@ jQuery(function($){
             item.server_w_port = item.user1 + '@' + item.host1 + ':' + item.port1;
             item.action = '<div class="btn-group">' +
               '<a href="/edit.php?syncjob=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
             if (item.is_running == 1) {
@@ -632,7 +633,7 @@ jQuery(function($){
             item.filter_type = '<div class="label label-default">' + item.filter_type.charAt(0).toUpperCase() + item.filter_type.slice(1).toLowerCase() + '</div>'
             item.action = '<div class="btn-group">' +
               '<a href="/edit.php?filter=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-              '<a href="#" id="delete_selected" data-id="single-filter" data-api-url="delete/filter" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+              '<a href="#" id="delete_selected" data-id="single-filter" data-api-url="delete/filter" data-item="' + encodeURIComponent(item.id) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="filter_item" name="multi_select" value="' + item.id + '" />'
           });

From 618be3bf14600e46821e38ae7231bdf8cbae5ce9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 10 Feb 2018 22:42:46 +0100
Subject: [PATCH 056/107] [Web] Even more fixes for #1017

---
 data/web/inc/footer.inc.php           |  4 ++--
 data/web/inc/functions.inc.php        | 16 ++++++----------
 data/web/inc/functions.policy.inc.php |  2 +-
 data/web/inc/header.inc.php           |  6 +++---
 data/web/inc/triggers.inc.php         |  7 ++++---
 data/web/js/mailbox.js                | 11 ++++++-----
 data/web/js/user.js                   | 18 ++++++++++--------
 data/web/user.php                     | 20 ++++++++++----------
 8 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 3c92c28e..d0932514 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -61,7 +61,7 @@ $(document).ready(function() {
           type: "GET",
           cache: false,
           dataType: 'script',
-          url: "/api/v1/get/u2f-authentication/<?= (isset($_SESSION['pending_mailcow_cc_username'])) ? $_SESSION['pending_mailcow_cc_username'] : null; ?>",
+          url: "/api/v1/get/u2f-authentication/<?= (isset($_SESSION['pending_mailcow_cc_username'])) ? rawurlencode($_SESSION['pending_mailcow_cc_username']) : null; ?>",
           complete: function(data){
             $('#u2f_status_auth').html('<?=$lang['tfa']['waiting_usb_auth'];?>');
             data;
@@ -100,7 +100,7 @@ $(document).ready(function() {
         type: "GET",
         cache: false,
         dataType: 'script',
-        url: "/api/v1/get/u2f-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? $_SESSION['mailcow_cc_username'] : null; ?>",
+        url: "/api/v1/get/u2f-registration/<?= (isset($_SESSION['mailcow_cc_username'])) ? rawurlencode($_SESSION['mailcow_cc_username']) : null; ?>",
         complete: function(data){
           data;
           setTimeout(function() {
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f4e8d039..92f4da2b 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -39,7 +39,7 @@ function hasDomainAccess($username, $role, $domain) {
 }
 function hasMailboxObjectAccess($username, $role, $object) {
 	global $pdo;
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
+	if (!filter_var(html_entity_decode(rawurldecode($username)), FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
 		return false;
 	}
 	if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
@@ -471,22 +471,18 @@ function user_get_alias_details($username) {
       ));
     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
     while ($row = array_shift($run)) {
-      $data['direct_aliases'] = $row['direct_aliases'];
+      $data['direct_aliases'][] = $row['direct_aliases'];
     }
-    $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ', '), '&#10008;') AS `ad_alias` FROM `mailbox`
+    $stmt = $pdo->prepare("SELECT GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ', ') AS `ad_alias` FROM `mailbox`
       LEFT OUTER JOIN `alias_domain` on `target_domain` = `domain`
         WHERE `username` = :username ;");
     $stmt->execute(array(':username' => $username));
     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
     while ($row = array_shift($run)) {
-      if (empty($data['direct_aliases'])) {
-        $data['direct_aliases'] = $row['ad_alias'];
-      }
-      else {
-        // Probably faster than imploding
-        $data['direct_aliases'] .= ', ' . $row['ad_alias'];
-      }
+      $data['direct_aliases'][] = $row['ad_alias'];
     }
+    $data['direct_aliases'] = implode(', ', array_filter($data['direct_aliases']));
+    $data['direct_aliases'] = empty($data['direct_aliases']) ? '&#10008;' : $data['direct_aliases'];
     $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`send_as` SEPARATOR ', '), '&#10008;') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :username AND `send_as` NOT LIKE '@%';");
     $stmt->execute(array(':username' => $username));
     $run = $stmt->fetchAll(PDO::FETCH_ASSOC);
diff --git a/data/web/inc/functions.policy.inc.php b/data/web/inc/functions.policy.inc.php
index 9609d5e1..63f178c1 100644
--- a/data/web/inc/functions.policy.inc.php
+++ b/data/web/inc/functions.policy.inc.php
@@ -94,7 +94,7 @@ function policy($_action, $_scope, $_data = null) {
           if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
             $_SESSION['return'] = array(
               'type' => 'danger',
-              'msg' => sprintf($lang['danger']['access_denied'])
+              'msg' => $object
             );
             return false;
           }
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 253692fc..0c516d39 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+  <!DOCTYPE html>
 <html lang="<?= $_SESSION['mailcow_locale'] ?>">
 <head>
 <meta charset="utf-8">
@@ -129,11 +129,11 @@
         }
         if (!isset($_SESSION['dual-login']) && isset($_SESSION['mailcow_cc_username'])):
         ?>
-          <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b><?= $_SESSION['mailcow_cc_username']; ?></b> <span class="glyphicon glyphicon-log-out"></span></a></li>
+          <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b><?= htmlspecialchars($_SESSION['mailcow_cc_username']); ?></b> <span class="glyphicon glyphicon-log-out"></span></a></li>
         <?php
         elseif (isset($_SESSION['dual-login'])):
         ?>
-          <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b><?= $_SESSION['mailcow_cc_username']; ?> <span class="text-info">(<?= $_SESSION['dual-login']['username']; ?>)</span> </b><span class="glyphicon glyphicon-log-out"></span></a></li>
+          <li class="logged-in-as"><a href="#" onclick="logout.submit()"><b><?= htmlspecialchars($_SESSION['mailcow_cc_username']); ?> <span class="text-info">(<?= htmlspecialchars($_SESSION['dual-login']['username']); ?>)</span> </b><span class="glyphicon glyphicon-log-out"></span></a></li>
         <?php
         endif;
         ?>
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index bce8a20f..daf1a9a7 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -43,11 +43,12 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
 	if (isset($_GET["duallogin"])) {
-    if (filter_var($_GET["duallogin"], FILTER_VALIDATE_EMAIL)) {
-      if (!empty(mailbox('get', 'mailbox_details', $_GET["duallogin"]))) {
+    $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
+    if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
+      if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
         $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
         $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
-        $_SESSION['mailcow_cc_username']    = $_GET["duallogin"];
+        $_SESSION['mailcow_cc_username']    = $duallogin;
         $_SESSION['mailcow_cc_role']        = "user";
         header("Location: /user.php");
       }
diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index 93418d92..ea7ce5f6 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -250,7 +250,6 @@ jQuery(function($){
           $.each(data, function (i, item) {
             item.quota = item.quota_used + "/" + item.quota;
             item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
-            item.username = escapeHtml(item.username);
             item.chkbox = '<input type="checkbox" data-id="mailbox" name="multi_select" value="' + encodeURIComponent(item.username) + '" />';
             if (role == "admin") {
             item.action = '<div class="btn-group">' +
@@ -268,7 +267,7 @@ jQuery(function($){
             item.in_use = '<div class="progress">' +
               '<div class="progress-bar progress-bar-' + item.percent_class + ' role="progressbar" aria-valuenow="' + item.percent_in_use + '" aria-valuemin="0" aria-valuemax="100" ' +
               'style="min-width:2em;width:' + item.percent_in_use + '%">' + item.percent_in_use + '%' + '</div></div>';
-
+            item.username = escapeHtml(item.username);
           });
         }
       }),
@@ -309,12 +308,12 @@ jQuery(function($){
         },
         success: function (data) {
           $.each(data, function (i, item) {
-            item.name = escapeHtml(item.name);
             item.action = '<div class="btn-group">' +
               '<a href="/edit.php?resource=' + encodeURIComponent(item.name) + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
               '<a href="#" id="delete_selected" data-id="single-resource" data-api-url="delete/resource" data-item="' + encodeURIComponent(item.name) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="resource" name="multi_select" value="' + encodeURIComponent(item.name) + '" />';
+            item.name = escapeHtml(item.name);
           });
         }
       }),
@@ -461,10 +460,12 @@ jQuery(function($){
               '</div>';
             item.chkbox = '<input type="checkbox" data-id="alias" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
             item.goto = escapeHtml(item.goto);
-            item.address = escapeHtml(item.address);
             if (item.is_catch_all == 1) {
               item.address = '<div class="label label-default">Catch-All</div> ' + escapeHtml(item.address);
             }
+            else {
+              item.address = escapeHtml(item.address);
+            }
             if (item.goto == "null@localhost") {
               item.goto = '⤷ <span style="font-size:12px" class="glyphicon glyphicon-trash" aria-hidden="true"></span>';
             }
@@ -568,7 +569,7 @@ jQuery(function($){
             } else {
               item.exclude  = '<code>' + item.exclude + '</code>';
             }
-            item.server_w_port = item.user1 + '@' + item.host1 + ':' + item.port1;
+            item.server_w_port = escapeHtml(item.user1) + '@' + item.host1 + ':' + item.port1;
             item.action = '<div class="btn-group">' +
               '<a href="/edit.php?syncjob=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
               '<a href="#" id="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
diff --git a/data/web/js/user.js b/data/web/js/user.js
index 3984e855..29825769 100644
--- a/data/web/js/user.js
+++ b/data/web/js/user.js
@@ -62,9 +62,10 @@ jQuery(function($){
           $.each(data, function (i, item) {
             if (acl_data.spam_alias === 1) {
               item.action = '<div class="btn-group">' +
-                '<a href="#" id="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURI(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+                '<a href="#" id="delete_selected" data-id="single-tla" data-api-url="delete/time_limited_alias" data-item="' + encodeURIComponent(item.address) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
                 '</div>';
-              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + item.address + '" />';
+              item.chkbox = '<input type="checkbox" data-id="tla" name="multi_select" value="' + encodeURIComponent(item.address) + '" />';
+              item.address = escapeHtml(item.address);
             }
             else {
               item.chkbox = '<input type="checkbox" disabled />';
@@ -102,24 +103,25 @@ jQuery(function($){
       "empty": lang.empty,
       "rows": $.ajax({
         dataType: 'json',
-        url: '/api/v1/get/syncjobs/' + mailcow_cc_username + '/no_log',
+        url: '/api/v1/get/syncjobs/' + encodeURIComponent(mailcow_cc_username) + '/no_log',
         jsonp: false,
         error: function () {
           console.log('Cannot draw sync job table');
         },
         success: function (data) {
           $.each(data, function (i, item) {
-            item.log = '<a href="#syncjobLogModal" data-toggle="modal" data-syncjob-id="' + encodeURI(item.id) + '">Open logs</a>'
+            item.user1 = escapeHtml(item.user1);
+            item.log = '<a href="#syncjobLogModal" data-toggle="modal" data-syncjob-id="' + item.id + '">Open logs</a>'
             if (!item.exclude > 0) {
               item.exclude = '-';
             } else {
-              item.exclude  = '<code>' + item.exclude + '</code>';
+              item.exclude  = '<code>' + escapeHtml(item.exclude) + '</code>';
             }
-            item.server_w_port = item.user1 + '@' + item.host1 + ':' + item.port1;
+            item.server_w_port = escapeHtml(item.user1 + '@' + item.host1 + ':' + item.port1);
             if (acl_data.syncjobs === 1) {
               item.action = '<div class="btn-group">' +
                 '<a href="/edit.php?syncjob=' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +
-                '<a href="#" id="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + encodeURI(item.id) + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
+                '<a href="#" id="delete_selected" data-id="single-syncjob" data-api-url="delete/syncjob" data-item="' + item.id + '" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> ' + lang.remove + '</a>' +
                 '</div>';
               item.chkbox = '<input type="checkbox" data-id="syncjob" name="multi_select" value="' + item.id + '" />';
             }
@@ -238,7 +240,7 @@ jQuery(function($){
     $('#user_sieve_filter').text(lang.loading);
     $.ajax({
       dataType: 'json',
-      url: '/api/v1/get/active-user-sieve/' + mailcow_cc_username,
+      url: '/api/v1/get/active-user-sieve/' + encodeURIComponent(mailcow_cc_username),
       jsonp: false,
       error: function () {
         console.log('Cannot get active sieve script');
diff --git a/data/web/user.php b/data/web/user.php
index 0fb0875f..6b807945 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -164,21 +164,21 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
 
       <button type="button" class="btn btn-sm btn-default <?=($get_tagging_options == "subfolder") ? 'active' : null; ?>"
         id="edit_selected"
-        data-item="<?= $username; ?>"
+        data-item="<?= htmlentities($username); ?>"
         data-id="delimiter_action"
         data-api-url='edit/delimiter_action'
         data-api-attr='{"tagged_mail_handler":"subfolder"}'><?=$lang['user']['tag_in_subfolder'];?></button>
 
       <button type="button" class="btn btn-sm btn-default <?=($get_tagging_options == "subject") ? 'active' : null; ?>"
         id="edit_selected"
-        data-item="<?= $username; ?>"
+        data-item="<?= htmlentities($username); ?>"
         data-id="delimiter_action"
         data-api-url='edit/delimiter_action'
         data-api-attr='{"tagged_mail_handler":"subject"}'><?=$lang['user']['tag_in_subject'];?></button>
 
       <button type="button" class="btn btn-sm btn-default <?=($get_tagging_options == "none") ? 'active' : null; ?>"
         id="edit_selected"
-        data-item="<?= $username; ?>"
+        data-item="<?= htmlentities($username); ?>"
         data-id="delimiter_action"
         data-api-url='edit/delimiter_action'
         data-api-attr='{"tagged_mail_handler":"none"}'><?=$lang['user']['tag_in_none'];?></button>
@@ -201,14 +201,14 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
 
       <button type="button" class="btn btn-sm btn-default <?=($get_tls_policy['tls_enforce_in'] == "1") ? "active" : null;?>"
         id="edit_selected"
-        data-item="<?= $username; ?>"
+        data-item="<?= htmlentities($username); ?>"
         data-id="tls_policy"
         data-api-url='edit/tls_policy'
         data-api-attr='{"tls_enforce_in":<?=($get_tls_policy['tls_enforce_in'] == "1") ? "0" : "1";?>}'><?=$lang['user']['tls_enforce_in'];?></button>
 
       <button type="button" class="btn btn-sm btn-default <?=($get_tls_policy['tls_enforce_out'] == "1") ? "active" : null;?>"
         id="edit_selected"
-        data-item="<?= $username; ?>"
+        data-item="<?= htmlentities($username); ?>"
         data-id="tls_policy"
         data-api-url='edit/tls_policy'
         data-api-attr='{"tls_enforce_out":<?=($get_tls_policy['tls_enforce_out'] == "1") ? "0" : "1";?>}'><?=$lang['user']['tls_enforce_out'];?></button>
@@ -225,7 +225,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
   <div class="row">
     <div class="col-md-3 col-xs-5 text-right"><?=$lang['user']['eas_reset'];?>:</div>
     <div class="col-md-9 col-xs-7">
-    <button class="btn btn-xs btn-default" id="delete_selected" data-text="<?=$lang['user']['eas_reset'];?>?" data-item="<?= $username; ?>" data-id="eas_cache" data-api-url='delete/eas_cache' href="#"><?=$lang['user']['eas_reset_now'];?></button>
+    <button class="btn btn-xs btn-default" id="delete_selected" data-text="<?=$lang['user']['eas_reset'];?>?" data-item="<?= htmlentities($username); ?>" data-id="eas_cache" data-api-url='delete/eas_cache' href="#"><?=$lang['user']['eas_reset_now'];?></button>
     <p class="help-block"><?=$lang['user']['eas_reset_help'];?></p>
     </div>
   </div>
@@ -315,7 +315,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
       <div class="form-group">
 				<div class="col-sm-10">
         <button type="button" class="btn btn-sm btn-success" id="edit_selected"
-          data-item="<?= $username; ?>"
+          data-item="<?= htmlentities($username); ?>"
           data-id="spam_score"
           data-api-url='edit/spam-score'
           data-api-attr='{}'><?=$lang['user']['save_changes'];?></button>
@@ -346,7 +346,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
           <div class="input-group">
             <input type="text" class="form-control" name="object_from" id="object_from" placeholder="*@example.org" required>
             <span class="input-group-btn">
-              <button class="btn btn-default" id="add_item" data-id="add_wl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"wl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
+              <button class="btn btn-default" id="add_item" data-id="add_wl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":<?= json_encode($username); ?>,"object_list":"wl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
             </span>
           </div>
         </form>
@@ -372,10 +372,10 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
         <form class="form-inline" data-id="add_bl_policy_mailbox">
           <div class="input-group">
             <input type="text" class="form-control" name="object_from" id="object_from" placeholder="*@example.org" required>
-            <input type="hidden" name="username" value="<?= $username ;?>">
+            <input type="hidden" name="username" value="<?= htmlentities($username) ;?>">
             <input type="hidden" name="object_list" value="bl">
             <span class="input-group-btn">
-              <button class="btn btn-default" id="add_item" data-id="add_bl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":"<?= $username; ?>","object_list":"bl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
+              <button class="btn btn-default" id="add_item" data-id="add_bl_policy_mailbox" data-api-url='add/mailbox-policy' data-api-attr='{"username":<?= json_encode($username); ?>,"object_list":"bl"}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['user']['spamfilter_table_add'];?></button>
             </span>
           </div>
         </form>

From c529de9c3611b6b93402edbca4ddff0e3b8176b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sun, 11 Feb 2018 13:28:40 +0100
Subject: [PATCH 057/107] [Web] Fixes to Sieve validation (fixes #1027)

---
 data/web/inc/lib/sieve/extensions/fileinto.xml | 1 +
 data/web/inc/lib/sieve/extensions/mailbox.xml  | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 data/web/inc/lib/sieve/extensions/mailbox.xml

diff --git a/data/web/inc/lib/sieve/extensions/fileinto.xml b/data/web/inc/lib/sieve/extensions/fileinto.xml
index 3b48a5c0..de3974c2 100644
--- a/data/web/inc/lib/sieve/extensions/fileinto.xml
+++ b/data/web/inc/lib/sieve/extensions/fileinto.xml
@@ -3,6 +3,7 @@
 <extension name="fileinto">
 
 	<command name="fileinto">
+    <parameter type="tag" name="create" regex="create" occurrence="optional" />
 		<parameter type="string" name="folder" />
 	</command>
 
diff --git a/data/web/inc/lib/sieve/extensions/mailbox.xml b/data/web/inc/lib/sieve/extensions/mailbox.xml
new file mode 100644
index 00000000..c21960f3
--- /dev/null
+++ b/data/web/inc/lib/sieve/extensions/mailbox.xml
@@ -0,0 +1,8 @@
+<?xml version='1.0' standalone='yes'?>
+
+<extension name="mailbox">
+
+	<test name="mailboxexists">
+    <parameter type="string" name="folder" />
+	</test>
+</extension>

From 5030ce7547e1aeb765f8c8cf7a4a22fe2f77cc03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sun, 11 Feb 2018 15:59:35 +0100
Subject: [PATCH 058/107] [Web] More and more fixes for #1017

---
 data/conf/rspamd/dynmaps/settings.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index 3ec8ddac..edd069d5 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -126,7 +126,7 @@ while ($row = array_shift($rows)) {
 <?php
   foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
   }
 	$stmt = $pdo->prepare("SELECT `option`, `value` FROM `filterconf` 
@@ -172,7 +172,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -182,7 +182,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -213,7 +213,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -223,7 +223,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -264,7 +264,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -274,7 +274,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -305,7 +305,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}
@@ -315,7 +315,7 @@ while ($row = array_shift($rows)) {
 <?php
 		foreach (ucl_rcpts($row['object'], strpos($row['object'], '@') === FALSE ? 'domain' : 'mailbox') as $rcpt) {
 ?>
-		rcpt = "<?=$rcpt;?>";
+		rcpt = <?=json_encode($rcpt);?>;
 <?php
 		}
 	}

From 7a69586d910a404859f73c95c9aa91d88fbcf0b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sun, 11 Feb 2018 15:59:58 +0100
Subject: [PATCH 059/107] [Web] Do not break init_db when switching branches

---
 data/web/inc/init_db.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 11b486cb..e11729fb 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -625,7 +625,11 @@ function init_db_schema() {
         $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
         $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
         if ($num_results != 0) {
-          $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+          $stmt = $pdo->query("SHOW TABLES LIKE 'quarantine'");
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results == 0) {
+            $pdo->query("RENAME TABLE `quarantaine` TO `quarantine`");
+          }
         }
       }
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");

From 74c804b9a39423873bf9e7ccf7830f384b66dca2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 12 Feb 2018 21:32:49 +0100
Subject: [PATCH 060/107] [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in
 proxy_pass, fixes #1006

---
 .gitignore                                    |  3 +-
 data/conf/nginx/site.conf                     |  8 ++--
 data/conf/nginx/templates/sogo.template       |  1 +
 data/conf/nginx/templates/sogo_eas.template   |  1 +
 data/conf/nginx/templates/sogo_proxy.template |  0
 docker-compose.yml                            | 38 ++++++++++---------
 6 files changed, 28 insertions(+), 23 deletions(-)
 create mode 100644 data/conf/nginx/templates/sogo.template
 create mode 100644 data/conf/nginx/templates/sogo_eas.template
 create mode 100644 data/conf/nginx/templates/sogo_proxy.template

diff --git a/.gitignore b/.gitignore
index 798d9603..e535c710 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,8 +3,7 @@ data/conf/sogo/sieve.creds
 data/conf/dovecot/dovecot-master.passwd
 mailcow.conf
 mailcow.conf_backup
-data/conf/nginx/listen*active
-data/conf/nginx/server_name.active
+data/conf/nginx/*.active
 data/conf/postfix/sql
 data/conf/dovecot/sql
 data/conf/nextcloud-*.bak
diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index b84d3205..e617f77f 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -101,7 +101,7 @@ server {
   }
 
   location ^~ /Microsoft-Server-ActiveSync {
-    proxy_pass http://sogo:20000/SOGo/Microsoft-Server-ActiveSync;
+    include /etc/nginx/conf.d/sogo_eas.active;
     proxy_connect_timeout 1000;
     proxy_next_upstream timeout error;
     proxy_send_timeout 1000;
@@ -123,7 +123,7 @@ server {
   }
 
   location ^~ /SOGo {
-    proxy_pass http://sogo:20000;
+    include /etc/nginx/conf.d/sogo.active;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;
@@ -283,7 +283,7 @@ server {
   }
 
   location ^~ /Microsoft-Server-ActiveSync {
-    proxy_pass http://sogo:20000/SOGo/Microsoft-Server-ActiveSync;
+    include /etc/nginx/conf.d/templates/sogo_proxy.template;
     proxy_connect_timeout 1000;
     proxy_next_upstream timeout error;
     proxy_send_timeout 1000;
@@ -305,7 +305,7 @@ server {
   }
 
   location ^~ /SOGo {
-    proxy_pass http://sogo:20000;
+    include /etc/nginx/conf.d/sogo.active;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;
diff --git a/data/conf/nginx/templates/sogo.template b/data/conf/nginx/templates/sogo.template
new file mode 100644
index 00000000..2c084389
--- /dev/null
+++ b/data/conf/nginx/templates/sogo.template
@@ -0,0 +1 @@
+proxy_pass http://${IPV4_NETWORK}.248:20000;
diff --git a/data/conf/nginx/templates/sogo_eas.template b/data/conf/nginx/templates/sogo_eas.template
new file mode 100644
index 00000000..3cea9f98
--- /dev/null
+++ b/data/conf/nginx/templates/sogo_eas.template
@@ -0,0 +1 @@
+proxy_pass http://${IPV4_NETWORK}.248:20000/SOGo/Microsoft-Server-ActiveSync;
diff --git a/data/conf/nginx/templates/sogo_proxy.template b/data/conf/nginx/templates/sogo_proxy.template
new file mode 100644
index 00000000..e69de29b
diff --git a/docker-compose.yml b/docker-compose.yml
index df77ba9c..8bdde1a7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
-          ipv4_address: ${IPV4_NETWORK}.254
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
           aliases:
             - unbound
 
@@ -31,7 +31,7 @@ services:
         - MYSQL_PASSWORD=${DBPASS}
       restart: always
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       ports:
         - "${SQL_PORT:-127.0.0.1:13306}:3306"
       sysctls:
@@ -49,12 +49,12 @@ services:
       environment:
         - TZ=${TZ}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
         mailcow-network:
-          ipv4_address: ${IPV4_NETWORK}.249
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
           aliases:
             - redis
 
@@ -68,7 +68,7 @@ services:
       volumes:
         - ./data/conf/clamav/:/etc/clamav/
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       networks:
@@ -94,7 +94,7 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       hostname: rspamd
       networks:
         mailcow-network:
@@ -135,7 +135,7 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       networks:
         mailcow-network:
           aliases:
@@ -157,9 +157,10 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       networks:
         mailcow-network:
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
           aliases:
             - sogo
 
@@ -195,7 +196,7 @@ services:
           soft: 20000
           hard: 40000
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
@@ -226,7 +227,7 @@ services:
         - "${SUBMISSION_PORT:-587}:587"
       restart: always
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       hostname: ${MAILCOW_HOSTNAME}
@@ -241,7 +242,7 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       networks:
         mailcow-network:
           aliases:
@@ -256,6 +257,8 @@ services:
       command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
         envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
         envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
+        envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
+        envsubst < /etc/nginx/conf.d/templates/sogo_eas.template > /etc/nginx/conf.d/sogo_eas.active &&
         nginx -qt &&
         until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
         until ping sogo -c1 > /dev/null; do sleep 1; done &&
@@ -265,6 +268,7 @@ services:
         - HTTPS_PORT=${HTTPS_PORT:-443}
         - HTTP_PORT=${HTTP_PORT:-80}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
+        - IPV4_NETWORK=
       volumes:
         - ./data/web:/web:ro
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro
@@ -278,7 +282,7 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       networks:
         mailcow-network:
           aliases:
@@ -293,7 +297,7 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       environment:
         - LOG_LINES=${LOG_LINES}
         - ADDITIONAL_SAN=${ADDITIONAL_SAN}
@@ -327,13 +331,13 @@ services:
       privileged: true
       environment:
         - TZ=${TZ}
-        - IPV4_NETWORK=${IPV4_NETWORK}
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
         - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
       network_mode: "host"
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       dns:
-        - ${IPV4_NETWORK}.254
+        - ${IPV4_NETWORK:-172.22.1}.254
       volumes:
         - /lib/modules:/lib/modules:ro
 
@@ -395,8 +399,8 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: ${IPV4_NETWORK}.0/24
-        - subnet: ${IPV6_NETWORK}
+        - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
+        - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
 
 volumes:
   vmail-vol-1:

From a3d9f5a984f8f148c77a3ed628996354f3655080 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 12 Feb 2018 21:36:55 +0100
Subject: [PATCH 061/107] [Compose] Add missing var

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8bdde1a7..6252727d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -268,7 +268,7 @@ services:
         - HTTPS_PORT=${HTTPS_PORT:-443}
         - HTTP_PORT=${HTTP_PORT:-80}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
-        - IPV4_NETWORK=
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
       volumes:
         - ./data/web:/web:ro
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro

From 63f7e5930d34273ccf6ab63bc4d3d3002ba665c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 13 Feb 2018 09:07:44 +0100
Subject: [PATCH 062/107] [Nginx] Fix EAS

---
 data/conf/nginx/site.conf                     | 2 +-
 data/conf/nginx/templates/sogo_proxy.template | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 data/conf/nginx/templates/sogo_proxy.template

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index e617f77f..bb2ea266 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -283,7 +283,7 @@ server {
   }
 
   location ^~ /Microsoft-Server-ActiveSync {
-    include /etc/nginx/conf.d/templates/sogo_proxy.template;
+    include /etc/nginx/conf.d/templates/sogo_eas.template;
     proxy_connect_timeout 1000;
     proxy_next_upstream timeout error;
     proxy_send_timeout 1000;
diff --git a/data/conf/nginx/templates/sogo_proxy.template b/data/conf/nginx/templates/sogo_proxy.template
deleted file mode 100644
index e69de29b..00000000

From 943598f7051a7a3b0da487132ad368c50ef21c5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 13 Feb 2018 09:12:54 +0100
Subject: [PATCH 063/107] [Nginx] Fix EAS...

---
 data/conf/nginx/site.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index bb2ea266..1210d18e 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -283,7 +283,7 @@ server {
   }
 
   location ^~ /Microsoft-Server-ActiveSync {
-    include /etc/nginx/conf.d/templates/sogo_eas.template;
+    include /etc/nginx/conf.d/sogo_eas.active;
     proxy_connect_timeout 1000;
     proxy_next_upstream timeout error;
     proxy_send_timeout 1000;

From a0cdc1e4ff0ab1f891327000a23a58a50f270c00 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Tue, 13 Feb 2018 23:45:49 +0100
Subject: [PATCH 064/107] Remove "empty" folders

There seems to be no reason for this empty folders.
---
 data/Dockerfiles/memcached/.empty | 0
 data/Dockerfiles/mysql/.empty     | 0
 data/Dockerfiles/nginx/.empty     | 0
 data/Dockerfiles/redis/.empty     | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 data/Dockerfiles/memcached/.empty
 delete mode 100644 data/Dockerfiles/mysql/.empty
 delete mode 100644 data/Dockerfiles/nginx/.empty
 delete mode 100644 data/Dockerfiles/redis/.empty

diff --git a/data/Dockerfiles/memcached/.empty b/data/Dockerfiles/memcached/.empty
deleted file mode 100644
index e69de29b..00000000
diff --git a/data/Dockerfiles/mysql/.empty b/data/Dockerfiles/mysql/.empty
deleted file mode 100644
index e69de29b..00000000
diff --git a/data/Dockerfiles/nginx/.empty b/data/Dockerfiles/nginx/.empty
deleted file mode 100644
index e69de29b..00000000
diff --git a/data/Dockerfiles/redis/.empty b/data/Dockerfiles/redis/.empty
deleted file mode 100644
index e69de29b..00000000

From e186e350ef4272444710307436ff7137a50d991c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Wed, 14 Feb 2018 09:09:17 +0100
Subject: [PATCH 065/107] [Nginx] Fixes #1033

---
 data/conf/nginx/site.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index bb327a65..52ddf303 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -179,7 +179,7 @@ server {
     allow all;
   }
 
-  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
+  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
     proxy_pass http://sogo:9192/$1.SOGo/Resources/$2;
     proxy_set_header Host $http_host;
     proxy_cache sogo;
@@ -364,7 +364,7 @@ server {
     allow all;
   }
 
-  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
+  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
     proxy_pass http://sogo:9192/$1.SOGo/Resources/$2;
     proxy_set_header Host $http_host;
     proxy_cache sogo;

From 0bfd0838c27bb1dc2ac532485b4cadb48647b2bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Wed, 14 Feb 2018 11:26:55 +0100
Subject: [PATCH 066/107] [SOGo] Increase workers again

---
 data/conf/sogo/sogo.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 0acb8a80..195c3dfd 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -5,7 +5,7 @@
         PrivateDAndTViewer
     );
 
-    WOWorkersCount = "7";
+    WOWorkersCount = "14";
     SOGoACLsSendEMailNotifications = YES;
     SOGoAppointmentSendEMailNotifications = YES;
     SOGoDraftsFolderName = "Drafts";

From 1e40472017ce7a9158c6d2a9836bf82dfff1604d Mon Sep 17 00:00:00 2001
From: eXtremeSHOK <extremeshok@users.noreply.github.com>
Date: Wed, 14 Feb 2018 14:38:06 +0200
Subject: [PATCH 067/107] Enable maildir compression

Currently the plugin is loaded, but actual compression is not enabled.

https://wiki.dovecot.org/Plugins/Zlib
---
 data/conf/dovecot/dovecot.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index d35f0186..b3e45171 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -280,7 +280,11 @@ plugin {
   #mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
   #mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
   #mail_crypt_save_version = 2
+  # Enable compression while saving, lz4 Dovecot v2.2.11+
+  zlib_save_level = 9
+  zlib_save = lz4
 }
+
 dict {
   sqlquota = mysql:/usr/local/etc/dovecot/sql/dovecot-dict-sql-quota.conf
   sieve_after = mysql:/usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf

From 51b57320c266c51815a0f8ec9fc3b35fb6dcf72b Mon Sep 17 00:00:00 2001
From: eXtremeSHOK <extremeshok@users.noreply.github.com>
Date: Wed, 14 Feb 2018 17:08:03 +0200
Subject: [PATCH 068/107] Support for alpine linux

detects if cp and grep are the non BusyBox versions
---
 generate_config.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/generate_config.sh b/generate_config.sh
index 5b2d23f4..b49a6a21 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,5 +1,14 @@
 #!/bin/bash
 
+if grep --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
+  echo "BusybBox grep detected, please install gnu grep, \"apk add --upgrade grep\""
+  exit 1
+fi
+if cp --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
+  echo "BusybBox cp detected, please install coreutils, \"apk add --upgrade coreutils\""
+  exit 1
+fi
+
 if [[ -f mailcow.conf ]]; then
   read -r -p "A config file exists and will be overwritten, are you sure you want to contine? [y/N] " response
   case $response in

From 63002cbb74373140afd705996c9b2a46d2ac3cb1 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Thu, 15 Feb 2018 20:22:02 +0100
Subject: [PATCH 069/107] [Nginx] Reduce config duplication

It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
---
 data/conf/nginx/site.conf                     | 179 +-----------------
 data/conf/nginx/templates/listen_ssl.template |   4 +-
 2 files changed, 4 insertions(+), 179 deletions(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 52ddf303..83f913f6 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -21,182 +21,6 @@ server {
   charset utf-8;
   override_charset on;
 
-  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
-  add_header X-Content-Type-Options nosniff;
-  add_header X-XSS-Protection "1; mode=block";
-  add_header X-Robots-Tag none;
-  add_header X-Download-Options noopen;
-  add_header X-Frame-Options "SAMEORIGIN";
-  add_header X-Permitted-Cross-Domain-Policies none;
-
-  index index.php index.html;
-
-  include /etc/nginx/conf.d/listen_plain.active;
-  include /etc/nginx/conf.d/server_name.active;
-
-  error_log  /var/log/nginx/error.log;
-  access_log /var/log/nginx/access.log;
-  absolute_redirect off;
-  root /web;
-
-  location ~ ^/api/v1/(.*)$ {
-    try_files $uri $uri/ /json_api.php?query=$1;
-  }
-
-  location ^~ /.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-  }
-
-  # If behind reverse proxy, forwards the correct IP
-  set_real_ip_from 10.0.0.0/8;
-  set_real_ip_from 172.16.0.0/12;
-  set_real_ip_from 192.168.0.0/16;
-  set_real_ip_from fc00::/7;
-  real_ip_header X-Forwarded-For;
-  real_ip_recursive on;
-
-  rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
-  rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
-
-  location ^~ /principals {
-        return 301 /SOGo/dav;
-  }
-
-  location ~ \.php$ {
-    try_files $uri =404;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    fastcgi_index index.php;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_param PHP_VALUE "max_execution_time = 1200
-                             max_input_time = 1200
-                             memory_limit = 64M";
-    fastcgi_read_timeout 1200;
-  }
-
-  location /rspamd/ {
-    proxy_pass       http://rspamd:11334/;
-    proxy_set_header Host      $http_host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_redirect off;
-    expires $expires;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover.php =404;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.json {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover-json.php =404;
-  }
-
-  location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autoconfig.php =404;
-  }
-
-  location ^~ /Microsoft-Server-ActiveSync {
-    include /etc/nginx/conf.d/sogo_eas.active;
-    proxy_connect_timeout 1000;
-    proxy_next_upstream timeout error;
-    proxy_send_timeout 1000;
-    proxy_read_timeout 1000;
-    proxy_buffer_size 8k;
-    proxy_buffers 4 32k;
-    proxy_temp_file_write_size 64k;
-    proxy_busy_buffers_size 64k;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-    proxy_set_header x-webobjects-remote-host $remote_addr;
-    proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-    proxy_set_header x-webobjects-server-port $server_port;
-    client_body_buffer_size 128k;
-    client_max_body_size 0;
-  }
-
-  location ^~ /SOGo {
-    include /etc/nginx/conf.d/sogo.active;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-    proxy_set_header x-webobjects-remote-host $remote_addr;
-    proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-    proxy_set_header x-webobjects-server-port $server_port;
-    client_body_buffer_size 128k;
-    client_max_body_size 0;
-    break;
-  }
-
-  location /SOGo.woa/WebServerResources/ {
-    proxy_pass http://sogo:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    expires $expires;
-    allow all;
-  }
-
-  location /.woa/WebServerResources/ {
-    proxy_pass http://sogo:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    expires $expires;
-    allow all;
-  }
-
-  location /SOGo/WebServerResources/ {
-    proxy_pass http://sogo:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    allow all;
-  }
-
-  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
-    proxy_pass http://sogo:9192/$1.SOGo/Resources/$2;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
-  }
-
-  include /etc/nginx/conf.d/site.*.custom;
-}
-
-server {
-  include /etc/nginx/mime.types;
-  charset utf-8;
-  override_charset on;
-
-  ssl on;
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2;
@@ -216,6 +40,7 @@ server {
 
   index index.php index.html;
 
+  include /etc/nginx/conf.d/listen_plain.active;
   include /etc/nginx/conf.d/listen_ssl.active;
   include /etc/nginx/conf.d/server_name.active;
 
@@ -245,7 +70,7 @@ server {
   rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
 
   location ^~ /principals {
-	return 301 /SOGo/dav;
+    return 301 /SOGo/dav;
   }
 
   location ~ \.php$ {
diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template
index bbd51db0..93ec80c6 100644
--- a/data/conf/nginx/templates/listen_ssl.template
+++ b/data/conf/nginx/templates/listen_ssl.template
@@ -1,2 +1,2 @@
-listen ${HTTPS_PORT} http2;
-listen [::]:${HTTPS_PORT} http2;
+listen ${HTTPS_PORT} ssl http2;
+listen [::]:${HTTPS_PORT} ssl http2;

From 03031516e98916e93575c2f3dd359fccd98e6922 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 16 Feb 2018 22:39:33 +0100
Subject: [PATCH 070/107] [Web] Fixes #1055 and changes location.reload to
 window = xy in footer script

---
 data/web/inc/ajax/destroy_tfa_auth.php |  6 ++++++
 data/web/inc/footer.inc.php            | 13 ++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 data/web/inc/ajax/destroy_tfa_auth.php

diff --git a/data/web/inc/ajax/destroy_tfa_auth.php b/data/web/inc/ajax/destroy_tfa_auth.php
new file mode 100644
index 00000000..72c7f1e3
--- /dev/null
+++ b/data/web/inc/ajax/destroy_tfa_auth.php
@@ -0,0 +1,6 @@
+<?php
+session_start();
+unset($_SESSION['pending_mailcow_cc_username']);
+unset($_SESSION['pending_mailcow_cc_role']);
+unset($_SESSION['pending_tfa_method']);
+?>
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 3c92c28e..a4974604 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -79,6 +79,17 @@ $(document).ready(function() {
         });
       }
   });
+  $('#ConfirmTFAModal').on('hidden.bs.modal', function(){
+      $.ajax({
+        type: "GET",
+        cache: false,
+        dataType: 'script',
+        url: '/inc/ajax/destroy_tfa_auth.php',
+        complete: function(data){
+          window.location = window.location.href.split("#")[0];
+        }
+      });
+  });
   <?php endif; ?>
 
   // Set TFA modals
@@ -205,7 +216,7 @@ $(document).ready(function() {
           $('#triggerRestartContainer').html('<span class="glyphicon glyphicon-ok"></span> ');
           $('#statusTriggerRestartContainer2').append(data);
           $('#triggerRestartContainer').html('<span class="glyphicon glyphicon-ok"></span> ');
-          location.reload();
+          window.location = window.location.href.split("#")[0];
         }
       });
     });

From 2865c892a684fe1d614cf709173ed5ddb0be6ce0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 16 Feb 2018 22:40:51 +0100
Subject: [PATCH 071/107] [Multi] Fixes #1058 by including a 'force password
 update' option and also introduces a attributes json object to be used for
 further mailbox configurations in the future

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh |  2 +-
 data/Dockerfiles/sogo/bootstrap-sogo.sh       |  3 +--
 data/web/edit.php                             |  8 ++++++++
 data/web/inc/functions.inc.php                |  2 +-
 data/web/inc/functions.mailbox.inc.php        | 20 ++++++-------------
 data/web/inc/init_db.inc.php                  |  4 ++--
 data/web/lang/lang.de.php                     |  3 +++
 data/web/lang/lang.en.php                     |  3 +++
 data/web/user.php                             |  3 +++
 docker-compose.yml                            |  4 ++--
 10 files changed, 30 insertions(+), 22 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 9f8f5313..469edacc 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -82,7 +82,7 @@ cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
 driver = mysql
 connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
 default_pass_scheme = SSHA256
-password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
+password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, "$.force_pw_update") != 1
 user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
 iterate_query = SELECT username FROM mailbox WHERE active='1';
 EOF
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index c360e30e..07365981 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -19,14 +19,13 @@ mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS so
 
 mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, home, kind, multiple_bookings) AS
-SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
+SELECT mailbox.username, mailbox.domain, mailbox.username, if(json_extract(attributes, '$.force_pw_update') = '0', password, 'invalid'), mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
 LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
 LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
 WHERE mailbox.active = '1'
 GROUP BY mailbox.username;
 EOF
 
-
 mkdir -p /var/lib/sogo/GNUstep/Defaults/
 
 # Generate plist header with timezone data
diff --git a/data/web/edit.php b/data/web/edit.php
index 8374dc76..8a12c665 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -390,6 +390,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
         <form class="form-horizontal" data-id="editmailbox" role="form" method="post">
           <input type="hidden" value="0" name="sender_acl">
           <input type="hidden" value="0" name="active">
+          <input type="hidden" value="0" name="force_pw_update">
           <div class="form-group">
             <label class="control-label col-sm-2" for="name"><?=$lang['edit']['full_name'];?>:</label>
             <div class="col-sm-10">
@@ -476,6 +477,13 @@ if (isset($_SESSION['mailcow_cc_role'])) {
               </div>
             </div>
           </div>
+          <div class="form-group">
+            <div class="col-sm-offset-2 col-sm-10">
+              <div class="checkbox">
+              <label><input type="checkbox" value="1" name="force_pw_update" <?=($result['attributes']['force_pw_update']=="1") ? "checked" : null;?>> <?=$lang['edit']['force_pw_update'];?></label>
+              </div>
+            </div>
+          </div>
           <div class="form-group">
             <div class="col-sm-offset-2 col-sm-10">
               <button class="btn btn-success" id="edit_selected" data-id="editmailbox" data-item="<?=htmlspecialchars($result['username']);?>" data-api-url='edit/mailbox' data-api-attr='{}' href="#"><?=$lang['edit']['save'];?></button>
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f7f08403..25d88d78 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -414,7 +414,7 @@ function edit_user_account($postarray) {
 			}
 			$password_hashed = hash_password($password_new);
 			try {
-				$stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed WHERE `username` = :username");
+				$stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed, `attributes` = JSON_SET(`attributes`, '$.force_pw_update', '0') WHERE `username` = :username");
 				$stmt->execute(array(
 					':password_hashed' => $password_hashed,
 					':username' => $username
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 5bd9ac58..89e02166 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1954,6 +1954,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $is_now = mailbox('get', 'mailbox_details', $username);
             if (!empty($is_now)) {
               $active     = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
+              (int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
               $name       = (!empty($_data['name'])) ? $_data['name'] : $is_now['name'];
               $domain     = $is_now['domain'];
               $quota_m    = (!empty($_data['quota'])) ? $_data['quota'] : ($is_now['quota'] / 1048576);
@@ -2113,24 +2114,11 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               }
               $password_hashed = hash_password($password);
               try {
-                $stmt = $pdo->prepare("UPDATE `alias` SET
-                    `active` = :active
-                      WHERE `address` = :address");
-                $stmt->execute(array(
-                  ':address' => $username,
-                  ':active' => $active
-                ));
                 $stmt = $pdo->prepare("UPDATE `mailbox` SET
-                    `active` = :active,
                     `password` = :password_hashed,
-                    `name`= :name,
-                    `quota` = :quota_b
                       WHERE `username` = :username");
                 $stmt->execute(array(
                   ':password_hashed' => $password_hashed,
-                  ':active' => $active,
-                  ':name' => $name,
-                  ':quota_b' => $quota_b,
                   ':username' => $username
                 ));
               }
@@ -2153,12 +2141,14 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               $stmt = $pdo->prepare("UPDATE `mailbox` SET
                   `active` = :active,
                   `name`= :name,
-                  `quota` = :quota_b
+                  `quota` = :quota_b,
+                  `attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update)
                     WHERE `username` = :username");
               $stmt->execute(array(
                 ':active' => $active,
                 ':name' => $name,
                 ':quota_b' => $quota_b,
+                ':force_pw_update' => $force_pw_update,
                 ':username' => $username
               ));
             }
@@ -3070,6 +3060,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
                 `mailbox`.`domain`,
                 `mailbox`.`quota`,
                 `quota2`.`bytes`,
+                `attributes`,
                 `quota2`.`messages`
                   FROM `mailbox`, `quota2`, `domain`
                     WHERE `mailbox`.`kind` NOT REGEXP 'location|thing|group' AND `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox");
@@ -3097,6 +3088,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $mailboxdata['active_int'] = $row['active_int'];
             $mailboxdata['domain'] = $row['domain'];
             $mailboxdata['quota'] = $row['quota'];
+            $mailboxdata['attributes'] = json_decode($row['attributes'], true);
             $mailboxdata['quota_used'] = intval($row['bytes']);
             $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100);
             $mailboxdata['messages'] = $row['messages'];
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 24729c83..58091721 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "08022018_1219";
+    $db_version = "16022018_1419";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -191,9 +191,9 @@ function init_db_schema() {
           "domain" => "VARCHAR(255) NOT NULL",
           "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "attributes" => "JSON DEFAULT '{}'",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "wants_tagged_subject" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
           "modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
           "active" => "TINYINT(1) NOT NULL DEFAULT '1'"
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index a874eea1..8f4733b9 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -100,6 +100,7 @@ $lang['warning']['spam_alias_temp_error'] = 'Kann zur Zeit keinen Spam-Alias ers
 $lang['danger']['spam_alias_max_exceeded'] = 'Maximale Anzahl an Spam-Alias-Adressen erreicht';
 $lang['danger']['validity_missing'] = 'Bitte geben Sie eine Gültigkeitsdauer an';
 $lang['user']['loading'] = "Lade...";
+$lang['user']['force_pw_update'] = 'Das Passwort für diesen Benutzer <b>muss</b> geändert werden, damit die Zugriffssperre auf die Groupwarekomponenten wieder freigeschaltet wird.';
 $lang['user']['active_sieve'] = "Aktiver Filter";
 $lang['user']['show_sieve_filters'] = "Zeige aktiven Filter des Benutzers";
 $lang['user']['no_active_filter'] = "Kein aktiver Filter vorhanden";
@@ -320,6 +321,8 @@ $lang['edit']['max_mailboxes'] = 'Max. Mailboxanzahl:';
 $lang['edit']['title'] = 'Objekt bearbeiten';
 $lang['edit']['target_address'] = 'Ziel-Adresse(n) <small>(getrennt durch Komma)</small>:';
 $lang['edit']['active'] = 'Aktiv';
+$lang['edit']['force_pw_update'] = 'Erzwinge Passwortänderung bei nächstem Login';
+$lang['edit']['force_pw_update_info'] = 'Dem Benutzer wird lediglich der Zugang zur mailcow UI ermöglicht.';
 $lang['edit']['target_domain'] = 'Ziel-Domain:';
 $lang['edit']['password'] = 'Passwort:';
 $lang['edit']['ratelimit'] = 'Limit ausgehender Nachrichten/Stunde:';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 3fc99872..474ad773 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -100,6 +100,7 @@ $lang['warning']['spam_alias_temp_error'] = "Temporary error: Cannot add spam al
 $lang['danger']['spam_alias_max_exceeded'] = "Max. allowed spam alias addresses exceeded";
 $lang['danger']['validity_missing'] = 'Please assign a period of validity';
 $lang['user']['loading'] = "Loading...";
+$lang['user']['force_pw_update'] = 'You <b>must</b> set a new password to be able to access groupware related services.';
 $lang['user']['active_sieve'] = "Active filter";
 $lang['user']['show_sieve_filters'] = "Show active user sieve filter";
 $lang['user']['no_active_filter'] = "No active filter available";
@@ -321,6 +322,8 @@ $lang['edit']['max_mailboxes'] = 'Max. possible mailboxes';
 $lang['edit']['title'] = 'Edit object';
 $lang['edit']['target_address'] = 'Goto address/es <small>(comma-separated)</small>';
 $lang['edit']['active'] = 'Active';
+$lang['edit']['force_pw_update'] = 'Force password update at next login';
+$lang['edit']['force_pw_update_info'] = 'This user will only be able to login to mailcow UI.';
 $lang['edit']['target_domain'] = 'Target domain';
 $lang['edit']['password'] = 'Password';
 $lang['edit']['ratelimit'] = 'Outgoing rate limit/h';
diff --git a/data/web/user.php b/data/web/user.php
index 0fb0875f..6c9069e5 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -89,6 +89,9 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
 <div class="panel-body">
   <div class="row">
     <div class="col-sm-offset-3 col-sm-9">
+      <?php if ($mailboxdata['attributes']['force_pw_update'] == "1"): ?>
+      <div class="alert alert-danger"><?=$lang['user']['force_pw_update'];?></div>
+      <?php endif; ?>
       <p><a href="#pwChangeModal" data-toggle="modal">[<?=$lang['user']['change_password'];?>]</a></p>
       <p><a target="_blank" href="https://mailcow.github.io/mailcow-dockerized-docs/client/#<?=$clientconfigstr;?>">[<?=$lang['user']['client_configuration'];?>]</a></p>
     </div>
diff --git a/docker-compose.yml b/docker-compose.yml
index 9439a345..e4d29209 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -128,7 +128,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.16
+      image: mailcow/sogo:1.17
       build: ./data/Dockerfiles/sogo
       environment:
         - DBNAME=${DBNAME}
@@ -149,7 +149,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.20
+      image: mailcow/dovecot:1.22
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE

From 2a3040de12e3b333c3d22b1684426e9ea5299168 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Fri, 16 Feb 2018 22:42:28 +0100
Subject: [PATCH 072/107] [Web] Add missing info block to force pw update
 function in edit

---
 data/web/edit.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/edit.php b/data/web/edit.php
index 8a12c665..912570cd 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -481,6 +481,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             <div class="col-sm-offset-2 col-sm-10">
               <div class="checkbox">
               <label><input type="checkbox" value="1" name="force_pw_update" <?=($result['attributes']['force_pw_update']=="1") ? "checked" : null;?>> <?=$lang['edit']['force_pw_update'];?></label>
+              <small class="help-block"><?=$lang['edit']['force_pw_update_info'];?></small>
               </div>
             </div>
           </div>

From 280431f98d2531cb086262ca5a39d3b2de69b987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 08:51:09 +0100
Subject: [PATCH 073/107] Fix conflict

---
 docker-compose.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index e2612adc..1016cfde 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -165,11 +165,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-<<<<<<< HEAD
-      image: mailcow/dovecot:1.21
-=======
       image: mailcow/dovecot:1.22
->>>>>>> master
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE

From 31a9bb446c6fd2e4a5834a6c9f7df4eb5a082f3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 08:51:41 +0100
Subject: [PATCH 074/107] [Netfilter] Fixes a f2boptions not defined error

---
 data/Dockerfiles/netfilter/server.py | 41 ++++++++++++++--------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/data/Dockerfiles/netfilter/server.py b/data/Dockerfiles/netfilter/server.py
index 3b03eb1b..5bb66547 100644
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -25,21 +25,22 @@ RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have work
 RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
 
 if not r.get('F2B_OPTIONS'):
-  f2options = {}
-  f2options['ban_time'] = int
-  f2options['max_attempts'] = int
-  f2options['retry_window'] = int
-  f2options['netban_ipv4'] = int
-  f2options['netban_ipv6'] = int
-  f2options['ban_time'] = r.get('F2B_BAN_TIME') or 1800
-  f2options['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
-  f2options['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
-  f2options['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 24
-  f2options['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 64
-  r.set('F2B_OPTIONS', json.dumps(f2options, ensure_ascii=False))
+  f2boptions = {}
+  f2boptions['ban_time'] = int
+  f2boptions['max_attempts'] = int
+  f2boptions['retry_window'] = int
+  f2boptions['netban_ipv4'] = int
+  f2boptions['netban_ipv6'] = int
+  f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
+  f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
+  f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
+  f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 24
+  f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 64
+  r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
 else:
   try:
-    f2options = json.loads(r.get('F2B_OPTIONS'))
+    f2boptions = {}
+    f2boptions = json.loads(r.get('F2B_OPTIONS'))
   except ValueError, e:
     print 'Error loading F2B options: F2B_OPTIONS is not json'
     raise SystemExit(1)
@@ -52,11 +53,11 @@ log = {}
 quit_now = False
 
 def ban(address):
-  BAN_TIME = int(f2options['ban_time'])
-  MAX_ATTEMPTS = int(f2options['max_attempts'])
-  RETRY_WINDOW = int(f2options['retry_window'])
-  NETBAN_IPV4 = '/' + str(f2options['netban_ipv4'])
-  NETBAN_IPV6 = '/' + str(f2options['netban_ipv6'])
+  BAN_TIME = int(f2boptions['ban_time'])
+  MAX_ATTEMPTS = int(f2boptions['max_attempts'])
+  RETRY_WINDOW = int(f2boptions['retry_window'])
+  NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
+  NETBAN_IPV6 = '/' + str(f2boptions['netban_ipv6'])
   WHITELIST = r.hgetall('F2B_WHITELIST')
 
   ip = ipaddress.ip_address(address.decode('ascii'))
@@ -225,8 +226,8 @@ def snat(snat_target):
 
 def autopurge():
   while not quit_now:
-    BAN_TIME = f2options['ban_time']
-    MAX_ATTEMPTS = f2options['max_attempts']
+    BAN_TIME = f2boptions['ban_time']
+    MAX_ATTEMPTS = f2boptions['max_attempts']
     QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
     if QUEUE_UNBAN:
       for net in QUEUE_UNBAN:

From b81930e416a41c3e4a4ee68d9645baadda574c35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 09:50:39 +0100
Subject: [PATCH 075/107] [Web] Database schema test

---
 data/web/inc/init_db.inc.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index ef07d51f..33855380 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "16022018_1419";
+    $db_version = "17022018_0839";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -21,6 +21,10 @@ function init_db_schema() {
       AND active = '1'
       AND address NOT LIKE '@%'
       GROUP BY goto;",
+    "grouped_sender_acl" => "CREATE VIEW grouped_sender_acl (username, send_as_acl) AS
+      SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as_acl FROM sender_acl
+      WHERE send_as NOT LIKE '@%'
+      GROUP BY logged_in_as;",
     "grouped_domain_alias_address" => "CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
       SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
       LEFT OUTER JOIN alias_domain ON target_domain=domain
@@ -154,7 +158,7 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "quarantine" => array(
+      "quarantaine" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
           "qid" => "VARCHAR(30) NOT NULL",
@@ -245,10 +249,10 @@ function init_db_schema() {
           "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "quarantaine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "recipient_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
-        ),
+          ),
         "keys" => array(
           "fkey" => array(
             "fk_username" => array(
@@ -622,6 +626,7 @@ function init_db_schema() {
     );
 
     foreach ($tables as $table => $properties) {
+      // Migrate to quarantine
       if ($table == 'quarantine') {
         $stmt = $pdo->query("SHOW TABLES LIKE 'quarantaine'");
         $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -633,7 +638,7 @@ function init_db_schema() {
           }
         }
       }
-      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
+      $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
         $stmt = $pdo->prepare("SELECT CONCAT('ALTER TABLE ', `table_schema`, '.', `table_name`, ' DROP FOREIGN KEY ', `constraint_name`, ';') AS `FKEY_DROP` FROM `information_schema`.`table_constraints`

From 2bdc3f94c0f57f7edbaba8b29e784da49ce892f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 09:50:58 +0100
Subject: [PATCH 076/107] [Web] Database schema test

---
 data/Dockerfiles/postfix/postfix.sh    |  4 ++--
 data/web/inc/functions.mailbox.inc.php | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 0620404d..2d3d0e64 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -39,7 +39,7 @@ query = SELECT IF(EXISTS(
           SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
             WHERE alias_domain='%d'
         )
-      ) AND mailbox.tls_enforce_in = '1' AND mailbox.active = '1'
+      ) AND json_extract(`attributes`, '$.tls_enforce_in') = '1' AND mailbox.active = '1'
   ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
 EOF
 
@@ -58,7 +58,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
               WHERE alias_domain = '%d'
           )
         )
-        AND mailbox.tls_enforce_out = '1'
+        AND json_extract(`attributes`, '$.tls_enforce_out') = '1'
         AND mailbox.active = '1'
     ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
     UNION ALL
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index c6f3cff2..89e02166 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -511,8 +511,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             if (in_array($address, $gotos)) {
               continue;
             }
-            $domain       = idn_to_ascii(substr(strrchr($address, '@'), 1));
-            $local_part   = substr($address, 0, strripos($address, '@'));
+            $domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
+            $local_part   = strstr($address, '@', true);
             $address      = $local_part.'@'.$domain;
             $stmt = $pdo->prepare("SELECT `address` FROM `alias`
               WHERE `address`= :address OR `address` IN (
@@ -1713,8 +1713,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               $gotos = array_filter($gotos);
               $goto = implode(",", $gotos);
             }
-            $domain       = idn_to_ascii(substr(strrchr($address, '@'), 1));
-            $local_part   = substr($address, 0, strripos($address, '@'));
+            $domain = idn_to_ascii(substr(strstr($address, '@'), 1));
+            $local_part = strstr($address, '@', true);
             if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
               $_SESSION['return'] = array(
                 'type' => 'danger',
@@ -3470,7 +3470,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $addresses = $_data['address'];
           }
           foreach ($addresses as $address) {
-            $local_part   = substr($address, 0, strripos($address, '@'));
+            $local_part		= strstr($address, '@', true);
             $domain = mailbox('get', 'alias_details', $address)['domain'];
             try {
               $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");

From e5e4f6705c69775dd34b52a2bfd645e38204279c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 10:10:55 +0100
Subject: [PATCH 077/107] Update init_db.inc.php

---
 data/web/inc/init_db.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 33855380..ebdc06a6 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -191,7 +191,7 @@ function init_db_schema() {
           "domain" => "VARCHAR(255) NOT NULL",
           "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "attributes" => "JSON DEFAULT '{}'",
+          "attributes" => "JSON",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",

From 0b4333ca6b774f9823033450f577fec33ab47fdc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 10:18:07 +0100
Subject: [PATCH 078/107] [Web] JSON must not have a default value

---
 data/web/inc/init_db.inc.php | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 33855380..c9fa534a 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "17022018_0839";
+    $db_version = "17022018_0859";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -191,7 +191,7 @@ function init_db_schema() {
           "domain" => "VARCHAR(255) NOT NULL",
           "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "attributes" => "JSON DEFAULT '{}'",
+          "attributes" => "JSON",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
@@ -638,6 +638,22 @@ function init_db_schema() {
           }
         }
       }
+      // Migrate tls_enforce_* options
+      if ($table == 'mailbox') {
+        $stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
+        $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+        if ($num_results != 0) {
+          $stmt = $pdo->query("SHOW COLUMNS FROM `mailbox` LIKE '%tls_enforce%'"); 
+          $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+          if ($num_results != 0) {
+            $stmt = $pdo->query("SELECT `username`, `tls_enforce_in`, `tls_enforce_out` FROM `mailbox`");
+            $tls_options_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+            while ($row = array_shift($tls_options_rows)) {
+              $tls_options[$row['username']] = array('tls_enforce_in' => $row['tls_enforce_in'], 'tls_enforce_out' => $row['tls_enforce_out']);
+            }
+          }
+        }
+      }
       $stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'"); 
       $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
       if ($num_results != 0) {
@@ -784,6 +800,13 @@ function init_db_schema() {
       }
       // Reset table attributes
       $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
+      // Migrate tls_enforce_* options
+      foreach($tls_options as $tls_user => $tls_options) {
+        $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
+          `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
+            WHERE `username` = :username");
+        $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
+      }
     }
 
     // Recreate SQL views

From 090ef6dbc5ae6a918ed52a1f89def2a3fd88750a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 10:34:18 +0100
Subject: [PATCH 079/107] [Web] Further work on attributes

---
 data/web/inc/functions.mailbox.inc.php | 4 ++--
 data/web/inc/init_db.inc.php           | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 89e02166..00d0f99c 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1152,7 +1152,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               return false;
             }
             try {
-              $stmt = $pdo->prepare("UPDATE `mailbox` SET `tls_enforce_out` = :tls_out, `tls_enforce_in` = :tls_in WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_out), `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_in) WHERE `username` = :username");
               $stmt->execute(array(
                 ':tls_out' => $tls_enforce_out,
                 ':tls_in' => $tls_enforce_in,
@@ -2402,7 +2402,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $_data = $_SESSION['mailcow_cc_username'];
           }
           try {
-            $stmt = $pdo->prepare("SELECT `tls_enforce_out`, `tls_enforce_in` FROM `mailbox` WHERE `username` = :username");
+            $stmt = $pdo->prepare("SELECT JSON_EXTRACT(`attributes`, '$.tls_enforce_out') AS `tls_enforce_out`, JSON_EXTRACT(`attributes`, '$.tls_enforce_in') AS `tls_enforce_in` FROM `mailbox` WHERE `username` = :username");
             $stmt->execute(array(':username' => $_data));
             $policydata = $stmt->fetch(PDO::FETCH_ASSOC);
           }
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index c9fa534a..23a3d0a0 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -189,8 +189,6 @@ function init_db_schema() {
           "quota" => "BIGINT(20) NOT NULL DEFAULT '102400'",
           "local_part" => "VARCHAR(255) NOT NULL",
           "domain" => "VARCHAR(255) NOT NULL",
-          "tls_enforce_in" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "tls_enforce_out" => "TINYINT(1) NOT NULL DEFAULT '0'",
           "attributes" => "JSON",
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
           "multiple_bookings" => "TINYINT(1) NOT NULL DEFAULT '0'",
@@ -801,6 +799,7 @@ function init_db_schema() {
       // Reset table attributes
       $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
       // Migrate tls_enforce_* options
+      $stmt = $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` IS NULL;");
       foreach($tls_options as $tls_user => $tls_options) {
         $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
           `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)

From f29451f03cfda59da3a34ab0b1331a3cf5b743b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 10:40:20 +0100
Subject: [PATCH 080/107] [Web] Further work on attributes

---
 data/web/inc/init_db.inc.php | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 23a3d0a0..345b720a 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "17022018_0859";
+    $db_version = "17022018_0839";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -798,14 +798,7 @@ function init_db_schema() {
       }
       // Reset table attributes
       $pdo->query("ALTER TABLE `" . $table . "` " . $properties['attr'] . ";");
-      // Migrate tls_enforce_* options
-      $stmt = $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` IS NULL;");
-      foreach($tls_options as $tls_user => $tls_options) {
-        $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
-          `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
-            WHERE `username` = :username");
-        $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
-      }
+
     }
 
     // Recreate SQL views
@@ -842,6 +835,14 @@ DELIMITER ;';
     // Insert new DB schema version
     $stmt = $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');"); 
 
+    // Migrate tls_enforce_* options
+    $stmt = $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` IS NULL;");
+    foreach($tls_options as $tls_user => $tls_options) {
+      $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
+        `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
+          WHERE `username` = :username");
+      $stmt->execute(array(':tls_enforce_in' => $tls_options['tls_enforce_in'], ':tls_enforce_out' => $tls_options['tls_enforce_out'], ':username' => $tls_user));
+    }
     $_SESSION['return'] = array(
       'type' => 'success',
       'msg' => 'Database initialisation completed'

From ab720bf164c8b3f4dc536699b68314263f1334f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 11:12:16 +0100
Subject: [PATCH 081/107] [Web, Postfix] Move TLS policy to mailbox attributes

---
 data/Dockerfiles/postfix/postfix.sh    |  4 ++--
 data/web/inc/functions.mailbox.inc.php | 16 ++++++++++------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 2d3d0e64..88b7b94f 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -39,7 +39,7 @@ query = SELECT IF(EXISTS(
           SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
             WHERE alias_domain='%d'
         )
-      ) AND json_extract(`attributes`, '$.tls_enforce_in') = '1' AND mailbox.active = '1'
+      ) AND json_extract(attributes, '$.tls_enforce_in') = '1' AND mailbox.active = '1'
   ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
 EOF
 
@@ -58,7 +58,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
               WHERE alias_domain = '%d'
           )
         )
-        AND json_extract(`attributes`, '$.tls_enforce_out') = '1'
+        AND json_extract(attributes, '$.tls_enforce_out') = '1'
         AND mailbox.active = '1'
     ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
     UNION ALL
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 00d0f99c..f0d10397 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1154,8 +1154,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             try {
               $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_out), `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_in) WHERE `username` = :username");
               $stmt->execute(array(
-                ':tls_out' => $tls_enforce_out,
-                ':tls_in' => $tls_enforce_in,
+                ':tls_out' => intval($tls_enforce_out),
+                ':tls_in' => intval($tls_enforce_in),
                 ':username' => $username
               ));
             }
@@ -2392,7 +2392,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
           return $mailboxes;
         break;
         case 'tls_policy':
-          $policydata = array();
+          $attrs = array();
           if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
             if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
               return false;
@@ -2402,9 +2402,9 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             $_data = $_SESSION['mailcow_cc_username'];
           }
           try {
-            $stmt = $pdo->prepare("SELECT JSON_EXTRACT(`attributes`, '$.tls_enforce_out') AS `tls_enforce_out`, JSON_EXTRACT(`attributes`, '$.tls_enforce_in') AS `tls_enforce_in` FROM `mailbox` WHERE `username` = :username");
+            $stmt = $pdo->prepare("SELECT `attributes` FROM `mailbox` WHERE `username` = :username");
             $stmt->execute(array(':username' => $_data));
-            $policydata = $stmt->fetch(PDO::FETCH_ASSOC);
+            $attrs = $stmt->fetch(PDO::FETCH_ASSOC);
           }
           catch(PDOException $e) {
             $_SESSION['return'] = array(
@@ -2413,7 +2413,11 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             );
             return false;
           }
-          return $policydata;
+          $attrs = json_decode($attrs['attributes'], true);
+          return array(
+            'tls_enforce_in' => $attrs['tls_enforce_in'],
+            'tls_enforce_out' => $attrs['tls_enforce_out']
+          );
         break;
         case 'filters':
           $filters = array();

From 2284a35658f8f04e3f8dfa546254c0f9a1bf6599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sat, 17 Feb 2018 11:46:34 +0100
Subject: [PATCH 082/107] [Web] Apply fix for renaming quarantaine

---
 data/web/inc/init_db.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 345b720a..aeccb1b7 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -158,7 +158,7 @@ function init_db_schema() {
         ),
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
       ),
-      "quarantaine" => array(
+      "quarantine" => array(
         "cols" => array(
           "id" => "INT NOT NULL AUTO_INCREMENT",
           "qid" => "VARCHAR(30) NOT NULL",
@@ -247,7 +247,7 @@ function init_db_schema() {
           "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "quarantaine" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "recipient_maps" => "TINYINT(1) NOT NULL DEFAULT '0'",
           ),

From fc53a69a441a4e0e3e9499f194f8b62205ba9727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Sun, 18 Feb 2018 20:59:32 +0100
Subject: [PATCH 083/107] [Helper] Nextcloud 13; Additional header for
 Nextcloud site [PHP-FPM] Build gd with TTF support

---
 data/Dockerfiles/phpfpm/Dockerfile          | 31 ++++++++++++++++++++-
 data/assets/nextcloud/nextcloud.conf        |  1 +
 data/assets/nextcloud/site.nextcloud.custom |  1 +
 docker-compose.yml                          |  2 +-
 helper-scripts/nextcloud.sh                 |  2 +-
 5 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 45d2fa84..00681ec2 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -33,6 +33,12 @@ RUN apk add -U --no-cache libxml2-dev \
   imagemagick-dev \
   imagemagick \
   libtool \
+  freetype \
+  libpng \
+  libjpeg-turbo \
+  freetype-dev \
+  libpng-dev \
+  libjpeg-turbo-dev\
   gettext-dev \
   openldap-dev \
   librsvg \
@@ -46,10 +52,33 @@ RUN apk add -U --no-cache libxml2-dev \
 	&& docker-php-ext-enable redis apcu memcached imagick mailparse \
 	&& pecl clear-cache \
 	&& docker-php-ext-configure intl \
+  && docker-php-ext-configure gd \
+      --with-gd \
+      --enable-gd-native-ttf \
+      --with-freetype-dir=/usr/include/ \
+      --with-png-dir=/usr/include/ \
+      --with-jpeg-dir=/usr/include/ \
   && docker-php-ext-install -j 4 intl gettext ldap sockets soap pdo pdo_mysql xmlrpc gd zip pcntl opcache \
   && docker-php-ext-configure imap --with-imap --with-imap-ssl \
 	&& docker-php-ext-install -j 4 imap \
-	&& apk del --purge autoconf g++ make libxml2-dev icu-dev imap-dev openssl-dev cyrus-sasl-dev pcre-dev libpng-dev libpng-dev libjpeg-turbo-dev libwebp-dev zlib-dev imagemagick-dev
+	&& apk del --purge autoconf \
+  g++ \
+  make \
+  libxml2-dev \
+  icu-dev \
+  imap-dev \
+  openssl-dev \
+  cyrus-sasl-dev \
+  pcre-dev \
+  libpng-dev \
+  libpng-dev \
+  libjpeg-turbo-dev \
+  libwebp-dev \
+  zlib-dev \
+  imagemagick-dev \
+  freetype-dev \
+  libpng-dev \
+  libjpeg-turbo-dev
 
 COPY ./docker-entrypoint.sh /
 
diff --git a/data/assets/nextcloud/nextcloud.conf b/data/assets/nextcloud/nextcloud.conf
index 1e6c3726..4759bff2 100644
--- a/data/assets/nextcloud/nextcloud.conf
+++ b/data/assets/nextcloud/nextcloud.conf
@@ -24,6 +24,7 @@ server {
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;
+  add_header X-Frame-Options "SAMEORIGIN";
 
   server_name NC_SUBD;
 
diff --git a/data/assets/nextcloud/site.nextcloud.custom b/data/assets/nextcloud/site.nextcloud.custom
index 6901df76..f7d6dae0 100644
--- a/data/assets/nextcloud/site.nextcloud.custom
+++ b/data/assets/nextcloud/site.nextcloud.custom
@@ -33,6 +33,7 @@
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
+      add_header X-Frame-Options "SAMEORIGIN";
       access_log off;
     }
     location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
diff --git a/docker-compose.yml b/docker-compose.yml
index 1016cfde..c7af8ce8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -102,7 +102,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.11
+      image: mailcow/phpfpm:1.12
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
diff --git a/helper-scripts/nextcloud.sh b/helper-scripts/nextcloud.sh
index a1420f40..5040cd95 100755
--- a/helper-scripts/nextcloud.sh
+++ b/helper-scripts/nextcloud.sh
@@ -64,7 +64,7 @@ elif [[ ${NC_INSTALL} == "y" ]]; then
 
 	ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-	curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-12.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
+	curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-13.tar.bz2" || { echo "Failed to download Nextcloud archive."; exit 1; } \
 	  && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
 	  && rm nextcloud.tar.bz2 \
 	  && rm -rf ./data/web/nextcloud/updater \

From 39f289fc3ceef889ba665cd06803e28dd355fca6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 19 Feb 2018 10:17:29 +0100
Subject: [PATCH 084/107] [Web, Dovecot, Postfix] Fix JSON attribute for login

---
 data/Dockerfiles/dovecot/docker-entrypoint.sh | 2 +-
 data/Dockerfiles/postfix/postfix.sh           | 4 ++--
 data/web/inc/init_db.inc.php                  | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index 469edacc..b1f78870 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -82,7 +82,7 @@ cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
 driver = mysql
 connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
 default_pass_scheme = SSHA256
-password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, "$.force_pw_update") != 1
+password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, "$.force_pw_update") NOT LIKE '%1%'
 user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
 iterate_query = SELECT username FROM mailbox WHERE active='1';
 EOF
diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 88b7b94f..a80e6900 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -39,7 +39,7 @@ query = SELECT IF(EXISTS(
           SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
             WHERE alias_domain='%d'
         )
-      ) AND json_extract(attributes, '$.tls_enforce_in') = '1' AND mailbox.active = '1'
+      ) AND json_extract(attributes, '$.tls_enforce_in') LIKE '%1%' AND mailbox.active = '1'
   ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
 EOF
 
@@ -58,7 +58,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
               WHERE alias_domain = '%d'
           )
         )
-        AND json_extract(attributes, '$.tls_enforce_out') = '1'
+        AND json_extract(attributes, '$.tls_enforce_out') LIKE '%1%'
         AND mailbox.active = '1'
     ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
     UNION ALL
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index aeccb1b7..77368166 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "17022018_0839";
+    $db_version = "19022018_0839";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -835,8 +835,9 @@ DELIMITER ;';
     // Insert new DB schema version
     $stmt = $pdo->query("REPLACE INTO `versions` (`application`, `version`) VALUES ('db_schema', '" . $db_version . "');"); 
 
-    // Migrate tls_enforce_* options
+    // Migrate tls_enforce_* options and add force_pw_update attribute
     $stmt = $pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` IS NULL;");
+    $stmt = $pdo->query("UPDATE `mailbox` SET `attributes` =  JSON_SET(`attributes`, '$.force_pw_update', 0) WHERE JSON_EXTRACT(`attributes`, '$.force_pw_update') IS NULL;");
     foreach($tls_options as $tls_user => $tls_options) {
       $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
         `attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)

From ff3328ea8c9a14cb4282394916a47c151e29d676 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 19 Feb 2018 12:56:45 +0100
Subject: [PATCH 085/107] [SOGo] Use indigo theme, copy logo and theme.js to
 image

---
 data/Dockerfiles/sogo/Dockerfile        |  2 +
 data/Dockerfiles/sogo/bootstrap-sogo.sh |  2 +-
 data/Dockerfiles/sogo/sogo-full.svg     | 48 ++++++++++++++++++++
 data/Dockerfiles/sogo/theme.js          | 60 +++++++++++++++++++++++++
 data/conf/sogo/sogo.conf                |  1 +
 docker-compose.yml                      |  2 +-
 6 files changed, 113 insertions(+), 2 deletions(-)
 create mode 100644 data/Dockerfiles/sogo/sogo-full.svg
 create mode 100644 data/Dockerfiles/sogo/theme.js

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 1bfca949..b00e2f73 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -42,6 +42,8 @@ RUN mkdir /usr/share/doc/sogo \
 COPY ./bootstrap-sogo.sh /
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY theme.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js
+COPY sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
 
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 07365981..87bf05f7 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -19,7 +19,7 @@ mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS so
 
 mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
 CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, home, kind, multiple_bookings) AS
-SELECT mailbox.username, mailbox.domain, mailbox.username, if(json_extract(attributes, '$.force_pw_update') = '0', password, 'invalid'), mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
+SELECT mailbox.username, mailbox.domain, mailbox.username, if(json_extract(attributes, '$.force_pw_update') LIKE '%0%', password, 'invalid'), mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
 LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
 LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
 WHERE mailbox.active = '1'
diff --git a/data/Dockerfiles/sogo/sogo-full.svg b/data/Dockerfiles/sogo/sogo-full.svg
new file mode 100644
index 00000000..5e0d81df
--- /dev/null
+++ b/data/Dockerfiles/sogo/sogo-full.svg
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="Layer_1"
+   x="0px"
+   y="0px"
+   width="640px"
+   height="350px"
+   viewBox="78.712 58.488 640 350"
+   style="enable-background:new 78.712 58.488 640 350;"
+   xml:space="preserve"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="sogo-full.svg"><metadata
+     id="metadata4143"><rdf:RDF><cc:Work
+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
+     id="defs4141" /><sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="1721"
+     inkscape:window-height="1177"
+     id="namedview4139"
+     showgrid="false"
+     inkscape:zoom="1.8359375"
+     inkscape:cx="320"
+     inkscape:cy="175"
+     inkscape:window-x="-8"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="Layer_1" /><path
+     style="fill:#f1f1f1;fill-opacity:0.96078432"
+     d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057  c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893  c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729  C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212  c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z   M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125  C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21  c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157  c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547  c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218  c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943  c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162  c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132  C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331  c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z   M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146  c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312  c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094  c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342  C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504  c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796  c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757  c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485  c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438  c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301  c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966  c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147  c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774  c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988  c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428  c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078  c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058  c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05  c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01  c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"
+     id="path4137" /></svg>
\ No newline at end of file
diff --git a/data/Dockerfiles/sogo/theme.js b/data/Dockerfiles/sogo/theme.js
new file mode 100644
index 00000000..4efbf824
--- /dev/null
+++ b/data/Dockerfiles/sogo/theme.js
@@ -0,0 +1,60 @@
+/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+
+(function() {
+  'use strict';
+
+  angular.module('SOGo.Common')
+    .config(configure)
+
+  /**
+   * @ngInject
+   */
+  configure.$inject = ['$mdThemingProvider'];
+  function configure($mdThemingProvider) {
+
+    /**
+     * Define the Alternative theme
+     */
+    $mdThemingProvider.theme('mailcow')
+      .primaryPalette('indigo', {
+        'default': '700',  // top toolbar
+        'hue-1': '400',
+        'hue-2': '600',    // sidebar toolbar
+        'hue-3': 'A700'
+      })
+      .accentPalette('indigo', {
+        'default': '500',  // fab buttons
+        'hue-1': '50',     // center list toolbar
+        'hue-2': '400',
+        'hue-3': 'A700'
+      })
+      .backgroundPalette('grey', {
+        'default': '50',   // center list background
+        'hue-1': '100',
+        'hue-2': '200',
+        'hue-3': '300'
+      });
+    $mdThemingProvider.theme('default')
+      .primaryPalette('indigo', {
+        'default': '700',  // top toolbar
+        'hue-1': '400',
+        'hue-2': '600',    // sidebar toolbar
+        'hue-3': 'A700'
+      })
+      .accentPalette('indigo', {
+        'default': '500',  // fab buttons
+        'hue-1': '50',     // center list toolbar
+        'hue-2': '400',
+        'hue-3': 'A700'
+      })
+      .backgroundPalette('grey', {
+        'default': '50',   // center list background
+        'hue-1': '100',
+        'hue-2': '200',
+        'hue-3': '300'
+      });
+
+    $mdThemingProvider.setDefaultTheme('mailcow');
+    $mdThemingProvider.generateThemesOnDemand(false);
+  }
+})();
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 195c3dfd..73cc2864 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -14,6 +14,7 @@
     SOGoEnableEMailAlarms = NO;
     SOGoFoldersSendEMailNotifications = YES;
     SOGoForwardEnabled = YES;
+    SOGoUIAdditionalJSFiles = (js/theme.js);
 
     // Multi-domain setup
     // Domains are isolated, you can define visibility options here.
diff --git a/docker-compose.yml b/docker-compose.yml
index c7af8ce8..f849bb4f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -142,7 +142,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.17
+      image: mailcow/sogo:1.18
       build: ./data/Dockerfiles/sogo
       environment:
         - DBNAME=${DBNAME}

From 24bd644359e1b301855456db08a30438d33b197c Mon Sep 17 00:00:00 2001
From: Levin <admin@levinus.de>
Date: Thu, 15 Feb 2018 12:08:18 +0000
Subject: [PATCH 086/107] Added dns option for watchdog

---
 docker-compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index f849bb4f..8c44cd3d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -361,6 +361,8 @@ services:
         - USE_WATCHDOG=${USE_WATCHDOG:-n}
         - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL}
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
+      dns:
+        - ${IPV4_NETWORK:-172.22.1}.254
       networks:
         mailcow-network:
           aliases:

From 6e91504f6f1fee7e20a9cabaa5e24a670bb65dfb Mon Sep 17 00:00:00 2001
From: eXtremeSHOK <extremeshok@users.noreply.github.com>
Date: Tue, 20 Feb 2018 00:28:59 +0200
Subject: [PATCH 087/107] Update generate_config.sh

added --no-cache option, thanks
---
 generate_config.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index b49a6a21..d9a9f7ec 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 
 if grep --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
-  echo "BusybBox grep detected, please install gnu grep, \"apk add --upgrade grep\""
+  echo "BusybBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
   exit 1
 fi
 if cp --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
-  echo "BusybBox cp detected, please install coreutils, \"apk add --upgrade coreutils\""
+  echo "BusybBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
   exit 1
 fi
 

From 40885b7fd6f38c3fc5014d402544487e60fca2f1 Mon Sep 17 00:00:00 2001
From: eXtremeSHOK <extremeshok@users.noreply.github.com>
Date: Tue, 20 Feb 2018 00:39:53 +0200
Subject: [PATCH 088/107] Update generate_config.sh

exit on error and pipefail
minor fix " ; then" to ";then"
---
 generate_config.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index d9a9f7ec..aa600a02 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,10 +1,14 @@
 #!/bin/bash
 
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
++#exit on error and pipefail
++set -o errexit
++set -o pipefail
+
+if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then
   echo "BusybBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
   exit 1
 fi
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox" ; then
+if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then
   echo "BusybBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
   exit 1
 fi

From de04016996017a16727ec744f36b2dbce4253686 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 20 Feb 2018 08:34:49 +0100
Subject: [PATCH 089/107] Update generate_config.sh

---
 generate_config.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generate_config.sh b/generate_config.sh
index aa600a02..d8cbe8ac 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -4,11 +4,11 @@
 +set -o errexit
 +set -o pipefail
 
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then
+if grep --help 2>&1 | grep -q -i "busybox"; then
   echo "BusybBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
   exit 1
 fi
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then
+if cp --help 2>&1 | grep -q -i "busybox"; then
   echo "BusybBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
   exit 1
 fi

From d052a87cc3219a665165f609bcae858813cf66ea Mon Sep 17 00:00:00 2001
From: eXtremeSHOK <extremeshok@users.noreply.github.com>
Date: Tue, 20 Feb 2018 10:31:01 +0200
Subject: [PATCH 090/107] Support for alpine linux

rebased on dev
replaces #1047
---
 update.sh | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/update.sh b/update.sh
index ceb4311c..fba5da72 100755
--- a/update.sh
+++ b/update.sh
@@ -1,10 +1,13 @@
 #!/bin/bash
 
+#exit on error and pipefail
+set -o errexit
+set -o pipefail
+
 for bin in curl docker-compose docker git awk sha1sum; do
   if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done
 
-set -o pipefail
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
 BRANCH=$(git rev-parse --abbrev-ref HEAD)
@@ -30,6 +33,9 @@ done
 
 [[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing"; exit 1;}
 
+if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusybBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
+if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusybBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
+
 CONFIG_ARRAY=(
   "SKIP_LETS_ENCRYPT"
   "USE_WATCHDOG"
@@ -118,7 +124,7 @@ curl -o /dev/null google.com -sm3
 if [[ $? != 0 ]]; then
   echo -e "\e[31mfailed\e[0m"
   exit 1
-  else
+else
   echo -e "\e[32mOK\e[0m"
 fi
 
@@ -135,7 +141,7 @@ fi
 
 if [[ -f mailcow.conf ]]; then
   source mailcow.conf
-  else
+else
   echo -e "\e[31mNo mailcow.conf - is mailcow installed?\e[0m"
   exit 1
 fi
@@ -183,11 +189,14 @@ fi
 
 echo -e "\e[32mFetching new docker-compose version...\e[0m"
 sleep 2
-if [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php -o /dev/null) == "200" ]]; then
+if [[ ! -z $(which pip) && $(pip list --local | grep -c docker-compose) == 1 ]]; then
+  true
+  #prevent breaking a working docker-compose installed with pip
+elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php -o /dev/null) == "200" ]]; then
   LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
   curl -#L https://github.com/docker/compose/releases/download/${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $(which docker-compose)
   chmod +x $(which docker-compose)
-  else
+else
   echo -e "\e[33mCannot determine latest docker-compose version, skipping...\e[0m"
 fi
 
@@ -239,7 +248,7 @@ if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
   read -r -p "Do you want to delete old image tags right now? [y/N] " response
   if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     docker rmi ${IMGS_TO_DELETE[*]}
-    else
+  else
     echo "OK, skipped."
   fi
 fi

From eb4dd632ae846926c7633d0b03d1028bc2dc03e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:16:16 +0100
Subject: [PATCH 091/107] [Web] Fix autodiscover triggering fail2ban
 implementation, fixes #1069

---
 .../override.d/worker-controller-password.inc |   0
 data/web/autodiscover.php                     | 150 +++++++++---------
 2 files changed, 74 insertions(+), 76 deletions(-)
 create mode 100644 data/conf/rspamd/override.d/worker-controller-password.inc

diff --git a/data/conf/rspamd/override.d/worker-controller-password.inc b/data/conf/rspamd/override.d/worker-controller-password.inc
new file mode 100644
index 00000000..e69de29b
diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index a8d8073b..88f91da8 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -36,9 +36,8 @@ $opt = [
 $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 $login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
 $login_pass = trim(htmlspecialchars_decode($_SERVER['PHP_AUTH_PW']));
-$login_role = check_login($login_user, $login_pass);
 
-if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
+if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
   try {
     $json = json_encode(
       array(
@@ -62,35 +61,36 @@ if (!isset($_SERVER['PHP_AUTH_USER']) OR $login_role !== "user") {
   header('HTTP/1.0 401 Unauthorized');
   exit(0);
 }
-else {
-  if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
-    if ($login_role === "user") {
-      header("Content-Type: application/xml");
-      echo '<?xml version="1.0" encoding="utf-8" ?>' . PHP_EOL;
+
+$login_role = check_login($login_user, $login_pass);
+
+if ($login_role === "user") {
+  header("Content-Type: application/xml");
+  echo '<?xml version="1.0" encoding="utf-8" ?>' . PHP_EOL;
 ?>
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
 <?php
-      if(!$data) {
-        try {
-          $json = json_encode(
-            array(
-              "time" => time(),
-              "ua" => $_SERVER['HTTP_USER_AGENT'],
-              "user" => $_SERVER['PHP_AUTH_USER'],
-              "service" => "Error: invalid or missing request data"
-            )
-          );
-          $redis->lPush('AUTODISCOVER_LOG', $json);
-          $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
-        }
-        catch (RedisException $e) {
-          $_SESSION['return'] = array(
-            'type' => 'danger',
-            'msg' => 'Redis: '.$e
-          );
-          return false;
-        }
-        list($usec, $sec) = explode(' ', microtime());
+  if(!$data) {
+    try {
+      $json = json_encode(
+        array(
+          "time" => time(),
+          "ua" => $_SERVER['HTTP_USER_AGENT'],
+          "user" => $_SERVER['PHP_AUTH_USER'],
+          "service" => "Error: invalid or missing request data"
+        )
+      );
+      $redis->lPush('AUTODISCOVER_LOG', $json);
+      $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+    }
+    catch (RedisException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'Redis: '.$e
+      );
+      return false;
+    }
+    list($usec, $sec) = explode(' ', microtime());
 ?>
   <Response>
     <Error Time="<?=date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2);?>" Id="2477272013">
@@ -101,50 +101,50 @@ else {
   </Response>
 </Autodiscover>
 <?php
-        exit(0);
-      }
-      try {
-        $discover = new SimpleXMLElement($data);
-        $email = $discover->Request->EMailAddress;
-      } catch (Exception $e) {
-        $email = $_SERVER['PHP_AUTH_USER'];
-      }
+    exit(0);
+  }
+  try {
+    $discover = new SimpleXMLElement($data);
+    $email = $discover->Request->EMailAddress;
+  } catch (Exception $e) {
+    $email = $_SERVER['PHP_AUTH_USER'];
+  }
 
-      $username = trim($email);
-      try {
-        $stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username");
-        $stmt->execute(array(':username' => $username));
-        $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
-      }
-      catch(PDOException $e) {
-        die("Failed to determine name from SQL");
-      }
-      if (!empty($MailboxData['name'])) {
-        $displayname = $MailboxData['name'];
-      }
-      else {
-        $displayname = $email;
-      }
-      try {
-        $json = json_encode(
-          array(
-            "time" => time(),
-            "ua" => $_SERVER['HTTP_USER_AGENT'],
-            "user" => $_SERVER['PHP_AUTH_USER'],
-            "service" => $autodiscover_config['autodiscoverType']
-          )
-        );
-        $redis->lPush('AUTODISCOVER_LOG', $json);
-        $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
-      }
-      catch (RedisException $e) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => 'Redis: '.$e
-        );
-        return false;
-      }
-      if ($autodiscover_config['autodiscoverType'] == 'imap') {
+  $username = trim($email);
+  try {
+    $stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username");
+    $stmt->execute(array(':username' => $username));
+    $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
+  }
+  catch(PDOException $e) {
+    die("Failed to determine name from SQL");
+  }
+  if (!empty($MailboxData['name'])) {
+    $displayname = $MailboxData['name'];
+  }
+  else {
+    $displayname = $email;
+  }
+  try {
+    $json = json_encode(
+      array(
+        "time" => time(),
+        "ua" => $_SERVER['HTTP_USER_AGENT'],
+        "user" => $_SERVER['PHP_AUTH_USER'],
+        "service" => $autodiscover_config['autodiscoverType']
+      )
+    );
+    $redis->lPush('AUTODISCOVER_LOG', $json);
+    $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+  }
+  catch (RedisException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'Redis: '.$e
+    );
+    return false;
+  }
+  if ($autodiscover_config['autodiscoverType'] == 'imap') {
 ?>
   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
     <User>
@@ -190,8 +190,8 @@ else {
     </Account>
   </Response>
 <?php
-      }
-      else if ($autodiscover_config['autodiscoverType'] == 'activesync') {
+  }
+  else if ($autodiscover_config['autodiscoverType'] == 'activesync') {
 ?>
   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
     <Culture>en:en</Culture>
@@ -210,11 +210,9 @@ else {
     </Action>
   </Response>
 <?php
-      }
+  }
 ?>
 </Autodiscover>
 <?php
-    }
-  }
 }
 ?>

From fbe24f39a274fb8a3bdc6b45f085703c068f1f9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:16:49 +0100
Subject: [PATCH 092/107] [Web] Show volume usage for vmail, start listing
 system info in UI

---
 data/web/css/debug.css |  2 +-
 data/web/debug.php     | 24 +++++++++++++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/data/web/css/debug.css b/data/web/css/debug.css
index 585d1905..e46a5b07 100644
--- a/data/web/css/debug.css
+++ b/data/web/css/debug.css
@@ -34,4 +34,4 @@ table.footable>tbody>tr.footable-empty>td {
 }
 .inputMissingAttr {
   border-color: #FF4136;
-}
\ No newline at end of file
+}
diff --git a/data/web/debug.php b/data/web/debug.php
index f9685ab4..f6ced28f 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -16,7 +16,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
         <li role="presentation"><a href="#tab-rspamd-settings" aria-controls="tab-rspamd-settings" role="tab" data-toggle="tab">Rspamd settings map</a></li>
       </ul>
     </li>
-    <li role="presentation"><a href="#tab-containers" aria-controls="tab-containers" role="tab" data-toggle="tab">Containers</a></li>
+    <li role="presentation"><a href="#tab-containers" aria-controls="tab-containers" role="tab" data-toggle="tab">Containers & System</a></li>
     <li class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Logs
       <span class="caret"></span></a>
       <ul class="dropdown-menu">
@@ -91,7 +91,29 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
           </div>
         </div>
 
+        <?php
+          $exec_fields = array('cmd' => 'df', 'dir' => '/var/vmail');
+          $vmail_df = explode(',', json_decode(docker('dovecot-mailcow', 'post', 'exec', $exec_fields), true));
+        ?>
         <div role="tabpanel" class="tab-pane" id="tab-containers">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title">Disk usage</h3>
+            </div>
+            <div class="panel-body">
+              <div class="row">
+                <div class="col-sm-3">
+                  <p>/var/vmail on <?=$vmail_df[0];?></p>
+                  <p><?=$vmail_df[2];?> / <?=$vmail_df[1];?> (<?=$vmail_df[4];?>)</p>
+                </div>
+                <div class="col-sm-9">
+                  <div class="progress">
+                    <div class="progress-bar progress-bar-info" role="progressbar" style="width:<?=$vmail_df[4];?>"></div>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
           <div class="panel panel-default">
             <div class="panel-heading">
               <h3 class="panel-title">Container information</h3>

From f3896195d457e0acf0a5be38e800e7af9f146d7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:19:01 +0100
Subject: [PATCH 093/107] Update worker-controller-password.inc

---
 data/conf/rspamd/override.d/worker-controller-password.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/conf/rspamd/override.d/worker-controller-password.inc b/data/conf/rspamd/override.d/worker-controller-password.inc
index e69de29b..9a5984d1 100644
--- a/data/conf/rspamd/override.d/worker-controller-password.inc
+++ b/data/conf/rspamd/override.d/worker-controller-password.inc
@@ -0,0 +1 @@
+# Placeholder

From 7a850f91b58f8cf15d7d5833eaf44e1a1058502e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:20:23 +0100
Subject: [PATCH 094/107] [Web] Nginx should wait for Rspamd, remove vmail vol
 from watchdog

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 8c44cd3d..2f443e79 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -263,6 +263,7 @@ services:
         until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
         until ping sogo -c1 > /dev/null; do sleep 1; done &&
         until ping redis -c1 > /dev/null; do sleep 1; done &&
+        until ping rspamd -c1 > /dev/null; do sleep 1; done &&
         exec nginx -g 'daemon off;'"
       environment:
         - HTTPS_PORT=${HTTPS_PORT:-443}
@@ -349,7 +350,6 @@ services:
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}
       volumes:
-        - vmail-vol-1:/vmail:ro
         - rspamd-sock:/rspamd-sock
       restart: always
       environment:

From bbbe52f560139c4c383f99b0d6b7baa7126fcef9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:20:46 +0100
Subject: [PATCH 095/107] [SOGo] Add blue (default) and red theme

---
 data/Dockerfiles/sogo/Dockerfile              |  3 +-
 .../sogo/{theme.js => theme-blue.js}          |  0
 data/Dockerfiles/sogo/theme-green.js          | 61 +++++++++++++++++++
 data/conf/sogo/sogo.conf                      |  2 +-
 4 files changed, 64 insertions(+), 2 deletions(-)
 rename data/Dockerfiles/sogo/{theme.js => theme-blue.js} (100%)
 create mode 100644 data/Dockerfiles/sogo/theme-green.js

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index b00e2f73..bb429326 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -42,7 +42,8 @@ RUN mkdir /usr/share/doc/sogo \
 COPY ./bootstrap-sogo.sh /
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
-COPY theme.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js
+COPY theme-blue.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme-blue.js
+COPY theme-green.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme-green.js
 COPY sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
 
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/data/Dockerfiles/sogo/theme.js b/data/Dockerfiles/sogo/theme-blue.js
similarity index 100%
rename from data/Dockerfiles/sogo/theme.js
rename to data/Dockerfiles/sogo/theme-blue.js
diff --git a/data/Dockerfiles/sogo/theme-green.js b/data/Dockerfiles/sogo/theme-green.js
new file mode 100644
index 00000000..35a6f788
--- /dev/null
+++ b/data/Dockerfiles/sogo/theme-green.js
@@ -0,0 +1,61 @@
+/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+
+(function() {
+  'use strict';
+
+  angular.module('SOGo.Common')
+    .config(configure)
+
+  /**
+   * @ngInject
+   */
+  configure.$inject = ['$mdThemingProvider'];
+  function configure($mdThemingProvider) {
+
+
+    /**
+     * Define the Alternative theme
+     */
+    $mdThemingProvider.theme('mailcow')
+      .primaryPalette('green', {
+        'default': '600',  // top toolbar
+        'hue-1': '200',
+        'hue-2': '600',    // sidebar toolbar
+        'hue-3': 'A700'
+      })
+      .accentPalette('green', {
+        'default': '600',  // fab buttons
+        'hue-1': '50',     // center list toolbar
+        'hue-2': '400',
+        'hue-3': 'A700'
+      })
+      .backgroundPalette('grey', {
+        'default': '50',   // center list background
+        'hue-1': '50',
+        'hue-2': '100',
+        'hue-3': '100'
+      });
+    $mdThemingProvider.theme('default')
+      .primaryPalette('green', {
+        'default': '600',  // top toolbar
+        'hue-1': '200',
+        'hue-2': '600',    // sidebar toolbar
+        'hue-3': 'A700'
+      })
+      .accentPalette('green', {
+        'default': '600',  // fab buttons
+        'hue-1': '50',     // center list toolbar
+        'hue-2': '400',
+        'hue-3': 'A700'
+      })
+      .backgroundPalette('grey', {
+        'default': '50',   // center list background
+        'hue-1': '50',
+        'hue-2': '100',
+        'hue-3': '100'
+      });
+
+    $mdThemingProvider.setDefaultTheme('mailcow');
+    $mdThemingProvider.generateThemesOnDemand(false);
+  }
+})();
diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf
index 73cc2864..40e3928c 100644
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@@ -14,7 +14,7 @@
     SOGoEnableEMailAlarms = NO;
     SOGoFoldersSendEMailNotifications = YES;
     SOGoForwardEnabled = YES;
-    SOGoUIAdditionalJSFiles = (js/theme.js);
+    SOGoUIAdditionalJSFiles = (js/theme-blue.js);
 
     // Multi-domain setup
     // Domains are isolated, you can define visibility options here.

From 944b91a4b85635b62db14a2c9f5d6c6aada0560e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Thu, 22 Feb 2018 09:21:37 +0100
Subject: [PATCH 096/107] [Dockerapi] Add du command, push version

---
 data/Dockerfiles/dockerapi/server.py | 17 +++++++++++++++--
 docker-compose.yml                   |  2 +-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/dockerapi/server.py b/data/Dockerfiles/dockerapi/server.py
index eae472ed..57ed3570 100644
--- a/data/Dockerfiles/dockerapi/server.py
+++ b/data/Dockerfiles/dockerapi/server.py
@@ -67,10 +67,23 @@ class container_post(Resource):
         if not request.json or not 'cmd' in request.json:
           return jsonify(type='danger', msg='cmd is missing')
 
-        if request.json['cmd'] == 'sieve_list' and request.json['username']:
+        if request.json['cmd'] == 'df' and request.json['dir']:
           try:
             for container in docker_client.containers.list(filters={"id": container_id}):
-              return container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
+              # Should be changed to be able to validate a path
+              directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir'])
+              df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+              if df_return.exit_code == 0:
+                return df_return.output.rstrip()
+              else:
+                return "0,0,0,0,0,0"
+          except Exception as e:
+            return jsonify(type='danger', msg=str(e))
+        elif request.json['cmd'] == 'sieve_list' and request.json['username']:
+          try:
+            for container in docker_client.containers.list(filters={"id": container_id}):
+              sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
+              return sieve_return.output
           except Exception as e:
             return jsonify(type='danger', msg=str(e))
         elif request.json['cmd'] == 'sieve_print' and request.json['script_name'] and request.json['username']:
diff --git a/docker-compose.yml b/docker-compose.yml
index 2f443e79..5e167164 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -369,7 +369,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:1.8
+      image: mailcow/dockerapi:1.9
       restart: always
       build: ./data/Dockerfiles/dockerapi
       sysctls:

From 165f6cb80291abb2f598a5d2d1c21b39fdd12b45 Mon Sep 17 00:00:00 2001
From: David Escala <descala@ingent.net>
Date: Mon, 12 Feb 2018 08:23:48 +0100
Subject: [PATCH 097/107] Catalan language support

---
 data/web/inc/vars.inc.php |   2 +-
 data/web/lang/lang.ca.php | 536 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 537 insertions(+), 1 deletion(-)
 create mode 100644 data/web/lang/lang.ca.php

diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 4d3fd07a..da9af554 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -76,7 +76,7 @@ $DETECT_LANGUAGE = true;
 $DEFAULT_LANG = 'de';
 
 // Available languages
-$AVAILABLE_LANGUAGES = array('de', 'en', 'es', 'fr', 'nl', 'pl', 'pt', 'ru', 'it');
+$AVAILABLE_LANGUAGES = array('de', 'en', 'es', 'fr', 'nl', 'pl', 'pt', 'ru', 'it', 'ca');
 
 // Change theme (default: lumen)
 // Needs to be one of those: cerulean, cosmo, cyborg, darkly, flatly, journal, lumen, paper, readable, sandstone,
diff --git a/data/web/lang/lang.ca.php b/data/web/lang/lang.ca.php
new file mode 100644
index 00000000..32a10dad
--- /dev/null
+++ b/data/web/lang/lang.ca.php
@@ -0,0 +1,536 @@
+<?php
+/*
+ * Catalan language file
+ */
+
+$lang['footer']['loading'] = "Si et plau espera ...";
+$lang['header']['restart_sogo'] = 'Reiniciar SOGo';
+$lang['footer']['restart_sogo'] = 'Reiniciar SOGo';
+$lang['footer']['restart_now'] = 'Reiniciar ara';
+$lang['footer']['restart_container_info'] = '<b>Important:</b> Un reinici pot trigar una estona, si et plau espera a que acabi.';
+
+$lang['footer']['confirm_delete'] = "Confirma l'esborrat ";
+$lang['footer']['delete_these_items'] = 'Si et plau confirma els canvis al objecte amb id:';
+$lang['footer']['delete_now'] = 'Esborrar ara';
+$lang['footer']['cancel'] = 'Cancel·lar';
+
+$lang['danger']['dkim_domain_or_sel_invalid'] = "Domini DKIM o selector incorrecte";
+$lang['success']['dkim_removed'] = "La clau DKIM %s s'ha esborrat";
+$lang['success']['dkim_added'] = "La clau DKIM s'ha desat";
+$lang['danger']['access_denied'] = "Accés denegat o dades incorrectes";
+$lang['danger']['domain_invalid'] = "Nom de domini incorrecte";
+$lang['danger']['mailbox_quota_exceeds_domain_quota'] = "La quota màxima sobrepassa el límit del domini";
+$lang['danger']['object_is_not_numeric'] = "El valor %s no és numèric";
+$lang['success']['domain_added'] = "S'ha afegit el domini %s";
+$lang['success']['items_deleted'] = "S'ha esborrat %s";
+$lang['danger']['alias_empty'] = "L'adreça de l'àlias no es pot deixar buida";
+$lang['danger']['last_key'] = 'No es pot esborrar la úlitma clau';
+$lang['danger']['goto_empty'] = "L'adreça \"goto\" no es pot deixar buida";
+$lang['danger']['policy_list_from_exists'] = "Ja existeix un registre amb aquest nom";
+$lang['danger']['policy_list_from_invalid'] = "El registre no té un format vàlid";
+$lang['danger']['alias_invalid'] = "L'adreça de l'alias és incorrecta";
+$lang['danger']['goto_invalid'] = "L'adreça del \"goto\" és incorrecta";
+$lang['danger']['alias_domain_invalid'] = "L'àlies del domini no és vàlid";
+$lang['danger']['target_domain_invalid'] = "El domini \"goto\" no és vàlid";
+$lang['danger']['object_exists'] = "L' objecte %s ja existeix";
+$lang['danger']['domain_exists'] = "El domini %s ja existeix";
+$lang['danger']['alias_goto_identical'] = "Les adreces d'àlies i 'goto' no poden ser iguals";
+$lang['danger']['aliasd_targetd_identical'] = "El domini àlies no pot ser igual al de destí";
+$lang['danger']['maxquota_empty'] = 'La quota màxima no pot ser 0.';
+$lang['success']['alias_added'] = "S'ha afegit el/s àlies";
+$lang['success']['alias_modified'] = "S'han desat els canvis fets al àlies";
+$lang['success']['mailbox_modified'] = "S'han desat els canvis fets a la bústia %s";
+$lang['success']['resource_modified'] = "S'han desat els canvis fets al recurs %s";
+$lang['success']['object_modified'] = "S'han desat els canvis fets a l'objecte %s";
+$lang['success']['f2b_modified'] = "S'han desat els canvis fets als parametres del Fail2ban";
+$lang['danger']['targetd_not_found'] = "No s'ha trobat el domini destí";
+$lang['success']['aliasd_added'] = "S'ha afegit l'àlies de domini %s";
+$lang['success']['aliasd_modified'] = "S'han desat els canvis fets a l'àlies de domini %s";
+$lang['success']['domain_modified'] = "S'han desat els canvis fets al domini %s";
+$lang['success']['domain_admin_modified'] = "S'ha modificat l'administrador de dominis %s";
+$lang['success']['domain_admin_added'] = "S'ha afegit l'administrador de dominis %s";
+$lang['success']['admin_modified'] = "Els canvis fets a l'administrador s'han desat";
+$lang['danger']['username_invalid'] = "El nom d'usuari no es pot fer servir";
+$lang['danger']['password_mismatch'] = "La confirmació de contrasenya no encaixa";
+$lang['danger']['password_complexity'] = "La contrasenya no compleix els requisits";
+$lang['danger']['password_empty'] = "La contrasenya no es pot deixar en blanc";
+$lang['danger']['login_failed'] = "L'inici de sessió ha fallat";
+$lang['danger']['mailbox_invalid'] = "El nom de la bústia no és vàlid";
+$lang['danger']['description_invalid'] = "La descripció del recurs no és vàlida";
+$lang['danger']['resource_invalid'] = "El nom del recurs no és vàlid";
+$lang['danger']['is_alias'] = "%s ja està definida com una direcció àlies";
+$lang['danger']['is_alias_or_mailbox'] = "%s ja està definit como un àlies o una bústia";
+$lang['danger']['is_spam_alias'] = "%s ja està definida com una adreça àlies de spam";
+$lang['danger']['quota_not_0_not_numeric'] = "La quaota ha de ser numèrica i >= 0";
+$lang['danger']['domain_not_found'] = "No s'ha trobat el domini";
+$lang['danger']['max_mailbox_exceeded'] = "S'ha arribat al màxim de bústies (%d de %d)";
+$lang['danger']['max_alias_exceeded'] = "S'ha arribat al màxim d'àlies";
+$lang['danger']['mailbox_quota_exceeded'] = "La quota exedeix el límit del domini (màx. %d MiB)";
+$lang['danger']['mailbox_quota_left_exceeded'] = "No queda espai suficient (espai lliure: %d MiB)";
+$lang['success']['mailbox_added'] = "S'ha afegit la bústia %s";
+$lang['success']['resource_added'] = "S'ha afegit el recurs %s";
+$lang['success']['domain_removed'] = "S'ha elminat el domini %s";
+$lang['success']['alias_removed'] = "S'ha esborrat l'àlies %s";
+$lang['success']['alias_domain_removed'] = "S'ha esborrat l'àlies de domini %s";
+$lang['success']['domain_admin_removed'] = "S'ha esborrat l'administrador de dominis %s";
+$lang['success']['mailbox_removed'] = "S'ha esborrat la bústia %s";
+$lang['success']['eas_reset'] = "S'ha fet un reset als dispositius ActiveSync de l'usuari %s";
+$lang['success']['resource_removed'] = "S'ha esborrat el recurs %s";
+$lang['danger']['max_quota_in_use'] = "La quota de la bústia ha de ser meś gran o igual a %d MiB";
+$lang['danger']['domain_quota_m_in_use'] = "La quota del domini ha de ser més gran o igual a  %d MiB";
+$lang['danger']['mailboxes_in_use'] = "El número màxim de bústies ha de ser més gran o igual a %d";
+$lang['danger']['aliases_in_use'] = "El número màxim d'àlies ha de ser més gran o igual a %d";
+$lang['danger']['sender_acl_invalid'] = "L'ACL d'emissor no és vàlid";
+$lang['danger']['domain_not_empty'] = "No es pot esborrar un domini que no està buit";
+$lang['danger']['validity_missing'] = 'Si et plau posa un període de validesa';
+$lang['user']['loading'] = "Carregant...";
+$lang['user']['force_pw_update'] = "<b>Has d'</b>establir una nova contrassenya per poder accedir.";
+$lang['user']['active_sieve'] = "Filtre actiu";
+$lang['user']['show_sieve_filters'] = "Mostra el filtre 'sieve' de l'usuari";
+$lang['user']['no_active_filter'] = "Actualment no hi ha cap filtre";
+$lang['user']['messages'] = "missatges"; // "123 messages"
+$lang['user']['in_use'] = "Usat";
+$lang['user']['user_change_fn'] = "";
+$lang['user']['user_settings'] = "Configuració de l'usuari";
+$lang['user']['mailbox_details'] = 'Detalls de la bústia';
+$lang['user']['change_password'] = 'Canviar la contrasenya';
+$lang['user']['client_configuration'] = 'Guies de configuració per als clients de correu més habituals';
+$lang['user']['new_password'] = 'Contrasenya nova:';
+$lang['user']['save_changes'] = 'Desar els canvis';
+$lang['user']['password_now'] = 'Contrasenya actual (per validar els canvis):';
+$lang['user']['new_password_repeat'] = 'Confirmació de la contrasenya nova:';
+$lang['user']['new_password_description'] = 'Requisits: 6 caracters, lletres i números.';
+$lang['user']['spam_aliases'] = "Àlies d'email temporals";
+$lang['user']['alias'] = 'Àlies';
+$lang['user']['shared_aliases'] = 'Adreces àlies compartides';
+$lang['user']['shared_aliases_desc'] = "Un àlies compartit no es veu afectat per la configuració de l'usuari. L'administrador pot configurar un filtre de spam a nivell de domini.";
+$lang['user']['direct_aliases'] = 'Adreces àlies directes';
+$lang['user']['direct_aliases_desc'] = "Els àlies directes sí que es veuen afectat per la configuració de l'usuari";
+$lang['user']['is_catch_all'] = 'Adreça atrapa-ho-tot';
+$lang['user']['aliases_also_send_as'] = 'Pot enviar com a aquests remitents';
+$lang['user']['aliases_send_as_all'] = "Al enviar no es verificarà l'adreça remitent per aquests dominis:";
+$lang['user']['alias_create_random'] = 'Generar àlies aleatori';
+$lang['user']['alias_extend_all'] = 'Afegir 1 hora als àlies';
+$lang['user']['alias_valid_until'] = 'Vàlid fins';
+$lang['user']['alias_remove_all'] = 'Esborrar tots els àlies';
+$lang['user']['alias_time_left'] = 'Temps restant';
+$lang['user']['alias_full_date'] = 'd.m.Y, H:i:s T';
+$lang['user']['alias_select_validity'] = 'Període de validesa';
+$lang['user']['sync_jobs'] = 'Feines de sincronització';
+$lang['user']['hour'] = 'Hora';
+$lang['user']['hours'] = 'Hores';
+$lang['user']['day'] = 'Dia';
+$lang['user']['week'] = 'Setmana';
+$lang['user']['weeks'] = 'Setmanes';
+$lang['user']['spamfilter'] = 'Filtre de spam';
+$lang['admin']['spamfilter'] = 'Filtre de spam';
+$lang['user']['spamfilter_wl'] = 'Llista blanca';
+$lang['user']['spamfilter_wl_desc'] = 'Les adreces de la lista blanca <b>mai</b> es clasificaran como a spam. Es pot fer serivir *@exemple.org.';
+$lang['user']['spamfilter_bl'] = 'Llista negra';
+$lang['user']['spamfilter_bl_desc'] = 'Les adreces de la lista negra <b>sempre</b> es clasificaran como a spam. Es pot fer servir *@exemple.org';
+$lang['user']['spamfilter_behavior'] = 'Classificació';
+$lang['user']['spamfilter_table_rule'] = 'Regla';
+$lang['user']['spamfilter_table_action'] = 'Acció';
+$lang['user']['spamfilter_table_empty'] = 'No hay datos para mostrar';
+$lang['user']['spamfilter_table_remove'] = 'Esborrar';
+$lang['user']['spamfilter_table_add'] = 'Afegir element';
+$lang['user']['spamfilter_green'] = 'Verd: el missatge no és spam';
+$lang['user']['spamfilter_yellow'] = "Groc: el missatge pot ser spam, s'etiquetarà com a spam i es mourà a la carpeta de correu brossa";
+$lang['user']['spamfilter_red'] = 'Vermell: El missatge és spam i, per tant, el servidor el refusarà';
+$lang['user']['spamfilter_default_score'] = 'Valors per defecte:';
+$lang['user']['spamfilter_hint'] = 'El primer valor representa el "llindar inferior de la qualificació de spam", el segon representa el "llindar superior de la qualificació de spam".';
+$lang['user']['spamfilter_table_domain_policy'] = "n/a (política del domini)";
+$lang['user']['waiting'] = "Esperant";
+$lang['user']['status'] = "Estat";
+$lang['user']['running'] = "En marxa";
+
+$lang['user']['tls_policy_warning'] = "<strong>Avís:</strong> Al forçar el xifrat en les comunicacions es poden perdre missatges.<br> Els missatges que no es puguin rebre o enviar xifrats, rebotaran. <br>Aquesta opció s'aplica a l'adreça principal (nom d'usuari) i totes les adreces derivades d'àlies <b>que només tinguin aquesta bústia</b> com a destí";
+$lang['user']['tls_policy'] = "Política d'encriptació";
+$lang['user']['tls_enforce_in'] = 'Forçar TLS al rebre';
+$lang['user']['tls_enforce_out'] = 'Forçar TLS al enviar';
+$lang['user']['no_record'] = 'Sense registre';
+
+
+$lang['user']['tag_handling'] = 'Al rebre un missatge etiquetat';
+$lang['user']['tag_in_subfolder'] = 'Moure a subcarpeta';
+$lang['user']['tag_in_subject'] = 'Marcar al assumpte';
+$lang['user']['tag_in_none'] = 'No fer res';
+$lang['user']['tag_help_explain'] = 'Moure a subcarpeta: es crearà una subcarpeta anomenada com la etiqueta a INBOX ("INBOX/Facebook") i es mourà el correu allà.<br>
+Marcar al assumpte: s\'afegirà el nom de la etiqueta al assumpte del missatge, per exemple: "[Facebook] Les meves notícies".';
+$lang['user']['tag_help_example'] = 'Ejemplo de una dirección email etiquetada: mi<b>+Facebook</b>@ejemplo.org';
+$lang['user']['eas_reset'] = "Fer un reset de la cache d'ActiveSync del dispositiu";
+$lang['user']['eas_reset_now'] = "Resetejar cache d'ActiveSync";
+$lang['user']['eas_reset_help'] = 'El reset serveix per recuperar perfils ActiveSync trencats.<br><b>Atenció:</b> Tots els elements es tornaran a descarregar!';
+
+$lang['user']['encryption'] = 'Xifrat';
+$lang['user']['username'] = 'Usuari';
+$lang['user']['last_run'] = 'Última execució';
+$lang['user']['excludes'] = 'Exclosos';
+$lang['user']['interval'] = 'Intèrval';
+$lang['user']['active'] = 'Actiu';
+$lang['user']['action'] = 'Acció';
+$lang['user']['edit'] = 'Editar';
+$lang['user']['remove'] = 'Esborrar';
+$lang['user']['create_syncjob'] = 'Afegir treball de sincronitzaió';
+
+$lang['start']['mailcow_apps_detail'] = 'Tria una aplicació (de moment només SOGo) per a accedir als teus correus, calendari, contactes i més.';
+$lang['start']['mailcow_panel_detail'] = "Els <b>administradors del domini</b> poden crear, modificar o esborrar bústies i àlies, configurar i obtenir informació detallada sobre els seus dominis<br>
+	Els <b>usuaris d'e-mail</b> poden crear àlies temporals (spam àlies), canviar la seva contrasenya i la configuració del seu filtre anti-spam.";
+
+
+$lang['start']['help'] = "Mostrar/Ocultar panell d'ajuda";
+$lang['header']['mailcow_settings'] = 'Configuració';
+$lang['header']['administration'] = 'Administració';
+$lang['header']['mailboxes'] = 'Bústies';
+$lang['header']['user_settings'] = "Preferències d'usuari";
+$lang['mailbox']['domain'] = 'Domini';
+$lang['mailbox']['spam_aliases'] = 'Temp. àlies';
+$lang['mailbox']['multiple_bookings'] = 'Múltiples reserves';
+$lang['mailbox']['kind'] = 'Tipus';
+$lang['mailbox']['description'] = 'Descripció';
+$lang['mailbox']['alias'] = 'Àlies';
+$lang['mailbox']['aliases'] = 'Àlies';
+$lang['mailbox']['domains'] = 'Dominis';
+$lang['mailbox']['mailboxes'] = 'Bústies';
+$lang['mailbox']['resources'] = 'Recursos';
+$lang['mailbox']['mailbox_quota'] = 'Mida màx. de quota';
+$lang['mailbox']['domain_quota'] = 'Quota';
+$lang['mailbox']['active'] = 'Actiu';
+$lang['mailbox']['action'] = 'Acció';
+$lang['mailbox']['backup_mx'] = 'Backup MX';
+$lang['mailbox']['domain_aliases'] = 'Àlies de domini';
+$lang['mailbox']['target_domain'] = 'Domini destí';
+$lang['mailbox']['target_address'] = 'Direcció Goto';
+$lang['mailbox']['username'] = "Nom d'usuari";
+$lang['mailbox']['fname'] = 'Nom complert';
+$lang['mailbox']['filter_table'] = 'Filtrar taula';
+$lang['mailbox']['yes'] = '&#10004;';
+$lang['mailbox']['no'] = '&#10008;';
+$lang['mailbox']['in_use'] = 'En ús (%)';
+$lang['mailbox']['msg_num'] = 'Missatge #';
+$lang['mailbox']['remove'] = 'Esborrar';
+$lang['mailbox']['edit'] = 'Editar';
+$lang['mailbox']['no_record'] = "No hi ha cap registre per l'objecte %s";
+$lang['mailbox']['no_record_single'] = "No hi ha cap registre";
+$lang['mailbox']['add_domain'] = 'Afegir domini';
+$lang['mailbox']['add_domain_alias'] = 'Afegir àlies de domini';
+$lang['mailbox']['add_mailbox'] = 'Afegir bústia';
+$lang['mailbox']['add_resource'] = 'Afegir recurs';
+$lang['mailbox']['add_alias'] = 'Afegir àlies';
+$lang['mailbox']['add_domain_record_first'] = 'Primer afegeix un domini';
+$lang['mailbox']['empty'] = 'Cap resultat';
+$lang['mailbox']['toggle_all'] = "Tots";
+$lang['mailbox']['quick_actions'] = 'Accions';
+$lang['mailbox']['activate'] = 'Activar';
+$lang['mailbox']['deactivate'] = 'Desactivar';
+$lang['mailbox']['owner'] = 'Propietari';
+$lang['mailbox']['mins_interval'] = 'Intèrval (min)';
+$lang['mailbox']['last_run'] = 'Última execució';
+$lang['mailbox']['excludes'] = 'Exclou';
+$lang['mailbox']['last_run_reset'] = 'Executar a continuació';
+$lang['mailbox']['sieve_info'] = 'Podeu emmagatzemar diversos filtres per usuari, però només un filtre previ i un filtre posterior poden estar actius al mateix temps.<br>
+Cada filtre es processarà en l\'ordre descrit. Ni un script que falli, ni un "keep" emès farà que es deixin de processar els  altres scripts.<br>
+Filtre previ → Filtre d\'usuari → Filtre posterior → <a href="https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/sieve_after" target="_blank">Filtre global</a>';
+$lang['info']['no_action'] = 'No hi ha cap acció aplicable';
+
+
+$lang['edit']['syncjob'] = 'Sync job';
+$lang['edit']['username'] = 'Usuari';
+$lang['edit']['hostname'] = 'Host';
+$lang['edit']['encryption'] = 'Xifrat';
+$lang['edit']['maxage'] = 'Salta missatges més vells del número de dies<br><small>(0 = no salta res)</small>';
+$lang['edit']['maxbytespersecond'] = 'Màx. bytes per segon<br><small>(0 = il.limitat)</small>';
+$lang['edit']['automap'] = 'Provar de mapejar automàticament ("Sent items", "Sent" => "Sent" etc.)';
+$lang['edit']['skipcrossduplicates'] = 'Saltar missatges duplicats entre carpetes (només es desa el primer)';
+$lang['add']['automap'] = $lang['edit']['automap'];
+$lang['add']['skipcrossduplicates'] = $lang['edit']['skipcrossduplicates'];
+$lang['edit']['subfolder2'] = 'Sincronitza a la subcarpeta destí<br><small>(buit = no usar subcarpeta)</small>';
+$lang['edit']['mins_interval'] = 'Intèrval (min)';
+$lang['edit']['exclude'] = 'Excloure els objectes (regex)';
+$lang['edit']['save'] = 'Desar els canvis';
+$lang['edit']['max_mailboxes'] = 'Màx. bústies possibles:';
+$lang['edit']['title'] = "Editar l'objecte";
+$lang['edit']['target_address'] = 'Direcció/ns goto <small>(separades per coma)</small>:';
+$lang['edit']['active'] = 'Actiu';
+$lang['edit']['force_pw_update'] = "Forçar l'actualització de la contrassenya al proper login";
+$lang['edit']['force_pw_update_info'] = 'Aquest usuari només podrà accedir a la interfície de gestió.';
+$lang['edit']['target_domain'] = 'Domini destí:';
+$lang['edit']['password'] = 'Contrasenya:';
+$lang['edit']['password_repeat'] = 'Confirmació de contrasenya (repetir):';
+$lang['edit']['domain_admin'] = 'Editar administrador del domini';
+$lang['edit']['domain'] = 'Editar domini';
+$lang['edit']['edit_alias_domain'] = 'Editar àlies de domini';
+$lang['edit']['domains'] = 'Dominis';
+$lang['edit']['alias'] = 'Editar àlies';
+$lang['edit']['mailbox'] = 'Editar bustia';
+$lang['edit']['description'] = 'Descripció:';
+$lang['edit']['max_aliases'] = 'Màx. àlies:';
+$lang['edit']['max_quota'] = 'Màx. quota per bústia (MiB):';
+$lang['edit']['domain_quota'] = 'Quota de domini:';
+$lang['edit']['backup_mx_options'] = 'Opcions backup MX:';
+$lang['edit']['relay_domain'] = 'Domini de retransmisió (relay)';
+$lang['edit']['relay_all'] = 'Retransmetre tods els recipients';
+$lang['edit']['relay_all_info'] = "<small>Si tries <b>no</b> retransmetre a tods els recipients, necessitàs afegir una bústia \"blind\"(\"cega\") per cada recipient que s'hagi de retransmetre.</small>";
+$lang['edit']['full_name'] = 'Nom complet';
+$lang['edit']['quota_mb'] = 'Quota (MiB)';
+$lang['edit']['sender_acl'] = 'Permetre enviar com a';
+$lang['edit']['previous'] = 'Pàgina anterior';
+$lang['edit']['unchanged_if_empty'] = 'Si no hay cambios dejalo en blanco';
+$lang['edit']['dont_check_sender_acl'] = 'No verifiques remitente para el dominio %s';
+$lang['edit']['multiple_bookings'] = 'Reserves múltiples';
+$lang['edit']['kind'] = 'Tipus';
+$lang['edit']['resource'] = 'Recurs';
+
+$lang['add']['syncjob'] = 'Afegir sync job';
+$lang['add']['syncjob_hint'] = 'Tingues en compte que les contrasenyes es desen sense xifrar!';
+$lang['add']['hostname'] = 'Hostname';
+$lang['add']['port'] = 'Port';
+$lang['add']['username'] = 'Username';
+$lang['add']['enc_method'] = 'Mètode de xifrat';
+$lang['add']['mins_interval'] = 'Intèrval (minuts)';
+$lang['add']['exclude'] = $lang['edit']['exclude'];
+$lang['add']['delete2duplicates'] = 'Eliminar els duplicats al destí';
+$lang['add']['delete1'] = "Esborrar de l'origen un cop s'han copiat";
+$lang['add']['delete2'] = "Esborrar els missatges a destí que no son al origen";
+$lang['edit']['delete2duplicates'] = $lang['add']['delete2duplicates'];
+$lang['edit']['delete1'] = $lang['add']['delete1'];
+$lang['edit']['delete2'] = $lang['add']['delete2'];
+
+$lang['add']['domain'] = 'Domini';
+$lang['add']['active'] = 'Actiu';
+$lang['add']['multiple_bookings'] = 'Reserves múltiples';
+$lang['add']['description'] = 'Descripció:';
+$lang['add']['max_aliases'] = 'Màx. àlies possibles:';
+$lang['add']['max_mailboxes'] = 'Màx. bústies possibles:';
+$lang['add']['mailbox_quota_m'] = 'Màx. quota per bústia (MiB):';
+$lang['add']['domain_quota_m'] = 'Quota total del domini (MiB):';
+$lang['add']['backup_mx_options'] = $lang['edit']['backup_mx_options'];
+$lang['add']['relay_all'] =  $lang['edit']['relay_all'];
+$lang['add']['relay_domain'] = $lang['edit']['relay_domain'];
+$lang['add']['relay_all_info'] = $lang['edit']['relay_all_info'];
+$lang['add']['alias_address'] = 'Dirección/es àlies:';
+$lang['add']['alias_address_info'] = '<small>Adreces de correu completes, o @exemple.com per a atrapar tots els missatges per a un domini (separats per coma). <b>Només dominis interns</b>.</small>';
+$lang['add']['alias_domain_info'] = '<small>Només noms de domini vàlids (separats per coma).</small>';
+$lang['add']['target_address'] = 'Adreces goto:';
+$lang['add']['target_address_info'] = '<small>Adreces de corru completes (separades per coma).</small>';
+$lang['add']['alias_domain'] = 'Domini àlies';
+$lang['add']['select'] = 'Si et plau selecciona...';
+$lang['add']['target_domain'] = 'Domini destí:';
+$lang['add']['kind'] = 'Kind';
+$lang['add']['mailbox_username'] = "Nom d'usuari (part de l'esquerra de l'adreça @):";
+$lang['add']['full_name'] = 'Nom complet:';
+$lang['add']['quota_mb'] = 'Quota (MiB):';
+$lang['add']['select_domain'] = 'Si et plau, primer selecciona un domini';
+$lang['add']['password'] = 'Constrasenya:';
+$lang['add']['password_repeat'] = 'Confirmació de contrasenya (repetir):';
+$lang['add']['restart_sogo_hint'] = "Necessites reiniciar el contenidor del servei SOGo després d'afegir un nou domini";
+$lang['add']['goto_null'] = 'Descartar mail silenciosament';
+$lang['add']['validation_success'] = 'Validated successfully';
+$lang['add']['activate_filter_warn'] = 'All other filters will be deactivated, when active is checked.';
+$lang['add']['validate'] = 'Validar';
+$lang['mailbox']['add_filter'] = 'Afegir filter';
+$lang['add']['sieve_desc'] = 'Short description';
+$lang['edit']['sieve_desc'] = 'Short description';
+$lang['add']['sieve_type'] = 'Filter type';
+$lang['edit']['sieve_type'] = 'Filter type';
+$lang['mailbox']['set_prefilter'] = 'Mark as prefilter';
+$lang['mailbox']['set_postfilter'] = 'Mark as postfilter';
+$lang['mailbox']['filters'] = 'Filtres';
+$lang['mailbox']['sync_jobs'] = 'Sync jobs';
+$lang['mailbox']['inactive'] = 'Inactiu';
+$lang['edit']['validate_save'] = 'Validar i desar';
+
+
+$lang['login']['username'] = "Nom d'usuari";
+$lang['login']['password'] = 'Contrasenya';
+$lang['login']['login'] = 'Inici de sessió';
+$lang['login']['delayed'] = "Pots iniciar de sessió passats %s segons.";
+
+$lang['tfa']['tfa'] = "Autenticació de dos factors";
+$lang['tfa']['set_tfa'] = "Definir el mètode d'autenticació de dos factors";
+$lang['tfa']['yubi_otp'] = "Autenticació OTP de Yubico";
+$lang['tfa']['key_id'] = "Un identificador per la teva YubiKey";
+$lang['tfa']['key_id_totp'] = "Un identificador per la teva clau";
+$lang['tfa']['api_register'] = 'mailcow fa servir la Yubico Cloud API. Obté una API key per la teva clau <a href="https://upgrade.yubico.com/getapikey/" target="_blank">aquí</a>';
+$lang['tfa']['u2f'] = "Autenticació U2F";
+$lang['tfa']['none'] = "Desactivar";
+$lang['tfa']['delete_tfa'] = "Desactivar TFA";
+$lang['tfa']['disable_tfa'] = "Desactivar TFA fins al següent login";
+$lang['tfa']['confirm'] = "Confirma";
+$lang['tfa']['totp'] = "OTP basat en temps (Google Authenticator etc.)";
+$lang['tfa']['select'] = "Si et plau, selecciona";
+$lang['tfa']['waiting_usb_auth'] = "<i>Esperant el dispositiu USB...</i><br><br>Apreta el botó del teu dispositiu USB U2F ara.";
+$lang['tfa']['waiting_usb_register'] = "<i>Esperant el dispositiu USB...</i><br><br>Posa el teu password i confirma el registre del teu U2F apretant el botó del teu dispositiiu USB U2F.";
+$lang['tfa']['scan_qr_code'] = "Escaneja el codi següent amb la teva app d'autenticació o entra'l manualment.";
+$lang['tfa']['enter_qr_code'] = "El teu codi TOTP, si el teu dispositiu no pot escanejar codis QR";
+$lang['tfa']['confirm_totp_token'] = "Confirma els canvis introduint el codi generat";
+
+$lang['admin']['no_new_rows'] = 'No hi ha més files';
+$lang['admin']['additional_rows'] = ' files addicionals afegides'; // parses to 'n additional rows were added'
+$lang['admin']['private_key'] = 'Clau privada';
+$lang['admin']['import'] = 'Importar';
+$lang['admin']['import_private_key'] = 'Importar clau privada';
+$lang['admin']['f2b_parameters'] = 'Fail2ban';
+$lang['admin']['f2b_ban_time'] = 'Temsp de bloqueig (s)';
+$lang['admin']['f2b_max_attempts'] = 'Intents màx.';
+$lang['admin']['f2b_retry_window'] = 'Finestra de reintent (s) per intents màx.';
+$lang['admin']['f2b_netban_ipv4'] = 'Suxarxa IPv4 on aplicar el bloqueig (8-32)';
+$lang['admin']['f2b_netban_ipv6'] = 'Suxarxa IPv6 on aplicar el bloqueig (8-128)';
+$lang['admin']['f2b_whitelist'] = 'Llista blanca de xarxes/hosts';
+$lang['admin']['search_domain_da'] = 'Buscar dominis';
+
+
+
+$lang['admin']['dkim_key_length'] = 'Mida de la clau DKIM (bits)';
+$lang['admin']['dkim_key_valid'] = 'Vàlida';
+$lang['admin']['dkim_key_unused'] = 'No es fa servir';
+$lang['admin']['dkim_key_missing'] = 'No té clau';
+$lang['admin']['dkim_add_key'] = 'Afegir registre ARC/DKIM';
+$lang['admin']['dkim_keys'] = 'Registres ARC/DKIM';
+$lang['admin']['add'] = 'Afegir';
+$lang['add']['add_domain_restart'] = 'Afegir el domini i reiniciar SOGo';
+$lang['add']['add_domain_only'] = 'Afegir el domini';
+$lang['admin']['configuration'] = 'Configuració';
+$lang['admin']['password'] = 'Contrasenya';
+$lang['admin']['password_repeat'] = 'Confirmació de la contrasenya (repetir)';
+$lang['admin']['active'] = 'Actiu';
+$lang['admin']['inactive'] = 'Inactiu';
+$lang['admin']['action'] = 'Acció';
+$lang['admin']['add_domain_admin'] = 'Afegir Administrador del dominio';
+$lang['admin']['admin_domains'] = 'Asignaciones de dominio';
+$lang['admin']['domain_admins'] = 'Administradores de dominio';
+$lang['admin']['username'] = "Nom d'usuari";
+$lang['admin']['edit'] = 'Editar';
+$lang['admin']['remove'] = 'Esborrar';
+$lang['admin']['save'] = 'Desar els canvis';
+$lang['admin']['admin'] = 'Administrador';
+$lang['admin']['admin_details'] = "Editar detalls de l'administrador";
+$lang['admin']['unchanged_if_empty'] = "Si no hi ha canvis, deixa'l en blanc";
+$lang['admin']['yes'] = '&#10004;';
+$lang['admin']['no'] = '&#10008;';
+$lang['admin']['access'] = 'Accés';
+$lang['admin']['no_record'] = 'Cap registre';
+$lang['admin']['filter_table'] = 'Filtrar taula';
+$lang['admin']['empty'] = 'Sense resultats';
+$lang['admin']['refresh'] = 'Refrescar';
+$lang['admin']['to_top'] = 'Tornar a dalt';
+$lang['admin']['in_use_by'] = 'En ús per';
+$lang['admin']['refresh'] = 'Refrescar';
+$lang['admin']['to_top'] = 'Tornar a dalt';
+$lang['admin']['in_use_by'] = 'En ús per';
+$lang['admin']['forwarding_hosts'] = 'Forwarding Hosts';
+$lang['admin']['forwarding_hosts_hint'] = "Els missatges entrants s'accepten de forma incondicional a qualsevol host que apareix aquí. Aquests hosts no es comproven a cap DNSBL ni estan sotmesos a greylisting. El spam rebut mai no es rebutja, però opcionalment es pot arxivar a la carpeta Junk. L'ús més comú d'això és especificar altres servidors de correu en els quals s'ha configurat una regla que reenvia correus electrònics entrants a aquest servidor";
+$lang['admin']['forwarding_hosts_add_hint'] = "Podeu especificar adreces IPv4/IPv6, xarxes en notació CIDR, noms de host (que es resoldran a adreces IP) o noms de domini (que es resoldran a les adreces IP consultant els registres SPF o, si no n'hi ha, registres MX ).";
+$lang['admin']['relayhosts_hint'] = 'Defineix aquí els relayhosts per després poder-los seleccionar als dominis.';
+$lang['admin']['add_relayhost_add_hint'] = "Tingues en compte que les dades d'autenticació al relayhost es desaran sense xifrar.";
+$lang['admin']['host'] = 'Host';
+$lang['admin']['source'] = 'Origen';
+$lang['admin']['add_forwarding_host'] = 'Afegir Forwarding Host';
+$lang['admin']['add_relayhost'] = 'Afegir Relayhost';
+$lang['success']['forwarding_host_removed'] = "Forwarding host %s esborrat";
+$lang['success']['forwarding_host_added'] = "Forwarding host %s afegit";
+$lang['success']['relayhost_removed'] = "Relayhost %s esborrat";
+$lang['success']['relayhost_added'] = "Relayhost %s afegit";
+$lang['diagnostics']['dns_records'] = 'Registres DNS';
+$lang['diagnostics']['dns_records_24hours'] = "Tingues en compte que els canvis realitzats als DNS poden trigar fins a 24 hores a reflectir correctament el seu estat actual en aquesta pàgina. Es tracta d'una manera de veure fàcilment com configurar els registres DNS i comprovar si tots els registres DNS son correctes.";
+$lang['diagnostics']['dns_records_name'] = 'Nom';
+$lang['diagnostics']['dns_records_type'] = 'Tipus';
+$lang['diagnostics']['dns_records_data'] = 'Valor correcte';
+$lang['diagnostics']['dns_records_status'] = 'Valor actual';
+$lang['diagnostics']['optional'] = 'Aquest registre és opcional.';
+$lang['diagnostics']['cname_from_a'] = 'Valor derivat de registre A/AAAA. Això és compatible sempre que el registre assenyali el recurs correcte.';
+
+$lang['admin']['relay_from'] = '"From:" adreça';
+$lang['admin']['api_allow_from'] = "Permetre l'accés a la API des d'aquestes IPs";
+$lang['admin']['api_key'] = "API key";
+$lang['admin']['activate_api'] = "Activar API";
+$lang['admin']['regen_api_key'] = "Regenerar API key";
+
+$lang['admin']['quarantaine'] = "Quarantena";
+$lang['admin']['quarantaine_retention_size'] = "Retentions per mailbox:";
+$lang['admin']['quarantaine_max_size'] = "Mida màxima en MiB (més grans es descarten):";
+$lang['admin']['quarantaine_exclude_domains'] = "Excloure els dominis i àlies de domini:";
+
+$lang['admin']['ui_texts'] = "Etiquetes i textos de la UI";
+$lang['admin']['help_text'] = "Text alternatiu per a l'ajuda de sota la casella de login (es permet HTML)";
+$lang['admin']['title_name'] = 'Nom del lloc "mailcow UI"';
+$lang['admin']['main_name'] = 'Nom de "mailcow UI"';
+$lang['admin']['apps_name'] = 'Nom de "mailcow Apps"';
+
+$lang['admin']['customize'] = "Personalitzar";
+$lang['admin']['change_logo'] = "Canviar el logo";
+$lang['admin']['logo_info'] = "La vostra imatge es reduirà a una alçada de 40 píxels per a la barra de navegació superior i un màx. ample de 250 px per a la pàgina d'inici. És molt recomanable un gràfic escalable";
+$lang['admin']['upload'] = "Pujar";
+$lang['admin']['app_links'] = "Enllaços a App";
+$lang['admin']['app_name'] = "Nom de la App";
+$lang['admin']['link'] = "Enllaç";
+$lang['admin']['remove_row'] = "Eliminar fila";
+$lang['admin']['add_row'] = "Afegir fila";
+$lang['admin']['reset_default'] = "Restablir";
+$lang['admin']['merged_vars_hint'] = 'Les files en gris venen de <code>vars.(local.)inc.php</code> i no es poden modificar.';
+$lang['mailbox']['waiting'] = "Esperant";
+$lang['mailbox']['status'] = "Estat";
+$lang['mailbox']['running'] = "Executant-se";
+
+$lang['edit']['spam_score'] = "Especifica una puntuació de spam";
+$lang['edit']['spam_policy'] = "Afegeix o treu elementes a la white-/blacklist";
+$lang['edit']['spam_alias'] = "Crear o canviar alies temporals limitats per temps";
+$lang['danger']['img_tmp_missing'] = "No s'ha validat el fitxer de la imatge: el fitxer temporal no s'ha trobat";
+$lang['danger']['img_invalid'] = "No s'ha validat el fitxer de la imatge";
+$lang['danger']['invalid_mime_type'] = "Mime type invàlid";
+$lang['success']['upload_success'] = "El fitxer s'ha pujat";
+$lang['success']['app_links'] = "S'han desat els canvis als enallaços a App";
+$lang['success']['ui_texts'] = "S'han desat els canvis als noms de App";
+$lang['success']['reset_main_logo'] = "Restablir el logo per defecte";
+$lang['success']['items_released'] = "S'han alliberat els elements seleccionats";
+$lang['danger']['imagick_exception'] = "Error: exepció de Imagick mentre es llegia la imatge";
+
+$lang['quarantine']['quarantine'] = "Quarantena";
+$lang['quarantine']['qinfo'] = "El sistema de quarantena desa a la base de dades els missatges que han estat refusats. El missatge, al emissor, li consta com a <em>no</em> lliurat.";
+$lang['quarantine']['release'] = "Alliberar";
+$lang['quarantine']['empty'] = 'No hi ha elements';
+$lang['quarantine']['toggle_all'] = 'Marcar tots';
+$lang['quarantine']['quick_actions'] = 'Accions';
+$lang['quarantine']['remove'] = 'Esborrar';
+$lang['quarantine']['received'] = "Rebut";
+$lang['quarantine']['action'] = "Acció";
+$lang['quarantine']['rcpt'] = "Receptor";
+$lang['quarantine']['rcpt'] = "Recipient";
+$lang['quarantine']['qid'] = "Rspamd QID";
+$lang['quarantine']['sender'] = "Emissor";
+$lang['quarantine']['show_item'] = "Mostrar";
+$lang['quarantine']['check_hash'] = "Comprovar el hash del fitxer a VT";
+$lang['quarantine']['qitem'] = "Element en quarantena";
+$lang['quarantine']['subj'] = "Assumpte";
+$lang['quarantine']['text_plain_content'] = "Contingut (text/plain)";
+$lang['quarantine']['text_from_html_content'] = "Contingut (a partir del HTML)";
+$lang['quarantine']['atts'] = "Adjunts";
+
+$lang['header']['quarantine'] = "Quarantena";
+$lang['header']['debug'] = "Debug";
+
+$lang['quarantine']['release_body'] = "Hem adjuntat el teu missatge com a eml en aquest missatge.";
+$lang['danger']['release_send_failed'] = "No s'ha pogut alliberar el missatge: %s";
+$lang['quarantine']['release_subject'] = "Element potencialment perillós %s en quarantena";
+
+$lang['mailbox']['bcc_map_type'] = "BCC type";
+$lang['mailbox']['bcc_type'] = "BCC type";
+$lang['mailbox']['bcc_sender_map'] = "Sender map";
+$lang['mailbox']['bcc_rcpt_map'] = "Recipient map";
+$lang['mailbox']['bcc_local_dest'] = "Destinació local";
+$lang['mailbox']['bcc_destinations'] = "Destí/ns BCC";
+
+$lang['mailbox']['bcc'] = "BCC";
+$lang['mailbox']['bcc_maps'] = "BCC maps";
+$lang['mailbox']['bcc_to_sender'] = "Canviar a 'Sender map'";
+$lang['mailbox']['bcc_to_rcpt'] = "Canviar a 'Recipient map'";
+$lang['mailbox']['add_bcc_entry'] = "Afegir BCC map";
+$lang['mailbox']['bcc_info'] = "Els 'BCC maps' s'utilitzen per enviar còpies silencioses de tots els missatges a una altra adreça. S'utilitza una entrada del tipus 'Recipient map' quan la destinació local actua com a destinatari d'un correu. Els 'Sender map' segueixen el mateix principi.<br/>
+     La destinació local no serà informada sobre un lliurament fallit.";
+$lang['mailbox']['address_rewriting'] = "Re-escriptura d'adreces";
+$lang['mailbox']['recipient_maps'] = 'Recipient maps';
+$lang['mailbox']['recipient_map_info'] = "Els 'Recipient maps' es fan servir per canviar l'adreça del destinatari abans de lliurar el missatge";
+$lang['mailbox']['recipient_map_old'] = 'Destinatari original';
+$lang['mailbox']['recipient_map_new'] = 'Nou destinatari';
+$lang['mailbox']['add_recipient_map_entry'] = "Afegir 'Recipient map'";
+$lang['mailbox']['add_sender_map_entry'] = "Afegir 'Sender map'";

From c95cf982f41f0d6ec13e51865c5c6f95a6846836 Mon Sep 17 00:00:00 2001
From: David Escala <descala@ingent.net>
Date: Sat, 24 Feb 2018 09:55:06 +0100
Subject: [PATCH 098/107] Adds catalan language flag

A side efect is the IconDrawer flag images are replaced by the ones from
country-flag-icons by Wil Linssen, which in turn come from the Wikipedia

And the US flag is relaced by the UK flag for english
---
 data/web/inc/languages.min.css |   2 +-
 data/web/inc/languages.png     | Bin 45164 -> 60615 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/languages.min.css b/data/web/inc/languages.min.css
index d0e5162c..7293e888 100644
--- a/data/web/inc/languages.min.css
+++ b/data/web/inc/languages.min.css
@@ -1 +1 @@
-.lang-xs{background-position:0 -473px;min-width:14px;height:11px;min-height:11px;max-height:11px;background-repeat:no-repeat;display:inline-block;background-image:url(languages.png)}.lang-sm{background-position:0 -1172px;min-width:22px;height:16px;min-height:16px;max-height:16px;background-repeat:no-repeat;display:inline-block;background-image:url(languages.png)}.lang-lg{background-position:0 -2134px;min-width:30px;height:22px;min-height:22px;max-height:22px;background-repeat:no-repeat;display:inline-block;background-image:url(languages.png)}.lang-xs[lang=ar]{background-position:0 0}.lang-xs[lang=be]{background-position:0 -11px}.lang-xs[lang=bg]{background-position:0 -22px}.lang-xs[lang=cs]{background-position:0 -33px}.lang-xs[lang=da]{background-position:0 -44px}.lang-xs[lang=de]{background-position:0 -55px}.lang-xs[lang=el]{background-position:0 -66px}.lang-xs[lang=en]{background-position:0 -77px}.lang-xs[lang=es]{background-position:0 -88px}.lang-xs[lang=et]{background-position:0 -99px}.lang-xs[lang=fi]{background-position:0 -110px}.lang-xs[lang=fr]{background-position:0 -121px}.lang-xs[lang=ga]{background-position:0 -132px}.lang-xs[lang=hi]{background-position:0 -143px}.lang-xs[lang=hr]{background-position:0 -154px}.lang-xs[lang=hu]{background-position:0 -165px}.lang-xs[lang=in]{background-position:0 -176px}.lang-xs[lang=is]{background-position:0 -187px}.lang-xs[lang=it]{background-position:0 -198px}.lang-xs[lang=iw]{background-position:0 -209px}.lang-xs[lang=ja]{background-position:0 -220px}.lang-xs[lang=ko]{background-position:0 -231px}.lang-xs[lang=lt]{background-position:0 -242px}.lang-xs[lang=lv]{background-position:0 -253px}.lang-xs[lang=mk]{background-position:0 -264px}.lang-xs[lang=ms]{background-position:0 -275px}.lang-xs[lang=mt]{background-position:0 -286px}.lang-xs[lang=nl]{background-position:0 -297px}.lang-xs[lang=no]{background-position:0 -308px}.lang-xs[lang=pl]{background-position:0 -319px}.lang-xs[lang=pt]{background-position:0 -330px}.lang-xs[lang=ro]{background-position:0 -341px}.lang-xs[lang=ru]{background-position:0 -352px}.lang-xs[lang=sk]{background-position:0 -363px}.lang-xs[lang=sl]{background-position:0 -374px}.lang-xs[lang=sq]{background-position:0 -385px}.lang-xs[lang=sr]{background-position:0 -396px}.lang-xs[lang=sv]{background-position:0 -407px}.lang-xs[lang=th]{background-position:0 -418px}.lang-xs[lang=tr]{background-position:0 -429px}.lang-xs[lang=uk]{background-position:0 -440px}.lang-xs[lang=vi]{background-position:0 -451px}.lang-xs[lang=zh]{background-position:0 -462px}.lang-sm[lang=ar]{background-position:0 -484px}.lang-sm[lang=be]{background-position:0 -500px}.lang-sm[lang=bg]{background-position:0 -516px}.lang-sm[lang=cs]{background-position:0 -532px}.lang-sm[lang=da]{background-position:0 -548px}.lang-sm[lang=de]{background-position:0 -564px}.lang-sm[lang=el]{background-position:0 -580px}.lang-sm[lang=en]{background-position:0 -596px}.lang-sm[lang=es]{background-position:0 -612px}.lang-sm[lang=et]{background-position:0 -628px}.lang-sm[lang=fi]{background-position:0 -644px}.lang-sm[lang=fr]{background-position:0 -660px}.lang-sm[lang=ga]{background-position:0 -676px}.lang-sm[lang=hi]{background-position:0 -692px}.lang-sm[lang=hr]{background-position:0 -708px}.lang-sm[lang=hu]{background-position:0 -724px}.lang-sm[lang=in]{background-position:0 -740px}.lang-sm[lang=is]{background-position:0 -756px}.lang-sm[lang=it]{background-position:0 -772px}.lang-sm[lang=iw]{background-position:0 -788px}.lang-sm[lang=ja]{background-position:0 -804px}.lang-sm[lang=ko]{background-position:0 -820px}.lang-sm[lang=lt]{background-position:0 -836px}.lang-sm[lang=lv]{background-position:0 -852px}.lang-sm[lang=mk]{background-position:0 -868px}.lang-sm[lang=ms]{background-position:0 -884px}.lang-sm[lang=mt]{background-position:0 -900px}.lang-sm[lang=nl]{background-position:0 -916px}.lang-sm[lang=no]{background-position:0 -932px}.lang-sm[lang=pl]{background-position:0 -948px}.lang-sm[lang=pt]{background-position:0 -964px}.lang-sm[lang=ro]{background-position:0 -980px}.lang-sm[lang=ru]{background-position:0 -996px}.lang-sm[lang=sk]{background-position:0 -1012px}.lang-sm[lang=sl]{background-position:0 -1028px}.lang-sm[lang=sq]{background-position:0 -1044px}.lang-sm[lang=sr]{background-position:0 -1060px}.lang-sm[lang=sv]{background-position:0 -1076px}.lang-sm[lang=th]{background-position:0 -1092px}.lang-sm[lang=tr]{background-position:0 -1108px}.lang-sm[lang=uk]{background-position:0 -1124px}.lang-sm[lang=vi]{background-position:0 -1140px}.lang-sm[lang=zh]{background-position:0 -1156px}.lang-lg[lang=ar]{background-position:0 -1188px}.lang-lg[lang=be]{background-position:0 -1210px}.lang-lg[lang=bg]{background-position:0 -1232px}.lang-lg[lang=cs]{background-position:0 -1254px}.lang-lg[lang=da]{background-position:0 -1276px}.lang-lg[lang=de]{background-position:0 -1298px}.lang-lg[lang=el]{background-position:0 -1320px}.lang-lg[lang=en]{background-position:0 -1342px}.lang-lg[lang=es]{background-position:0 -1364px}.lang-lg[lang=et]{background-position:0 -1386px}.lang-lg[lang=fi]{background-position:0 -1408px}.lang-lg[lang=fr]{background-position:0 -1430px}.lang-lg[lang=ga]{background-position:0 -1452px}.lang-lg[lang=hi]{background-position:0 -1474px}.lang-lg[lang=hr]{background-position:0 -1496px}.lang-lg[lang=hu]{background-position:0 -1518px}.lang-lg[lang=in]{background-position:0 -1540px}.lang-lg[lang=is]{background-position:0 -1562px}.lang-lg[lang=it]{background-position:0 -1584px}.lang-lg[lang=iw]{background-position:0 -1606px}.lang-lg[lang=ja]{background-position:0 -1628px}.lang-lg[lang=ko]{background-position:0 -1650px}.lang-lg[lang=lt]{background-position:0 -1672px}.lang-lg[lang=lv]{background-position:0 -1694px}.lang-lg[lang=mk]{background-position:0 -1716px}.lang-lg[lang=ms]{background-position:0 -1738px}.lang-lg[lang=mt]{background-position:0 -1760px}.lang-lg[lang=nl]{background-position:0 -1782px}.lang-lg[lang=no]{background-position:0 -1804px}.lang-lg[lang=pl]{background-position:0 -1826px}.lang-lg[lang=pt]{background-position:0 -1848px}.lang-lg[lang=ro]{background-position:0 -1870px}.lang-lg[lang=ru]{background-position:0 -1892px}.lang-lg[lang=sk]{background-position:0 -1914px}.lang-lg[lang=sl]{background-position:0 -1936px}.lang-lg[lang=sq]{background-position:0 -1958px}.lang-lg[lang=sr]{background-position:0 -1980px}.lang-lg[lang=sv]{background-position:0 -2002px}.lang-lg[lang=th]{background-position:0 -2024px}.lang-lg[lang=tr]{background-position:0 -2046px}.lang-lg[lang=uk]{background-position:0 -2068px}.lang-lg[lang=vi]{background-position:0 -2090px}.lang-lg[lang=zh]{background-position:0 -2112px}.lang-lbl-en:after,.lang-lbl-full:after,.lang-lbl:after{content:"Unknown language"}.lang-lbl[lang=ar]:after{content:"\000627\000644\000639\000631\000628\00064A\000629"}.lang-lbl[lang=be]:after{content:"\000411\000435\00043B\000430\000440\000443\000441\00043A\000456"}.lang-lbl[lang=bg]:after{content:"\000411\00044A\00043B\000433\000430\000440\000441\00043A\000438"}.lang-lbl[lang=cs]:after{content:"\00010Ce\000161tina"}.lang-lbl[lang=da]:after{content:"Dansk"}.lang-lbl[lang=de]:after{content:"Deutsch"}.lang-lbl[lang=el]:after{content:"\000395\0003BB\0003BB\0003B7\0003BD\0003B9\0003BA\0003AC"}.lang-lbl[lang=en]:after{content:"English"}.lang-lbl[lang=es]:after{content:"Espa\0000F1ol"}.lang-lbl[lang=et]:after{content:"Eesti"}.lang-lbl[lang=fi]:after{content:"Suomi"}.lang-lbl[lang=fr]:after{content:"Fran\0000E7ais"}.lang-lbl[lang=ga]:after{content:"Gaeilge"}.lang-lbl[lang=hi]:after{content:"\000939\00093F\000902\000926\000940"}.lang-lbl[lang=hr]:after{content:"Hrvatski"}.lang-lbl[lang=hu]:after{content:"Magyar"}.lang-lbl[lang=in]:after{content:"Bahasa\000020indonesia"}.lang-lbl[lang=is]:after{content:"\0000CDslenska"}.lang-lbl[lang=it]:after{content:"Italiano"}.lang-lbl[lang=iw]:after{content:"\0005E2\0005D1\0005E8\0005D9\0005EA"}.lang-lbl[lang=ja]:after{content:"\0065E5\00672C\008A9E"}.lang-lbl[lang=ko]:after{content:"\00D55C\00AD6D\00C5B4"}.lang-lbl[lang=lt]:after{content:"Lietuvi\000173"}.lang-lbl[lang=lv]:after{content:"Latvie\000161u"}.lang-lbl[lang=mk]:after{content:"\00041C\000430\00043A\000435\000434\00043E\00043D\000441\00043A\000438"}.lang-lbl[lang=ms]:after{content:"Bahasa\000020melayu"}.lang-lbl[lang=mt]:after{content:"Malti"}.lang-lbl[lang=nl]:after{content:"Nederlands"}.lang-lbl[lang=no]:after{content:"Norsk"}.lang-lbl[lang=pl]:after{content:"Polski"}.lang-lbl[lang=pt]:after{content:"Portugu\0000EAs"}.lang-lbl[lang=ro]:after{content:"Rom\0000E2n\000103"}.lang-lbl[lang=ru]:after{content:"\000420\000443\000441\000441\00043A\000438\000439"}.lang-lbl[lang=sk]:after{content:"Sloven\00010Dina"}.lang-lbl[lang=sl]:after{content:"Sloven\000161\00010Dina"}.lang-lbl[lang=sq]:after{content:"Shqipe"}.lang-lbl[lang=sr]:after{content:"\000421\000440\00043F\000441\00043A\000438"}.lang-lbl[lang=sv]:after{content:"Svenska"}.lang-lbl[lang=th]:after{content:"\000E44\000E17\000E22"}.lang-lbl[lang=tr]:after{content:"T\0000FCrk\0000E7e"}.lang-lbl[lang=uk]:after{content:"\000423\00043A\000440\000430\000457\00043D\000441\00044C\00043A\000430"}.lang-lbl[lang=vi]:after{content:"Ti\001EBFng\000020vi\001EC7t"}.lang-lbl[lang=zh]:after{content:"\004E2D\006587"}.lang-lbl-en[lang=ar]:after{content:"Arabic"}.lang-lbl-en[lang=be]:after{content:"Belarusian"}.lang-lbl-en[lang=bg]:after{content:"Bulgarian"}.lang-lbl-en[lang=cs]:after{content:"Czech"}.lang-lbl-en[lang=da]:after{content:"Danish"}.lang-lbl-en[lang=de]:after{content:"German"}.lang-lbl-en[lang=el]:after{content:"Greek"}.lang-lbl-en[lang=en]:after{content:"English"}.lang-lbl-en[lang=es]:after{content:"Spanish"}.lang-lbl-en[lang=et]:after{content:"Estonian"}.lang-lbl-en[lang=fi]:after{content:"Finnish"}.lang-lbl-en[lang=fr]:after{content:"French"}.lang-lbl-en[lang=ga]:after{content:"Irish"}.lang-lbl-en[lang=hi]:after{content:"Hindi"}.lang-lbl-en[lang=hr]:after{content:"Croatian"}.lang-lbl-en[lang=hu]:after{content:"Hungarian"}.lang-lbl-en[lang=in]:after{content:"Indonesian"}.lang-lbl-en[lang=is]:after{content:"Icelandic"}.lang-lbl-en[lang=it]:after{content:"Italian"}.lang-lbl-en[lang=iw]:after{content:"Hebrew"}.lang-lbl-en[lang=ja]:after{content:"Japanese"}.lang-lbl-en[lang=ko]:after{content:"Korean"}.lang-lbl-en[lang=lt]:after{content:"Lithuanian"}.lang-lbl-en[lang=lv]:after{content:"Latvian"}.lang-lbl-en[lang=mk]:after{content:"Macedonian"}.lang-lbl-en[lang=ms]:after{content:"Malay"}.lang-lbl-en[lang=mt]:after{content:"Maltese"}.lang-lbl-en[lang=nl]:after{content:"Dutch"}.lang-lbl-en[lang=no]:after{content:"Norwegian"}.lang-lbl-en[lang=pl]:after{content:"Polish"}.lang-lbl-en[lang=pt]:after{content:"Portuguese"}.lang-lbl-en[lang=ro]:after{content:"Romanian"}.lang-lbl-en[lang=ru]:after{content:"Russian"}.lang-lbl-en[lang=sk]:after{content:"Slovak"}.lang-lbl-en[lang=sl]:after{content:"Slovenian"}.lang-lbl-en[lang=sq]:after{content:"Albanian"}.lang-lbl-en[lang=sr]:after{content:"Serbian"}.lang-lbl-en[lang=sv]:after{content:"Swedish"}.lang-lbl-en[lang=th]:after{content:"Thai"}.lang-lbl-en[lang=tr]:after{content:"Turkish"}.lang-lbl-en[lang=uk]:after{content:"Ukrainian"}.lang-lbl-en[lang=vi]:after{content:"Vietnamese"}.lang-lbl-en[lang=zh]:after{content:"Chinese"}.lang-lbl-full[lang=ar]:after{content:"\000627\000644\000639\000631\000628\00064A\000629\0000A0/\0000A0Arabic"}.lang-lbl-full[lang=be]:after{content:"\000411\000435\00043B\000430\000440\000443\000441\00043A\000456\0000A0/\0000A0Belarusian"}.lang-lbl-full[lang=bg]:after{content:"\000411\00044A\00043B\000433\000430\000440\000441\00043A\000438\0000A0/\0000A0Bulgarian"}.lang-lbl-full[lang=cs]:after{content:"\00010Ce\000161tina\0000A0/\0000A0Czech"}.lang-lbl-full[lang=da]:after{content:"Dansk\0000A0/\0000A0Danish"}.lang-lbl-full[lang=de]:after{content:"Deutsch\0000A0/\0000A0German"}.lang-lbl-full[lang=el]:after{content:"\000395\0003BB\0003BB\0003B7\0003BD\0003B9\0003BA\0003AC\0000A0/\0000A0Greek"}.lang-lbl-full[lang=en]:after{content:"English\0000A0/\0000A0English"}.lang-lbl-full[lang=es]:after{content:"Espa\0000F1ol\0000A0/\0000A0Spanish"}.lang-lbl-full[lang=et]:after{content:"Eesti\0000A0/\0000A0Estonian"}.lang-lbl-full[lang=fi]:after{content:"Suomi\0000A0/\0000A0Finnish"}.lang-lbl-full[lang=fr]:after{content:"Fran\0000E7ais\0000A0/\0000A0French"}.lang-lbl-full[lang=ga]:after{content:"Gaeilge\0000A0/\0000A0Irish"}.lang-lbl-full[lang=hi]:after{content:"\000939\00093F\000902\000926\000940\0000A0/\0000A0Hindi"}.lang-lbl-full[lang=hr]:after{content:"Hrvatski\0000A0/\0000A0Croatian"}.lang-lbl-full[lang=hu]:after{content:"Magyar\0000A0/\0000A0Hungarian"}.lang-lbl-full[lang=in]:after{content:"Bahasa\000020indonesia\0000A0/\0000A0Indonesian"}.lang-lbl-full[lang=is]:after{content:"\0000CDslenska\0000A0/\0000A0Icelandic"}.lang-lbl-full[lang=it]:after{content:"Italiano\0000A0/\0000A0Italian"}.lang-lbl-full[lang=iw]:after{content:"\0005E2\0005D1\0005E8\0005D9\0005EA\0000A0/\0000A0Hebrew"}.lang-lbl-full[lang=ja]:after{content:"\0065E5\00672C\008A9E\0000A0/\0000A0Japanese"}.lang-lbl-full[lang=ko]:after{content:"\00D55C\00AD6D\00C5B4\0000A0/\0000A0Korean"}.lang-lbl-full[lang=lt]:after{content:"Lietuvi\000173\0000A0/\0000A0Lithuanian"}.lang-lbl-full[lang=lv]:after{content:"Latvie\000161u\0000A0/\0000A0Latvian"}.lang-lbl-full[lang=mk]:after{content:"\00041C\000430\00043A\000435\000434\00043E\00043D\000441\00043A\000438\0000A0/\0000A0Macedonian"}.lang-lbl-full[lang=ms]:after{content:"Bahasa\000020melayu\0000A0/\0000A0Malay"}.lang-lbl-full[lang=mt]:after{content:"Malti\0000A0/\0000A0Maltese"}.lang-lbl-full[lang=nl]:after{content:"Nederlands\0000A0/\0000A0Dutch"}.lang-lbl-full[lang=no]:after{content:"Norsk\0000A0/\0000A0Norwegian"}.lang-lbl-full[lang=pl]:after{content:"Polski\0000A0/\0000A0Polish"}.lang-lbl-full[lang=pt]:after{content:"Portugu\0000EAs\0000A0/\0000A0Portuguese"}.lang-lbl-full[lang=ro]:after{content:"Rom\0000E2n\000103\0000A0/\0000A0Romanian"}.lang-lbl-full[lang=ru]:after{content:"\000420\000443\000441\000441\00043A\000438\000439\0000A0/\0000A0Russian"}.lang-lbl-full[lang=sk]:after{content:"Sloven\00010Dina\0000A0/\0000A0Slovak"}.lang-lbl-full[lang=sl]:after{content:"Sloven\000161\00010Dina\0000A0/\0000A0Slovenian"}.lang-lbl-full[lang=sq]:after{content:"Shqipe\0000A0/\0000A0Albanian"}.lang-lbl-full[lang=sr]:after{content:"\000421\000440\00043F\000441\00043A\000438\0000A0/\0000A0Serbian"}.lang-lbl-full[lang=sv]:after{content:"Svenska\0000A0/\0000A0Swedish"}.lang-lbl-full[lang=th]:after{content:"\000E44\000E17\000E22\0000A0/\0000A0Thai"}.lang-lbl-full[lang=tr]:after{content:"T\0000FCrk\0000E7e\0000A0/\0000A0Turkish"}.lang-lbl-full[lang=uk]:after{content:"\000423\00043A\000440\000430\000457\00043D\000441\00044C\00043A\000430\0000A0/\0000A0Ukrainian"}.lang-lbl-full[lang=vi]:after{content:"Ti\001EBFng\000020vi\001EC7t\0000A0/\0000A0Vietnamese"}.lang-lbl-full[lang=zh]:after{content:"\004E2D\006587\0000A0/\0000A0Chinese"}.lang-lg:before,.lang-sm:before,.lang-xs:before{content:'\0000A0'}.lang-xs.lang-lbl,.lang-xs.lang-lbl-en,.lang-xs.lang-lbl-full{padding-left:16px}.lang-sm.lang-lbl,.lang-sm.lang-lbl-en,.lang-sm.lang-lbl-full{padding-left:24px}.lang-lg.lang-lbl,.lang-lg.lang-lbl-en,.lang-lg.lang-lbl-full{padding-left:32px}.lang-lg.lang-lbl-en:before,.lang-lg.lang-lbl-full:before,.lang-lg.lang-lbl:before,.lang-sm.lang-lbl-en:before,.lang-sm.lang-lbl-full:before,.lang-sm.lang-lbl:before,.lang-xs.lang-lbl-en:before,.lang-xs.lang-lbl-full:before,.lang-xs.lang-lbl:before{content:''}.lang-lg,.lang-lg:after{top:0;position:relative}.lang-sm{top:1px;position:relative}.lang-sm:after{top:-1px;position:relative}.lang-xs{top:4px;position:relative}.lang-xs:after{top:-4px;position:relative}.lead>.lang-lg{top:2px}.lead>.lang-lg:after{top:-2px}.lead>.lang-sm{top:6px}.lead>.lang-sm:after{top:-6px}.lead>.lang-xs{top:8px}.lead>.lang-xs:after{top:-8px}small>.lang-sm{top:-1px}small>.lang-sm:after{top:1px}small>.lang-xs{top:2px}small>.lang-xs:after{top:-2px}h1>.lang-lg{top:9px}h1>.lang-lg:after{top:-9px}h1>.lang-sm{top:12px}h1>.lang-sm:after{top:-12px}h1>.lang-xs{top:14px}h1>.lang-xs:after{top:-14px}h2>.lang-lg{top:5px}h2>.lang-lg:after{top:-5px}h2>.lang-sm{top:8px}h2>.lang-sm:after{top:-8px}h2>.lang-xs{top:10px}h2>.lang-xs:after{top:-10px}h3>.lang-lg{top:1px}h3>.lang-lg:after{top:-1px}h3>.lang-sm{top:5px}h3>.lang-sm:after{top:-5px}h3>.lang-xs{top:8px}h3>.lang-xs:after{top:-8px}h4>.lang-lg{top:-1px}h4>.lang-lg:after,h4>.lang-sm{top:1px}h4>.lang-sm:after{top:-1px}h4>.lang-xs{top:4px}h4>.lang-xs:after{top:-4px}h5>.lang-sm,h5>.lang-sm:after{top:0}h5>.lang-xs{top:2px}h5>.lang-xs:after{top:-2px}h6>.lang-sm,h6>.lang-sm:after{top:0}h6>.lang-xs{top:1px}h6>.lang-xs:after{top:-1px}.btn>.lang-sm{top:2px}.btn>.lang-sm:after{top:-2px}.btn>.lang-xs{top:4px}.btn>.lang-xs:after{top:-4px}.btn.btn-xs>.lang-sm,.btn.btn-xs>.lang-sm:after{top:0}.btn.btn-xs>.lang-xs{top:3px}.btn.btn-xs>.lang-xs:after{top:-3px}.btn.btn-sm>.lang-sm,.btn.btn-sm>.lang-sm:after{top:0}.btn.btn-sm>.lang-xs{top:3px}.btn.btn-sm>.lang-xs:after{top:-3px}.btn.btn-lg>.lang-lg{top:1px}.btn.btn-lg>.lang-lg:after{top:-1px}.btn.btn-lg>.lang-sm{top:3px}.btn.btn-lg>.lang-sm:after{top:-3px}.btn.btn-lg>.lang-xs{top:6px}.btn.btn-lg>.lang-xs:after{top:-6px}
+.lang-lg,.lang-sm,.lang-xs{background-repeat:no-repeat;display:inline-block;background-image:url(languages.png)}.lang-sm,.lang-sm:after,.lang-xs,.lang-xs:after{position:relative}.lang-xs{background-position:0 -484px;min-width:14px;height:11px;min-height:11px;max-height:11px}.lang-sm{background-position:0 -1199px;min-width:22px;height:16px;min-height:16px;max-height:16px}.lang-lg{background-position:0 -2134px;min-width:30px;height:22px;min-height:22px;max-height:22px}.lang-xs[lang=ar]{background-position:0 0}.lang-xs[lang=be]{background-position:0 -11px}.lang-xs[lang=bg]{background-position:0 -22px}.lang-xs[lang=cs]{background-position:0 -33px}.lang-xs[lang=da]{background-position:0 -44px}.lang-xs[lang=de]{background-position:0 -55px}.lang-xs[lang=el]{background-position:0 -66px}.lang-xs[lang=en]{background-position:0 -77px}.lang-xs[lang=es]{background-position:0 -88px}.lang-xs[lang=et]{background-position:0 -99px}.lang-xs[lang=fi]{background-position:0 -110px}.lang-xs[lang=fr]{background-position:0 -121px}.lang-xs[lang=ga]{background-position:0 -132px}.lang-xs[lang=hi]{background-position:0 -143px}.lang-xs[lang=hr]{background-position:0 -154px}.lang-xs[lang=hu]{background-position:0 -165px}.lang-xs[lang=in]{background-position:0 -176px}.lang-xs[lang=is]{background-position:0 -187px}.lang-xs[lang=it]{background-position:0 -198px}.lang-xs[lang=iw]{background-position:0 -209px}.lang-xs[lang=ja]{background-position:0 -220px}.lang-xs[lang=ko]{background-position:0 -231px}.lang-xs[lang=lt]{background-position:0 -242px}.lang-xs[lang=lv]{background-position:0 -253px}.lang-xs[lang=mk]{background-position:0 -264px}.lang-xs[lang=ms]{background-position:0 -275px}.lang-xs[lang=mt]{background-position:0 -286px}.lang-xs[lang=nl]{background-position:0 -297px}.lang-xs[lang=no]{background-position:0 -308px}.lang-xs[lang=pl]{background-position:0 -319px}.lang-xs[lang=pt]{background-position:0 -330px}.lang-xs[lang=ro]{background-position:0 -341px}.lang-xs[lang=ru]{background-position:0 -352px}.lang-xs[lang=sk]{background-position:0 -363px}.lang-xs[lang=sl]{background-position:0 -374px}.lang-xs[lang=sq]{background-position:0 -385px}.lang-xs[lang=sr]{background-position:0 -396px}.lang-xs[lang=sv]{background-position:0 -407px}.lang-xs[lang=th]{background-position:0 -418px}.lang-xs[lang=tr]{background-position:0 -429px}.lang-xs[lang=uk]{background-position:0 -440px}.lang-xs[lang=vi]{background-position:0 -451px}.lang-xs[lang=zh]{background-position:0 -462px}.lang-xs[lang=ca]{background-position:0 -473px}.lang-sm[lang=ar]{background-position:0 -495px}.lang-sm[lang=be]{background-position:0 -511px}.lang-sm[lang=bg]{background-position:0 -527px}.lang-sm[lang=cs]{background-position:0 -543px}.lang-sm[lang=da]{background-position:0 -559px}.lang-sm[lang=de]{background-position:0 -575px}.lang-sm[lang=el]{background-position:0 -591px}.lang-sm[lang=en]{background-position:0 -607px}.lang-sm[lang=es]{background-position:0 -623px}.lang-sm[lang=et]{background-position:0 -639px}.lang-sm[lang=fi]{background-position:0 -655px}.lang-sm[lang=fr]{background-position:0 -671px}.lang-sm[lang=ga]{background-position:0 -687px}.lang-sm[lang=hi]{background-position:0 -703px}.lang-sm[lang=hr]{background-position:0 -719px}.lang-sm[lang=hu]{background-position:0 -735px}.lang-sm[lang=in]{background-position:0 -751px}.lang-sm[lang=is]{background-position:0 -767px}.lang-sm[lang=it]{background-position:0 -783px}.lang-sm[lang=iw]{background-position:0 -799px}.lang-sm[lang=ja]{background-position:0 -815px}.lang-sm[lang=ko]{background-position:0 -831px}.lang-sm[lang=lt]{background-position:0 -847px}.lang-sm[lang=lv]{background-position:0 -863px}.lang-sm[lang=mk]{background-position:0 -879px}.lang-sm[lang=ms]{background-position:0 -895px}.lang-sm[lang=mt]{background-position:0 -911px}.lang-sm[lang=nl]{background-position:0 -927px}.lang-sm[lang=no]{background-position:0 -943px}.lang-sm[lang=pl]{background-position:0 -959px}.lang-sm[lang=pt]{background-position:0 -975px}.lang-sm[lang=ro]{background-position:0 -991px}.lang-sm[lang=ru]{background-position:0 -1007px}.lang-sm[lang=sk]{background-position:0 -1023px}.lang-sm[lang=sl]{background-position:0 -1039px}.lang-sm[lang=sq]{background-position:0 -1055px}.lang-sm[lang=sr]{background-position:0 -1071px}.lang-sm[lang=sv]{background-position:0 -1087px}.lang-sm[lang=th]{background-position:0 -1103px}.lang-sm[lang=tr]{background-position:0 -1119px}.lang-sm[lang=uk]{background-position:0 -1135px}.lang-sm[lang=vi]{background-position:0 -1151px}.lang-sm[lang=zh]{background-position:0 -1167px}.lang-sm[lang=ca]{background-position:0 -1183px}.lang-lg[lang=ar]{background-position:0 -1188px}.lang-lg[lang=be]{background-position:0 -1210px}.lang-lg[lang=bg]{background-position:0 -1232px}.lang-lg[lang=cs]{background-position:0 -1254px}.lang-lg[lang=da]{background-position:0 -1276px}.lang-lg[lang=de]{background-position:0 -1298px}.lang-lg[lang=el]{background-position:0 -1320px}.lang-lg[lang=en]{background-position:0 -1342px}.lang-lg[lang=es]{background-position:0 -1364px}.lang-lg[lang=et]{background-position:0 -1386px}.lang-lg[lang=fi]{background-position:0 -1408px}.lang-lg[lang=fr]{background-position:0 -1430px}.lang-lg[lang=ga]{background-position:0 -1452px}.lang-lg[lang=hi]{background-position:0 -1474px}.lang-lg[lang=hr]{background-position:0 -1496px}.lang-lg[lang=hu]{background-position:0 -1518px}.lang-lg[lang=in]{background-position:0 -1540px}.lang-lg[lang=is]{background-position:0 -1562px}.lang-lg[lang=it]{background-position:0 -1584px}.lang-lg[lang=iw]{background-position:0 -1606px}.lang-lg[lang=ja]{background-position:0 -1628px}.lang-lg[lang=ko]{background-position:0 -1650px}.lang-lg[lang=lt]{background-position:0 -1672px}.lang-lg[lang=lv]{background-position:0 -1694px}.lang-lg[lang=mk]{background-position:0 -1716px}.lang-lg[lang=ms]{background-position:0 -1738px}.lang-lg[lang=mt]{background-position:0 -1760px}.lang-lg[lang=nl]{background-position:0 -1782px}.lang-lg[lang=no]{background-position:0 -1804px}.lang-lg[lang=pl]{background-position:0 -1826px}.lang-lg[lang=pt]{background-position:0 -1848px}.lang-lg[lang=ro]{background-position:0 -1870px}.lang-lg[lang=ru]{background-position:0 -1892px}.lang-lg[lang=sk]{background-position:0 -1914px}.lang-lg[lang=sl]{background-position:0 -1936px}.lang-lg[lang=sq]{background-position:0 -1958px}.lang-lg[lang=sr]{background-position:0 -1980px}.lang-lg[lang=sv]{background-position:0 -2002px}.lang-lg[lang=th]{background-position:0 -2024px}.lang-lg[lang=tr]{background-position:0 -2046px}.lang-lg[lang=uk]{background-position:0 -2068px}.lang-lg[lang=vi]{background-position:0 -2090px}.lang-lg[lang=zh]{background-position:0 -2112px}.lang-lbl-en:after,.lang-lbl-full:after,.lang-lbl:after{content:"Unknown language"}.lang-lbl[lang=ar]:after{content:"\000627\000644\000639\000631\000628\00064A\000629"}.lang-lbl[lang=be]:after{content:"\000411\000435\00043B\000430\000440\000443\000441\00043A\000456"}.lang-lbl[lang=bg]:after{content:"\000411\00044A\00043B\000433\000430\000440\000441\00043A\000438"}.lang-lbl[lang=ca]:after{content:"Catal\0000E0"}.lang-lbl[lang=cs]:after{content:"\00010Ce\000161tina"}.lang-lbl[lang=da]:after{content:"Dansk"}.lang-lbl[lang=de]:after{content:"Deutsch"}.lang-lbl[lang=el]:after{content:"\000395\0003BB\0003BB\0003B7\0003BD\0003B9\0003BA\0003AC"}.lang-lbl[lang=en]:after{content:"English"}.lang-lbl[lang=es]:after{content:"Espa\0000F1ol"}.lang-lbl[lang=et]:after{content:"Eesti"}.lang-lbl[lang=fi]:after{content:"Suomi"}.lang-lbl[lang=fr]:after{content:"Fran\0000E7ais"}.lang-lbl[lang=ga]:after{content:"Gaeilge"}.lang-lbl[lang=hi]:after{content:"\000939\00093F\000902\000926\000940"}.lang-lbl[lang=hr]:after{content:"Hrvatski"}.lang-lbl[lang=hu]:after{content:"Magyar"}.lang-lbl[lang=in]:after{content:"Bahasa\000020indonesia"}.lang-lbl[lang=is]:after{content:"\0000CDslenska"}.lang-lbl[lang=it]:after{content:"Italiano"}.lang-lbl[lang=iw]:after{content:"\0005E2\0005D1\0005E8\0005D9\0005EA"}.lang-lbl[lang=ja]:after{content:"\0065E5\00672C\008A9E"}.lang-lbl[lang=ko]:after{content:"\00D55C\00AD6D\00C5B4"}.lang-lbl[lang=lt]:after{content:"Lietuvi\000173"}.lang-lbl[lang=lv]:after{content:"Latvie\000161u"}.lang-lbl[lang=mk]:after{content:"\00041C\000430\00043A\000435\000434\00043E\00043D\000441\00043A\000438"}.lang-lbl[lang=ms]:after{content:"Bahasa\000020melayu"}.lang-lbl[lang=mt]:after{content:"Malti"}.lang-lbl[lang=nl]:after{content:"Nederlands"}.lang-lbl[lang=no]:after{content:"Norsk"}.lang-lbl[lang=pl]:after{content:"Polski"}.lang-lbl[lang=pt]:after{content:"Portugu\0000EAs"}.lang-lbl[lang=ro]:after{content:"Rom\0000E2n\000103"}.lang-lbl[lang=ru]:after{content:"\000420\000443\000441\000441\00043A\000438\000439"}.lang-lbl[lang=sk]:after{content:"Sloven\00010Dina"}.lang-lbl[lang=sl]:after{content:"Sloven\000161\00010Dina"}.lang-lbl[lang=sq]:after{content:"Shqipe"}.lang-lbl[lang=sr]:after{content:"\000421\000440\00043F\000441\00043A\000438"}.lang-lbl[lang=sv]:after{content:"Svenska"}.lang-lbl[lang=th]:after{content:"\000E44\000E17\000E22"}.lang-lbl[lang=tr]:after{content:"T\0000FCrk\0000E7e"}.lang-lbl[lang=uk]:after{content:"\000423\00043A\000440\000430\000457\00043D\000441\00044C\00043A\000430"}.lang-lbl[lang=vi]:after{content:"Ti\001EBFng\000020vi\001EC7t"}.lang-lbl[lang=zh]:after{content:"\004E2D\006587"}.lang-lbl-en[lang=ar]:after{content:"Arabic"}.lang-lbl-en[lang=be]:after{content:"Belarusian"}.lang-lbl-en[lang=bg]:after{content:"Bulgarian"}.lang-lbl-en[lang=ca]:after{content:"Catalan"}.lang-lbl-en[lang=cs]:after{content:"Czech"}.lang-lbl-en[lang=da]:after{content:"Danish"}.lang-lbl-en[lang=de]:after{content:"German"}.lang-lbl-en[lang=el]:after{content:"Greek"}.lang-lbl-en[lang=en]:after{content:"English"}.lang-lbl-en[lang=es]:after{content:"Spanish"}.lang-lbl-en[lang=et]:after{content:"Estonian"}.lang-lbl-en[lang=fi]:after{content:"Finnish"}.lang-lbl-en[lang=fr]:after{content:"French"}.lang-lbl-en[lang=ga]:after{content:"Irish"}.lang-lbl-en[lang=hi]:after{content:"Hindi"}.lang-lbl-en[lang=hr]:after{content:"Croatian"}.lang-lbl-en[lang=hu]:after{content:"Hungarian"}.lang-lbl-en[lang=in]:after{content:"Indonesian"}.lang-lbl-en[lang=is]:after{content:"Icelandic"}.lang-lbl-en[lang=it]:after{content:"Italian"}.lang-lbl-en[lang=iw]:after{content:"Hebrew"}.lang-lbl-en[lang=ja]:after{content:"Japanese"}.lang-lbl-en[lang=ko]:after{content:"Korean"}.lang-lbl-en[lang=lt]:after{content:"Lithuanian"}.lang-lbl-en[lang=lv]:after{content:"Latvian"}.lang-lbl-en[lang=mk]:after{content:"Macedonian"}.lang-lbl-en[lang=ms]:after{content:"Malay"}.lang-lbl-en[lang=mt]:after{content:"Maltese"}.lang-lbl-en[lang=nl]:after{content:"Dutch"}.lang-lbl-en[lang=no]:after{content:"Norwegian"}.lang-lbl-en[lang=pl]:after{content:"Polish"}.lang-lbl-en[lang=pt]:after{content:"Portuguese"}.lang-lbl-en[lang=ro]:after{content:"Romanian"}.lang-lbl-en[lang=ru]:after{content:"Russian"}.lang-lbl-en[lang=sk]:after{content:"Slovak"}.lang-lbl-en[lang=sl]:after{content:"Slovenian"}.lang-lbl-en[lang=sq]:after{content:"Albanian"}.lang-lbl-en[lang=sr]:after{content:"Serbian"}.lang-lbl-en[lang=sv]:after{content:"Swedish"}.lang-lbl-en[lang=th]:after{content:"Thai"}.lang-lbl-en[lang=tr]:after{content:"Turkish"}.lang-lbl-en[lang=uk]:after{content:"Ukrainian"}.lang-lbl-en[lang=vi]:after{content:"Vietnamese"}.lang-lbl-en[lang=zh]:after{content:"Chinese"}.lang-lbl-full[lang=ar]:after{content:"\000627\000644\000639\000631\000628\00064A\000629\0000A0/\0000A0Arabic"}.lang-lbl-full[lang=be]:after{content:"\000411\000435\00043B\000430\000440\000443\000441\00043A\000456\0000A0/\0000A0Belarusian"}.lang-lbl-full[lang=bg]:after{content:"\000411\00044A\00043B\000433\000430\000440\000441\00043A\000438\0000A0/\0000A0Bulgarian"}.lang-lbl-full[lang=ca]:after{content:"Catal\0000E0\0000A0/\0000A0Catalan"}.lang-lbl-full[lang=cs]:after{content:"\00010Ce\000161tina\0000A0/\0000A0Czech"}.lang-lbl-full[lang=da]:after{content:"Dansk\0000A0/\0000A0Danish"}.lang-lbl-full[lang=de]:after{content:"Deutsch\0000A0/\0000A0German"}.lang-lbl-full[lang=el]:after{content:"\000395\0003BB\0003BB\0003B7\0003BD\0003B9\0003BA\0003AC\0000A0/\0000A0Greek"}.lang-lbl-full[lang=en]:after{content:"English\0000A0/\0000A0English"}.lang-lbl-full[lang=es]:after{content:"Espa\0000F1ol\0000A0/\0000A0Spanish"}.lang-lbl-full[lang=et]:after{content:"Eesti\0000A0/\0000A0Estonian"}.lang-lbl-full[lang=fi]:after{content:"Suomi\0000A0/\0000A0Finnish"}.lang-lbl-full[lang=fr]:after{content:"Fran\0000E7ais\0000A0/\0000A0French"}.lang-lbl-full[lang=ga]:after{content:"Gaeilge\0000A0/\0000A0Irish"}.lang-lbl-full[lang=hi]:after{content:"\000939\00093F\000902\000926\000940\0000A0/\0000A0Hindi"}.lang-lbl-full[lang=hr]:after{content:"Hrvatski\0000A0/\0000A0Croatian"}.lang-lbl-full[lang=hu]:after{content:"Magyar\0000A0/\0000A0Hungarian"}.lang-lbl-full[lang=in]:after{content:"Bahasa\000020indonesia\0000A0/\0000A0Indonesian"}.lang-lbl-full[lang=is]:after{content:"\0000CDslenska\0000A0/\0000A0Icelandic"}.lang-lbl-full[lang=it]:after{content:"Italiano\0000A0/\0000A0Italian"}.lang-lbl-full[lang=iw]:after{content:"\0005E2\0005D1\0005E8\0005D9\0005EA\0000A0/\0000A0Hebrew"}.lang-lbl-full[lang=ja]:after{content:"\0065E5\00672C\008A9E\0000A0/\0000A0Japanese"}.lang-lbl-full[lang=ko]:after{content:"\00D55C\00AD6D\00C5B4\0000A0/\0000A0Korean"}.lang-lbl-full[lang=lt]:after{content:"Lietuvi\000173\0000A0/\0000A0Lithuanian"}.lang-lbl-full[lang=lv]:after{content:"Latvie\000161u\0000A0/\0000A0Latvian"}.lang-lbl-full[lang=mk]:after{content:"\00041C\000430\00043A\000435\000434\00043E\00043D\000441\00043A\000438\0000A0/\0000A0Macedonian"}.lang-lbl-full[lang=ms]:after{content:"Bahasa\000020melayu\0000A0/\0000A0Malay"}.lang-lbl-full[lang=mt]:after{content:"Malti\0000A0/\0000A0Maltese"}.lang-lbl-full[lang=nl]:after{content:"Nederlands\0000A0/\0000A0Dutch"}.lang-lbl-full[lang=no]:after{content:"Norsk\0000A0/\0000A0Norwegian"}.lang-lbl-full[lang=pl]:after{content:"Polski\0000A0/\0000A0Polish"}.lang-lbl-full[lang=pt]:after{content:"Portugu\0000EAs\0000A0/\0000A0Portuguese"}.lang-lbl-full[lang=ro]:after{content:"Rom\0000E2n\000103\0000A0/\0000A0Romanian"}.lang-lbl-full[lang=ru]:after{content:"\000420\000443\000441\000441\00043A\000438\000439\0000A0/\0000A0Russian"}.lang-lbl-full[lang=sk]:after{content:"Sloven\00010Dina\0000A0/\0000A0Slovak"}.lang-lbl-full[lang=sl]:after{content:"Sloven\000161\00010Dina\0000A0/\0000A0Slovenian"}.lang-lbl-full[lang=sq]:after{content:"Shqipe\0000A0/\0000A0Albanian"}.lang-lbl-full[lang=sr]:after{content:"\000421\000440\00043F\000441\00043A\000438\0000A0/\0000A0Serbian"}.lang-lbl-full[lang=sv]:after{content:"Svenska\0000A0/\0000A0Swedish"}.lang-lbl-full[lang=th]:after{content:"\000E44\000E17\000E22\0000A0/\0000A0Thai"}.lang-lbl-full[lang=tr]:after{content:"T\0000FCrk\0000E7e\0000A0/\0000A0Turkish"}.lang-lbl-full[lang=uk]:after{content:"\000423\00043A\000440\000430\000457\00043D\000441\00044C\00043A\000430\0000A0/\0000A0Ukrainian"}.lang-lbl-full[lang=vi]:after{content:"Ti\001EBFng\000020vi\001EC7t\0000A0/\0000A0Vietnamese"}.lang-lbl-full[lang=zh]:after{content:"\004E2D\006587\0000A0/\0000A0Chinese"}.lang-lg:before,.lang-sm:before,.lang-xs:before{content:'\0000A0'}.lang-xs.lang-lbl,.lang-xs.lang-lbl-en,.lang-xs.lang-lbl-full{padding-left:16px}.lang-sm.lang-lbl,.lang-sm.lang-lbl-en,.lang-sm.lang-lbl-full{padding-left:24px}.lang-lg.lang-lbl,.lang-lg.lang-lbl-en,.lang-lg.lang-lbl-full{padding-left:32px}.lang-lg.lang-lbl-en:before,.lang-lg.lang-lbl-full:before,.lang-lg.lang-lbl:before,.lang-sm.lang-lbl-en:before,.lang-sm.lang-lbl-full:before,.lang-sm.lang-lbl:before,.lang-xs.lang-lbl-en:before,.lang-xs.lang-lbl-full:before,.lang-xs.lang-lbl:before{content:''}.lang-lg,.lang-lg:after{top:0;position:relative}.lang-sm{top:1px}.lang-sm:after{top:-1px}.lang-xs{top:4px}.lang-xs:after{top:-4px}.lead>.lang-lg{top:2px}.lead>.lang-lg:after{top:-2px}.lead>.lang-sm{top:6px}.lead>.lang-sm:after{top:-6px}.lead>.lang-xs{top:8px}.lead>.lang-xs:after{top:-8px}small>.lang-sm{top:-1px}small>.lang-sm:after{top:1px}small>.lang-xs{top:2px}small>.lang-xs:after{top:-2px}h1>.lang-lg{top:9px}h1>.lang-lg:after{top:-9px}h1>.lang-sm{top:12px}h1>.lang-sm:after{top:-12px}h1>.lang-xs{top:14px}h1>.lang-xs:after{top:-14px}h2>.lang-lg{top:5px}h2>.lang-lg:after{top:-5px}h2>.lang-sm{top:8px}h2>.lang-sm:after{top:-8px}h2>.lang-xs{top:10px}h2>.lang-xs:after{top:-10px}h3>.lang-lg{top:1px}h3>.lang-lg:after{top:-1px}h3>.lang-sm{top:5px}h3>.lang-sm:after{top:-5px}h3>.lang-xs{top:8px}h3>.lang-xs:after{top:-8px}h4>.lang-lg{top:-1px}h4>.lang-lg:after,h4>.lang-sm{top:1px}h4>.lang-sm:after{top:-1px}h4>.lang-xs{top:4px}h4>.lang-xs:after{top:-4px}h5>.lang-sm,h5>.lang-sm:after{top:0}h5>.lang-xs{top:2px}h5>.lang-xs:after{top:-2px}h6>.lang-sm,h6>.lang-sm:after{top:0}h6>.lang-xs{top:1px}h6>.lang-xs:after{top:-1px}.btn>.lang-sm{top:2px}.btn>.lang-sm:after{top:-2px}.btn>.lang-xs{top:4px}.btn>.lang-xs:after{top:-4px}.btn.btn-xs>.lang-sm,.btn.btn-xs>.lang-sm:after{top:0}.btn.btn-xs>.lang-xs{top:3px}.btn.btn-xs>.lang-xs:after{top:-3px}.btn.btn-sm>.lang-sm,.btn.btn-sm>.lang-sm:after{top:0}.btn.btn-sm>.lang-xs{top:3px}.btn.btn-sm>.lang-xs:after{top:-3px}.btn.btn-lg>.lang-lg{top:1px}.btn.btn-lg>.lang-lg:after{top:-1px}.btn.btn-lg>.lang-sm{top:3px}.btn.btn-lg>.lang-sm:after{top:-3px}.btn.btn-lg>.lang-xs{top:6px}.btn.btn-lg>.lang-xs:after{top:-6px}
\ No newline at end of file
diff --git a/data/web/inc/languages.png b/data/web/inc/languages.png
index c88e039bee8b2e24ef686d866083f48acd32d961..f5f1a2f0d5c6d0ba80704530217705366948787d 100644
GIT binary patch
literal 60615
zcmZU(by!<Z)Gd617BB8lph%0mTX8Q?yto&a0!7mT#jSX;Qna`eJh*%D;O_4BrN8&R
z&wcLm<&R8qGBang=git`uf4<GtIA=alc56ufTbWWtpRVT0N_Q&OBDDgsGa@^yg{;-
zRFMRL${36XQ)Kw}SLX5>DgfZk007`10Jwu+0`CC8XAS_^GXVgh6aXN0PH$8ff&YMF
zrX(i~Z{e?7sipt`IFL|~mi*u~e~^JHqILWXwS6&{7K^7xnoXPV`miNdJvVaVF9$i<
z+XTIzTtB6KY=2iNYG38&TD&IBdfukUUB13QTz(G`y7p}=_sqN(85KM}FBx?+yq*{z
zpPMZ#LU5;SdOR)1FeomP9J{L?F#T~bfT1AtR_8~8`jX<<Tb<Ojhc7?RNYA#_26Fnc
z@U@a+FH1D1a<NQ_5?=rwn^AN%>L0ht?Al~5fZx>=n%0;g67}l+s3%S!(X8Gcp8;?&
zN)D`!;1K<+^X&-*C_7O(6B^DHC`|u_W@_hXDFu`&WOB25AW-0jPh-y@R$K@cS8j7c
zJ$m+g<Pw3a($;wAI~M32`D#aIIdC<<EJn=qg2OT0dNo|nLR5dCwT4DSPw<6=>C{mO
z3MXK+O?4p5h_h00I3VBl0W3v|0~tL6&AP4D4g667$hCtPDAQy3&H66`<@gbIGR_;S
z_s(YwTedND{v05ZoWTU$v<0E=Rsm79Nr2E>BQ9+_P)}8Z6PH~(Ic@#Ij0roGq~~!a
z`3{IIn-B2+!wjBPwVq48v=FU)dv0TnS+1@ncUAwC`;FH9Lc5iY9d|b=RgqZUNNfI`
zsz!wDUc7j~2Sv$ngHq~U<+1Mun|uz#6NeVsXoxEfm2>jMj9IviO&>2Cobm1tikjug
zCEhy7JtBC5<Dz`xBb`gI#f}O1+{pA)HRu!hg7dVTxy(pg{S%4MLpOv_R7Pdc1&fqt
zKqT%k(^DR?X3%%xNn$ai*xA~Q&qu;l>2>IW-yKS{v}}~TqV{xMS^PC<tPS>42P~57
zGRu7vbN{&VC|GT#zQ#(->2s|s`cyO5(ZW6P)@U_g3yDp5cZ8X^#1HGFOLP3gB-O37
zg1S<C?vJGDWAl29WHHfA(ngF|bash}lpb@8j^UcT$=7D9cz1N&1@4u>5v=Po=F*p4
zaxN`fUyWGOZ=E|m<kH=ZxLDD3zsLWLj|fNmdE253NttqLudJWV3o#H~<iKOMZ(Czg
zDPCruck4NM!0&FKVmff*_B3ZQn$?p*9bWI_p?6{Z{G+p`=Sj>X0K@HOm|kC?WvFra
zy9-d6ML5ahxsDvI-dJXNazA(2F&96L<J$G;sCz=>rUavywH0Pd5hOE-Pmo$yCeOV%
zwuJu;)^i+TQXFU4R#5Jw3|OIe6kD(6r3u$@YN!lEG<_%}^3m_WV|B)iaY$+or1~>+
zU_L2?IO(NE-Ak#iKbr5}y*T}&85iMC-4rm<xNR5kAOuCr&%vQU%|027O$uiBspN1!
z4aCb2dOo4k<>Y>~^x{|X>|w`+)Z?su1E?`vbOjkOZku8b!`OZ6ah)@g?D;vMIkwEq
zQylir>WVTIb4=^t>9JylgC1KLTxM2}QIMyg=;{J;Cw#M7=0B_I!5(!2Fnuwqyq20U
ze(B{*w38&<f|^p?pm#~2`j)-e6+0>7%FHzSgP|CsIl#AtW{I5&yp>X6r*a2DXismv
z^>HQ6e{Y2oT`&FZNN;RZRRz+U8{;$HCk(60EvN$~C#7@s9;L|6<(Q(EFY9A!t@pdh
zxqRZCg=O5Wg$|KS#KqKMr*8qzs3lcmB5<PTHBm4Y3KQ(!Y8N$U=`~E%)ZWD!z^)6c
zRV@Z|GZ+*FY!PQO^`@)1iGF?b8ZCZA1DqHkSmIEO_v))XuHeV}gD)L{?w`}^Ofa^0
zsN9J<h?Yb+VJ>gM{t;&!eoo**w+ER{Okm>J&FhR(Vq`;pgIP{hw)IxbCz>PXNSYCq
zqSNU!etHWa?amOn+zgluvg*aZDFFRIxRI9m3>XEwWxY(0`udtmj3#|}a`KB;P>_H6
zqPWub?ug5o)c9i~{YVUGqqbJpo*K9j$BTJ?A4=Q^mXonTljxy4QkEo8Q+wbYr=lAo
z&12qpjrNP**1azE1=JE1m#RU9<UZWx_~k2qI?jX;qY5H+f#47w`I{LTpU8@S*SwBk
z5-*VwLJDyf0vR0F@|Tb>;*`No`mPY={dAKU{OB-KQ}qu>H;g&wq`iGDh)e?8?&l_N
zB-Rtc2R!>;lXurwW1F{*D-&;6J{cbQ<OaQ26@Liz7h4JZh=l$W7^8GwsmLy~x{8e|
zg8IASQ}A(<IS>Y-n^qPNzU{eOX2ribc3p;_T<eY9{gOv;^{Kd^sc8jk&ln;8yTCFS
z$R@mWx;O(l_TGIle^L9UdGhz9oyb!T%oF~+vJzo^%92BTh{(tKoz=~8lW4C$7gQ~<
z0VQ+pzW6n|PIenNNR}(6^eoqK9Q(=i6Q*W054|$l^8mX_Q&Iv4{X;JmcX^$WyiVmp
za5aVjd+xtOAUIV@JfQ_YT`+%l!meO<!X`sVe%EI@7aGHEDh_eRa(lmXjhPD67mN&b
zM(<~0@s9R-C2;8Co$0~ZgAUk6O{gz@gwIVj(Say6)%Bx86cZ0aJgO^nu+J&ib!acp
zTs&Mv$4_gWwkfOsEYf6{qA<Y0H-sQzA9=ZAhsnf}_2=UslwbZsG%V;&KvSK<9zE>j
zzHiYhE9!nuj$+q?a1OXW)Ns-ndxQ_3P2SJ9^FV}#-Q5SC^@0*8eW(qLk)4;g`5ID)
zp+0v}-E&(2o8|UQUL9aBNbI_oCl1v<imghn56E0(^HtwgaB$&(CMHR@a}k2;YkAMf
z%K+&&xsl#EXwFv}k)GpLU@We$Sw>w5ESncoVV!I($`kdRN8O{<_q`SM<5eed0^dvR
zo68q_+5Gs=-)|~XbP7|5!?-~!Wc3%8NYT5R)Ks$@$%xJAx`n5bge$jOzLQ1$;-ikl
zMALe^&YN$+Khg}x94M+?mITd?*#PB?8iSQ_1F+<_&YAHX+N)|)hfNiV{j)goqh&=2
z$JrIn{jJgJg<xZwEn=-hko=;N`@R&fMCnw4tx6S;dS$81>p#n-b-Sun*GGQqs3qHn
zbt|jo%>(Ng%=I%^`{81rbR!niglM91Sj`=c6L58f6)GHTuC^2-#)kZ6oR3Jj-;wxf
zYA(sjde_)c&DMkRX(}|#imr5~k*(kgrweTEK2Vc>4&-wh4A3PZUbHZB&e<Zld^MxE
z`VD-FJcm4py6EW(IX$93Vw(wtw4tUtrL@pWhzq`{cL)Ss7_+o))FLw$9}t=!6aXK1
zLx!--4?rDaaa(WilMprz7cV?!48g7=I}Qpk;Hp<7Du)7;5<TGUw2efP!+&3!MfK)W
zTSrPRC5?#HR=TBsGUsv&ZoFqYpo?$1a~Qq<`RDxJXEv|Ex4cgDqHDklG1AH>88t6C
zk#&Sr$f4D2)&7<a6;xNS{c|^?oIlu;omSH^4>7$)w17GpsY1Z#^NAh<Y>I3|)Z!G+
zR`|LT-4-n4$o!~EjeO#3W#2~LWUn6Dnb1Pgu*uka(gKa0Iy>N7EVc$nkn>0~Fnquj
zl5L+=iIYGi363y|=@-r{Vk=q%Y;u;-Po$D1z$NtrcXdT^a%j?W2@&*iPGY%xk8Wal
z<<Ia-a0xVR#+=<u30t7u+X@fLI2qo3tc{3tCu`&z#@_|CFzg5p>}%aWU{ARMRyz#I
zdFt1X3Y{nJwhj+wxzeVE9g{n<$oVYn#Y0&691Qc7UZGzvLac?u^P(th#cUB3sulKu
zaQ^Z^*YS2=LUQ9{sEX|PNtBLfNxS!l>8N?xm`mj)D8%sPoJXc3u_})xDVtHq!np@o
z1twu{D6@K4uzEA*o52pYC#pB2w6xKpuWZQ*3O?APE=;y<*s;$Tjf(Fb3$luQL7eo+
zj!t^>1LpN5gmuo<$z!F&&_0A!^sD`xrSu?eGCr%}gwwjw@6Ad^i-vRtAKAOBY6~@&
zdA7xIH*aN(brKH<xVq-+QzIj>^B1&_<PFdC-;=V4bW&Ou!p-9^gT_+72xynXFe602
zoAX0ojaV_c#<k`U*6E^2eR<EzIc+ylTurq;yS$r4)fMR`X(_?UNlenbxI;4iF4|Pi
ztZe5=@290#&N*|s3T0iGVRt|Mvt*<V7aO%q95#cGi}8V;<v|s>^{GsO&i70)nURqx
zW(y&!{carXWAVwL>V}bqaTmyfcQV245s}AXP!99`%jy<e=tCpoEFwvAf38#g9$J8X
z1Dn~18--nBj#HvYNB>)go=?`q#vj$VF=HBt*YAD`m_0?m{ODvoq^DR?f4J{-?;W}C
z7EFEgE#+#k(XkiW;U86?PvA&5Ncvm!$M@B{qqaYmIuu~F{M#MBJ5h-nM88mT5?T4t
z<?{FSy_Pa<E-nelqO!^Z8mRSHbaYHEwBJ6(6h6^S(9&@X_1ebZYA=)H&8rG{sQA@O
z%P9A<iSbx!V;|KUkGh7<u}{)1fjFFh6*8TY-<6rxW5`)^yGBr<?7a18a&Fwav26AL
zj0<^|Qate|Y<*vp<4SyQt|Me08Q6{K)j8e!ajX2y_^ej75NzNG6ITeyHXp3L??ppc
zezX#zD9$Q?2`-{C=A9i96Jed87E*dSxGp2!Jp4j!c9-LLp1SYtb3NP)h!tJYVI6-o
z2q45`Rj6n<<wRZlkZxFvP=4Jz+;uCpb&Jr&Zc*ina<<O$w7cr3aEEK*A6V!581Nl#
zjMMcxj0xJCUCX~uAZ!5VTKFu&Oo__B(5Xxl@uaX{&AM9(%pXWQ?MzK`j#`&w$Np@7
zpukF@ctQumwO)$(HseuBQHHc)z!i{>go0V`>F7!o6|b85)Eyrv(D#tXGuLrwjv>1=
znw=Kaq30<>!m;9I>9<9>Oa&&E!_M568;_inOFCN<y0bd3CGvprNX#NSz5{RdoU~a@
z;;v(P&CtfgsIBu#s|y{@G<Q+!cYktPF^r+$^?$?O)3y6HC4d`iWFlZu=wU`iKc10V
z<ObbS$xucSQcSH0YYuk(1~i5*vawLxU--8XOZ@ZHyIW((<GAc)p9y_>*4e%9Ia)|u
z0Jxie=4GW{19skCfk%}67^vtUbY6%j_fvdeLxs*cy}QXo0lqKpDS3)O{agmQD`7MV
z&g?If1_|C!f9-f=ls>qP?C|-UjN9S4lZiD<so2?p++pcc6pdI@y>q%hNi7C^v<@Sc
zd7w={%;CE~(g#1Of5P!#Y2UP*#@gNB0h=B3drw6O4?Hq88S2(}^~l7~f<3UOGu4m#
z(OxkLS&n^e1^i}Z^Bfm~iSLwor}9X^>>r)FT9JmVMdGJ4OLAZ_Rj5IUbg3D2_{3+y
z?p<<!Um<3ozbFDna7t=%CSO{3f91xP%(E&eebzieRjB3Q{r*Sqr+&zr)vPa}5%({R
z39s0(Gq*mILtojJb{+-;tb$|I9?v0?$Q2zX;Q3(k;q+tB2dcyhZNH$Bgd}avd;T}3
ziYf3Q;QutMMl2LBIZ_|epaEyjNo?%sj7#J#o|Nd@Uxk^Tti77?vO0V9WCEqXrG2lF
z-7%<pApSoi|975MBW6tJn~Ewf7fC}YMaX{eqY)Dl9`S{tn2vzV*s@Iam0exIv#u!o
zsXa2dXIcB!+RuO0RezEz6ZIJi`@EGL$X7|1Y$R42hBc{a07uq)RX@>H9oBmZaJp}+
z48RXA!qRfT+y!)~4Kos3vZMBeCl=2A%3G=KoALt0&gjqR#rhDvrhTTnN2OcOhC-=h
zc71P~sbAafcq*|@nM~n@436->u)JwwfcgwxBVXPFWiUuliYUdG{k=Z>KhYOgzRShs
z3&E^>a^K0U0pEC!xb~h|OV&*3X>xu<7Sb<Pe?ZI{r;%YGjQn0%|JM`$Epd@;NWZ~O
zDoY-Ge0ErN=|>C9MjsL#FT`wcd^_9~*H^2@aC14F<2C^#bmH)i?(`b{%8tk;BApK@
z^5aVA0Hah4K?OD>uk2SM?>&$uE>ZG7@}(LvQ4|(xK~g{_!G|o{tODfhc>H?J!?-JE
zbGoB?XFT-wFRdj?>X&m(#SwAr$5}91u+jmXi0vueB?PaJ!s7nj(%@!?{LLh_eqSyW
z_UATl{W-)SgDQinFpN8*1!}cru|>tP)a5Yp@dK7E9<sTUp{>-bncJu5I~#@?B>B`>
zuFPLbfrE_S7Vez(<?;=3QzkWR^p-Vnd`_MMB5ECUicYGyf^qd)RHioZ6daO;<+}-v
z5^yPRTXl@<F$|0<n_cg@q4kinvb@fWH$WPlHdb31%KM?si!n;60W;eIZ%^2mQ)`>z
z_MQ8XXRqsiM*nhIK?dBI!(GE0e$*=l8*ex6R{V&;1+hBwjHo8AsT1;9T79F6+<xgC
zEs;7)j5z0n&RV$tbHnrX&KcsBG=dG{SA8=bGaC_xKYG)zBb{DNMDqW={vhY=(|SBL
za~>SP-DD_0BPlDZgz>9b9?kQTu2sXeR7h3Gu-lP%<h(v-!AQ-wN^hp(p01R{1mqG)
z(iqA^pnsJlUYCF(^}d~Xm)4`{q-^}_%ykIjzu>?NW}O!PM-lipetNvJHiHxKe<$XQ
zi`UfnapU@{j0PTcXm+&ed2#HEp0;~Q8g@AnvsKSl_eT6%ME3+d7Wvmf{F;QjXEX*9
z>k++nzKH%x*t9?WJO-H17H*ywq<*zvCbdbV2j-+2Bo0}o6`wKBDj%5H^iN1|PR8KA
z5&S{?S9Xfl7+=Hd<~AbNd2gg4*SVX>mcYZfjDYIh*5ozeT_YT1(x@N#Y>ALWP;40e
z4raUP;()U#rPR*e>=XRnUE$H}lhr76gCxL)!$2(BzQ-44&PZK($aI|pkBF)Vo>XQI
zfcY;yV*yLN>R>zez<N0sU}Jf4#U>ee&oQv~gI86kKJ&X{jBC5E)T3oN*1`Xb{L#ES
znU9HZ(-AWnl`jtv9H)4gxW17fx-ZPj`3_jH>BPOy?!9=@Bxe*hZ{6Cp(#&mrdmWgo
zpF-C8mqn$tGvQ=Z6r1uVPZ%UNVB$O-8y}p#q_Qlk+STL?rR;f>bEd$se-#<O;MK&f
zS`5Pb^nKyY@++f>xI{|PyJdJx`u_l(PpR`)pIeBx4(!+i7mn5khw1z{=%CiYaKUl~
zzTrOs@2?0KCIc$qOmJGW(hu(#<wPaA&X1@K$JX|qW{FyG>PoA*SI1t>Y4keduF>%3
zJhx|&l?ZrVyXbjjWd@O<lTGR8)9#8LJD7qX$qDbD967kyvTrhM<b<}!rQm$=y42g}
zp<Mr`2d~;!5FkfLhe}wCpo@HLkY+X2p2HRA+YMoNoSzd(?VGXluir@YSSt7htaKa{
zDs9H~$*AiLmYaC5eYyVDY;-YL!!T1vq#aJcU?5<z-1uy3Iw${BM>L%iM)b7HnVx>K
zl|jPAnVmo~$ix5rxl!*fd3sfY%qZl!Q9i<Zu(O_ubu0+AMw+jRNBb2W87cW-|Aj1V
z%k_(W{wBT|&<749jj*2xCu{xo>IQE%a^@oId{b0C6*xY<-ZFqSS2xrVztHJfM324&
zPF6spWLWm&3rf2?xo?GUR;XeUWoc5`gZku}I^+!M>O>IbTg(RR+E9>ZCdL)k8-2E^
zC>KN3DecwNS{&b6wIL5u+PT<-6-cgb{ZK>4B2l1M-0w=szBznB&`H$lhAJcH9;@8D
z`9@uvv7d!>FwviEt|FYs;6^t>^wd=HkB&<40sn&p#xh4@g(vNxVBPDnGZIw@A=Nor
z@17KuaMV@heO;hHodfScpRXxrmUk~pOVcggNY7Am&F`(10}6hF32iD;;j|ed^SyBY
z<kvYo{dzyshkcfXd>i6QD}Q{9LB-p5IW`FK@yp#*rW$k35;(C|JG*(xVKweFU)w1x
z=*7@ceT@xdd3J$fN7N{muT^~HDFFY>F3`ynmdhCUWDctf#G#ZS0H|hR?fEqROlc<b
z5>rDg6vXRIimY~xI<D^7z*OG8BY19Lmnc-SvD(oD%mdZ{$VYh!QC-L_tIMyIFKd8q
zt=UwkRx*G-y8U(o4S@jbGwA^@@yaf<WOQXbu=W~>s@Qyn)ymn((}ovn_qgUmFA0$E
zA8gG>^?IYcM4i6>Dd6plF|$mAO~A`O&D4ngzK$!JZWC8x=ySIF@Fk!|lEM}#j~IH>
z#ZYvIzH&!9zA7|}UxXv3<<tJ{ekrZHS*D;ObH7V6u=?T<Y}b@&+P5Q|7|@4A8|yv5
zEsODnko|tZl^xpmr7BIk1hFsOZ+Ft~3t4*Jf<eA+bzk`jQQbi(@%332B4)$y_S$YB
z<N*1Ww{CcYUu(;u<1+cWOMu%NQ^Kf3MRAxk)Nr}lM#Yq48ef4z^b2NvRP8Ge+yuRK
zSL^cx;EzWlrM~Gkd<!=fi(PZcmIDGF+t)xzNR3%~rDeU17dr&^8$VOs>lS-P=(M?k
zr;}l{xfi0#%QUpLopx5=r33*$`6d+6NkTW)X-pQZW-X@n>8zboWIIng8_D%)@HF^G
zN-JblbMgb2TX=Lfy<N}uQXjq{cj*E)rj*k(*dIfV@leY;MY>KA_niq`R)p-|QSj7Y
zdkRg2GelES*z)o(H}?-mnU_YuosC~|D{B|;_m3`3L2&h@@gn7#1M}5CeyhxGb!kJ(
z4Ce=B_te@+_yzd?G^iuFy2L(d(*IFjDM))S)w?CK|7ld?W_VGqod3BT{}YoN=QaKp
z|3jI3W0>FKEep(P<pwo<6p&EYRzYSjjF^4w_=YZGo_qSOF?5kF-N@fjg#@m8#oaC9
zO?CVw$+xooL<!e|v*cVVXqY*5_&>eg#q-_XJd)<HB#H;MTa-^Xh}^m|FK4(ePs=8k
zPcEG24O#q@5<5O>O(^m7{UO%A#vye{b!y1kk9C0)hS5Js>Y2VGcWif!)|%PU%HE#r
z_{bRl4pBeYsJdi-xyRqQpbfSVfRHNYut;7-^=$XXqD8Z3k?!0tKjx6MqtbyjcWOXq
zb*&Yt`1@TKK8vA)YMpMC`TlwETD7e2utmu9g$A=5R#kd}8mHbU;c0~NOd7@Hz!5Rk
zjECewsjo|Z;ve!^r<W|-RddP}uk3~9=&J`d_UCn#@{Lp2)V9{^PZ<UstYRJ;GcD@)
zqW5V!%JKOfU-hOutnDMYQTAri8tin9p(0J<phwcBl$Q&qtc2|0`#NkePGY%-#NWb@
z3Hn{1r24btnp_STs+LS64ExKTY}Rk6&is@T&-(%H+zY<;{F|C6q<zMv2^z*Mlo+0G
z^zo7XN%tbW?U@@1NWxr(!(PIv<uG$pJ=H@ZIz2V_`Hxjgzb4#DLH3)N^Y*Jai~_9;
z!?h>uk*o83(_<SXPrG{Fvn<`^3O>~rqh*~X`zSS~orpHBlux_z%wv9X<n@ylxiZ%&
z(IXwWzo-qem<Q{D$P^|jj%O}_T9~n((`g^MOc$mYK@J37amxG@MfHL>PuzZCba6e)
zSmbJY`AXQcZk%HJIKGTgM0+JTCNUvEKncm@wq?$Vrx?^Fjr8+k@Dybyj5<940W8^M
z95jastg29mXm0~+!Tg6yf>=!_lcKCXC)-s$i^o^GzFCV-P51^Q)KIJE4pehFki0Tc
zm|h8DMc=#Y3RMPZd{TU{uLywNMDI9+h4`|uyUer`D;9ca0`YtaO*6Y*JfeG_z6~D!
z3OlY|fJ4a6H&y|_UgdJ85C`$)=}Maw<fVz_Vsi-Dw#z|OQyJIG$tkSO@*zy*mptZ~
zwX_tkdOB9l!|lPerHPHqrzivhWfcbfr+!zFY>!AL+6R!S_%&eblMVZ%-*?u-H&qVf
z4&Y$+&kgPs5!Es{?z{?6Hr5_Ns1;@%hrPKd`1Y-sPomFZdlHrZPIhv~_1s~VAJzDH
z>a|?<pU4>H5+GkXa%<YHGihscb!-`P%u}c(R8I_OA*akp<p=NhT)~wT&>BjKi>Cz?
zY~ID^oooQXE_crMbh#C4GQ2S<TmgM{14b3UdVfABqGEes@BM^G!Go7x+)CM??VNh2
z?faAiWxn(WKvrvvJ=BPOecbV{7@B^+DIU;{>6UoyK6Rt@X4$$PqfOlPLJR5$4@NG=
zJHU_fOF8F=vgSIff<s?O80*6oo`fHkX{>LLugm}47_xIGw0wy-t6|u66jPJwv^5uL
zSW`UvXn5z~_1=rpV~Wk}x((ofd~xDt6HoN3CU+y}yvn$D+3V$Bep(!}4*uPe=jKB0
z^={n33`ODxYx4ICJ_|gYn34myg*phM1??MXfSAW}A0w%3gyM~F1emY&S;)3|#dd-_
zjthu0;Y$B$>Ja6TFhq~3Auao904Z4WXXMYa>vyKJV`gJ(nD09c$Ua05Dr-u1#(u|d
zfhav69DDv>LU)5B*3l6ZoR<sN2@;%j#Mx8{NZ@k%fB7tzCi^13l`=SFKE_Y)CNY@w
z%oRq+yH)cX21LtIlYp+g=>IWsqa29bog&|V;(|=iKF9GQ8a%({u}UMwpfX>N^B<eP
zwbMVgv<z!wyz3~|z~e#(s4104ehRJ6Hti?idf}VA-A5-p_66fy^EWxF&>MMB`b!FJ
z6uXMcD?$c?&n>nFS$i-(S)ZKPPDH$)oz87jz(!woQABT+Mlbdz{&iA2>~64a(#q0r
z@h7N!;PDlFU#>Q0<H^JTV~DNtPkmZP#9Ie<`}}O@+ViiIO6n<=!I7S1Vga^3e@8a^
z`Z%XQo&O`u@I@DHXhz{4gIYPR621h9K?AvoTaKGSy0H+U{R&1X$&w6}&oKfl44b&s
zll<II$P&MD1-{HaN8&BZNk!Nh!V1P*EqWaR9U%|3Ln|`$bum+g_bZ9#@3?d&%pflj
z9uEifj_ohCOZI<mieNZD{x_>qi>=x57X$b&j=9!f^(=;^#6%$c3y%aAg6Je27~#gf
z53c^=#lv#~cS8U5dp-&Ymf2s%_lscO+_^*0)&GP(wpqu@Vs?lzG+NDwQEtB(?yTX}
z@SW69@|d9R)8-j5QflVh^u#4-wxgt6!V}?FSe#s1^v%!>LgQeIwAZcex4=C9=wCX>
zvo#9}?j|JAZkl{lT~B~ueu%}|vddvjq5<R=Y-2E6qH^;>vRLlv)O`=QbvhV*yC%jr
z{I_>F88v{d+9K-!{k@3yQKOh3z?wq>vC;D4Y;V0{rhlQI>lGKUOPN<S=K}i-R?2c5
z8DT;767v`Yal>wiVf@reZ79FSgAN59>MK%$5!>GgU&jWZ`u_1)|D8Pv7`YtQ%tsgs
z-fz_<nmZyUR6Bjj?zPO9DKkbXjaiLH3Z{1Y@Y?2Z<*6<U2}<bJiB9AL{;@h(M0$kq
z7pB9R7r#eYU1OQ%#V5H%vXHaE;$Y&Octql{sw2X%!IB}p4KtWob#vISI8FZSC4Y=5
z;%%2p&%A%2{IO5`O<uKw7+A79JPZYw#Q8<b*m~28v7zhVu`y^0&%YC5FebB_f30(a
z`ZSGR3RnnB&{FR6Dv+-!O$Z9o(?6^HKPr)_B4h?#vrRNN$S2jgVofFFVfQ~Gl22X4
zMj-SOe((^jY->$vw*NPItgj*z1UWbCKJq_s_>hp<06$M~22&2RT*3}V_)lg1R8&$@
z$n;Me$w$CZyurc9vW3liq5P^m+s%XM$hYk%RLaHW<FHb#kE%2orTaBtowqple|nQ6
zxms;@P40#<ruq2wOD4`K;at6!5nM<q7SsD2jUiz;a%XNZ8~e^GGYR6rf@LJKV9x^0
zTg3TWEmirk@A0~U6*#=~je#o;T<%FwTOuHzkUL7%4k7YtYS~8w>(`j;-muI%h>Y)k
zpSt_eDX^Zr_p2f}x9<;g)CTCgquvLqTvVv9?bbY$7JTL1+UrPcrJ5lq#(@M@_xbL&
zVh(Jc-{mv@1fg3ngbtITofs|Lb>9U7)QZZ%I+&>PFDCcxz~qnZ=n-DuL{4N6GjT~E
zgxw2!w^U7S!E;t;C}%6kQ$r`BS|PMT7+R{vfHP~#dA~ZU$tvVDi$WVnp_=+sV~6Bi
zqnohx69-Dk%g-i{ZnDxqnp(io(vo=$mr7$WqP&E+DWEQyxb$w{K&l_2`!b{Al~#&K
z3G1!_+2FLl$W91jc08pb3Xyt)3e_wX#ni?^@4P*@G`ytg^;+SxRNP-<=LPb7_eUyZ
zvolY6e>wJIP3l-Ckv<VL@sn|Ogca0RHn#FJoIh7c7t$sWuAPjDNBZ-tJ^S-NH1a$S
z3Z{Pzw62+;9TXieVZJ5T#(HnbPVkB?i~v6z*EnidrUMfXW+8@)*8lwGTIwLIBOu{J
z?$lxjFWx0ZRx-lt<u}cSVS}nsHlpX&IYunL{Tu2-#g{-}zOD-9S#Q?1NaN!`K7Y%n
zKX}~yINk5qddmiS`)p&Nr1=F#fQLuHRF-N_R`*DS_+|HYdH4L*`sm?pK;q(aQ67ZT
zn1l3;)CFZ#=*@oP{0<8W74hF=U&VG^eUIZ$lhvjh=LeG3p!xIXw?5F~Bw4q>k=S>W
z-y9J!NvxVzc)q77;!U5nlh|O!@)*fKz@8p-ZUf>L7dz}_VUm!t2{*D+B$riWOE%jV
zwC^O)I&lj8g!~-?o|K-9E$T6-mr6^xQ4PxAt|^<o;C<&ySfA&=OmmfnuGcIFxQvz_
zHWjmGrmoJ(2@a^NiQ)~-2Iv)kYnWB_;mW6$&n7Kp9xF9C{arW@Qko~B8DM7!<-xTi
zG)HDiVZal)L7GtB7+R6osNz#~Qi019c^}bAU+C1<eHecmH_%Q9;3hppAS;4AqBcZ2
z6VWR=6WxfCDP0*|>GES%MFtb2Z?(<E(i6h9>yzxtL#%=#uESizR_}avP_C7!!~vPl
z-@7qMz<p#FZ3EDdj}wZ@GuEL!zV#f`-=n+l4F<=fPlU(Y&7@*=q>)3*cC&`*2AV)7
zCzt+ocMdjfE7;hr^J>xZ*Q2YrtKCHGt@HXvN}{4hkgCIXQZlz)NPw#And^xIf^G>H
z2N=0N>YK7(!S!O8h3%$U?N>RyBvUc5p?cE63|rRgyi6)~7~cYsWdsklBa*=RPqnCL
zbZ9H;$1PYdkbh}8V7?S}Ff-ui*^uNy-R<ji`}elotRa2c)!6Egiv8o#G*{+tSeLG{
zpm3r32BE~qiucVNJ<~nadMtXpac+7gFM5J&@(a@KhG&faTjLG&8ok!<d9!$608?fr
z+yMj;NnSR7k1dG$W+4u~B?iAmjc>9ZScIgNAD&lnrlo{CWS)h4+A4NX2d@cMQ&QA(
zLdCV7!_9enXwE+j_lUvmL!Bthhj;rY@o?Ap?6K+Lc`%caqWq@_QEV}Tvuc;+Hr4a*
zb?)R>w?xQ8e|z22rZ3oUZB%YZJDKt;&4ElTo1B`W5nV!Xh{1N(ek%wfY?YA_4RSqe
zJQQMja^6lSSgeO@vI*uloN(PzmA`g&t{V`ZDH44Jv5WqBdO!@sec>J*u7H+_wAXt4
z6mi{Wi?gNUe0&@-;4bO&W$0p`oFDZ2vn_n^WSqPerBmCPWG2XEG^C0Pb_>2jZsG<C
z$__cNH4*#pgxHRAq6x&rCgd<Coet-A_>s>`|F&9qQVmj4iKj5ZH|w}!AsE#vD!JMK
znPbdHq!_LX_i7w|Z1M)LEN-hVb(E#o9#!>hB5jNhdgzdF_)Rv5*1K~qn;jA~c~Wk+
z{ynGkXyVv6arml|K8v6?kC`S=vFTp>`Ow*%+MVuX+LB<%vN6sN-+(Xq6a~i9bMZq0
zA_6)eo-%@`U`K!aSq#7zmhch%S8kHE=-fnu)-<m-xiGB2<bmzjOK;kDBfV4e#7Pg{
z9+o>3b!oeQSdU{-qo`KvQezkYUVZrGZXrwo!ji%J--CBt(ff3DvRF%O#)$!PMKM+s
zi%JVgcZj3=R@uEg)oK&1wG-u}yf9Z)V~Gm2{(dcVOijD3JzV4+xx2*LtMB;!xGRU!
zRH(7Rt))2><F;ehNKW3>ix5Py__@YJnOkD`dx|ZlDWGV=`<E@$%ikkBX6`xRUQ(mO
zkWFN8FsAvJhw7=2>W``7NP-b+#AiAdD`G|TwiCTm@lF5O#itavrG-#PEIZ~EA7jG=
zIdaUAh_|8x8G3n4YM(P@umMYq<4<Yy!MnFlY7NvD{Nld%6wy;qJxGSwa7YgC?>IFa
z<1r{(M%`17_LGW$lAY+{;<i}X<Wqqk0k?BitBbCzn}J*dwIxnUUObup_Fh0`+(s4B
z8KN>+u<UX>D0j7VRNVSTw&6MX1BRw~%Fnz%pHuLjQspcwz)iEf{}qh|6sGC50E}5>
zW;nVb<hkM*jMM%9Wnim}HN4)V{^Q`LXt?U*a}WO!45D%(e{MSgI8XS$q%&@MR3tn+
zCH2;YYxnJy$f}tY+f#cVv2yXP$16k9A74;taWGf5Q=^s5g@!!84)wOPzZ>ibDr7q2
zq&q<a5o|l(Vrv6l)v|H{J$T?5Pu|`=%B~B65g~Qsq2z&$Zeqo7j??q;-_Bg|lv(8H
z-LCl&j@^g9y4xB33xK^6wQ{j)l9j{eFM>N*mev-#a>HE@ddi%>yM6Cvg^b=<h-vbQ
zQ@-JgH3ky})pLJbFGDDdO<Chp!y=B0;v84Q2PwvP#V{#%ZYN*VuQo>8o3X92w-Z@Y
ziYf}D{(|Y~X%tg0F<pK2LHa0vTJIZG^Q!rGfCxV^w8<ywz)lb(wuCv@$`VMMj;Mxy
zvwp6i+~Z4rvb|1`L~AySsOn`X*i7|H$eH?HlG3*|>6S_SD)hHVzDBFi{HImJ^AG(*
z(O-T_*PU<%>p8Ic=J3~YaDKmzGZ)Zu=dN2h3%q{7jyLyuB&BF}+8$-**i(vL70a=z
zjauc=r|Nvp%xggzTxD@6<__q2XFo3dGv^|d{4BCs|8Eoj(8RJ)i1Cv-rPze<^lBUZ
z#P1w#o@SM&u#f*39=twm`F;#1N?-aTyzVNEdSvC;DFFk%*PwFSykmz)EWdxXRR#I~
zQ(N^v-TQ_TVqdnaKyl6!yJDYL)shM*S6R?VaZNYkP3xsC+RS{s%kjl%o}?|vB#y!=
z@7_)Ht(V%X75J^%qkXB`oS=t<&Qur?;&{Alhi1bZ*74b@vCSGq{{gm=AQ>K&ESGe%
zq6MBr`^lem<PFeU8BwPSdXTS~59bfbj9k1<U1jQnFEOmR=l!Y~jIS2d;jVyZvg10W
zAuJN9PpqiIe2kKy__AS$50lX#kik-DEk_?Kt><OQ!@+qvmI2>=(6{?v3l<G6(t`8*
z6M7DYnwEVcxNGLj0+_5{lmN2PWXF9w)rr<)S1vz7C(cwSwzwFgri*6}2es2nTFBrV
zQODXa@@~Z=mYK~{$t7JjDc>R~TW}(&r=DD^(`U<hTz|SssUZBOl7ScMrhE^AW+_FX
z3<{Rt=IG>{F{<Nl>+o-F^dO>RFY$3@#Hfg9Y1Kx0L}&xs%q}Y4bG3*Xm+OTD;KM^T
zemQR@RF7^Lu|_b3Z=b~<t{=e@`V_Ol7@|C^bIz&#!hB{T_m;{544>1aUZgU!4z^2b
z+*!lbMazjh3KmE-wx;Ot6)t1Wc6Cps^zW5FxDm5-KzN5ccGc257h@IAI<%BB*5cmG
z7zEOZAqp4|Q+n^K$&eP(mBW<Jj42NQ*&R$|iI}eNNB3l>?$TPYQ3Bp(Y{#aY&jjH#
z7Sn^q(vL@uIeepd(XU(jUey+KA$)A?tQd}!E3ZG)x*r#ULMmiPr|PQ@doWsF)A!PZ
zu`ZSrcke}YRGv*7K$f;z6N)xg@?=&ic4@juM%>~DP1+)AV%N=j-*b+Bs7rc8KDE<0
z^qPLx407sWHSMfS<2UB}Axeonk#|37k=%n3N5j68_t&7R`$yhDf0;guXks9tOua37
z)v&~PC*8(u`H%Q%%K6Ni*3VxBC-7dgE280>lQ>Dg`9gP=EB6p?GfMm<^<OUP=30y_
zezGVvw7lsUo=tRCuUW!dnuIL<%SJ)YIy~&6ng2t)C+J2~YK!=P!UV=uq1Ksb$D#%?
zoY#x11jGtDzxn?`VNI>5h^yPb0$v@jcjQ{4R~uG{kxmyCeJZkI7bz+CNTjRTndDIq
z2bJma|5zc#FdDPZ0RwWn2-|im%GjmY>vT^FlRc~~(_3L6pYlpDJ^*`io3do^yu){d
zN+;CUcwqeJiI?Sd5zHCDFVmEY&;v@SGX?dFkWIS$e%CP}m>fP~U|OyNbys0KI{x_3
z*`1Bc-viOEHFPBt^Y8E(ys<~gU#$3EhWGE=0d`0ugGu9v2mMW?2AmixLH_p7*F^wZ
zOj%7cTf1*$GP%*cd4odcgmlA|w|8qrO>Z4c8OWf^q&{N+*~dWmE{1gh@wAZdiMBv?
z@p`5<C9)SZQ%}Dat-^6PIKz@CMQ!)f9XT3{XFvW~zL}^76`QoEsIl(kx`ZRPhYDg0
zsA0Cs!>w~-;0p-*c6s57r~+eB?t;GYg!6hw?O3t08+9rDBTdxpR!Cm*xv3yN&K7K+
z@^Wm1#N+DaNDCsz`gf-<AUbHPO#Rf`BLsn^mXf=9q^61o!mAlZ(3M&nrH*>^t)rP3
z1IzYb{pc$zTTz^Hm<Yk_E=^LzZ_V`P(z61@A-?l^c4t|(tL67Avq@q(bjCh{^Z1Sh
zWxbLb4|TmaFx?GToM{-jaV2YuDD@!<RSPd1P^&A|wdmP`wB^yBJxmR>cz^7@)j}%G
z(XxtH)}}G8s?64*srQ>6)rwU3`9_@n&z}RSv($liKd|0zFy`yY6*9#)7yOn>qAu0A
z72n?VFr`dn06&@Ar}n%CoQ*0BI9BNaxkkffG%Em6b4K*9Z{V)xA&SZ@_AB3R8sB*k
zQ2AkduG)fQv3<ns9WtPFe)rcUC9A-sy20@U;JK1-fS*&bB)dRSTU7331Fr?3)?Nk0
z8r8b>bUXp58ovnwML{0=%Mh;;WRv`rRr>uRkT$X5m^hfT9)De{tdm6l?vJ>TFRs-1
za6H}77bk=Y2(Guuj4YUSDo)2QbG6aPHJLjUBtid|bw1_cOrZGFCa$QISL>M;SUu`q
zMw!~oW{zL%Y>N*}H!$wjQHjBhfu%j0{SBlrp2+nq5Lvog7A5vAyP)`9r5NA+=KS97
z8j;BSg*UH#J>wEQQpe?QaR4<lh^2V*AxkVS8!kmYgsbiE4p{qqKe0?4pVe}pz$-A7
zZ{R(v%4P2vDYz0{^dvN}!1{RM-g`Mqb3K3_pbq9nK{Ifq>=;IV#9taDah<m|RK4ot
zY+GV%j@c$0dR|-8_dGZgL%>lP9qm5MZ(A<no$Ncu)UG=sHP?N=i3?tP5_QA61|9f$
z-Mjo^K$rcPx*1~blQT>oCnYdfQjb}DiP@D!Y`7*8WbWB|$(cC}X-E;jWU?<ptl$w4
z_Qg5M8qP%4IsOaM^?#k)O<140M}Nd%HJ4ivT4g!<vhIB%qDiE|e&N@Rg{tlkIK2!_
zYdyI0WCCBl*axA>0wu-MSycQaCg6depuO2D%n<wKLUS?f$tcDe<JI#^a+FBnz+HZa
z!@o(OlehMKW1^9_InyF!%yOA>s`Lc~C7n6)*y;+e4LUS~zizM+I{fg|a#yhW6KiZ|
zLRW&Pq#>~hN_~2tS378=PSe)kX%(x8d3(-D2s+!&eyi|$rZD<Y?`ufI+d2xv29?^k
zWod{PGwGDVz?V-dXSxK`9L`aJLL;r1+tWLR!mkR-Ox1PZaZ-*$-8>w%knQ4m5P-YA
z@@aAv*b6Iix+xk_;faY4?Ul2~b)_3A`e3y25F-OL1QKO|h7pkUX|QGQwY_C8XPVED
z3HL~c+j(?!O=qQ`Pk)>bc@<!PFgkUJ->YCZEW_%FDF7+ur_7oq3zaUqm>v6ZllfhY
zPrHcZ&1Fmd-3rMY`~G>};whKT(UVV6VM40<n3Z;0#XdCUC8@uU!U^h2HGBIbm|f!s
zy8MB)nfl9&^>3oIo+^v8wZ=G!nbb;YML&$)oVeu@eUHBnf7Cil6SCj>^JAIYp4&Jv
zB)4_%RTcgDhrV*$8ma>2vL?QXx1{3S9)E@r=^xD7l+)H)XaK~pAIZI9$g3&JUu=eI
zU4@|Wm*`VJXL++k)HNn1_5=@VoL9|8ul;#}ZjYy1Mvhlrde(jQ6y}?Zb_4^wsXp1x
zf42LJX-F`V%Q2!_L+__~9I7j{NcP1zwIGFYF!JE!ED8$Rhz@QkM#DZiQ^D%IVh&gD
zst>C_WcAqzM#iePmMV~6*%f6(a3A^q(8#CM3%!RiZWB;{x{_UmNiF0oaukj>SD9w!
zkf`cceHSDmITx$c@G4WE#0XX*qN2nLy&t1RJhlU+RVuZ8e1Z|xe^pD^NaNjruWbCY
z@oJ75NO4^)1G78IXTZ-qDY1)WsaQaLG6C;M#?ZU<Is;q^kYa8nJ6I!#7_eSj9Z*{2
ze9N^m8(noutEtMJNfzV+!LSWI2gvwAa+&1vyZ$IInE3m~@%IHE90oP6zDAv=JDVSC
zLyl8!1;PC~QZ2-PK+40|q_FteTWIHR-V?7wQm&m21z@zGVEq6U*bzk|)VBdMPP}Mn
zE<`=84^ApC529%33+dRDJh<Y1FTk5%yDB0w{x>#OCc+y#U|}nJBY$}lUkU`1LeMU!
z4(Z6t#wR}75AJ}7epIu^8N7+^$zVf0nRSLuV0$WfZ)S57dBam7zbaAxs}Op=x9R`3
z_zOpZ`Jkqv{d^(ns|Zljv3$Z+dhNHb@taoPw1B#`wO9wAa2y?880dF%Y|ttFL7Mqs
z!@O~N@0|M`U=y4{q{{jOb88;`-z3iS!U~dXvVgwncJSnD`UXhFJF<V(N&(xIYiF6?
zBlbbAQHo_+vd_qAsL|GqC8`ks!&y0*zcl*F(_Gh~ATft-veW7J))sY$kxsuY7Lc|Q
zL>BT6IJG-BIut}$A@xZ*9#;YH^)x1DiCxf|s;U|qGBN_Hri-bn!l2nhhATG_5Y!>J
zch{E~x-olIZS8W<+^F7XkiD1|w9sE5+-*w^^!A52WxS77Q3z>Y6@?atTc#S#cGFpj
zxvTO5HqGM%^AywM@XmR{VXvFYqT}hpo&J*Uhu*8Nl5?wgilI7_k^uGJKufBB&Wh6}
z$%CHzB^$Z>*q$BNxO#mLK&JTOf-0aCKUmq`>*&*<lt`a$PA?haRjTF#td7Ht@r;9w
zcMrpXY;EzJz<w_pJ4GhYmp~rvJOjM&b`#wGgCh~>G=8>5IeSS=OvyGarAX936tgeV
zB;`dr-YtmkzAbQTs^d9P>e@q;c=M~f`HB$w6|<qcu?gUkT>ZVr1wKINHZKzFQwk6H
z;3hm;hELQ{8QDY_-QKv6E=F^_yC<9h8haFwU1A}6WnZ)7itLg;ECczBya!B7HuRv`
z(0aN?5vGK}hVxE^Zx|U_7wZ(1X8K7Ds-*eh?;mzfgPK{Nfa0XS^334<D}2JIpV=3)
zzcC<(NL(i!OD7c=F0UrNyn;}0*W|O8d&MhRRNP&mM9n2lU1-UabrFq%Bgr5FQJ(s;
zE94Vi5<bg=7qG0YQwoaLp{zwvKeaIwcBZ%xHJg)T;s>`5>Ey+4)h7;%og-Di$0+=D
zN>9Y0S}j7J4svJny<fDXR`&gsFl+>RfHVh^hP1pA{QCR^9qswc_%g%Lc%kr=EqmRD
z>Eb)uD!lXQy4uc4+j8bfE<ub}aT%kQClUmQy@w3)zMiAZB9$fv$%K1C<I9ZcMZ(Lw
zOwieky%<(KkSa4Ku2vY7h+uP<`3CnkL0Ia<0^ak`yM39hguSS_2VhJV=6fgDX;(=f
z4<W`_*`f)|2$8HnR!f+uHN1+!=<TYgV0w$-o1BSAPf!BN#3FY63)OA%P+0r<w=4QZ
zVT#*m2;EXj%-7SY7fsZK$HWTo%Dse>WwxO%T_H1J?Hfv2MjV?TO~@zibkB~pvIJC#
zFSCj!X+FAtz8>goOi?R;CQbEOE<e_pvt8YAE_IcP%xzWDVWmfep%$>EHaZJBB8rRk
zhmMHCXdW6@{^p$6rNkI_eh7HN`FkA!Ke3wTQ6DLVp`N#YWJ}7ZC8|FRH#HX9KuYGC
z1?!|BmO7n_qa@k9eudfPe&>jnkF-9S&RRIcPy3A*#{9PG`~OpF$U_f%BGR0v{SQ@)
zsfHckfFXQ;66;VJsy%DF`Yo;W-v!q6_(^@-(pbDFThqllblac|BL77J%Qxz{r4{GQ
zC&fXuXXVK@L2Wb}@+`KGZmjbw$1hdwi(?t&;Wk<RQc*=l9uk6BA;OV_b&b4IqVG*>
z#sGB)+z2k;26Dd;l$T|KUg23ZtQE0r?OPKNwUVUTiwHe10h5XJYo<m(<TYk}u!;l&
zNn`Ntqo7B_3DjD)sgn`G`GBXz`3<27Ol<q^eh{$oh3!+ZhEX)5Qf<S#>8B`ko%oX&
zahU&DeX8gO>_r&tlTiTJgzu`ck<`PjvbrWO4tRwz;%@LWfY?JOVC?$>%HQp4Z9xFl
ztSh-pB<-pK<$-V0M)-Q`5+2|adfD0RY$R_229#2pMpg&{Z~-nA4<}Zz{=#qA|Kmw5
zJb~(fJbQYw_PYih%=+@j=@}l_?~(Kmfgc!=pFLpYFK|NUzsR2kT6sVJd9oy2ymy(y
z_HjN(=#Nn;=ZmHb)$P4|rOJ>4j=wmXP_}?!8#~B!mU%(&@ZSg8br<`eoOhIw)JP_#
z-U4i<JkY_xU>`9S5L4=jYON8viPq*Rv4RdLY4~D2Vi2TD<8I;FAqxgGdtSO4gVF=2
z7BpB8o!P{vAx!(Dm6IKj?3g$~D!Vo`)7Cw6tH&;wN-fUJ0TJc`rG@!F5qq6;yW<BN
z08DDEt&hzBv}rP(Z31^i(qn!OT^Jm*igl{u1bm8~7Pnz}bUUcws9wWss%U~V6R?h>
z31dOU{%*9>YZ5G7(?0Psk4${*4lL>h1(9i|H*yg=4Ow@NRRjwZqmp9;Q3E975Yvg$
zK)^iVu;IubAfc?dTwC-Bh|VC=UOrgCm+`HrZ46W)C@a>t%a}U826_EXN!8iKjuk$y
zRde728)X#V=d1#s7%549mvB7Wquw)7behY~ox@6dFoYny7e|z2FU!zu_PP8o)uRLs
zX9)i4@bay5txWmmAoqT9a~U*+euhjRO~M$y_&!NIM)e?A_%yIt6$C%?3R-lN5v;y;
zcXU>E#I3s#yi2i`35gA>bc^5^6VQ2ScgDz=CoX3DxNDi)%c>M0^nS<XD=KMKVqLH!
z4^$Q7dDo<^*MaKk!lSI$0SALrdwz}=!Ph7uP2HJXs^63FtoAK{GO~}7)!SE;1rBPO
z{J179r6zELN0Gk+iT?$O$l*YFMVwIMfrbF{BjQ=ZE*rI#3t^6`JvQ-yS216?>c+gY
z6P0?T6gd?k58-b(K+$bp;9{|%a=hlZ_xF?_<>!oGa31NEKWSNNppV=44?G$4!f0eA
zLEH`-9pxzRy7YK@<mF^~@K@!PdSnG3MvI+Y7XuI$xsI~kF0>HHY#TkhZw4Lz8!pG>
zF&wn`+lus3y4%z<sUu-|lNRJ0-77Ou>~xROZ+?K$2Uhci&};{zlGTsJ3}El;uFn1#
zpr~gm)K~wWJcu!m+>JU05prNTx*8Jy?rMCOR@O_7IRSeQ$)p69Ym}qqgSm2-E~ir^
z4q|E;g&mPA8=X+xza}`<!gOho3;zStd(7&v5Q>Od<D9Xxh?o~P8CBO8nVh~RfTp7N
z4y=38RZ&>?r>->`k3bw2K(J)~O`WZlUX`KsYXzNf&Yl@1V|~)X2Lpd`5sR;)OZ}3*
zKi{D`&(s7Y`&n>cNHms6_7@=o!JbLmjwCULV({Do+fr!rWnQtE7h(!#{p1S+B&eSX
zubUcr_%4cnGo@tsr|89{9*2~&$)6+KHj(3E>R@_0?R-?ThFM{|;cFA6?Y+@H{+^`!
z_f(b7Jw~t~<-%ec=wfP&<VlA0EbuOQD!CyT_qW;U)q;N@$0G;Y7e-g*F!s;V>OHNl
z`obuPBsf)PBL5#<Zy6Lv8+Gjt?(V^YySqaO?h=B#ySog*-GT)R4#6e34jwE(aCZpK
z;Q9@D-uKiwU)A|FRlxK>cXQu+Uwf_94&fZvi9b#J28~A*CO6o5djifom}H!`2fHUK
zwYpwtdZM;B=M5G6IZCn1Z|{&!t374oKM!4VdZh1gUkfUd6WqVoh3Rpc&5bb8R(YT=
zlxWI2mp;`d>ykj-(3q=`6z~V!|1B;i=Y&eDcl<%!HD?X%cK?n-Bosp|hz{sE(sahY
zM+5cRu^v&Ip};wH3G)cRygx8BH|AWsm=U7tOv&5I;GA603?v=$9GhvDTbLEiZa)kl
zXKN9tzIm3}+6@_=BY+jXQ9%j}OZu(QYVyvOFOe#OsB9CheAK^{5~kh$xqau3dnMFg
zww0A&AY?c7hs<1yNpIWSC0l%VfnOYppRaHKHv;;1?qZkzmviw)w%rrTDCuCQ!?S3E
zBNVtM_7+#lOuqT{tsIut7CCPj6!DAUaTtS(34+O$<AdlF*{SQe2rpSGrW5>A*?#<F
zUcb6rayEVWgZku;#1STKu{wW!aaj%9?tymD)Anv7)%n_|t)!3WY&%JDlFc%kKFW)!
zXFUS>{u_If)ni5mLt@o6GoYwAlIMu+j7JOJT0Ybve3f?~7b9e=$0CFkBu>14h{nij
zQU>X@iB-hejcV$rJoJg-nRmPa+xMSGcr=T3C;Wfrcp?%FW><OY3Xht+c5kXz*JhX7
zMFnt+hVwT!9ui3yE2~SqbHQ2gC)THg@<EjfuXfYEm_ET7%*sbn+TATN1YJCZ8$4_i
zjGwAf6u<|zo!@Zy?~4pRCtwea95}dYF9l@#xf*`6GVV&3=hra_V3TQ7HY7h(SMCJq
zyjv2*D!BI{eU^b(ssh1d&(HisqW<5$azjrxFqsA2!wA>tnTvDAUw>~;Dovh$3YM!d
zYa`%uHSgawPH0R=nfO(r!Y38J9k%E8RrCcjW>jXXqKrgIUwI|1)F~r+bTpJksR``T
zinI#mRK#jusT?jkKx!drl~?{$BX#=qkJeBmvzoB$m{|t}9co{5M^9Q!mI0GmUhHVr
zVd~dqLUqg0aYFkJ>~yiXpN4+UH@v*HZSG6(=`v)kI{ihF^A=nDiTY_vX_Lxgx&-bN
z7}rRSGS0pGXlpm9?MpHPZPW0=n-LF@EyQa5R@Y;9#<5ACk1Kv^c$y)$^;=q)ZK$Kt
z?+h-S_ObeUfj$QhHN^vVPK)N;Pcdh${MZY)SXUNE!m%{gzD_fc>$86s$ny{*(5q*k
z`{L1u+>!JbzOLf@{yE|J4E}ZqC~M$$1%<|0uV=mfL>zkUpKgfMUw3(@I~{Lot|4L3
z_qf=fvFLdVK(;)|ps|g{`mJL!6ur&g^mWD3_uh~~vflw6j*!!riHzpM;8}QDSG1M>
zSqgz@A6a{4a_<;iR|~q)zVA*(PV_$MC$5GY%J4=U^i#x^XqF&b!5S=S@AR|9nfn1V
z>k&KQo4d2S-yw__?@Cm>t&X0tw^LlQ_h<+m>jp>YGXoDF<M?$16dOj72UU|Re7^Rt
z<?q0)yCohhz&?TYOme91gR>=@u(B|#iKrC3Oi&!jkDf0?*CKDtME}fhqgC;=2JynT
z`>vhelc(MG2~arsoTdeKOWZw!+z2RLTu1czCEQ;=khmf64&fM$wDM1IiXb|D>^@Of
zWX&~?c@XgS@2onyx~X-@61XY~A<vDFGL67F9YmF`8W&5L*SKskHD(FV%~JwD;NzO6
z@9X+lr93$KgxvK67Zmgp*V=@9Jy$`QG`qwZFu<&;odF@Ghw~#lK;4-blGiICO7@2m
zND7C}J%4On?^j0QLkuOl6+wbTyMz*5iG=ABdsf#lO$+;*tQ%*~T7~Ic_lXzfv#->$
ztpUT6Oe!89DDOeB!%yoKw*>dZffQt1ZP)W#uUo^s_&E0G-t6rdj!!7Ck^>nDTbvR>
znyD<X8y^05?NEf2P0aDi`6x7CHU}oYzr@#`(U3E8u|0?UI&vTZD;BZtCs}L1cputD
zsAJ$-Uu#wc4^f|<<MB!BPq}&W*O|a-76%0|JX_;p_%;?+<$iswZgzW00c9a|rF0K)
zVM>m|7KiwJ@g-aVPw@AJXGJ%p@y4VZ!{Ry-aoYI^!ZS`;d1Ca+9=d^GQblvkMaZp{
zS`v-#r`&#hX=#o0ZQDzn76CLn=lE~70&?f}4lA6w&aIQvtHFf8(wLi}xFL?Gi!~+D
za3u5loJLv_l`aRb=dh3u&1z*U4T?5oP3L$pq`dYz2|%Kl;@W|;x|(UsK2?sxSe33c
z9OU)R)?kV}=CcLKux<f4O>AcMc9Y?VtcZx0;Im@F+G3-Y?7e>cF5!T<7UuA1BuN8p
z0Ykt_Hx8&OGApW$_!bOLpR~K`yHj*MZejdsA-9WA;d282=aDir)z+8TZE^GKcsFFl
zJ%H0txUMrPbeWCdqdVZ#mhr13jJBvT%30g+@;c&Z0*amttC@&{&coh^puosZOh*iy
zu<(zFapK=FMlhdZafvP?@2DI5b0mMjy7;9pc*#~`Ru4tBhkr%fx?!OR7?z;GRYoM<
zdT+iC1C!9r+F0bN&}ra(xf6n5)Cv6^PaV?K-G*9`3tuD8t3dFGQAyRUf4Um<KlHL;
zv)e<|259`ywhsO-3Il}9HEljEybtF8$5$Lj=+GfVrTKXk`+EE>XhKmBbmsX<VO9l3
zRhExrM=XK=Vt8M92QGGpM$|QcGKa_OJ5o<64H}OU)jwtHsSC()w*DHzkLFd!f~JBH
zF>3Kqxg||f!rN$f$(WxGKwvdE55W4?cFrUUayqnr77l3!503FdZz~mglGE;I!@r7M
z%EFwBL{3?kR@)XbV^F6h1NXairUK#n%3+e-24^+(GoUfKZ&TG$fOYdU%Yq|2>hzK?
z6-?rJFNMiXNoTg7NO$VPsheYXO7`QL)^E_k0@kPQoneYo{(p5ZU;jMDJfR8Eq&gD_
z6cjjdR>tw^ODBH;ITREcG(BSo7(k>W=?1tj>koo*@)>`p{}f$+W>e7Ikbv}sjVy{X
zbgZY_l3gy3e&#n49KIJOApwg}U+^d=%wIt1&AfMpfi5`nCtd;O@D(U9np(1MKQ`?R
zbr@KxN^Sxm*X6$!_Wyc0Kf^*t%n;5jJ7~Yku8akl%IK7w=hvz?>1h6~vER&7L8pEF
zYr%xjN!ZJxRmCQ0zj#UYe>=neS5~~a4raiJz+g&o`jC(I??wp2phro;n}!VvImgn%
zs|Oj;Hbi5NATj=cg;^`-PV%pre)4!o_s<brcfy=#b6$-sJ1_NldBFa%m_2_B!)<9n
z((wTQot^vF-7(EhR2iHVo3XES_~Yz6>Am2u=Ov%^=Sgo}WZie0sN%8ul}<XsJp-5L
zb^=_9c$<7~mZoi{$4T|DW1knMKkgLXckB5E?K~%`#6VGMQ)xF80X*%_=Hf--{;X6H
z`C)IU-xMD+qmOxAJx{4TbV~4V1OO<oIoM5&=bUkKTKr7yF<qZdFY1Envwax2Vo1TH
zenH165>9ucjS}J*SOAq1Q=`-xKqPL<$Gp)P-1h!#rpQC|y8GR<43!ohh_^FOEL)JZ
z2!EsWFz*MRdWgLo8ZsUN|8_DnQ3q*Hz~1#zpGKnZJQIcr$i3A3V#DE0e)Kp1hBW4S
z_9`<#X`oTbaBesh+VH(!DxnX+`*6jTup#kk*j~}-_qP`sBf80X8<U9#ksDMes5e}>
zx3$z@)dK+N{sWU<I<`jH)*&Kt+HvuBzM=AMZtf=3Fo*Fehw`2BEuQoWgpXvvSdtgG
z>02nrcZ_)%xM4@MrHsqWsN7pzu;>hHaAggqKD|r7Q9>o9Xzy7q0qlojrT)#xJ@S1%
z)kj~TXzgn1){<b@AJaydZf^;F<&{VTz2p-xO9)B{=op`Ln$o%iBy+5Mse6()_m-fF
z0SGI9X3|bzoX@{K{ThVonbH)SI3yDnd_-(eD>p)UTJi}Bajtc*<yPCA<P7EDkGadG
zA*Tv*1kO`RWAC+0I*>KlhqdBg&P)?qvO%p~alEtcg8LqrJn7o)X5I?bd*AKarRDj$
z2j!aS_6yNbxK=HC!?AnSkvhclG3k(k*kjlq$2H<Ad==Y&`tGCuJ!<y4OCW+oJC&!5
ztmDsR`4TbF*Nic~&6!X`itNnnOhxC^Sw^NW?bx0)iOg%C6ieDGT`7zTHYc`D@j$7w
zsS~iBdnA<e1`%24w{qbE`ZO~+7y~Im%Y!;T1qg^n++Eh$Q3mIw0w-HdW7@#lLjr^j
zUu4zByWx_CiYNuwtJ+EG)*&*ws)AV=><Pmme>c|p4oXAtH{Yo+`rC^Alg3(L1~7x1
zxJN}pT)aPl6gZiuGF}R2yf|%B7kuZ|i{uv`kUvcCmlDwO!Yag(L*>l9Cj=@zR8UF7
zq5bvz*GGtDY<_HB(I4$M8<@c;pRKz6sU6n)86T=lT7l5FFwyo$|2roWMX~qq51I+V
zBAZO_FFkJjA@|WxL=BtaLXA2^kn?_>PW1d5uz|Oq0`3eU`9&vLD*{nMSWV79gA5eq
z@2tp?kT^MY36ZCfA&bJDAE=H~UzhM|=8cIh7-^Z4Ty&ywgOpLaQ`#wg^@ynq-kD%5
z2)m!Wg=#Tuz6PvV#B~S0vIE`<7951C%}fTszl|flqiO_|=O1qOuy?Q;>w!Qu$U^qi
zsV(^C7REOF^bfzk5k(_f`@U*ndr~b~DhT!awTd;c{Tb#r<QI6#ER?O@5d>5vE@41^
z@W0itQ!XRkag0z*46+=%xC8T80SY1U%Ps;ynP4?0qi--fH93uvpV7V-{ptUGfGi$)
zYf*|z3V7i5K!2q(_c7@fc{S?nmj9>pe!b-oTy}zExM7J0Z_|Xykl9g$?RRp&5A*u_
zBL$=oTb&G|W$2HfEGjp+xTPCirCZCphPi&F7P==)<W}b2;O^lYDfr1{EDD&sEcXw7
zhAKci`&6PRwHcOD>0zOEmlRckwI@{J#zS|F3P^dqyDUV~J_YeV0P<c-*Nn_d!<=l_
z)#O*v&Xwv{h!WfIH<VwVDTo*WPAi6$%B2Xy0_+stAXMNN%jc08E<m(bsnNs`eoLlv
zI;#@Az(c&^-}wJI4ocqSA)lRC58u5jdLP7x=;j7L-UgpI#LZ*z*Ap14;OgO;2W9A>
znXIMWbEU!+KZ)7vkL2cUnIqnHr`*{s`?hn5aoWH&DIvc~nNEM3=e4=E%W5p~x0;TI
z43s)v^L&Gn{?vbjBYV4q%}C^e+&0*1Q(lLHa#&#{zG!nAaER6ZySR8yVB$Nk$7=pn
zZ`8y;MvlJ;DS-WS^(%z~kw(SCzv9WB|NnP2>%RnBVz18SV&BpOuz^~4#BGhPQyv0u
zqaHf)f*LC}e|CiLGyXh&e?y1>rXl-^KF;tAbH8q`);)5SQ3#yVEautZ?rf0L@aD28
ztiE#1*TB(_`H9qZ0X8xNml825hv94r$h8IEf)p5TWA;zF<VLYq-s63@k!c`91z7Vh
zEi_x8#`BaGDlaMzd&uxvE}K0hNk8Cc8)SJl?b)%(xH;+BF5KRm#c=kVUW#|>V*m=7
zmhoxC5HecL3thHEi!P*bzDOr6<5Sa_bUlfm=zB3YKe{Q6%DxNCo71Tfs`wQRRbpMu
zBZmn!Y-m*ZtcGc0Bz#}UUXozc9xE$m=RQ=)+)dEIaZ<UPGixE`U|K+Lt5<og254>7
zzNLc4*KnU>rJJ67x27XK1447mJ9;TqSYK(PzK8R)=!=t%ax|Z(wQ+aI5}lg$+J}pu
z6ansf22_`fvp!GC9eJAtxlX%^v{5a?wca13*$>5!REiiitLSzI=x{0$%d;xPOvB?G
zyNqJ99>gr+-%MQ09^0%V3YYwZBkSH3*0h#$AS*k0+n8Rb3kl<U;DBisXqkBxi3-Hi
zqTMtz&l~z|*wtPWD6AZSVWriZKY66@8SE}`6k>ByrfH3u`cF(8kDDX|!!n%Q*1E6_
z-r-kUC^n6*ghLHxsi8iU0vzXOrba$esZ34D8QE-q+L2N0PPmW$#B_aYCJ??eo2h3l
z+oDtG7|<!&6Z1vD%>G2xS}2+Y(BhUF?+8nNiLU;_)KuKO@2AEsGlPFSGXBjY>u>sR
zpmVC;)im|W{Mx*+kccIupDHd);c~<wxp=K*Sr1@o0-K#nYqrYNC?S7`+EfqOJ_9A>
z_rM7vwMy@x;l8_s0iE2lPRot_G!~H_(gRISeW~5N_<Nq>08;9vSNvn<TA<=h$l`wZ
zJjImUQEO*g9~PT*AI2&Y&te}-Ik!#J$#6)`qNuCukrg$vCv})T(j*jUGR>I9H9LoQ
zMD*Fp$mxT^D7M07yds~z<67L->=1DKhE6}wG?8vOt=JQLbXIcgbM;c?S;B5ca<jQ(
z>28mi-&!%Y8!Ee@g94ZU1f=r1R8WxP1Vq)5gdRpMPu$O%h(-v%CNFk!G;-SwKkG||
zXDsH4B_2j>3jg%^4q3EMu^o-+(1Ea@wt7aacwF3HKu68k2y;TI{O7{V{ZlZZXTDen
zJzI=hfOBkGbl|*c{{^_9Mg|LEjw^#7aJ3HkrkTLjf%IlGc@#{KEhLm?Y=#;g2p8TD
zg_);BVuWXG%WMY{-vPJIw>ha$Ng5{jAH^NQylcqnT0$SB!$#;S2<eA1{-{C%Kq$dN
z5HBWhaSu5U6M|UAttedHuVW(sm%aHM_#9%tPW-%Utc1NQ%3(4pLQll0|K)~ILMK2!
zGAS?ZsJWHlfit60RlgpbzeAU!|C5pwSTej<INsE6RG*XM?Mc})Ex6V55Ecb9c_c%!
z`d&Xxo@C+r0SBSy(tHa*PiR!85oy*YcUQIfhyy6+EAgum&p+^ki67O$HX0pmRLCU~
zNEq??$Te*bjLF6pe>Zeh#l+ruxT9Bfs|AqCiZO_`0%(&!&ZOi>fAD@M<RkdQ#nx!h
zV>2dj5NI3WuxiM1Ok>Ok>gN0FB`-vxS4r-~p@{4R&vQP&tN}^z(WGKC&&JHhHM@ev
zYD@*bYe$;hom}+C2$Np#lhL6IPtt51L}ekgYr*R;Hm;JlpXVT#TqAqq<hG(_)8s*&
ze^2|_jV-M`+JKOk9nsLL8E)UX%K*UP+iZ1n_WCN{E$_RprK=k;qgNLlxE$I*!4Hpv
zkUBA#CX_bH<we2=wE3a^8=9m76(g1B*b$qcOud^1F36Dn)p->KxKZUv;IFI431fLB
zzR70r!0h5)M4pea9TeT*DrT|UoaL-zVyVTrP)q)Ok{&O79J}b?X*_*+9VuW*nBcop
zw(CrZdUmDh<a%JoO9g8{EWfXKI;#Q|dbZ+pBuvjr9zOut16db29$GW9ldrOGL}tIK
z*s}*|>jQ4WQXB=py5)>>vLqi;@*y#AAjscXfY%r!P3SeyW|etG!=6Qp2}Du5k`1|E
zOCcB6FOR>?Oh-_H1OP6Mgkh_MG^aN#E6v8_jyrnLx>tG+Q07i--)@=!R?8ehXNLVc
z2Ar1F%P$7Qv8`Q?7{-F56I29+?CT)P@@5qmbVOTTyTQo6D<8H1wZ!5iEfe#Y2)SM;
zF77fLE)o0yt$8ej_{GhBs9M!9es-WNMST2I9EFnQcrIW!U|mqljDXE5sJ)^Me?}4#
z>;p^2(I1?&EWahb3BA>Wk57e;Dtr}HC?u(%vDGtt0PC{RHl|F{(h-R>#1@)n7725-
zNr{dtCQSlJco$hn=RhWnHRQA+ynqAw_l$%5xt0AA4j4h*&TioGtd*9)|7td&1pNFg
zj8>QW?|7cNEeww(9JlT(O;d<MEcWj^>?UPn6RpF#H{)#56x%|gq9Kh&ptg=uwk$*~
zQ4|_<V{#&NA^bMyOi74RbGx-Whkh%){JXvH9<WmWwIzXxqW<TIME`0za#V8V4ulYh
z9`9}LNg`HVR#pNp4mr?U@kkDWimtb1)TW551-}{b`~7Hb-c%St0T3U)7Ubg$(@R3j
zS)bEYbc5FGKT7Gom2@*8DS0q-<ZR2PJG0x-k0(#EUcuD!c~~xKB(e7y!mS>&%E}IA
zuEcyzoPCC&AshSOU>kT@?G&tD1=rJEPp%thv+}9^!-dZx&xeeRWcpgQrM^h%f?W|k
zb@>Ipof4_3-Ov_G!P@Ce?4{6kXyQxN>OK|W^t#&xckaNwYc#NyCzjO9{M#=-r@`i?
zP#XvBaH!Hf0WlKki5%iX6AyzC^Ym9d*CKX2&a<~EYesc!5HiKSu^!$c(lr|Ngld%#
zIj7=O8aHB4E@XdeNa}dM-gCPHw}hPi9(>fC8e_Ms&?j09D^`?iOr7a!+B1K6a=$dX
ziRMmqbd5;uBnz&{HrVm;Ic^v}V&5xyeP~;%X#j&pUR%II%doUp+f>@l4uT`_VMD?@
zaE54=@7Wd%zlV->w^U`DFfpy<4E<CCLztugp(nJt!lwv0QHmqdXK!4eT!b0Al>ONg
zx|?ec|JLfAb(WQhbcc@RLAk0i^TfpWdJ``PKFRwDNoHctUyONs35ImRcvXhtO{!Br
z;4+O$OCyk_Q+7YZw<fOmaEDZ;D}BLLnzIvH&k53(xje(qUC^TNBbHj?Z;pFh;xBQi
ztZ&e#(q?V=A=c|fj9!-Vf#}1I_T*}D??=~Wc&5x;#>VKe<`*Eej<UrpVLh2+niV9;
zpyQQ%AJ2hGkJuwH<(xRMowJ}|Ym7z`aW6BDTxsndLEUc{1%Hpm>ga1gEZ+!@SOEcT
zxrB-`qrhirI!IQ6Rkh5-#EZ*}ELnV(a!Czep3+`B*8`W1a!PLA&hy+QLv`%XF!=mD
zImLX>gTeK3Opm`hzN6YIoDHeVq*3TbFSL%)6}9(>vp!7M6`3E2*Fb5Tb|}N|O2)NS
z+cPS={|D`(Z({K=UrLHz@9Lr12*=~^fjSQXpN1zptrfRAT5y;W)zAxZ#W;jZ+I9(=
zccQRmrtB{gDY42ZZI<)wcy#=7qCR3^)0@}IQ&+)RdqCSv6_LN=bGNA<O|9n1ll8P%
zZ$YAd-lA>txVCXHXseTPKV0XxNiq=hDuvHvoBtG&?=W3|sFpHEuAO$dl(Ec}UTlOW
z+!RQ4e(s$68{gadcC2UnHZ0A;A%C}rmoq45&F#bJdb3ZY(=s<=vx};puYSUk@YCQ4
zg->vv9Zp*FR0m5=gNy^lVcoX2HsJSmwp|@6Q~#%FO8oCN%6U5YAyEACIt5CPkf6XT
z98NyazRETjN>;ctjH;e!@n+Y7i5~!~cVH4l-Q!`>Bob1+UE~q6jVeRg<3<s`nw=#y
zxlXGXaXUka3cN?#F0<GN%(=WPD&qiDiZzEi#X|L{n&mSGSONnj0@B&$hlrEs_Xk{q
z)b*2bhlVay0aG+jM0V>Ngq7`tZg!$QGC#F53AbiQ_oVY81803a4Ku2hGOY6(0JL5u
zqwz)v8x>6ql9nidBhHe)#gMsfc%3NcA`<(o4RhZPC16}3T8)bcim;TUHdCNEt+@r2
z{Qy%VUqGa%4><C?&$r>L&*`<U&z#3)s=TP5H_-rg>PP8ASw;ITR`2vx06FKYGg7iU
z;J2fikI1v>a-20(hG{-4uLY~LbliTtn=*7u)ou#^0X?v>Vc{lh%K=0NpsdVRsJeis
zZV?h$YDTkK^*|`~)-v7k{iU%4cHUp~F^P3&cCM@wHEl8!#M<aMU2~Hx1{CGSjIj9w
z>3Tf=P!bxWg}m7OBml&DxF8&=Y{0RvV40~SWbg-k-Qu3%-DIL4>$kB#`2s>vCDf_A
z*)X4M&Uh^<{aPCIcJ!bQRTUsq#UlovWd6*k=Yf1ItZLr-Ak(?RCj1+?45o^zf-E2u
z=%|89#~UiwI~#R>21-?%HlK&BgoPZ%^DsbhagTpQL|Cx(>`7&zSYiJ($1cP`Jy3Z>
z{|s_^Kt_}Geo$KD+Wn<#h_w~J9*QU@1_J^fj}1@ZdOrWkw7Wv>p?CPv-o)Ocs8O})
zivoae;|yokaL8)BbeZPd2x{UbrmOlAQ^L2tT|`6X#$!pSEckA!ehNRwYCp_{&CI1#
zNt+A^CR#S05d~Cp%u%I=!)Q+$sdC+j0?)O&8p8Q`5xCjMIP$)X{;7NUws)cJh_PxO
zlkTu<0SLW&c+A{74wU))H=c3g$D!9Q+lbKsaSwx-ii!6AqKy&0TbpQ!8i3g@iLY(|
zerAegc2GwkSz^r_H{L?2%Lm1ob8DBZ$3FBBMr8|JnUNP9zt%`-6T5pJ&c6NN@P&oR
zL)m%G)@=pXzN7A#Bkk4wV0UH5uRm|M3o$5Z#>Z3luF-y-mVzY3sB9rYIg<GOx$^qV
z2ONMh>0dV~$e3uOxGN&;N-+1;s<r1aU==O}YJ$u{lu{6uik>5Nsu05zc2?MPOZ)gQ
zQN*8_L9!!ZAr}2-TGRXDUBXe%G;&INRvk(&>E8w*ovvsKd%p!Z;B7?T9jG#iuJ0qr
zUTAV+Xu7^B(=JlQ;5(M5q4pqeNM)ilMBsEg)E5fUGE2|Lg6xN8F>Q<5Hrcq=p*gP_
z9g(+sYi2zXOivDHGq!6Fhwd<}LQWymDwfJa8JSg<>L-nPLFABG5@qwW51^b5_f}aE
zK^EdNN*q-BsQ#9GVGp_MHW&8%SYV+3DtEqU29J(_ebhQ`$+j|(*v=WK#frZ#mfg#<
zVFw;1)-j^o)<hAX&aEEBv=_I%Z_pr=6UlG)xx+8%=2e+hntX4-FHuE+IG^@4muWqu
z{auuIbEq#cYrl^#Jl}b#@L(as8TjsEOQ(2SHvME{ow&{YG0gXK>8$Voq4!Q95l2XE
zOlilW(M1<u{N~M2zh$ZA3QvHcW~yOaolA_&cJ<(|HRh+RH-Pb$K=;2d=jrRkVMr(n
zn@x%T)igNh_@`6@!Fbb<@`*%L)x5S55yG~>Z2b!1F-A?W-|=o*ETSIVbRhugRCiP1
ztPs9b3h-7j3A@+k{tnb%e*?K>AbvTUJe;>Tg8s|aU@F4;hu7CG&keQG?u@IQIOTk^
zjvayDI^-U&u%RFwiHC+e)W-w5;ROY%N5w>{3_7Bk6wctW{p$2TYNzcG?DP-XzeG4c
zh6TiI_GuKksZmRRHcrN37)%98At%(PQ-$Fn?xDr)%bL)E(Y~3l{P#8?mRJ^7pmmbd
zWfJRa5e?uPey~)D8-QGtYh}qSIW>h7zKrsINHLLCoBh~FIvgpJZQ)}BBzOGiRSt5?
zs35n~dk#3cY75g%x%%YGbsgRSrqZ{6aJu+l>X+YpYp_qNbA2<uDsJ)0^c(RHJVZB2
zeKdR)8&O6vOaJ<lT-kHnNo~y#Ui_}X^JLCe{rsZjJ+KSMJi2Pn;~$CiYb7sxErryR
z2H(ClzFb;FMK{tzQtX<-%IAy!pD_g)^~znXwbQ*iqzEkyLxIIx-Lu$ojCi}j?TuK`
zt}7to;0Y8f@VWJdX!^ek`39=IkZ|&T{(0!t7aPUfLGX=h7fVSpgx=WB41DLlykwRy
zCL`a168gCjX`L$UY#cG4Tp2l`XnCzYG`-nX;QlZ)V7hV`11&qv;dgo$n>ZTPyj+`y
zw?XR_StG0cENxrf279Mc%t15sSh8o{?^|9V*eAgzU>hLs`0o6=6IykI_rh{L382Kx
z{K<XPTHRZKL3qqP2EKRuVo0<h-`V+3c8stj6lMLM<Gu?V{dk(*XeZf5YuO^MVFy&J
z98)L}D}dYWny(aZv)BQIfLLvYCQl{isJ3}WRf2j9f{8=1A_d5rpbFs7BdYEl<n8Uo
zZ!xqXgwMh3FxOccJHwQvl2pqwfp%odIM<pe#grFa+z{_aiqk*d&~g~U%TBCJwJ>6B
zfG!ZI<SiizESFIpIl}j!tmN{rIsiU~X$g<rfU*NVop`O#Pe`0JdP#YhUD4aH_n8fk
zC{@xNduAvP+EqHIP|jL+Ybl@)K%oRyv_MY8@BAL$zFi^uziiCyKcfKFsFipN@Juw4
zF<2(Bv;B@YRKEy0p5=-GhOCnxFS#xy2%%W`A&nH&(D9uCH1Q`W!xInTf%K4+jHgc*
zUHmq)U1@C}?Na7+zif?U4UbrPP5GcbNCI;8NG^4pwF1@ob#sQ`H?Db7iS*Uz$9y7F
zk?88SZuM41Fcv%e-z(USs_T8P%YJe;L|Pp;kD1g0!?xi7mdAu=9=51IQ93-eVAL@e
zE9y!O#gAe$jWXzB2#+oIdto07E&a;exH5y^?Z5uR?&ega7xU_^Og^V4IofV+O~kX!
z--%14%XriDJ9&v^s;suMlI#Akcbz5yYzTPhbluJwGPWK$tSK>((3kyXk?X=Q$J6QE
zJ9O*7E2faT832EN(;uuy+0;^by$vg8zNHaAncSBcm7SfOyiWK3S)l%3%awvU#7Pa|
zH{FIUG$^5)|1o#?$(*x6X2`nq5^f=P?NSSPYvpDzczz~gLeMD%&C?7hYmzhZZ9Tis
zNGs-?P{sqk317cLFV+?CaZr}L?F&EEwRFFdLcZ>^si~u*rUuzM-Wt3=d%+OO|GMw8
z#l;=pe?sI{E|rNU4qi45NshbY@;f}Jce!&ji!v{NS6^0E5K1(|_2Y|};=#z{<~%#H
z|M`bki47YOiIl*Hsn2r&@?Y+TN?B;CpV;Lk6;L+JvMaKQnZ&P$T2W)xO&*exX#ciD
z{aw5vy`k>1i|hO;JXflGYSrzMn`coPmd;DU?t2B;$m13`A$ymDh&k5OeGan2&1J(Y
z@h1N6`HEcqX$z3|*#NC0m_RjX4*Ug!JUWZXDwYS%o2M^w%2KrF2jRMl3c5+a-$yXn
z$&=S}_b+7>F5yhxznbL0pnA5+#@{_L0AfC!yGIwmpIU~w*vw#%i&nT@34ps&XgeSn
zOYdR(bl}mYwJe8EBEVHZoaDLEn5#qL!|nA@4iVJvpdrn|l!#Y@*SC2y48lY<5h3Ea
z3c9uk7Z;+QeZvYe>v{^kKKGn2h!U51#js8Y{ks}%!Gk<(PbvL+3)L-qKt^z^9EJE3
zP-k?^5<0TWi1X?g2~e^?lm$KecG$~FB$UZAffI~c&}#B+3w8X|qic;O0-)n3nfd#C
zq{Ol|klT?f@G0U4I*x0tf*VpCnIQg#;e_c44+!w2Kwy>In`Sweg@t3i5)z7VK9-E(
z8~o+fSZqFXOyUus=|85N69BzITB|*QWM#EY`IF_y8CBs(h2<h?&>`#A+h9KmkaZfX
zqCW~(8#c3N(<4(U6F5<=3UwUKZs+`aCTRY(0%FxL$sF_)f+TrdR1WI5zwqk}$LiI~
zkr~T0#)Ym^0bG<*dcX^*k0?rfNFCt@X(kh+iG%=+9G*oh=gg(X0M8R%5-_~oQ1zNO
z;D}*<;Ue$)l@d}2=}>g2ZZY<B-x+EfL5DH2p)T=PVs9A4er?2V+TaP>rDbiIP|j%=
zJSpG<_VxX2qpKYy;5ewv4KsLL{VK5^^_1!qW+fN;EYq0-nYyfVA%o@4Vf<5ILJ<^D
zCF;>k$p@vFRU|LX2?4)|=my3Y!@pEhoyA=ba7@tR(!>Xkw5xyuXflQ`pI)6hyN4me
zFh4qGW{O~fhXC}XM2RjUcQ3;Dk=v#(DiPsS_o37MGaQ{Cv}65WhK?R-Jd2$Z-qR?a
zq|tAZ<EA-`zzP8W6iZpHEkcLJ3^46(@^W~nC*2Bd)ks_Da*CG_Ak8P#$UPqblfKrE
z{#Izoy%Dpp4Z>{>n&~(2W`)}X>++0{H&1V!MKnlYJUMqSN@pz5c2rra86fwddPaC{
zwqTI)I&c407$$-t6~z>rZ~wzw?YEfpns@!g;Q4afXA{^lWlxCQ1WwB{X@mj>rj=T0
za!9LtLfPLk0;X~0pDSG4Hfq_#?+npI^Ue<OJ}o7^8eKn8yo4K-5FHDQ%WGbRotC;Z
zOY#MA?92H9Q|WHkx<B|MI$6MX432|-{qDr5!CWt^gQSDrF}`*m-Af){^$pY0N0uGr
z>0^^OqKJPO(Lefw5BMzNlw{XpllYr`USL;Nlw3ym_2e=rI!JM0nDGFa(_$oZrlpSD
zxHQklRQM&kjrz*H_w(dTZf%`{tf<-)Un|!R&xl5T-|PPVS?Z%C#Q5_PEoYnM{3;J|
z`<yT9Z{qb;zfBRleT;GUNC#tj1t3(a##<8^1%voMVzqfD933MiHP8>yvKY|m{~5e3
z2pI^cT&Iixe65X)j*+80`Iy?T$=<2v9+}|{c>=;R_-Fc~x{8_#UbVyq9DZsvH-_Vf
zU|cnpIwU~Y_QwJQF~G1ZE-R)|zdvn3rD-L#4q{U&LA=xW=Sy|X6#98X6~9gq<rZ#n
z_qq%Y@nh+Hmk?dR1TMJz!pz#IEq6Yqo9#3g7k<se1rD)e(r!FGxTDu@AU*t09_9@D
zP$Iy)^B&?8=F>i9oZALoZ#30k$=Y>_sPL=*QMG3<EGtU<^?rp+m$(+9;D#<6L3OtH
zh$TsbFPP>H$YCDzQfw*zJ>pQD?`qffZ40;>3sakIV%MszLoqAylk^&rDFH5kH!bnb
z&-^eGrURG*=&}0o0<AxZRR_i-y*$HTWx@A!m1Ag-3ls$~Nd-J|U>+8n>4B?kK&}GX
zD!IQ=O`76;{c_J8r{GM(0h5)X$|!o!l~%?C`#lz>wRU17fxIUKmk#J_b1DVvj6e^T
zW63Dj$vGrABt4VPcHN^B9}s#0c;M>d0~?9~rXhy$*{}TZRzz{LIUwWUI3Roef%#w?
zARd&WoTH55Q<0iIuQ$VkilE80)wL8zm!=nay@K6F-;rOqmP^;6?Vh&a54`iw7c|Ls
zFranWaf7(8btZL2<CX`*wh`XdZZK1mtn*c`i<_&jTfq`2+bXR$K!G>wcQ{iEf%F7M
zj8|%R6m#umKOsl6XBO16hw8!Mqu??@0tV3NGqtEd-PO91Z<hmVJBA*@SxAlRiDn!v
zZHlCrSe#4*C+0+BSD=KQYV|qh<xj;cha`vf37y2t)gV_(xn(E&fRF<X*eD5lS3n7v
zXNEg~O#le1Vl@&`BX9U+3B`Rz7JvHGP5exhv{-c&XR8#%uKwE>Q*8oylyuP7zm9AQ
za-I!0lIR#Ic?sE^!^^TWpqs`5)TlVPfb}v36Q=D@x#5T>Sh+~G-s?S>X|vRlI?kMa
zzRK2YkRXVfPJKU-lef$5bfIKdroG2(OScD$$=HYTl$EG1E2QWJavzHKZ^TguO2}I_
zwSu3@H^qiT7ngR9_a!*8ic<D>n_^X+rumNEu+v)pq2CJm5d<vc;Z91BMw{;$q4kXY
zyI+@=6kGUU%bt8F|IRG1ELXXXDRd~&zuZ=k7aJ~9TFS-|Ch}Xpn>-U#dRBqU_K=HN
z8}LW^pw<{cjjx?Og^seMnJ^2o*yn)qURcbW8Y@vB#-8l~OaF(K?oN(1X$KR5o*e%e
zQ4|hm?`#Lg25mGj+srp16J}23>(hnlT>5Mt`A?E~Oi%D;I-g>=+4lm<8m$+v%z?{~
z_F<)3P%F!h7C+45SvpO^5+{TeYjg`aarACnF27#*Hq<^@%}SX4uWoE=wvg6(<Kdny
zkg&Ka_{eI^ewGo9vS6uDM=EliaXFdiFHE%K+GxcJ!hln|90NoLl$xqATMI`flfXOG
z@?|$edc^klA;DJ&(hW^!7htts3G|2wY=0ZfFJ=J5X!4w88bY`DTKB$BIU<Bvb_!?%
z@L{;Pp%YfB_8X{_KmN2BVlQ~;5VYXH=)sz@f#8w4CkM3o;yUg1k8$V4QLojn5O0;q
z;N3+9?`G3U9*HWap~;Lipi41Fvj5EebPN#{V;McsbQ|_)8w&Zv5v?OS<xj<TGZRBO
zz~X#I9C`=5b9<ZHj2g)d46k*jLr2uLR6_HL`R&<5P-+gor3sPP8amrS9tpiD>nwWv
zkHp=gCl<R}6qNM}-v{LPb_2U7pV13i?uZ&1=wI}Yoh8K4s#CC{Ku8{d$GE2n!+r;H
zx01PfG&pUe*Nb<aNB>jCD8w?=_XYe&tUrwz*IEE|HLHBwZepEe3DnT1YO>a#-nOs<
z#^Mm<fO4_fE_a2;Z-(%d#kjX)`H-z_4jm&8gF!IZ+=fmY{j7HwoE>v5Ey1L~c?bQ2
zhY^01W&IzWIVg#2FYdb<UiLPJ>?O`tD|@7(?YktW5u>8!j{dWu#Lpw`p5*P}ySL>=
z+7Ve{P#o_Dh!<Y|E8RxXPqQ(jvHo-qx4O9=xB{4pPtuiTwvQhl+<z0n19$opW4Ffv
za^wjP5CZ|y<MZvqqp^aW!6o`N9KT<`&?~pJzQT+rDoXFkW<8A1P(=K5!b4C}PSEl+
zaUx(P?<Iy@947MCWa=jgOm?bUe69w#kCm)*l-Bl%?s(eswpzLhTGqgiaSh|Pb&9M4
zJhYin)k1zo-ibRZV&f+?)BN{U%5zZ<Lu`#9jqx|MY$>?Tv%W{pR>Ra6TH3gEyxD=0
zV`G>BW9znmw@l~M?0)Ev;g#X2^!<-vj271U-xdy&o`A9}jq^rKx~jcn6&p0=KUoS4
zn~nq}g;_%LqcLR%e%U!&At{5hf))9mrBG`#Vrgd6w5$|KPsewF`9gf#h~Xy^Ln-P~
zKhpao-=Kf0Po!5#?=*sY(Va7w8<ae}qS_3D;UHwT&vu>cS~Z->8XfVkvYle1%3^!^
z=e(4R4`f!O_ggQY%LgtOXjh~<OZ|ku+R!p62A)aw+!Q9;?qn(NYx_ndp<eL5zI{ZF
z|J{wq(?^(QxAnr?@xJ>07_WWwyqiyBfIIX19mRF(5B#}L4<X!p#3@nD;&;MA{%SDo
zjVhy?gmDLF^N$TrXh+T;Opa`y47zAD6Klh$_4H|a(^On;NAkwE5}J0I9(o@FqrRTA
zxgRbxv4UT*+Zz@2(r@mS)4P7p6&EhIU17|=78cR6*y<EOf*T>^XBHH+F0_?^G#te;
z_|Gj^ZD6g@fPO|&b?((sGJp{>oE~HSC5ONgAo`w?_8o*-%%d6LIe*7`>%C0s1io<2
zKpeeqq=;AXqxl^3KgpkmjqUWqXnJus>-pW$htY0F@cFz0Mocs$_30imi2Hg@j%&F~
z@S%j0bPGk=(2{$5HLhbQqhBv-%*?lMUVP7Nlb}dxGx!O57`lWu(9*mIAeKuA+|nQs
zlKKOX7gIQAFqC%07h;il%8aKT^_SSf$T!O%yzfsM7!!UnZKT#8UWv#f^$D5Ex@GJk
zp1O!AS%WSk_t3d|kOhXzsPOe4ZM$OmUP%}SWouSva@VXNt8Ou=GINlO(y%M-b5Z>@
zvE3xUn?*Yg1~Ko1k&-%pp(ESiSuHDF$^yKzYk+a{`fmL@rPu}K9KJTrDq9d9j_+KI
zY%qc)hncLr7B!RpwD5Zbi?Udv43PLJ%4&M2?@7vwi2Qty$}N-ge$AifW19hgUip_Z
zuKG}&uSW2CstYw287Sg0p0ha^kE)uV+pXVSJjDiD=>Hx5Sd!^Kn$%3hc1inQ1;cw_
z8DoG)>e>8e8?Az9hzCv*q^^vmW@CSEs-$H?vK8vhy564qK6{uu!ilD7#d<9<zhj|b
z)}<0jV7QI{Fw|EueP@^06?j}fbC(wIi8b}`Jx3;<Uu`-P0#rv<Teib2^)XR!4R(V%
z;K!d6ctO_Q{YNxS%tWfNhC4>zH0R%{Wa{3=A80Slvh_h$>KQ?ieook@2h)^K(+kB2
z_p@ZnA3P7sFz6pFlW(#P-5m^cPsj}fb0OJC^C|f8Bd&zk;>-AYKWK&C&y(p1-bGoE
zH2ootzv$5Ls2$+D6e9|6&zMf%;=^MeksJMN!YN?mg5o>{D!Q(+kTdT%`V-T_T&};@
z!YaY4;CT_gQ|~TT%f_nkS;_Wu^#Jh(m8!UZI5P{2!fVimOR`zkFg@q_hAOJ0BeoE2
za}=uZ9&$V#3<m8Is_+Zwjdolkn+OU@_ANKR&659zqXwnd1`n(z?d<c-KsW;?OXEB2
z*hj;EtnQ=f;{BT&zk4&?#%5A?9jHY7ga#@vufm&#{~x~h%DOqGh=hcN1)+PBIDs@A
zA3t6(-RS-oePw=JTS4h+R439ok3^1zfs+Y&M53XF&bbn#Aooi-cTUy_@4$3H@FqRn
zfII>#*7=-nA@_xb91RJBDw8Rnfim<8d!4l&P%g655{XeS3sMcm_`Y{~O{WMoTy|6k
z%drZSeNCQJ@F&(`{rn-Mvb1xJjE+R)_{%UN&>mkvz{CewpJlh^#s#HmOR7KaNxG5K
zw$49?0Z<af3kzWNJkQa!gP0ZT%YKfnplV}etq__B)USa*zSZSQUz9$g>d<q@gpz+}
z_g~}QYL313cUdO<=A3CC{;o~*B=6@1p56u(smLBq9E!zV<ZktN!)^uDQKrftaPb=1
zLNSe;r7U6;sx&LHE#nt6Za%}l4`pJ=4v?&6%onFk--uA$aFmR*u<#g65uJ%p`iN`9
z<m<-y<!!pENE1fNZvcT`R9Wy!(04_7PhDbD-wThj57Vh+W*4XQ+>4s`A(}S7hQ?l1
zyd(#J)Hr;ex1HM90gcA1G;lgK?VE6a#A=q#<)yR9!`6=L2SV^H4#XhIs1|<{suC?m
zkQq&>fIq&WhoXwfwN3g;qi7`fN4y`(M$nxD^6UhzT&(pY)kf<nL{Xvo6_f&!6Qq5G
zgD6C3^XqgH%GeaGlA4x;;gwfJmgVV&2RU>~@Xyr3fgUsM<>T=+-qGkFs=Pa~OSB_{
ztcY&M=07uGZf?cJ0{qT7PjrPvP0q#yV@m0#eZ6u1G~>U58ywd@E)E>~0Pbz0Wfnf0
zJ`f*%A{jFmD1WWo=L35ojwa$+%7d{#v`!Xt^0Pz#>i#~~TOIkO&^&Wdf&IDv92Ole
z_Uj7I_@c8&m1=Xj)gHAIP}GlAG)T#oHiDni$d?+yPX&J>(UMk|-KnDz-A^<cnL)GO
z3AE6hu*yRFNncrW@N=E1Y(}%}4U`|_Ws)%8BZI!9{4Dmu6CgU%-9X2MPqWtg4_XsR
zM{T=0@ks8JSy*3j5r6nLTpm$F(#bpVPesf7P;-P&M#>}-L4@B~x&G7`!HLUFGkc`T
z3SX3O>X5Yf3<pr}_63{$c&bNw?K$)|BRlw0k3C6FP9}2|n#+_;!_psYz%}o1r;pA9
z<Ws2{;#BGV?d<$lxoy5>+zmBjNZfsuifU)ECfPtV;^2}WmOqLjakB6{I{-!0iH2^J
zOeOw4a3|xe*R16yh`l`jqeA)xv!>~$loruf4B-gk`vA+&nK7ydRZj>vFd1iUf1q6}
zb5s9LQiSkD&Qr$T!+M_l^ljEjH*T9e?<4uu_+Fn<Bs~OfAbeEcs-{0LCmh8kRx<Fb
z=wxuOvtw~16~bu{*gz)UVqQW*s1sK!fCPEbHew;(w5`5?w4JBUFWGmDLKX$oI^8GN
zm27Eql-##$=~REzbPEJ+n(Z#~nvGhq8uj`kI3?y*(p;eF@RxK(apYvtRsC+TI?NMs
ziMmom*TS{<YGO9D@GtRA0HKl1iMtm4btTHJh-O(gH^ly)6`8+Hr6ucMw86iL0pBC;
z0_PgsKPgSgW-R}a;|ld}$Sf$ECyP!4lkdFoO$$xb`WJOxa0L<(EF>1b>ng^fg|j{>
zP7F~mA1VYO<WltKO;5o?-g83Nq3g^H83WCLt^=Inj41+F<se>+a#kfJ-JtvWP?U$o
zrm!4Z*|0PSYF#3GIg`{|?xP}TM}{O3obqmBkqNmr00!xN6h{NX{r5O%ZW&5OO?+ut
zP>y`OclYuW;}EP)m5Q1p+)o35NXx>d`xj6Lt5=*OcJLX@dmh|*Fkn8vMq>`bvrURj
zKMb2y-RjQVTqfa>ZA=E+-Cha(^X!WkCAeOIf)#=zy&)R=<W8iPi4g!NUc+=i5rD7M
z8%3i9kd{&Yi$7o@+A2O{`s6dQ({}}zPx^0_2^|{x={YsxX&7}M0wt`x*7-U|X54of
zlRjFYDl6nHbs>*S<|$vDf!8C?!(Fh0(}Oi9LvwZo$R5=9^y$PJEni=~#vh<_y6{b6
zd-ybeW&_&(u$r*@0L5G`q^9qVwc-6?EcF%y7@RF#h$aHe(Pw{VJ3`n9yslnahNBm}
zxBz;A0scH>p_;k<#69@FjYasQnS+&nlaVaz`yZv$yk#J(u=kI4DOT1erv4BGdG>xV
zny;!Z5mK#-Y=*ZERu97voyOWDAk>9g%HJDsUf)u*ixZ77ATm>y3?fU!^{ycteS8ob
zF8?@%_dpS#P#Y1O_2v5XZxo1l)xdT20z?4s$Y==T%>4e{TB?acu7BnA1j)uy)z|)a
z27u=M<~1!?sGS_&$D0O*o?sZSn=ZV*Tz2rzK!Gc>6?P7o72)UtP1x`lcwOz~Mfvx{
z$L#KFg!-u@(B@ba1&jej@=O?TY#@xx+U?N=A~yaxB#@&X8>)3Cvj!h&>|2-b%L%Ml
z@p$Fi2Y6nrV?v%+4*E8gux?>2@<CMkehtEOI&^%qBZL^L_YAZAkc@Yy5)o)V119w7
zq60F*Of%>8)`X$7f8HNoOg{sf81@ep#GsFPyVVSP!|y%me)#urbaHZ2H|@OBQ9)CC
zLswp;d*IqpC7Imo$jPb?!5S18NWqey&qyo#Ek;gV`DFy+b%b7P(_B|-$=kdqQ)Gwy
z6XdJCzCw^$0*0`=uy8j%xma%}1p!?R(wXq>e*OV0kxH;|_D{NDALOLUOZUl?)8SjG
z#!j+tXe<#v{JUKr<h}V{F_vfEqMufHK<@6mygz<?lnO$5Q=92EYJH-$nU%Ktl=?bm
zRm~_lt@-IoQQcqF<WbGyrC$k8GM$XCDURhot{~BGuA8YpqKC(Mdw&QeY0U{R+9mnV
zY5ihL3aFA{IHLlOl$k^SR#;l7P?o}9wEvuwAlz&_T!tkpnT7Y`GDBt5w~q5P=J2j6
zF4bj5LdL06Qvja9DnP+P*fryt*<vMUs!m7c6FN;E+h-SwBcmF@YK71$g-;|<+D1-<
zLZ>i5OEHXyT}uGiA|cJuH@@NULXtCW1<)7TR5#I!snIuWR_jC2)6Zq-GDrC3+X1Xr
z+eVXXiaTsgI$fHbaFadP>9@v34CyL&XhI$rqr`Gd-~=NZ784H8Vnu?ydAmfidGIlJ
z+y&6f{n)C(nmk{p)Y@hjnxYvCwc~VRXvz-H2a{rYPnip)Zy7*zg~<03VSYv~ssX4q
z-m1&Vnlz3qcRl<~5nFj9(!G4<PTE5TUWQRI8NFv0)AtUf?6Ik^Dy=r@s;W*W3gAg}
z_K9XYO<)lX8$1Q2#b-aL-&5SY$Jq8;p{N6xK>~5cOEKq7e!A@3RAc3SCjqd3bL`Gw
zFzhLhQz5M}jnPjIm~tlf5?QXOPA3gOV81Uq+nH^4#^E^navMwoSPnNB#ptQFCU?0{
zBaa`?spQK}*gUn(8uGXS$^ee$!me+BBP@^*By9&E_heIrnw8Rsm&raoXBm2LN3$-H
z31WPo-SJr|NW&Esxs;ek%+u^;Wq9A7s&mHD^Q|Z5-DwMksN${m1LYc!zH>~%<xEZX
zVsO)JA$6W76wZ6geD~P(=UpVTBa@_=qtqBIVpD8Pt3>0$;OMiz3{;EX#}i}<LjeKr
z%~PlqURDw>X0sSXV9?a|CzGwar<XDy<_<OQ8FiMddJDv!Ft4b)#Fz)=ZOW^6kSmqH
zz;2|H?Qwh6nd({(&o=h{mndPL5%-<<uoe$VMFW+z?`F}C-o5o~nDuc%EZZWPEp#@P
z5__8kOs&=)WxG)Hl5Eb5Ti*lUkj$muwxex`e#?Nw@k6`Vs-PdX->+afufi|27W=pe
z*-hJ2VHk13^E{wY&4_L7cc)$B*+hED&x5CC{NXB&ftRPqr(W}wEoFPva2uQ(OAA!|
zBgg686<9@ae8wvm#CjJ#?I4AphNI56)IPsWErM2*t_2!<U2%Ym`5Od6K2Vho6D*#6
zWX4ZB-0h>>*(mVjZc8MgW)E%$DFzE6(hke%mTi!*X0^S8cbhan7E%c(t9YgkV0wNI
zRZAmSDFsLAjnnA?*x3yDKH;?AiLZLF{XBrWt89+Va7Rebx8l`jTu?`?ZW6Fv`0`A*
z_^o1drw_Y5FiZ=24!p){w2wLQ@^VBTC#e?xPVa$(UmAf-=TQ-+y(J?8{5um5@XT5{
zK{C^Jd|1Zq6?e`!t41ABPMu;Vs2ldg%5^02OUYa?;@35=A=S*}57`tkwoj?l<@xH8
zu5FB5_x>sJfRR#06xl#citewo(h^}$gSJ_sjHM&)q`PK2lQ_#CKUc&blIHIU{~yBM
zGAgd1>l*B)(O?0BTL>Q9f_q4C4em~W;O+!>f(Ca8?rx0-cXy|8_lD^_&-;Bdvu0+^
zuY1?JeXG{3>N<7K+57BLwTZ(kq4Y3gY?pTCR4(Gm%{6XpP?M(^SkN|QPpJE-hWF?(
zqFL~fBUY9~sv%)E{+CIFwjfEEZi7P8D5dI$Djq{z;TnHyO-)mzO9A3<19!-VN0c80
z00FxhN#o#9i^Y?TApSC75;^*Jm-e5+v<NKgn`j29So!Vf^XA)S)7{Jwz@&E>C9d6r
zV|ITB`Mx>=yq9sJFl2d(?R6b^0*!qN7E>r&hXL<w&lU~u(*<HG-*}E&7)m65@B<#r
z>5%gyi?EwK?Ya}F3}>wgt^x**Lup&}4vkTxH0qABU)}<mpLM74*T1G7=W1KSzkeFM
zx!Cdtu&cQAv$RDHkNtv0avXNvJ}#QGuBhM<<B+ooTI~gob_YF}?4qhFWpT-6Y8xw?
zDRE5%4Z|HpN{+0&yqe~a^$*>&coTnzBM+^axm|5vyt;;OG+N*0&8nmY*#GV&luY}c
zmUxW%H0hQ(b4!@l>Zm4p0RPn;clN;zLXX<*($v^K<U)v;84%`>NZQ$yrQOZSU_uJX
zw9=PZTy|)J?z#E-1rksB!>-Oa!UrHl&Y99J<Z%3S*Tx&(H|Ji^$dBICBL`)4g~hXJ
zfjD=AWZeeO&LcrcznUW7{U-Un>kZg2E$Ir|ZSsQE*s>}a%ducHuX;I1A%EesEuloz
z?K#ne6sSn&I4l%^qMp@F48JfT@S;QYsC3%qUU$PD0H(F_XZ%)g6uZgZyS%}F+$lvZ
zPYO5er+zcQMRr%nOnT^Y|Mpay!9_RI#h6ayg{g5$ya`28m0PN@tS{2x(v;|DyX5`D
zU<%T89)P{6{8I%Bf}6boa~@XoZlKaq7>8Zw6P4mc!rsl=Ot<(g$;~?i$<`LH>T<w^
zAtL|X=>R(Pii<<~y1Flm=i{YS^r1xenXOQ6j1=f^_@cl(f-5DgI8cMop6vaqPr=%f
z?8sj_+fTO|EZAdat40k><k`=gDJ`tpek%v0NOziWR1fm))ryE5S`2M7_X`n$5tm*p
zq&=FCTu;qio1TDhq<cA@q=5LO0tf~Jnq+3A+QtNd!ap|8Elv4BgA~K_PXxB_rtdVp
zv^<eF7C$#H8rxr;AJ=x<jecIDt!6}s9iAH9y|NA)9~@dH?C`|`?@lDrM%t4K#aVA~
zqMXT!6pL15(w)R33*5&0hx|_5eKbN7;MrdyMgj7Sth~<A5gS}qC}v3z7|D;KW9e}Q
z-!5WldFYe5g8D91Z<z!G)51tG$7~n*kVVG%dTm5m@d$_=On(7SYK^Z9oR%PESYuP3
zaM2l;NDGCef16ye-(+Fp>hge4WzkVI>q2iAs|5p*8?1Di1W9~8GJeC<*0?O|H;XL3
zxed|LP=pOgXB!~aVN)93AbE`Me1`v>!PDW}f~XQYFFGm@QE^*r8{e?6lMHu%nf&0S
z?i{kL0Aq|HjoL=)^D@YS&8!XhD8BAk3W8hEdTi^>OAvW`mT|J4`|ai)i0+ugsB;5G
zp9}6h{#Q@_FV~{o%|uv*iU)dT%IA>mSbg^w>AW#EI(qEM-<kd*rZdRtKca}Q_uBvX
z8|`unzUxFZTjahdMMq^A8CdYJA2ZjBu>T$=+pwk3UGkI?tpEaiQ6W=P|0EGvH(CA_
zc&T)AGPg~AKiiBz0J!JL$gLH>BCr7L-W_2$*8nD*b;})hNWnd2`<A`yOO402gF#9#
zQA9QMH56mnPh%*F7<3<V+Op5|WB_N=_<?y@pqZ9Aj!(U}{|`;X<byU>0c0?T5=%cq
zYg6-WMe#lq;DCqUSxz$jPZO~crjiHKM0^S3m0u`WOgf_DsR2Z)))7EB$YJE&;~cbO
zlu>Bfcq8M{Kl#F`jGdiGlPS{uI^4b@2r@4x2(5$vX{_P~;Mssg)>?$3NUh?SyVk;u
z{2G6v`?A!l6peYYPqRu>ga`1p8Sw7%WaG(7AXa=S;YMkUS9h(6M|FA7Zn>7Pt=c7|
zP2kHu_^Ut@BX9*^){xMZjE28YpI(>|fHmjp^q_WmaEPUwb<z}_lZOU=55vj%r2!;v
z&oZ_fQSR|qYdJ3Zwr^i(ksxDsOa4sb0`|4WxDJ=S9P;S^jz;SlUM%#t!nA_ff3U{g
z;F-JP*WQmjs7BzxPLo#eMKQOZQ^1KMRa7*q>dFND%~ncI7MO*zIHzN0>i3F@i13P_
z{XiYwfN%Be{^Db3vl=EJO{Y`HzdT6X+EQzicqM~oVP+AfTLfokkiNpFYke_-7-ToQ
z3s?*a_b(w>GW$yRSd91L{vu>3s!MA0utiW{b@nYxr=WESg|a>@&Nw<vA3Rv5#HkE4
zzf+f8nTCe|ru6NjaKQYT9r0FWVA&lT=BSGIt7n!<x4;&*u?oP?FMN58TgN}B|77zH
zpubO&7qL1pw4S71A%<5z@3nPb2wM2{T|huAAQmE-Q?XsiD1(zhQiYIp$n5Z@m$_A;
zvG;)uj4W7QY-MLnmim!R4o90=)o*|E{m853hdU-wl3_@gfR|W6tKRv1P*BydO;^%$
zcI$cy$X9-L*SQ-nRZrNmojzP|k>OeFR<L15<Wvxj;Fsxvy)SlebxP()4+GT{G<O}}
zM&CTeey(pJ^(4op<%$r1)sC{wZ7kc~rNeB*$37OK|Jj--T-x3i2Yh1c!Hk*wR{x(8
zBX90H-d+#0RgCU!T}AOU*SpaPITs;}><<N-<~X3Y=SCK@zg0DW{Nq#<Xgusf_5-M=
z5MJHefuQA9>#9=}^A&3Q^-Q-BB{+jk_{7a%B!EpCI(Gb$n7j~i*dVQVWKoO(soFJm
zYnk0RKJ>%LWH$dOin&UIc#FgsCLox~3bUFRuu-S_MHTa|M=HsyCRfJpl73H!D)g6%
zhvnT!MW@0&)9FvUo=STO@2jCGKo_WY?4xiu-U=8h&x%1fn86_VOsazIqN%im3;j^`
zD(fC6#LVDo8pw<>@RyFm-?Lf-5YB$d`exF&|J`v-fQ9~bgq<uJYDDe_a3wom;x8!-
z@xDk3R0->SVBHLNrgiERR+%qR@>4Y(4mT!m9F)dT1iLn2QR8K^GOM!oe=ARTHrR2Z
z=4~O%-b;KbV!ciFlnhKo4YJ;U7Vch*yN)k3=2bBRJ$QEdbd1F@o6&HD2=q^N4q1o?
zztn*24HbU-dUExzF*!&1$SvukFzkGJmm#w0+*3zmw1cNRW+CwNW`2BLb1Kp2wi=ZT
z<$U=1x&?+&f?EUBaZZILdZ0{ROogP~azJv7IUPhd??)3c4U9d7>keF}KREkGRK>2n
zcOILa6*8~R@pJ2qj7q=o{ud2z#W7Hu{N#U3>OULIkZ=1mur9`jnKI`Kv%?Hci;w>-
zFE4NT|FXOC8jVaaTe^BwNWa%B{DL<n`b7-*&phAj8_}nnC&$9XBW3Ox{@LgR)+p54
z|H?;tZHgG@owEY=P-QZM6X8gf>~%jeG;f>E*ABAnN4Nm0(AhRyd(ptkKLi8?c1kZ_
z{}dHn+@UxUqy_7DXGKKO24=w#(AiME9Sgrn*S`$>6T<5tC8ptich!heYt3f)#uaWu
z<<mNWJE_6&S}c@B5ZKmiLuWod;E`U5IWB$ZGsVWhT#ecq@$)1>zlQA?1MEkOxQJg0
z#3<2CORR4bzn3*~a-2lA78RuIvlE4#UDwNa{00#JXA@dw3JCbDw$f6A{9dySTwH?m
z;?9)OQrolnXBeP=u(P3H7g+>7ro-@yO&S<~<IVqO<@vn3O#t1XEG*CK8^>OwlU+m$
zAUkRAJ*g=sYqdkjvN*k;Rc=^{sSkiY0`*A9Z4;eG@w};|`bp}}=f{t2b9Fyodxsxu
z`*MJ++fVFVXQyvp80UJ|yMxEi%8Z}eFu!X*JzUBAeT4F@k1yPyHZiEp_T{>5VyKIG
zO~m55hT`F)ROz^=wmdy7uQy!#NS(BfFIVll@{q)|1nKIz3_eyZ^Ki2g635k=a>tL!
z&Ymf^p@H#B?t^f2Ji6|@RtS%~BQnL^B||3SO;Z%z(XJ97Wcs%kKH=P<hLa;!m5q#3
zkcEJyZz*w6*Z^MxPLp;G1^1bIqnSK{<8?ho`f@W?75Mu1gP(e6KwgHqn;ooz07OS<
zNdyKU^J_(t3B5Ph_t7vR^%+ds;(3|t?w@S0xIIjU+jeoS#<3pN*dphN5}Uhk{O}79
zP)l+>H}Y?mlc)vrM$TvH1Qv~!O^>?=Qu359t7rx6q-smRrjSet%T8{8Sf@#O{VSU`
zZe1q=MkBZ#_(8MDJi&q@n~U=)HDo^2Ud;Wqe=%%FsJEN!+9(*A`>!{7%rx7g7Q5{o
zjB!8d5k?QcOJ1&d!5RasFb$`EAd1}`{zzHUn&l+$XlD5f4t9<sOy7h`SdaB;N(KuR
z;Dv2NWR~oTtY772q-Ko<wz5&fYR0>=N<oh?c`bP+;YgI!6A-<s`J!BBy||qD{!!vy
zTaNsOr|)(2qhEJ!W08>0&D!96o9dmgrg6vlw^?o;)O8Lie{Nb&`DCa~^2^bh+_Fki
z1haOMhqTCqssC36l!q3^x?_4+jS)<ovPG)2$a<vp6v2<|a!O{ty?0t%-}=dzWeb<J
zY-XJkJKIny(|9u|x+Ak7p|j0F06ZgQwpe5injptjcXm@~gMLk4rwG|#bsr$53gP8@
z!4ElK-bT@3zGw9Dt9I@S2I=?^#L=K{OC}JlcHP1%@lJL-bZwv9`*=yFE?O!=ld;LQ
zc$}kxG|myr8jsV5NF(7n3I>SBqX3dWh>H2YBY<1o&3}9dwFUlt`%QX2BZ%;w6EPkp
z@Xv)e=WQ_@q>Uif6o?yPIR%*OZK}~dLuEbB(V4z&-3e-UBoNgD+kM?<#<Jlbk5xvJ
zS}D6u_N|#l1J6x0f0{z*Bf+4_I>n6j(c_g=AR|8R8WE>i5OF5nPSH1r#I!YFl%+C)
zJc%x!8i<|B=HZl{e=as-$Lt^N+kbNB&oY3wAk^hP+&1tV$B611ZTf}j5}|Xs#RO)B
zpiGkC|3%fXc#Uh@CXB8fM2)v>tr~mNI7^wi#}hBx*jU+fMK*!X7r4(`>}xWdF$!>3
zpO?3v>_5un@tV<CiNWuzzFVxt%nqyW&UGLYxvER5HvpX1on2iUwNW_z#3KUTJ%NsW
zwta5C;EIezlFnn8g7Qxim8P{ou?ps9?Wbfe51YKW2p>sxU-~-G3N8}?(_G2qC{suW
z%jO#4ln;Ga;_G|@G%R+1po#j}G{c61)EEo#j~Gc!2ToYy94lKU=h%J+ceHhtTS5X~
zZ4SSQ3)n94C;AO)ysQ?XnpbW_g&g#kM)B~@HqGh2jKFWG5meo>t-TlJtGBm-{&n3!
zpLMN*Kj_r3^ou|P=e}D$*{_o6r6m*emWsL8Gdgj+QWOw3Jzh+y29WQqy=|hEr{hlM
zG~W#C7A~t?f3uNbr%3f?*wI=ob)!V)8{=VzGdw-}ohUqg|B3nKKOxYRGi*(pb+yP)
z9;1X&S1TZo&dRnO`hfM`i8m%(mBe(+prd7{$fkCLySkAFw0|aF-IkB&gNiWADO1C>
z5&Ckfqx?a^d(Az8z&8J3lDS{qJv^j?FxVN3Tq3~rzB%9n82OYiz>6G^Udn^#Yfj{n
zQOi)cMA~1`L(L@#qAjnvY3(|quw+ozE$)Zfsz_g%8z6-8c+&ELLPG0W*7C(86h9A_
zKKhV_r;r<*YhROhn;|_uZgwo2#x;(B$Qbu|3;J5$ZU{V8xA9+HwAnK-9*=FhQ|AX;
zz1wg<xvlaL9Jm@%*DWOr+>f%UK(xLHC3XGDfe84kn^khcB<4X<RY}qAMN;sWV(L&z
zSjQ+7hkMLL8CyK#Jn;G%J0N{wkbi4?0|VTwD&fn`ybyik39T@WFlAog<_CC+Se_%x
zofwcj(FDtsot(>ODaedI9~NZS9Ud3qiUDGz<J=++fkVR0?RU73jps)`PgLF)!9r7E
zzWSkX3YCbV!9@U*%9MLUim?hp4$j~)<?c)_h{tq0&}2N^%ID3wk1m(5H_aOCAf8|e
z!LFkO(&FP(F}=plo*axA7QG*tPF)h}Cn~Jlo%b&#R&Ue@>UP7;-ryleb?U`7;Ah8H
z2o!z6KycLmWWMp+?e6sFZekvQ9Es+80qe%i=enl4z-Rt^1_npt+l!Y*yG0~!?JOc?
zlP_0JeoL5`wVA))R=S4Z>d5ppZ_91wV?X%Lt1GIi>Hi3y$F<L(<sz$eyu!^$5G9?5
zGO@HMlxAVbf;CUmbnX%aMUm)lsDywFWz*rBgs!M8*2dP>aLnfQ^a{x|TRY0FpXS(r
z<~ON(2N(8kl$Jz!Uxj-N+UIz0m4ANJGYA{~?%B32Rm-CwIqOuFy|C8=6&Yz1z7>ZX
z!>#vG_(B~>8K1>0*%rweX&N&?tZ~JwwW|rLVb?k(9Gi2_GrHc2-gHLyjr;AVdq4fy
zaP%CFxr&OpiArf7`^xr+JV3u~{UD$N{^pM$k>xNySmXMyI%qwsgRCW=Vda$lmmAPG
z`pMMpR?Y(q6+;C1=TnghEn?|k7;3}dcVRC<->h@}`2t^~Dd`V1AuVidDqGR6vScUm
zDDuo@7otDn(bopGUTKZ7Kl~m1!)N$oVCTA0s`LlDRo2Q9Ex*I%k&JxsEee{xT(nEI
z0?yusvqir~?<y5-Igb%LbW`f6bvO>1C`I4R1I=n$6UGHa{R}Z3oK<;gm*t$n(@Gwp
z_E{xTvu7e_Ilk#BRp1=lHIuF7V-}vZvGTTjHP*D$u6Vg=TB&J7Fg}cFlNwg3I_fNK
ztBTWjIn?j)%8d3`$gzIdC*o?WSUH;gt|9dIG~DCOJSL;etHOqTZx<^5^$TUQ4%?Ok
zhS2YKyCGuJLNl}Rom5t17X8kbJwJ&(?#`pl8Rs-uhe<%eyEv5iTL?l-C<Yh<qkVaD
zC~ZMaHl3%f3O|uqU+8t#Hg3D{wGWgujO?+(^L58=y{2b2b$vN91W{YPPCxb-SVclq
zKwm;FS`7gv)iGy(k<h;HpLzR`x{9XLs*<=S$IhSZ+WB3-eH;gGmrhL0E2W|ht{hi?
zXhv5_X*=)5a&S$0>sklVazrt}w<6O`RFSLuy-dbn%hu*+s2onz<T>QoBKFsYJ~&V&
z+PjSdB;K1)Z0vo&hMl@qe(#rsM)7n%`WiD4hs=v_+)=HUcy}S7OnyUv8P$C?)?CX5
zWg_J3Kv>!3ELAU1+ukd%z9XZwwI2LtLr)kr@3zK)XAqJWaAi5*a4HLqb=!ogJRszM
z4G*|{t#>7}<8`qm>6~6`wV?lzQ&4tXGwc=?i-oTJg`Gn`P}yXh9b4>6Tv=V2^3swF
zj3DF+t$e!9U%T1A!P{*n%^I)V7cloebIdr>*{|4dMoIoE{&(fClykLi2$H!CLKHkc
z$->St^*;3As#>f+$CV{j7xDw8o8C=U)>Ei&3@F~*3tbgP?+3r9Hk%*IvuHVba9QaH
zqM^MVvzxz_+Id^$7^OCyvyp~@IWO7XZpB)Iot9l$hb}&Zj(QgylpW*NxxIb==CYB-
z+0+@qLer%Ye`P>iVJg-~6OW*!aE-X_zH!a%pji0!NtI+j!A6GceiM5;vy!@T^7lyF
zE+3j|arF3O=t=K(!ck#f2024cZ55NShHBV}P%%nnSFlhhj3yMuk)k+zwHQi@ykeSg
z&dJ$jS0CSQyMY#|X`bwihq;k1I3xZEJ}%gC4x#by#W|EuhmTZx_QPBeC~~Zk)D<y#
zNT#+ooLfBY0b|>#o{?Xme`o|nH(H*}&}yC;RJh4gWUG1V4sS4^*x2^IZbbg8tgOp=
zw+p3h|M76wmF+6ngI^@R6xZ`evkeb(%GpZB#o+6OI9Jr;rcjFg@Gl2Z9AW3%(D~I_
zx3@8zGM7{|xivl~=0<!MN2A)ih$0R>Q3#1rRu^`;k3OMA{AB0jL`agIUI0bG$~{$5
zODOmfCCffI!sNCn^Yez=as@pIe`AT<_(wA`(<X2~Wz-dN#o88><2RP?HO+CA+?n%T
zpiwd-s4&58%I?HY;IxnYlIJV~zG`Q(-v&s~`o<aZtJWETP~?=aKFcAZ$b>YtZDY}f
zH?4X_Ii&o~cC)L~U{iZ_s?}u59P~5!G4O>f2q$jJTqBEK&EnDM5r2fU>c#U3H4J#L
zi`|4iht3~}kdG85uMrCLPuEXwb@L#+nX&0wj6c{tE%njz{jFpF%Ngaz7L6Y5qY?v2
zW(nWXgnJZYYV9&ovYxb3p-Z(FM||UOQ%cls%??Sox_ewqFY23*^poU-=9s2_gd6(k
zJY~VQQBxR?r!<~)iN;p?%pU>gtCq(4Uz{ofVl9xqVImpkMm@aNL-Ew!yzj2rRM_d%
zq^)t%4EW+Osm0Cc#p(Q}-uM3Pp_7V_N;At1qi^BX>p%=Kdxs_}a`sLhCJ8}l$Nrnh
zZD^qXQ0|qW1RI`0oq#QKN!SA^+?AVf?T{SR&E>19aCz=4B2TVpPw@2PAOl?rD&}5S
z1bzli&-QW<cYK!A2E|sl<}h+K-AJ;2ld=ha693zTK27<<6Kiv@;kd;pR|jWYx1-Hc
zDF-15!9!q*E!}pXc)w8bg@Dl=AlhRo%`#FXK*-U++uSO$YZ^Mz#5y%d>ZzIZVLcHa
zZ%WV4bu#thau2(Yzz@F_gIr0qmvB|Uq2?{(RmeDITeb(_y`=jS9XEVL`u>#*Qm|L`
zKD5+>5YWbqa!?@YgHF8HWyxJv4oCae`z>GQ+~?JRPUnH?fgZW&uO57xBP|#wRITt}
z36owT@1;8aiiov%e+}G$kJ0}Q*xo+9pLBy2I-b8db0J$^B>p&J$z5L#H-H_5Dky8E
z6WQ9pj0iQXAVx($Z-W$ZLMq;8awMyxp|d4)gPw+^?D6mcVq59q2gX(jI}KwrO{BeE
zD|w}@NF322sWnS-)}>$tV$N&a^2+^(V1jfoA+al4elivKW;r7GDirSC`nL%~%R3hE
z?~7GxwVY|?+E2T_Kk?Z51`1&{tR_cSg~8*J{7;%EUm8_6Sm%gN<*W|=TrFx<0^rIO
z;GIzWRz{c<+}bA+oRdqBZV{Sb0AUSn#fdp(atwAil;<x*qsYc>&8KQ(<)LDSH_Q;b
z%%#T{`&^y-c#tte-pU><XlN*4(8+;$@h$~T(fAw&GgK_PQd1bRJN&8rDQ?=w=6ftY
zi6L~)Cz!8yPi<-X7kzVoLDs$Zk8u5yF(}3sV{|V&S7m4wQYF`me3KuL7D}|Y?o2?X
z>{mI?=Z2i8GSq&&!QzE{b;hF+LA8AZ!r+%^$vJhkE5KcTV*GfIBQDdxFTlEQi1-_5
zvks>G;^sz`$8CxaTO9_7P3@qVE1ryJERKcG#hbXE!c@DUstDx_FEoX;G`Ok=_I0^o
z00$V26|_?5e8|BEggv}jbb>R$H_c4x|L>D$8MyhP00G7>D3e+H<1YVoe}%7m53*KN
z<R=@dk~(`rKuCD?3JsfIZA)XHQ4g%w-#|0i(j<pZM|o5A&L3y)NC)FV7_1w)%N<5p
zHTk1>;m;>PdVyk9-VQvNyHu&GIxYf`BK>eDlK|{5tgySK)^{*?-)MM8?x*^RxhTf?
ziyupuan)JX-*<ijYag-{GGB8$@zkX0=U3JR@i)@y!Oy9lLWkmx3U@pJ|I3%=<-Y@N
z9$##Z?~n`vqOP}XRipZCuK}^o249+)5f9oH#C$4mI}a*@5_9Q#;+fM9$Y1I+T^40U
z#%*Ta`_T|Lz5tt)(7EGc)~{!rrKoQ(n#*1*UbG}%`M~-*i<rMhWm8Ym@s@wcSmV2~
z=1_x1{*9BJHew;2swxZ1CDzs1w?y|R@{NAI8R357#$rZDn^ZyStG9tO+k>(#4^aAD
za7iRNvLZ=Aa|8bAYhT~elJ}!mC;Pu?_)lB^AD5L|{}?h-QJYGiO0qE0q)4#lKFEAR
zKfU~0s><&PZ0>Kufu{76Emtkdc;#cL#2tPnH;1pe|38h602-YQ{CYyr(IIHJivO9q
zW#Mx&afG-oym0W>&j+?Awi39fQhWka%|(2ZkC~nthqocm{SM`PWbpFs?|1^nEbIk|
zd7|d#DM90)8Pmc;gbxdzYk&A(ZvK3maegHlQII(y`?K_|qFC=JvUIjHweZp=(P#C8
zAF*NMoOv`H57(kL^(N?0(l#s*Zlu%Q%AN*Fu)6WFy(LI^L!7L9RrH{DB8*oZz&zT*
z$xuwRal5~qHO<D3ij9mdIo|)wl{`n~Xv}-0c$9v0LeONRxSIVa0_Zg8+@QLS7M&8E
zg7D;hg8Ky5_$60*QF4_i0Dt4<<OxEdG1fCqS<ErVQO;40X&D0!I6}nPc;A^#1%k&z
z#g-YDP-G)!Bbq6Umn+gX#^O0}QS@L<T0Uw_2BgiV)XQwJ(8#47qI2pV$;?S5B5Sy}
zvI`=x_({ehdjpxvJL*z@U#Cy-^7?mzi7MWd6Y1>-Wh>bBnW9X@blf(`po!@2{fKwN
zy&_-ri0d2u*!YSB&=+_IJ9UOUyKk0K?{GyTy({y=fB)mT^S*k~czN&1tC7VW&bH!s
zpk*fOfY*aM?HH4-TC{3qeZPcM$uZr&H|B(8Nn2iIBf+czEhaQUfc_%G-HRi1?`qU~
z=vBEQaX>sw{a9llfV4V785^75<^1xW1^Cb6AM+>fuuQccw9Y}Zi?9-;mPeVc<mFQ_
zysxR~sm34=B|AA!+L2MFm2|h4t|A4gqn^L?S7MyciFzb%S^5n;?a<uhiAw=Fx{B=q
zMU`m}qhjZ2+B;LDJXI?ykRNYatJglQg?X)=yyZzK+Arzq1j!zq%{*1{fNj_wu9C=s
z$0zuO<-Na`+O}H)v_s&~(2t=OIGHg6)aCYq&SdX%^L{D54xYTd@28Gm!-LiL#x$Ry
zbAaqtN(?z|Il%cUpGq490SED|X8!YdfY!t$^8K7*{siX5Eq6qg1nV>79`44EtRZ|z
z%~lJ_OA~etdEH|53IH{fG;&?;UP84`dfc|e;9WHFpbH{EM}^=lt<g)vrCuXmM(>^Y
zzW(wiisG7rN7HfY9_Yv7g<-t;>{!VpAyXm8xIFwHLH8E$6I;b-mkRUPIl`YOZ>h_;
zZ;#%?*-|?><w=z^O#RP584PAkOhr!9!#2%bjkB^l#;nEs40`jgjR#Gk4O{4b>^(I$
zbr^VLpUHYWAE6Kut&D#DC|Zwc2+iQSw+9Zrt6dd!F?XJ|bZgtT61_gX!ci0gH{L|c
z)?heooeiX|fTKLkpHWrgSNn&wgjSF3kHtlr#f!}TrM#uQ-<cX18uFYApJg3@I_SEC
zXC5y7Cy|s7GG@#ayE+lNQi3I^mdW5<yj{Gyv7t-}GrQLcXzO3wOLBf;n$BPQx}!3e
z1IOgzN5}NFVf4u?O!`Yg{_R8Uf6;u>AAYH^kg|}%wavS;Ov0OA7GXU_+~WU2t+kl@
zpnN9(kl})&qoR8iI@f3v#09ToVuoZirCg!hn;+nc82|j8V<64}QDP@qk4qK(MhoTs
zvTk@<8Dslp!GVt(LA*zXBzZ^W9U$|I{t~H_C*-CytL!C;hpC+D<7b3MyF6>%o?0R~
zD5O;;Md?F+rfj&i3O|#eP)VNU*V%wv0Mj2`i$u0KXZ|Lf?6U#p2AduLcJPC%JBdQu
zWv?m8XYu4sExCo0vv<K`<yrE{{5DqAnf_%*UF(`Bp>?o%QD(1auSc5TZ}_Q32KJY+
zP1@vP1sU%hLATo10VI_qMb%7*8-Xi4`|I`q@nKmLuL*Z4+xQ#|S*wzHt?gWsi*<hx
zfT@C1^CQ#p10XnBxnN4LEv|YSQbUUIE_*C?mnSynAuGSto!W@EIM_k|uzspZ3-dlJ
zL0#<;Ty6Fk@br2C7S@FMxMcSaR~5QQXaLx@{6D+;SEodR>>xtx+!<7|j4{xKMnAK3
z`+PG6zQ9{Q-2`{E_y4mir6FQq`M6wli2_`dhQ8SsM+T7qTIsmzp5h4iya5Xm#W~{1
zjBMNkXrGk+Yx{Z6Bk;Gjh=|<uOmP0w*?%^31H^lCIF@%@-?W4O^;sHw${T?9&smr?
z;$6M6f%z2du1x=H=l`z*ppE`J*W*q|@>T6*dG>t6N6Yg&$qtBz=Q34giqvn4vs19c
z7Jxla5~D(n6#L2IZx{szfP8z3#jF&FhOKFL`e=8_>RbyFdo6+O_5XD#VE&98=&tN?
zD9`uajOl8qaF%tz>H{2RYe{;qj9<)S(lhXWCe|JKncds9ffMd(j00mM`v{_bl67DC
zXr-w;*>$A&jSJj(c<I4X`RC&dg<hM|JmAA;>~;Ls_Zq=xwEA5%8}m2fcxY@$_l$8&
z87d+8g#-0}OiTd-F;DKf9$uclOy%Ds%<>iBF`o6UY<8MM0q{dUMg+L%ihmkLEz`K*
zSmxitBo-wzmTe_FDcmTgD#%+-qj%N6E`HV%V+wC0u)pGew4x}8`{;RnJc+Z>THg>N
zfr&a3#n<R$Lt&Sml#uk!vR<tLFV$zN^mJ@BL#fmg?U3z2_<CAw$Omj~K4raMw_u}f
z^nvOB9220Y2L|z%*Yoy6`_*fDk$v5w!18)P&1q6N9?J9Ga`Ehkhdl&L$ofheO^kE?
ztBI&*{G{fiEtiv%$IYY9|8<uCXR`nAm!@)1?J9XP-mT|)=MX;Z?==-T7@b28IL>Vf
zj`Cck>HK4cUl5rNcNVAb|4gTgLvV=%t%kOKBae6gfiiLU`0#t@ND7cv7vtE`5xRss
zTS@==HEKJ=6Jk-BpqKS2?^JpcS_i>@84-6c3P-Qc0v6)7c!k%C$T<u~kOn<q<Brvv
zo)Fw$oerrua{!)6#2-5#7<P<&8;YkS0NQdWWt<=|l5DggLc@>f)3U!BZ66dAzgndu
z3pQ*?U;p`bn|rk?gEVpAuxuG<_rr2k=m4&YXYq&AmXY5}<w;L&1suWGWi(hd$2rNF
zdGc<c<!&SEFyWQ)kC6|j2F;v|uINV+EjJ43F(*{BCkTlyCR1T|9GD4$K-L3JM=u^e
z`n!+%<0JUKOpWRjcTQ#`NjNFIAD#u~Q2(yz;!R@A+ik6mKuwj9KL}qnp35NX93Evp
zJlp!Ydn=gq8}MGF<n^!^2)>Sxnr@yTH+?D?i~rQucVR<`V;^<vYei1%j3akfJenQ4
zY%yf~Y+a+4Er0EpEk`Wp&6=_PngNw*S=mx-6biel$_V6hRkXpBw^HAgT3WnkLWf-S
zeP7IWoLaX1)mE7@?IEz7$-`6+EgbX=oBl91YO5DINla>O?zubJ0y%NlKGdmhZh&jd
z!%hxgu>bR&IjGv0RlmWAv|SfklO-4_ls<Jgt@iEi9aJIBS8U@#MNFnMi$JSpb<_VO
zIz;PRPuFkV1gOmgD|wjtKP&YcSoqrh6H-N#Ek?Wg$@PQC+EN~S@+DANjjyCxUP5<|
zZkrG9YM(T$BXEB=d<^34;9RXoA{(3t8wH{KLi2J~k&f-KSO!}_H*_{Dsv54zGuc?q
zRX`AdynybcmQgU^0Y;u^DK%=IKKwdxVBFqJ>!RNra{@nq{b$!|7`z*cmI7#I3rUA&
z0$0`<Ij87IyQJw$j+o$EMU_^mmBbaD)94wp5_%jjpy*;WU+fpgYQ?Xhr|~W-?@Q6)
zl9{8G<oJN+8XA-RbsRq>6%(Qv553{p3(X1YpI#^X9m+gnByfMowHmZWv+2f<HHdD^
zjHve8{NhoW<WcF-d@tAmygqw(gfL*hPg%A4tcqvz{ReWBi~jcz2M)g?YVR}IuPSIh
z{vfU&K!cWyoCO>A_1}<#W6O5wAmU67XuLl|k0T4dJQA|!<nGnq9v%Z{&OxbllqDUA
z%S3BP-yesl&--eGiNxP5mht>39V+p(a5hSQebolu7koVX>j=-&G||EI`}#%s)Iq0K
zLHO32N3ePDo%TpR!xN1HOTQ0BQh0KVt&BW_`K)4N6OH-w2YD;12JJe_5^YiKm87IT
z0xHAaYYnl<$!|zV%+WOTSES2vJXYFqy)G?=tqjJGRJuPR{0Ge4&=(0<smLzRhrs}&
z(h0Xbo%CV_9u;m)U~sQGT#QIrqtxFKI)vpg!JRGq=^2}4bf&Y}>k8bSx04T_FB3h`
z2rG+=qN@vlymOO&T?45>Nq=0=?8*)*!gj|>ks`ZJ7=61?))`P1##V`Xw7PDc+(JVL
zs}L~}1gA(HCnNToNoL!wQ83Z1NTYN~71jA&Tr;8`hNHb&-uds&Onu$Qcpnm7Touks
z_CEoZFYUQdT(%2-#<?@LRQW4Q5S2j2Wbt>Ba*XuGOnJbv2?Rd&Ay~f2mT0PYm-onX
z8s)vrZ}|mVU%ts@!VE2(rX;F`+c0@Rr(6yWm;{p#7+6t=lWCbb4e1O}qnSoo7F3`;
zruBopLCyz!){`w#gZC+sr}a}Raf1835+Dyyafbv}#!RDZ=qm6*T{m1Q4+2jz3vj>*
z5GSz=5nA{)F<QTQGAB#Xjd3s7E2ZMJ04oq5P{TSG2dn{WGd((YTK{OCK0%Lp9a%Bg
z-c{*dnX^yT27%UF3BPq!uo?HN;H)Ib*wfjeV1H=-xxT}dGXt<UFpUCsfZgDIo<afJ
z@Mi#q93eAs;9o9I-3$z3w1BH-C$V!%ScgBp(E8P+*R0f-k*Y<?6_4on3o(tBlp5nT
z;JoL`#@DN|lX&r2&C33GPV9`?^E|A4*na*kF~M|pyc+%pnlzLFnVONGJuksh<(WpZ
zok9WX9>BAH$&|MMA~<!sAWjt{_%YbRK7SLJ56E~3`&g`DNFazMS4HLFP)0(hj|X%?
zk#}^=3<#9C=y&B0+>J(&pA_^XqM#}<pOB3~(SnfmIw-isw~+RE+<i4)YBuI)L0!i?
z;;JWhiI-ns!OXBD>2~V2Z=OIIfP5`Va?-Mu`Z=@e1lLp*DQ^+}(;3eB8r?A|PdZ|0
z{%!;b9ztnR?n!vlu)(qVamJ3qP|$lO<PS1Y4uwWR2q;<^ccq9Q#W^lJh56^_Ydp>g
z3G?5=LyoO?0cJAd+45x=Ovl}fe49Mh2Z6Rb@iXC1=jL&MTq(;IAZurL`J<5E>zKVD
zseNJh{1y69Qt+dOq%3BJ#=SS*pH_ot=F|;J>KrX^f&EM`ng<s^W?}Sgk~Aq5;H?qW
z`^u1I?VqE6;~nuS{*0UVg@Z;PZI2u6NrV}uhUVzlp91&Q2be*PTRfW=ME;X4&&ULf
zzf00Wt*m1=K)Ne>WF6ReQ<b3KLh`0D)IU*)kIpor3;&*3vARj{rj`{S-a{+_n74;N
z2=&7Yp=`behT6}g;x;keLose+Tn7UE?!;p|OWD!Rl#>x5lHqm)h;Z=Dp(|`#VzyR!
zPM!j(!sE{3ltsfk!w;V-XndWfrsp200Ru)LX4<+~Il;#?zKx(_xe-sTKhGTguU+}W
z^Xh1SlHdr+jPGud$#$BB50_ZTLD{vR&8vGP08t4xYFGB<4j}}oyn+;db7PocM11^M
zTrMs&>){LQ5Kh0IzLdmPh%mdL-s#oD_u3cz*lUn%OK3h#QT=cE-jwtC3r^hS>Cvxe
zSYuSUwoQwg{(emrWOCO-hryMuB&S~2nAu;@vjzEi@@ltOIdrN%0>KQcPczWF(R4iD
z3_5$QIVVerq8n4~%OV^bBx$Ga`cFyn2a)UtGv8jK)?1&INgp@=V0`*2H2K~GKjYot
zok6B!60Jdd`aI`+zgN4Xd`4AfK~Fa&?t;81n{BaF?T^72c|cF?LE!dA9!|6sD8nut
z|6m5&e?Wkb3soQ;5(xZi%a^m3kAp}?_<Jhtkh;`N3r_+N$)I_<Cy48J=A$3uJP<mF
z$SX)ov=u1x^UP&k@Cd`WnRFP*&G;bo`jblQpG9z~EE_rkPrf|uHSo}>8!R3pPvF*;
zgA?t@nxXZf?p-zx;u-2eAcZaqAF!!-3dKN-EQ7U9;7d_wv;L^QPz(0_@yW)y=%7V7
z|3?KvAuwvA3S?#hDT7T|z{~B@+E0Oe$WwI<nl=&l4ANi}qvgC2-~*P8<>UDM;K`T>
z*_kdzm_LudbLu91`AiESrr_J$^pBT!D~Opw3Gkuhs|RlyQe{->lJn&R{ql9&Y@I*>
zI}2o-pR*>)mmd@~3Krsw9dqz)0x%{}V(gC&0<Gv%<(cdRyyR%D=VRm-#+mpGJ71i-
zr>8)C&`@FkF(hy!;{ZNZQ?iKM4kQvNzi<YCtv$7=u;#v=mEI>*J6&DH*nBFRW9$DW
zz8W1jJesq=#&tKXSBELr4~kAxkJ|eh;}jISym-T;WrP<c=)+S7Z0Ay5{B;vjh1X{i
z{@uV5n7&*a2zrJ15b}l3a^$jhT)%(@_yuGpRuu<Aa4;X(<M*G%W>0lkSarB5E+_Xm
z?z$-PAE(D=A51HM0J(vHz|2Gc&7i_^Y~MGw1zQ*hV_=!p0vpp&`V4Y7FthY5bES^P
z!@r2_;oC3^=7<Z;sEd5WNdq;_l+k}(C^Nt1w{~OsVcT?QtfiR}CMr}DjHxTxwwb@4
z=dq3~yid%kQsx#;-$`)Z607ElUcs3K)huyYRJhNZ30mu&rY)OBZQpzf2s25)!15(<
zrTnVumCsqudyB&|CEfQ$i7?+Nw2M@07*9Wv68H37y2T$2x6HZm9RG*9LXr8z{2q#R
zo~mf{RNj>`obQ#!x9mxLanFWkq-n`dmY!ukDj!?5V(k%-)=Z<W&?Z|EIs%PPs5QHB
zzn`bfc#7?E1BA`FIGaRq<fYLIZcdo+9ZV0gr|XD`yyg>~>|PtlAgoePMpquMJR%W@
za<~UA33E&NpOuort1go{S?*#^svf1nCfB6<vE0(qxR~YG$7bq+?L%5dC`k4T_I`N;
zXxwCR(cKhusWUo%pJ?jSNvSjQjHbjbP46kuBwe8*wZWv4q1erzJALKf_9Ws|65)%e
z;}9MRDOf9e9@*RNn2C6rjwG9@p@g=;m(=##N7U7FrOST4h1jbPHjy?9aqi!D<35>h
z2)n-Pow_K)$g+}|eEdH3-F|8_iW|iQ;Nox6uYAmf4+XYWXYivxT9UBP>*Jk{4=9tV
z`FLHyVtRDb8-5u_c!+s_IjpYe2z^q)Q6auQEiP9uJt6D7$bJ9{g;&(q<zUg|YZ2XU
z|Li%Tbx@UFmc!RNgKi=c?H_Cc5ahz+BDb?flc6NK4#*CnmkHq<ho$qd>e3K_57y+8
zvW+%Mhe}gthr1zvd7{IjZG<XVZaTZgy=&F2Ingnb=3FId<jqqS?X?&h1>djT){c%6
zup6M<><If2b6UIz@|)*UxRj>u52V(JAk0?AyA-Yod|h((RQ&R2&*mv7o0KPxLEm|I
zCU<)Trqm!j(mWiWqJ34Yp8Q5u?PL%@gQ-Npq33X>h*iG3@}htOmW=Wloj<Swt}1;-
za2`$DFG8D(rMjVeWysGk4{?@i&HFaTeMWn``O3Y>vfa@=h0aJi2q&*QJ^Gs`hP_#@
z_gf(R;0rGIAJBzMwTdS0XU&gyU(bkJ;|o9<RyQs0Y0D8bQFXq1)7E@{Yya`<KzzNv
zDrvD~-6!R8_ZR+6IkSAd!Jo<b8Sh1d_D=d+YMdBlc3(Lw=o!tID?!cY7wJD&k<~?u
zq-%&7C)^eMtQfHOr-Z*nd~JzmNPjERrX%&2VvA($O-0lPpx8R0Se=;w$p=xQjY*m(
ztu5pfS`$C>2RX?B6p~J?jNVNtGkH}gfNiqg-;=oQXt{dy=IRhknx9_i0VrMDL|pF@
zoqH_Zem3!xJ!TQ_PrlTAdQTYgYM?Bnu$t=jlzUijqR-N7XF<8?Mj|rj!DUXRc~pOf
zGZ+}xY#>2LUxpl%RWQkzp-`9a_nGx(R@20|a#Yey-0V=)jTf?Uz=bW9cq|~fM9=8(
z0iW(D>A_mr=e)EQ{RH<L*Zh)brTj04m%ZMpH`{918*#WugD*O#9zQ4``yTgP%0faE
zv5|R<R<z&u#YK^=(p?z62bB%+)cHy~SLP7$%z)!2{twTfb16JK1?4kU22h^V^2^(J
zJ<_Il)1mFuBlCT*9AkV(e~D|ps$9!#Mv_GU$B+<b=8n4R=Qsv^Ra_~f)#D!Yhl7<b
zRq1N7rF`Y&4NNCyKV+U;#5I<u&&gYuqAVW3+g<C3WQD$O1jrVe-?rN}zU;%33G>yx
zyCmqE+FU2pBC}qcsJX$wl-iki3sFed*9`0gFbH4llaOh>y8RyJ!^<>=XsY>)#R!tU
z{2>PX)K#y-c-dmaHC_d1+#1^gp8seIP>v*MG`b{lch1K1uE=h-+FX2l-o+bVv~B6T
z>ap3<&BE=noIl6pzJM7|=tP<u3CTNCbEI?pU9pTPgbBZ6y?BKHMT}s^f=*3@80}k9
zC41B5#TPlKFum?L*^#T3xYD)jfo@|i9V{m@zR!jB{Cy>6vJ=j+Rs;fk0|<3T7EG&u
zV=#3lJ}pNIEUX~N<S{|_d$xfTPm@h3r1V_+{2`E9cF*e&S^a_p`E%<F-;f5#W|eje
zfMWTDI;Ba;Tmu}|S=y`LEe}Ilc4n1Z=hP3+%(|IDA_7u84rZUgg#M$ZmgGQY)s~MX
z8<D?Hxye3x&|!G_qwUx60=&WmkoJxNZwIkg1ht9%Lei|ZRst5}KNb9Fgj?RVt^%~^
zE>8k7=INMq>WPdEA%PN$_7?6HyE(h06A-tA!X&)94j*8lr6Q>Y#}QnWQ|fGlkP;70
zVG)Tb*;ZtdjBln|4?6@1_=)HBWZeKjyXMfavO!>dIAOiWc>-L|TMRwZgl$mh2stKJ
z37porlxpC!6NxaVx7sDWeN0N`n`-9*#04LY&kdl)*-2tv>(_OB0_Kg^wxYf7?MXK4
z0otu!+F2J_0tR-z(|Gq+i?rq#nHalbW$!bcoNRjo#-6N8m32cvjU8=@*GyoWG3t5G
zV<g3qM6UG5NQB3v0-meOvFF-7Yk0TcW_*Uvbbd~TsHmuvPC`k0^Gw#-`o+RLxH>9B
z5qzW7;k^?lvwfyU1%QANG=x#&3{`W$3q+uC4;gNxy2_1vgY?vs<CNwiD!<(bZIRr#
z-s`LM2#BD2cG>_f)h@&V19N$sF+MYp##<w7U6V+zg^#)j9O<QCWL8g-Y1{sBT|KF>
z;{|I0Tf{h5d414gDXb#dCPEWHfOHf|G(PG<KL5!T!F*K5%eQMl>ISN|<um_U&8PnM
z!9~cSZA8OkRgFMyiL-aXrjFv`mXv6o^<-v8z1r-)9@2E-mNSLG^hNu+m+-fR&#aNn
z(Gj`d$ssG52GuX&cCvk|{fEW4TmW7OQaVwGKUYrx7SAsZD`q}Q$Jv*mo=FIm;0-=b
zdx$*6W(tLbu+71Sf7s<1poM$}>a!fcv63>>$YffdwPuYza431J*7I2S$Z<XSKut1N
zI_o?4xC9@05xz<TVE%<M{KFHJ?!53Q{{su$ks|NubQ*hNnXHSE)I<4mRTWTw^2T4q
z4pH4XP027)Z^d)nO!uZ7P@5EUK}rRD&+&O>s3j61b(kHZ)GNdCK~Iau(EgTzGg5aq
zW|;Tlr+ZQdv-kAlQXP}C#gfpm{V2N6s^bB{b$2D+<6uPId_(M!{wFW`u?0m8p!P~d
zQ?f(wC^~|oCcU}2Gmbf@2=wN&PK1MQL9}dV(1~1*+7grKZVnI8opWngQ%1@gg~qRy
zr1tI&vqo(O&5cQJ%v~qUPt#jzGQss7FV5sXKU?s+%<L8xi;c1;ZSPkp%z+iSt%EQ)
z#XM-kX?cxDaa2gUk!D-gK_LI~q!47c=W<?CaJQN>!_J@n9m6Mler!+S$&*R%EzX$U
zoW_ew#W5V0tH5gD5cN<_P;bd!_hDOG?}CA@6OoRLs+6JHIcwi<Aj=MM_%Ax<68vK=
zfjK#yBh`?mEQj*VH`U&MKhDR{B?kz}B)-gK!VNoo10=}qfYeg5aZ<=}WBoX^k5sbb
zWAIBJ9oEX)X3HxRa1lwo?dYKrR+^8$av!&d(tZ|gcMxdFYyR|ryAoGqOKK<?aJcbR
zc~#(}#>Kt6LWu8k{q2!c>tOHRMhc3_<r^=^JYaY;EifV|rlnt;eEY%W!x2zR7eAEo
zZP&>`L276Xa{tUEaUdRY+GJWvY)uuTr7(rFVKdBPIaXS9SX>VY>qO<c=Xyfj3Z&H#
zWRZDLU~X_b>t5mx4kFAomR3WIq*V8lOL(*<7$uA<!gW#l*isoA%zD~-ocnDP(%#}}
zuMguk2=%L2>6<A=@6RZ}Dm69X09-c(;ih?76+M=#>ADYYp`pUXjXj(|xgTMHVV^Rm
za`OuEot(7vU*Vo1U(}LG1hP63kkwF7K=%u@Q2V4y7I>Y`l9D<Pma%-R!Da=wjd7g|
zs!PJmV6pN5qky&T=0yIXJt^!C;i|y>Z3n+crrF?GC0I_{xO1MEy=9|W{aJ5PTmUav
zpy`G6J;KIyKV>44otb!GMQ2NNNMIB5otc1J6o(J>>L-qJQcyDKP{UXs$TQXUw;L7W
z#ik(W32}?qr@>q=Qx9<d_wljtXzRXXVp|;RD{x3?*JO9NZl5b%+qXT_tJu3-hKcOz
zO=W)wH5o8e0QZBV!kZ0r*OhuV?n|HfC5CH!+4=QS-z!w!@)};=b_lI1bs&OpYYftZ
zGGv6CSKP;tMOR<T@sAq(zRJz?`BcFDqiU4PXplZZQ~fL3{~HCN5!1le7Xg8Z2^Q=8
z7bD_7*9^kY%KhC%Bdv?2{B2V0-_$v9R?z7ey&9#<B|JFO|8MxI<MAa^xtk02Zi!6t
zW_T+#40NK$T{C=a{RDvFM;|}-1fMMZ1G4_ZQ-FnQnB-1Q2LqR0wR<jtlP8=agVmY3
zQ3a6l=iR@*4FKx%@k$iikeH)C<Td<=U@m1^>la!-z)1-GMFj9r6>bdiIrt{RIlslY
z9rMijU90O0KC~hBe=>iK92?ygnyU_M+uB_1N4+*GZ|}1Wqm?*;r=*Vl0Aci$^G0y-
zh0NO~NAQ@R-ZgiNv-i{q;bB^Z{VMj0L?=`Jw?T{5yT|(;?jwWM=ErHJVNawRL0QlM
zUz_abjSO1b5VS{PgYuA=?F+csv^5QPag?K|8MztXXg+Cf8Q}~4>t!)%QR(|cJ6w{x
z#-p(+%b9s4-4B?P;9W($2=I2y8K#;oqJS2ykq<q%p8Jl=xaYv3PwLF&*CT!pu0{zA
z#rlC&5Ur`t7J7_y&QfP?;yY8U9!O~lkWatreCH3qVM-<-ug>=8!dQ$!IIwFwx^_1O
zpsN2^JZZ%o7Hnsy+Uo8+EK*I#r5nA%xHiA+&>!bR#u|0W7H*gN?(F>g>$e_%FLs@)
zpny-M=^MU>ML`Lxev4!Ii(}ubR~vd={E={E{=*i6MYN^{dv`tmcXCNNg3cA)z)ci7
z3}Q^2m9pKp9fW~IGe;n78gE+|*Fd>aUq&irVx4M;=6^@Vu;$Jc;0rsuG6V_=`)2fl
z)CwA>6L@#n^5d~xb|<I}`Df2Hva?G6)6=WOes!IBz|tBeSW}IdmyeRQ(#{v7M<3*d
zg*p+X)^T(7my*Z1$o4&^NjjI!6X6i({r3)2c;|Q7b!7uSm)Cp<Yu&eqZGH&SWMuP@
zDRxv#RB)SI$W>DtfKf%T!eJb-ir?EW%M(weu(+J!j==9Hr;N}k7Qmg<`lwkA_)W`+
zM6~<|KDdGWJMO3sXXc!s<M_L)U{HFwostT{8#@nCTLyY_z`E2PIn_LX>gZNAkp%vn
zMyE?o8vXr<&!W8q?a1A#Q@SniXHl4}O)2;moiABn(826l^zwS~_)j2mhnJsQbjom`
zF<=PoOUuo26vwisb6X;VNa|^7xta=42tIo3fFJ(7OK?H<f`wmlCX)J_1JKTw$dh$7
zf264)70wue3->Ds>ds(X^?p{u)vDNgy#U2uT7IdG_%$pe@NQ+qjkiDGz<J))e73EI
zFRQ3y`%J*_M*6vMOaR@R0~{(aW~{IUv%8nAE;$UHL$sDjkJ^D!?`)QN3PKUSuW~_W
zG=yyZ{*S)SDyprv`}PS=DNu?#l(x7PZSex7IK>@`Yj6)%id!iz0gAg7x6tAm+$B&b
z4nc!+^1k2qKjWNparV_7`y$U6Te6<9=A6GJ(oH)X-O5yQhdUS|0N9ROlOITu)Ij2~
z!Aj7)pZSXJN=gLbtm)<VC<5MCanhku7}Q7U@9EmgIeGIcfr)aT6*vvwH!`9KTZ4(L
zkV#}e0)qMR<I#Ov34PaDE+o`g2iUHIMQLG^r`}{@Ie;cg+qz;;f7I`^=_@ZEkynZ>
zVt4i@^kd3AzPku1>GM#>(Skw!KX_@Xbgg#KJsh78NJ&O=JUUR2GgH3b3-)n~YtI{Q
zgRr8C%NK%#)~D-3<lSeDld4bGj{Xh=ulhD!Ye&Y}47FmfotWJ(L-2ee<W=Df4&}zJ
z#FbFYmW2Kby6EOtvPMAXO1G2LXJ`@fS-!HqB1dhMDe;w}Kyd}-#%y)0XS5D0%CE`h
z!0XrgyWKd8%xf{e5#$@o^|lt0$4f_z=PBB?GtpKPt>!Un)O9I`cV#WkSjZIv66Q!g
z+SX4(nxfC(EAK4vB0G0R!<Ew*{b`l2HeC#=6uk`-osmq08mI|qbsZRVn<r<kpy7cj
zOWIlbSE_N@2enWUt;lL2`e&O`%*g@M>t5LjHbVj$XTsj&NyQ8D&zKvE{-j@0>4S=s
zO&kNT^)GJQzFC8pM3=6U79)Rb6_@6h`rB+U`aWz*4Yz=o0+PE!==RYJnZm=B%11X5
zU7Vs<I&VeqrcTt--xB`w$;M;MPPn-I2)r_$iJP~<%3Zb}FWkyLH}^cADWStI38d}k
zc8oD@x!h8uOm~`VWpyzxoZ_7}^k%L|Wa?tauAJIyc7i&StQ1b5UxYR{hxH-Z|G(b1
ze|&L{v}xBCRR66k23S?9Xm4}rA)~Jqlw&<w$U&%`L{xD2#GjwEsGgl{skr|bBtP(9
z#{}GjVE!77aL|;H7BcIWo5+azf4X3k?w4VufI%GcH1GUq9bXZlN)(&8v7DSdF3K$V
zKdrnGTEc&8UZ5>}F{7ts^DThXer5J3UxH8A3FfIvIc)<w2=ND&ec^5~^a-sVMi$d)
ze`r|yvpE?1&M&^M-=ji;@8(>wDaU874&eJ+JgA!W+^$4T7IM4OL=X3u>}O^xENQcB
zNy0`44@?Y=H}xY!xY7+>uvr$Y8D_iyolq$&?`@+J5sNslfLJ&;;kod}^t7@6L(|2Y
zy25DH5}(L9W0%BUgP4&t3^2cc93PwU<e8WyAM8N|KySH8=I(=`_Rj6}3*{+}tJU%8
zeY$W68_cRxH=^1N8A|^go8?bhx@mDVIs9YsDjOppvJJA;M312h4{*Lryq@puJ~|zz
zeJp+?(~e?xb+4YH1w4GZjgJz$ppmS%n=~^4(<U|TOnY($sU~hd$90a6tS*MgN{&Jb
zLB&A3WjcwdZ@qJF$dA5RJxHcv>#_7N<U7vA)NF47L?MTcb3ZT#E^CLH)qq|1Hq(0=
z%nz!MoE1sAxuKy=LR}K2U9M+JPS^n3&+OTFr2xk7c=wIAFCxB$Nh6y8IjNwmT1Vc!
z{zF<XMzzsc1bl!BW7e~9nak{<yVB2-s~gW<s!fGnnQgD~aAxKL@T9x~!X1W&NKJRT
zIJ$@3H`NEwdMEodB1HkE&8(E<FMvlNBjEt{st$GIi<l!%oR?5C!SvkD<r`DxF&kx>
z`HqNp7-UP?t<=iMv%6SG(=HQ&)ls^`2E*7w#M<Kt+P*=2yEkrd`ACx=(owMs$!XEi
z^g|w+SwE^n)Fsi&J4M^!W(%1lxRBwWNs7ZxLLaw<s0)k_VtU_>?H}TLfW<1xQ`eor
z68eprlpWr?plgSj1slc;JpV@dAH6iSR4(hZjZRM4J7P`vK)h4km{W1gE~HJx0wsG;
zB{k#>1`qoAVQ1-Sa}Zy4;RA?4<vLwV?5+<VgM!52Vu!-`TfQjPUWz=9Zs9M!XJ=Eh
z?mrLvG2w;lcS|QQoEvcaiQf4onk5-}JK>|Gsqt>@3alODD#KNo4=EN>G&kofwW~!G
zl*~<=lU?;;J72<eW}Sk6f;69lz%t(rg>T&Wi6#l^E6MG)S*&}`WJdr))1|0IjIj~~
zefCcYXzdF*bji4dNL9nw`5OD1&QWi#GW(l_gRj8fIs#o5dBj-H_@c32R`21|K$jPG
zWpn`MC)bNQU!H0Dk8nEiI|eh8-K`FvG)z%&A8P?t1m{7BoS?14IUnyOzz7k=@`4XZ
zV^gn;(^kLJPE%+y8<%E{CKMB)#i?DRPAId&DIv#6kDTGszdx@6d}XiXcN2SJS_E~F
z2Yk?d-^2_S4=)0}sP(>RVB^0Yn0b{=T-*Msi6Z|<H!!w6ipuwRgYb#Qj8mXAl(S+Q
zTO5<pV_68QcTJi!qs8Ou%Z$_~Z7Ng++qt!-0}F;n8(cYn!aB!$-aw|Zg1zf^<t`s2
z@Tb5PZJ5J41GHLVs*9gK9iMXF*nciuh3crO$yMLbmKDXJCd0|EN;z_l!6mPs2oRq4
z-8LNWo^9BxhCcU*DOhD5+AmE{IHlSX>nzV9(<;NHQrDc5<kW`iq{@sYHKA}IoRXc!
zkofj$nbpU^Tu$8OswCjUR&crq-BX@SG#xC>;+fBg$4!vFJ5k?As#Xq3fqBJUj~Hhz
zj`{A;*^Enr2lN>NGC_#`hu11aBXfH{BpfT@<<dhxBI#wn1Z)^P-p9*VLX<RcogA(6
zhdUo~mrj&~!axhs^Xya2!0WrOXq`uvTGG%?#_;2|26Xrh2~P+*;ISa~@koDJ>^UT^
zU()t=aJvl{bMJp#8Sb)qk#t63wo2>o73glKab4YT`!gvc!?y;7aqg1XtzQkF-U%O8
z@#$C}LQ#yubJnPyXNLZ29<tu23IIbq?7<F<ohFUzzqZVkx1h5}F!iXsqN8(0!j}(n
zwEH30-ddFVTm3xR1Z=qM%9p)U<1<3^3K|FxTV2X~eXSwiE#BRt)3xy<RrR68n-R*J
z@W5$D>+#zsHu?+M&oFg)doMhK$Rr28Tt#BqUintp8wZJZR>vJj3nV{=c?NzD=zz!Y
zZF0{S`Q=aobD^t$cWX_9jL4B!w>dp?bb=@Sbl;JxIh3pI;9E?PW<MViDBN5OJNY#S
zh7>u|(#KT$6fa$Q3w5k{N<E6zTu{>Ixs4gVYTZ}5r#BYrT$>HHZq6Dm2s9;z2s`QK
zXze(lN}5;c69PMmH+9kK$JZnU)6S0;<b_euq$JbR1OC>H|21#Fbp};^|6cb7RpZc?
zH}vxh@+zYAzi_wZ{;fHsZs3L18fIdGXq-K|CC~DctXN=}18!P-rOS9Gcr59x@fZU>
zxw;E2XlKXl7aDXCdzI6QE%arCih9>?38{w!W^X46%2)aVI?r$OgU_0iT3O1`EgUu4
zm#;;;3T@KA#d#Ylfs0Jb`Jce0pep%WWk78uVp?`VT!BySDQRMo%X-%&z0@VlTZyFA
z<^eG~O1uV|)DtddiM6W(D(0JeH4t+AL&GS08zFl+X^GhThbzjeZuU51Zf5D)MmPMf
zOY{x-?_dDCmdtkK+ZSEf6K~B308>IZ9>l+q4a?2UZYJpSBTQ8cyf~&BvCZv0fRVNE
zYoIPDQ_bs#eg#s`y=orpAgAmuzA|?Cb7S!P-Mp&crN+|qaXhwFx^5iQ%xC)z0Ll0K
zT741FxcZw<HVnXW00(#B0>b8ej1e1852sU~CCF$^!<FEB5oIB4(bxVw^uyG~8$Nx}
z<nMna@+IN1FJ?Q~^smU}Nh;vowtTryGKXqCI#y~t&QNaAXmK3g;hG*Z%geL!56ZT`
z(2(H-B*i<&ZY&aZW&Zl58VGZb#}s`cY5)|L(@<n#*2J6EN`q3IHJP?(axjNq#JR*4
z?Q?FB)aETM7=#|G^aiN#pP!jPmXPRyAASVyC$m^Sfq$zYDLy9&3YC44lE>s+g!Y!H
z<%+7aFXKXXcCFw^s&IFUcP&IW0XMI^)<}yLWQ#GjWwTRUyGBoFIJT(L%6`If2Jm+L
z-p&zf?;#Z%QCsplD2z==2w5LUSTO;~4EKB2cqZQy0qVDJDu9x7cwW@duUg$dIGfJu
z+Zh_j&B?!&hob4W88}1;kJYD(2FeAT_eE6;N4J~<FydVf;KKJhlD~*)mUh9tGGj>h
zw?B{WPVbs(AeCkzy)Kb7E3X@(KtjxtCucCD?i^hm-|+8W>t1%%zEU@y6wZ}he-W3r
z1DS&m|0MSUIxlkhejLH>5)NtN<~9a^@b=z$K;>iC5SQy6gKXQe7hI+t`150Y36}06
z{j&<R1xuqIjyv0mPzjnVbLoDc`{Y(OFLdFf*B)|Mkg3xANwzmt07e4ZwZRFPnjc&9
z#}bjQr_?_}e^Z#IjjkX64kYvtXG4S4kY#YkEG2H?{R(|AR+DYi-{jt*aa)+Y>lsJ?
zt(84L;{It@K&#Nj?H}}bDSY&S=BnlbJ}iQ4gI97NThJ>miT4@e_-Z|Jn;|{MS+#bx
zmK(wd$MRmJ!ZN1X^S>P1d$DZ2*XiYif2(`$OgVJe{<3ru?^8y@5}dm|!M(yguWD9S
zzULRzKw>hZ6h)Q<PzzZ%tCjw&dqU79C9k^h4F1WcSmTu9lWa`NK9dP1qF#;5cpXC$
zu@OhU<?NT9%y=$&#S=7uANQTWtRxu!9XstA;pY}oT@cNz9}_aFik$a-RTKDC<1NWj
zLr=h8f%B>PW0;8OOBPlZ_Rk~3<rWJ4UDt_8eQc^2EYGy-bc~-OZfagsPg*alI=++~
zA~F4jpTh?Ql%cOt1;pfDE-I?KKkO6hR^^o%n~TIA3SLfmsw&zlL=8b)ti}Xso_}v-
zuh4lvMIWdP?}XcFN=zrGLGjPF`IGG{<^tlwG4b_HOX}5p-b%tN;)WpOwwPlw__jk%
z9LW7;z<@(q3)sAHV#qu)F0X<2ajxS}!XvXK%8A&;iAO^Ra!`^`YVYO$#WLJObCF*A
zWzh8dTDk1fWBiRtkYD<_TrB^Q)fb@Dl}3K~{qIlQ$dxJN%e_Cwb@x2aaO2<Hn7)u7
zLJCrjiw7$!@w_I8=dIh@mJOjQPk#ycT8Q8NIqJvSmRMp^nAuB`4T-zNbcPQ~3jPP!
zo&BySV#K$j?_+sVcoJ@X$l+_~5(2){$LMHe>Av_m0EDhj?G%lusAzq|p%7`v<36{M
z)d*F{53>&c5sRlB?}<}AG7TcO)H!1V-Fj}k{Gu-&2hemJhP#ORKD?&D4P~a(%D7?z
zKx13CJcDjKbUd1RC<6g0c*@s2CcjGUl*IbFRG_^CeN*H2mBVxK{pfenA+NYJcG4gG
zS+;qAW_!aow6~O9r8s6^Dc4GfZcyS=!!3NTCLv@70D5Xn!v7JQ0Y`iE0ObcC!!1@b
z7o}ZUX*Bx;jRpu=W+mS$_ac!hN8&H3mRe>Fpb~V5Zob$;C6dmLwG?%>gZz_c#G)mE
zT5HsVJbK}zZIsmlzrOK|%<C>;%pnegt_wS`*X_k&jJ{Xznxl(9sxD4%i6vhk>WQD%
zbmTHuo%s1kmjw9N1_ZklKfKU=fVc!EHmr?1;jvrtPQEnteA+cPZ8%}Ea6lqD7E75X
zYEO+;pnIN~7m05<Y9O*pBso1JcEooArY8FN!Iq5<E1T_@%Gy32zF_a(|EJ}$G%Ok6
zULOHTRNgAe!;I0hJN@1Fuz%lJuMUP`aq5Q_r&hD7&M<^(^#iAu!?3vf8?Jkf5l+Qt
z0AqZEH9tx^th~dOP_lK*K|LDp3j*K$xr8}6-#@|P8%c+Q3Fm*j61jJc`ph>(A8h$%
z8Ca0L!TmaK{ZV&DTj8V4I0N&+l|7p&|M&_ndB<$%1mD~UAj06bz$u1bQadRS$*u!1
zj^Og`q=0DG>eHEU(d}qBWx1UFx=a0;TKukb5=H^bP8tQ)ymZp)oD-$#I(ewpw)p4Q
zXPvN*#GT8CeRUjdqht4((M8wjEiX3SW}7p;DdR&-6T7%uUx4^muA28#L2&(ebyxb0
zVC>6+WUmjH(P$)be)&3Gm^D}9t-Rqv42al=VD=YFZ)zSSt(oz&*3)=}<~BS}%~ZUv
zf1-PjQ0KS_Q_mszn$YjCVe2t%SSth{iqB8S7{i&Q0pIiAue|>QjH+9E%E|M=RBKzn
z*ae4XS;AA+(*Wy82$4rTR-xUWu%G3{z|h|j(cgSX;zP0sJ;C@``&6@?69aK+?f?^>
zj!6=k`V!cWH_m-zvy983lYwL)mm(+7^IdghL4#7|Hmh%=Y>VPTton=u2!XA2o`p6v
z?2>o32oE`T6;;P7qqYtl>no|f2u(%)U0J{9E3heK4cF+U+?4;`VNor)`OeqaU{WbF
zz%j?0(>H=ZVT;A(C4TCl{g2Sy;bQPV&uhr)c=p%!1f{>SwI8TK>=+%s(^z|80hEkM
ztlqIS##jWe+~;wPd5?a|VWKc?uMpk#>qHCo@}pagm*l=RGWPZajx}4Uff$U}rL&-Z
zbjiOCIl=o~XM~-rPKxYWk66=PSaAC%G&NKpv}qr0vFcy!$vhW`utP=Oujl$4E7;Z#
zk;{22ZsWLxPH}7BgZQY)JqGS-F#9Hp9h>msKR8WeSH6OS;*sBn6P0T_+$sn|z~+yf
zg=_bN^-WdlC|X$e0IOxKl#^k1ZFV@x>_~6Jy9XoaMx}6mCY?c8?yIlZ+?n<<D(o&x
z;xisQ9s3*X<z>DN-SHbU(DK^y-fyU>;>qwc3cbRL(*?gf;;P-n<{O<|z=A#fg4l0!
z)2Nxx`C>)@HfxfPoAkG&;(pD|AZf897%72|;kEZNd#!H^<K-L4g&qEM_vOHSPo0XA
zdJA!fK~y`Z5>x3D@#}+psQkg&ewx2rMAYH%k3fyUk*av+mCdu?Vc|&<)F1Y-<N8;w
zu+b@;M~*jS#4p|)CC_CY?^TEX<I(z0mu9N#PorN#eD{O>$|kA&^mz~lTD7=u$1xh(
zT>_?P)+|yWUiSJ#?T5*_^Jscd+?J^KPTP$=C2g~9>Gp<jP+(<w%8_1H3|o`??DLp(
zr<hBDX<o)IL5!;hK4pE0nJ`5}654!}gYoBAc;hDKgQtbQYZE4TtXctlW>`p$pySzc
zqNx^_zjjvQM91T}QUW<v&rDZ~C+cTmeyz#ByQO<CKN45r>OQFT2!r|`$JYWipDbrb
zCIBCF1OhTt0ruJAjQYrPTQ_Ij%L?>~4p@&t0rXh&65UE9(MqJa*K_GPvF-m>W*l+S
zt_gxrksw_;k1dyfB$#A9E)IhtAWBD*`sB}v$c_I@Y}sv6<WW+MC4CpEoTOjWxYLtO
zg=%jp_<)%qy!Swq0wW+G+godnIz!#UD;?BQ|E{xyNq0c5U$^wHqu;>`J*cJlq8xpD
z69;Et=zp?;91JW=2@i|1KovdS>0xl#r1p8Sf)B>a(N7Q`hgbe;<R{LGagt&KZMu6H
zc2t4wN_3^%FWBeAgF*)-HLgM|vd2x12j&!g-%0+G94*A^1svmVXK*bOAb9=u<BZe+
zuV~o6&Q$?f-1lym9atnmf$LnZ%evfACW=-(c2z-N9kv^v-eo+tC{fwf22~!sa6e-z
zBFw%e%C$0>JWFzTx*|AzP#p;@iHlc`5dyN9{B;|gBhH;3bo<Sy#R0YKV`%ffi57mv
z&4TRlG(P1{UYHdOmbKXWggl8$Uc^8&S}cEH$0*11Yx+5lE``ZHra1&3c@3Iz$447T
z)iBIGjMz%NMz^42f}5^0y5bntDEPU;Of?;2qp|p%$sVosxTf2{LW8Myg=f~oV7o?(
z04nE~&@VB(lB;YBb9O60wj8ldZ-*K88<tEkh02(8O~UUg*GmiKeMQxxIpM&L3I?Ej
zs!u%CK$F}e{V*=hqI*x_H~ZJ3as<j9rm>e_vSEYjE$q_!pH@56k)PIZc7`*)xgZ7=
z9zViIMVnro43VRNBC}vL$qti+o;r2SSi+N6bI!3h=?C;-)ozB~aq_Pd8d$l?&xH;*
zpL`r-%MUw?9<s?#!Sx=_M!#~Oyr{&k+VX1A$cA-(C39aC1;4qMHIskt33*$y%>Dp*
z(;xV<hSn>ofaTq*leY?ZG?`Y7A0!^kpO1NWR^+u@%5ZqaA4i^NK2E7TeWXdBv0*hT
zh|>HE&sgRA6XCDpux%E#Vc#x!(Wcm+G7A8Y>wEk3VsSi1aGMmN+r562Gvt-P)CK*@
zlK`Z?+I<eMT})X69?WV7Q!D$Pj1&DeM-59E>Pt<|wF~&j)e`*Le`0f|#x6yk`2jDH
z%c=Y|?O^qQtG>LQ@c2+MAsb!1<KOxs8Y0maG;Co7@1|w&M*aE2Mt#&HyxuC%MPGU`
zZ^~{lg=3)c{Bu_R3{xGaBiE{I<EynHm1fRDhr>gv(AQkm%?f_B3n`$XuT1mL)<3&u
z;56#{fnYeAocI#x=yjaQ!>*0Jj=R;t{e}yn%~;{e$Gk$cbMU_f@Fa@o-ZUkVy<JSK
zjSK<&SaiewpldqRTo_Vz#Jp&JJnfh%sB+WCGNh5#`_A9SCmj~?u)6&PnBj)cGwE9`
z(X{>EI%~J0a^Dj-_bhm;!QLg1%Wwjjolb<yNxE5bNuvL-vM!Ysge>@#NlW*)j)2gx
zqPzQfY2qg0+xRL0;fT*aL9QhR9$Do~G8(1F|HF{_AK5M2j@(R=j%|#tEJ?s*tK#WD
zx?Ld&Bbyr;%94uq(R&i{i|tbFj-Gz)+b_ERN3v6q|D>a%iSeHXd&=b8o)`(K+Htv~
z7QanV>@}1IA<&Q=bq|~@qV7!9ahmMAGr`pj*<nf6i2?yIf0EBB#@V4Ra&Ik)Ik&e4
z<vp<rzA=-P4~qYhN`l!C!8Wm&_E>0`iLIhF_u3v&m(jk#Fg;qP5G7b*ps7V_ou5&@
z$$IpjIF48R1rj57Pj*kRie!3cy0X5ggI`=}TPWpLy}A}MZ08ykl6i4P96S@zsivqg
z-4l#Wr8R7cW&xsW%>5&vsXXOETMl>wdV0BkPMv{ZLbYwqy*7QcX*O~npN-~A$&1Tr
zv?$?E)w*}|c}{+b@!6V`m)MP>8ojx<?XuQfV<G4Veu#nZH&f+0To`={kP6bz@iG$0
zlBLy5Tlqnf3;H9c5%=V&Hya$Yw_AO+2+WZxn_4b*R^=DYH$RrrCVkaXyRt(RMytbr
zamE)+&97%9OJvPvSzVUDVUblTB(3mnT`36*>*h2^rpDg`szFQ*t-5<G(OEHmV%>a>
z0%<==ITTxzI4~y{c|y;ptg^Jre1+=zX5D?NcO)fD6`aEFJ_ivF78~P1<Z=zul;t1s
zZRqAFujyS?6>%WHeYwxuw>oMdGe)bdWA?M4%!|qDnG4dbPo&8?ER%u8VEYyP6D^aR
z_1{bTXuGbgPlghrfTN4HXG`ia`Ux+vNJ<kMnn}J)$jGf~{(W4=(5560Or=)tIF-HQ
z1sxZmI02<8_!l*h_pOjd!h;`s1vZiP&V5~ekV~MZ(~$6(09o)6#wuJQ_*w*e<#02i
z)pER3MI|jzz!~%LEywov+8leDzc8AspsKlfl_l)#sa`1;e6EF(^tr+bT$Dpa_q8kW
zoK-?+OFLdCv{A7zPi(K1Yo@+)Y)<IgTFlnDsBgq_x9>V%yrO|%!_;MP{!HEO{ToMf
z7>`c?|AhG>GihUj<EtD8_UajrNMbw9S<ggYnI-9UuZpI|;_7y14G~9rVXY2!V9O6d
zrCRzu;s&1Hs?pQOQm}aowOu#q?L*G#e?GGXYGE-W0|TX}aC!k{gFl2f+ep5K*dCcr
z@ixZfQ*s@ZmaIiL;jTuHPPY=ekCejFZP*jm`b1`s3|sSnj7F*n;Yu$v3cT&|_*9Zb
zslZET!!O^c|AyN_$fUV5AM_3Ml-k7rIa7BWMd;r;CSU4VyiXMTTU=~6O#H1_pKurN
z#PfK==0T_g%6+-P-FGKhiEB|5Z@Wr7#YA3aU;vzbL8-TR-y@@D-teT?LXA~`y4C|n
z?O;A#BCX_kW$d*sSA5d&gkb)@W!CW#hi|C(fEOXr1?E7y_*JO0;NBO;sNbc!TzUq&
zN?+V7uHAx7?AgDkD@-3TypDYBbJz6qJ;iN+_oWCnH$lCfZ4J6LVcunZfcJw4q0^HT
zk^3cDMmP2N%&Krc|C}^%yLM<ANmtwZ;-m9aL?^pT-RAMyNRLLtRzOjt&?th5laTk^
zOi#owH1aDDJUMUOPaGka?ng<@Vwsm&I+nKPxTc*=tqbz17EVx8hZ!lArfc{Wk;;cy
zdkEeb6+GAK`KXu_qN`@Iu{>F?6)5PO-z30*KB>_}{<HUN_haVpmn=X-YBruTja<i7
zR^sgMPl9t8BHvs+-BJ7>D&>o0ZQR42H@ExO(ThK*_A1FB@z=QelCV1o-&=ZutfI=_
zZyZ$?W!B2L-H9ZLIZD!tUU_3Rm}Nx3eMWTjb{KM}H3?E>q&tKwk^C$f=hkMEjl;!f
zPBM@tFs4NI_eqWV-a#tRv>-r9i8Dl_O|zcP`h&8nmOJI&oCyxH{SW7~mFY(37P6`4
zEd-17yRJ56uX}7MJu9DcO463`8S|sZ`vfy7e?58j?bdly{WB8>QilDbQk;9mOk-o=
z2WGNDkIbhvE`O;7q682mj<#<!KI<3TSZi+Xz&V4+^K7cR`GaTD0`>XipF#|8<VRCw
zP_L<8(b@;(dbRDJQ29x+T;(=+UGh&j@${7ThcDcj>E30H2QdEi6!ZtT9d85s3|(?p
z;MKsQ$}HK7MbP`<!1CDFIc1#P854q-i>F<O{}E6ByE}h~>}qJR-Mzc>UbQ4H-0QP0
zI4S%GK_lBiMyfdfr#4PGNnwn*E@g=jwSl#~IIiSABS00OvdidolAV9dVKcJ@y{CA&
z<fzQXX?c;pV&p$YlEGhJ+_t#jc~-=Qu2FJ3^2dcx+*q-svMojR?X@q0W3T_OtaMvf
z$l?2cC^<DNC*KZ1fSMIfy2iFhA@7<tzjxn%{)d5aM|ybN$t;F%s@Bq`e4_{+{nN>F
zPukgew8|~^)Fj?{Ej2rMXkDCJjNlB`OkEJZfnvY5^!ZkJF47^MAv<JdR)h+e{{+dk
z%@mtpQ@lQS%ZxrVJ!5X(rw)i-$HulO1t`7s1%o|_f*NL7$Fi2vB-V3nQ>aq*cRqjT
zrQOH%UL3!mTC#OODoRMuHfP?ZoRer`Bi(j=0GCimCCmU1PU0`SrK|%ex9yj9!vMa{
zq<4dT2x>vImT@}+lEs~Ijy~d>29#C12cUvD*z}>x8oEwFk5fY5Q9Q}FRqgomM_}Zc
zdz;D4^+H#O@Uqzy45;KK?jyX-)AjbTIOP>i``ye|I%b+v8$!u0`+3($dU5~e5ZVac
zcE=kpMl|)+(v~VfxU{qrR0t@{b~C?q|0al(kQ>S=nJDh{r_>`7ud!`w)3y~Q4+PL5
z7|3{r&pmIJcW=qC4~U69)}=WKrtb@!#(0BD<y0L;cze?|-yJ9F5Y%*ad%20Dy<2TA
z(Bye;8hugeD4PPv_C=1a{wRg9ige2x1i{uz4(Y`|w*kGvI(uL74*Z5FKqsb;39;!k
z_d%(2(e~Uuf4sx^x_)KJt@dI9==zXV?QP+FLoWL7$YD92v(~A9l>yDycQXj}tlj;;
zwW{Jqn9VtvW|}Ea5K&Af6|PiWzJ);r@A)d`ZryVX`EBD_k#wEX%w9Ej2~H;l2it}H
zp)nrwP7Q6GD=4Yp0WQubhGp8kC%zhE7(~3gPAHzMvAFO^aN$YTmFGvEcj^)re;vl@
z6G#vLeZ5`x$^)=!`N>G!w1YV=9Z%c@{o^QCs}|{3MFwDM5O-I_N%52`5xD<?;jyV3
zsNzWgyASF#ZC((+j(LC3G{5pr?8Z8czxwutFEy|KUze25Q#nD=Szo8vq89i=yO&L?
zT$ltISOS;9NojDL>bz5=e{J1ggj(tnlh#Lsf+6<y@Sw~rXo;SfM3Kln?5uPkOZ|M~
zINoWjs)us6(<`AdiAgWsaZSWbVu5asPf*a&O@gjD^>*xh&bv2%MXp!^IKSinN15@c
z`axylSfVfgOwZ>U1k5PV>FL(%1p&BnoE+G}I5pedD+sR}Knu2b!SqwW#~lq*4N9~c
zi^jG4JC6FN;dt5COSKSt-VOR%RGM4J2XD<(!sUo;S2gqI{-jHq${lXdRO3#cl^)mM
z@{<_AwF?!#BC_7>xkC8RUpeE$B-+>rn{wpO;@?^2V~*5=5VM(^PE;ftF`!OQ#TFb$
z+Wk*ArqfHajuJ#UJxL91G`Y2So>SW7VY7`ONDe)^hW@xHAaGTDx!d3V-MgG$c}K&O
zE>=1U*Tdv+CG2-S`>A6<;Yw20d!V($y4u=r@OfYK0hjmIanIb}&faV7osM#_z?sWo
z&TP!V)ju1AH=TjIh7NKoCY1nda1BLc=6FR;<8xd5A+IKdKp+o)zceqp^|WnN;0E<m
z7A~&9AD1pP86{3JJdSypoKBsbd%^Gatz15NnYDhWCpy@eB-f|!H}4pHz;)WJg*Xsm
zwnF+mmsAR7O1hWDb}4++3T`9LS%Mg&F9}Az0VtpcHHIk?UG+lDqpm#PC_XoFixMk)
zeidW;qFgTgmJ1s)aYY)w^|R`mZ^)aMnTxg#O^0-JVRcsT`&L-Rh_I{nFU4ttv8~#~
zK1#$^qjK|w5Y_yE!8s51qTzpKJ~vT|e_12x4}|NM6ez6Nr4Rsh$jhq8RJ}L-^1lE}
CuZY9|

literal 45164
zcmV*OKw-a$P)<h;3K|Lk000e1NJLTq0015U00?Xd1^@s6PBlyq00004XF*Lt006O%
z3;baP0000WV@Og>004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00006
zVoOIv00000008+zyMF)xujNTZK~#9!?45U<Bu9Dozt!E7HiyemC!J0w>6DQ`IU=G!
zB$2Vf0Wh{nHW(XYFt)LY29txxNCc5V5#=0Crz~C0dtt-mP8HridUkKa>`w1a@1Fgl
z(q}X`q37AEu6pwGd&CPq^a8^S#`T}LUeLsFq>`Mv`cw=Ctu#Uigb)~GFvcK6^!r8|
zY}*C_>o>2b*<pn;q);g^SR7<w_d+boqU@Gw&9>6h(L+nN1tA0rx)&g|Bwx-G%CLFD
zK@c!l93+#<ux`~lmd#s6drLb#?LG8%^wQnlO>cWI%NHz1Yt2x3h#&}>ChWML%TQ&A
z!SWzWH!Y>Bt&40bOD>b6;#DYA3j|@n-hsVHCFw8r<9coagk6`-dp47@Q#`fnDF%uI
zw70agVe1A4iUXA0GVQr`vgs`QhW1f*%VfwTGh@<luyl}L-1Q4=VPk6lIl{rRER<3x
zt*~vI&el%cAb}bCzK?C&Xf*9D?VNDL2{?{3va7S{EX(FC<DpFt@#xk^kxHR_nE+wW
zBbRHz7B-&m@zBPH#(qOUd#)X=H7PrVF&f|Vn<pFuAsM4dr_z&t$qPIHvgs_^=wx=a
z)|$e;0&_i_!H-{$+`k`Z;X?BN^Oe{aF6GC~5f-+Mvt%)LS2yW($4&WVfxuw!A9<|#
z85_?-ONBrnckDd$i8-{nMi0BE8xuCqG97QvUaYEz?&(4oiw!RjwvF<=<_WWMWyFWF
zS#*BXCKCco9f@fmNa8qo0|Pj|kJZ{rxP3=ssnXGbXIlvnwk$e2IuN-WM(c(bXc^)L
zx_QFo#~-KbU;%ODaz6IORKp80woPfjg10uyxmsJvh&I%sg$NpJGZD*7U~|cA1}mF`
zo*o?KG$u?!EHf;YS-)cwx_FSi*`YaOnZg(|BP~-5Yk@P>xj0PY@DWx@P5YvmTr**F
zo&Wv!Fu${hqF=>eCP<?3qchXW!NOn?%AU_QvyWm>jdejsx&_-eNf54Lr7~y}j}1yK
z6A=>P_El@l@>Ck_##33XT#j8~z<Jv?HfOYXL4a{mkr<3Ij4^mga4z5XA)7;_Qt__P
z8sASq9xG#bG(R-=2l-=Py3^!~zM1Z5dd7dac_X$kT=C-LIC^Ez+;OfjWwUL^5dZLB
zf8eU$J%LnuZV3B9K;8`*DEWNtJNNV6Pu#?=eZ^U4nU?DY^ygg)6`#D++<xa)Ui;o(
zam}sUCcP*bkAUm4d55A<ijIg8HuROb?=L^VDe|$pT4pf`Ez|WpjN_n<!QhZH0srpa
z!t;Zz7(bXOCTs^6odg5%uxUXVhxxk1f0wS~WO*R^H04ZC|AZw7!UV*k?|Ed>X^v5Q
z`9kShmg&-z>@zu*8NzwqRzB(8M4KIgothh#d6D-F?;Lu7-9{6LxzmK4@1D^DoImo$
zl54IW`S;#ey>9X=f8L~FZj>T((g}4x9B-&6YnX>2rc^==PLxn``_9=j%$4t>3&pxd
zxh@rF%`m50txj7cR;$&f#iBKnqmjgMvb-6XoL&-U>ZY^K#~Y<(9=UV#$cI~3te#ZM
zY~B?ym6loOy*be`>uR2}rDYC2bjW+Vdlt1%ap8p*&gf{|a?35vSrSSqPCM<ixLyE^
zF+B9pL(MOB5Cjy9MFs{2CTyZ%VxvcIZ*MX>m+$)w4Gl3g6z_gomX*xry4tm9?RU|I
zaIEig5?`ieTq>@`F-@Oi*CoAq3%XE@H{;F@yp)pw1MxiC4YB-~07gnYl|U4x`^O$j
zm!&|*JXMxL?hfICre_?0v4NP!(r7#{kzE}ESrF-%ml&dJnj|chX8mJ_A^h`?2Yv;<
z<mSJ9J^&Ye@g_*wG4A=rO$rG&<g_JSBX69%paYSzdBwU#6ImuvaOPmK!Y$1TiNoc+
zb(D(2v*X8$zjb@v3wm18Y#%5#f0Nh#%g@YtpZxuZ26^H~e`!wruiwqOmg$5jHkS^0
z^|n-f9I06Jv0v5IhB~q-oUr-8HGO@3)7Go|`udum@u{EwEl$rus)3BdJ7~!`$f5ns
z&-kgQo|^WIpL*)4=4br<J04-x{^<$!Z5y9%o^yTT&aH6g);VXH)+K#8zIM)qO!hpu
z>!G@jrq$c8e)Vp%dGj95KmRyxyY0yd&!76#t7nIE{on_8@a}iNkZ*tIc3%Fn=kT5H
z+|J8h_8h+b?b~?y%TK59im}m4tGAo*iH*(A_;a7T)!cpe(_C`NN&Ms|cXP!RXN`Hj
z>8AJ9^<_Ga)7*@|^{qefH-GbDzW((;@a8w4H{p5kq_N^pbahfaaIpE^_0f<1%B)=Z
z59Xi$`C8M}_3jDJ^~TW9Q1kJhrAyysKK}6=O-IMym=AyW+6m7Gaz~7L99*!@JhAY&
z<_T}xwr$#+YumPM&2z53$DTuLwiOdIh$XTa_Ij1(@9~BW8>T(u4I4HzJ!5f$m^Y&z
zxzzMGcbwK;a2f`Mz@DaMetmQI7$wP`c4}M=4~)TosQJ81#{?m|SVE06%tuVraV**H
z?ZpHMSP~1b4X{%~VDk8WifUfazChxLNvua<p~3*Vn{`EmE;(nAYO%o3EjE>H-S`)W
zbRJzKml1Vsxj-h7rRcfjGFy;47qIuH9hmvAq@$ow2fqqS>gdm+6W?v#Ft<F<1wt&<
zLC0!`ZTDV<`_S!JsteE{bo4y@5FuU?nW&!UgSHtwvdFylG-t2$kxMsGU7DfA=!t$1
zrSQB2JOW$J@DSM+jQ2Dp%!q+r2Fhb@u&A+2&6Xq*$^0P1q&1}D8RkZ7{3QHb%4i-f
z4IpTK!%U0tkN@rWGrRJinl;R|Vcn{p>2ORQ-<Ck;ODGNHs${6_k28~MzRYnPq`NIc
zC`}TZE1*#IDOTfc7|SA=&9(U#@29w60fj<=(O!vR7xDPf)z!s;0|%NX?7A+SH*cm;
zi05+Z?Cc~JH(8~TFVh%<j_J#kQYMm|aM-lW!xr#5Y#}~JN|{J-qiN6HMKAxt$iHv?
z)!)vZXK(x)C$C#NH$q~<F5fXQM#-Et!sC6JLxsj_O%mr=tUco+X2JY!3Pmp-%k0c?
z;NTEX-~X@8-DB7F*}U~2h2prG4m+pE$;Hn094RM>ssY!<h#Wdr6vjj>GfW^kVLZ#s
zEPVIKV^$6G@$4_o@k}H~U_ARvryHBAv%)e<`CTLbo=sLNF1+wF6Ykf|H;;9yZGGXy
zWTT_5|8cXy5Y1_)t(@{pxf72Yqh?muCy-<m1d3wOV_={>`90l!s4B?mO(@C8_XCE8
zDhv%xp4hGPhs;%F*~lP)UG2I){rwdRh3ce&L5`{lGC<(^Nf36~yg8&Wg>VSA9;ynm
zJ3H{4B&vTr7h`f$Ynh`yGhv7q>LdvJ*mh=0UOf`VH(->+m(5!emhby$%}CvGJ(fB0
znI%9QTt7(SI0dBBhID!g`#7B%XP76jxr|YiO1s9qIi6K+DkPt5<XrHjWfR^UpZl}w
zKaQPv<@@(FYnUreTRwFjOKSPaV_0UmBZ(v<B`JDU1}c+Vi>m)nlDE~?3o40pj38jB
zT4KnZoLB4WsCz6d!X!4A>$~(<3KYCDlcfucA&epPlc+KGJT~|5q2NtEV|8%Lp+6$m
zi6>JDvCNj#)YU(u*{PIxu1bQikDaxqCOrBxE%E&X$`yRiN7tYkCS#dKh(ixFZW78~
z5C)`;CT&m7GKG^KGy6o`O-5--I}c9DG6!~*lGifxSH59JRzcU>e$=F4t`*Lbbus_U
zh-J#Xk0-FyI>ZF!aZG|qYs{^dZj4SMku3DF+ycgpmpG(_g$xs@;;UAxCYQ^N-Au)h
z`yY-H_s=+a1-%_(IhE_Ww6wG|caMGFXFTC8+xGJK=7VTu=<RgqJ!xg~Mq53T^N5v;
z*}1Pe^6yzOQ_uR&Uz6%>$CZ=JVq8*8&dCrCG=HwG!1FOiBWfGC(Zd*>432;w1Y|L!
z?08WajY*DW=C|}Q*TdQHSW8q@KWa|4F$iO@j6n;56c&stNm|<UjHNnM<zozCYmR=a
z9k(qTZKkqEk1mm_xCqO_n1rf-2t!nVKXM?7B|Ul0**st^q$R(P!txwhr-M^{IPrmp
zQI3t>+k+|=6JVLXkDV`|Yr&A#s^Kzr(t?KVWvb~kCDH_ynoefhs00|ugzBHc2Ocon
zpL>om#*91<KJdWoSN|x_W97YfuzA6<k!LlIQ_W8Gk1=eTw}jOPc8@%d_faImGLL=n
zm#{NERNO-{_Af8~Oa8ih5l0X0<K3_QC|`f31-K{L1GyB+Pavr2dmh=886)q%@k|Ti
z(s#mZKNkIajEZfNf#nE-fV4KGQ}&qU{`ST;5RkSFSYiy}L@Gm!(Ub<a&ppfBwQ}2x
zE?l~`*%>QI=Co5{Dw$E7!hh)D1eQ7o(ZwQaU~s~*8c}IS4ZF7|nIt3W2RK6o^iaI`
zv9N69Y_QB{3nuH0L|Eq9PrVYmJ4YoZl3Z&#hZ<_$2V(iIkJcIy^FOUMzMGg~Zb;kl
z94guvf+R{rjh<+j&k4)ioj+k_ER!djWto%Lm``9Hb5dhI+u(0g)tJ|vbyDDOf#;DL
z9Eu3XD40wN{EeZZp=tB#BvRQAU&_rNAK^c`BqQeoUwUTD8-KX+4eWi@>sWHl)m;3x
zAI%<NDGkp#er$2%u%UkPF$>4@Ofc}^6Z@Jc97;u@>@$!*B;1E_Gq>!{Psr=;?aC3#
zB*13;kbKD}Uplm5hS_JKG;tHzwv|XVZe1;N*M*nPe!=ACb1tMq=?Ow&+mUPQpTC5V
zjOrFlZdrNs>=#TP`;sq@G0feE|9&LSlsn~96Sd5Q40Fr(JhV0=zRJ<|QaxYhtQzLS
za2#Wd^~4Qxttky0GRz-(=plCJhZub5p)v0#&bcoCOz)UC{$tl~xu!pIs;Vtf<h&lD
zQPYOG(u$K795v;ahFNH$T4tyvrJ%~7H@Vk+H1u#{TBaX{6ub(>DeBZlGnd4)Owaci
z^h*?jYF&IxU@Y`-QV_#&@G?h34<`mO90xCRG-O9&5W}A5k!nq$r^@mjMOcIqKLInf
zZuqB;gKOlG9FkFt@Xr`Tqok0G>V<#CYn`)!Xmt2MDqiw0H*oTiJ#ndlF>KhH1nzAh
z$yWjf$0>FruFP@jZBKg!H-TOQLP}}s!E)UGcm&IE-nxYoK1-s;d_u&0&!Eed*FS@-
z^$*d;@b(uU%hH}h-$^23KEY^P+LNQd;PJ)_SM!Doj$-dXbqvwOjJEM6=k|kDLZ$iq
zuO7#?EWoh+V3i~0w<Kz&PDo|fwdY^lv%~!2o*iS}OEi`J)W7-}xt?YClYnpj`MB4a
zl#M&MI{^(O^vN1SdR#v3Fnbu!UW_q>N#ub%_~3&xTDIpr=Q-m4B+EQ(;OG-%p-~F=
z#+z~PxCgW*`@HAS@}f%->2#umC$P-?7rspK=Rc`cXhx}WZO?x(J^%E9L|LXa+71f0
zY@_tO?<0mh$OkawA%=X)Kl$+(B|b5@yJ21(Y~6zY^b=ULj#arR5kCFYh+jK#mYG_*
z6k(+?GK3K%1r1m@D^|{)OEG=iv2?uYEht?^>k?X*QMyF?<*y=p=5rGzJV8jz`|tlG
zb<EL}ulXe?P3ucvNax?aGjU($VT0v3`~{OrDTEMMmNkhnp)tmcRQx5zGVi<ZJ|2AV
zL8P3h$Vn;Luwest-+gzoEOX<=ja+~I^`z5jRvmdH^Lu*<Hg5)PNFQ|+m1>pSZ@(R_
zHS_1sXYJax%@bBiQ7je-f`GHnJCFGt9Sr>QKjW`okAoq%?l?L>@=-3l<Pxs_;ScHW
z?@y-idDxe^XU`r}HO3Ua_I0!ClvB)si_SMsUHn3G<LQ^0p-+9vgvOZNyLTI{b+Qrj
zB}<l&27Y_nX6(JY*uA5lHw~P^<?h9N;jSSZBukerMF^2>#C*@5J=kcTKJA6P*t(oI
zw_eVZRxi5ba&X;QfW_|JyOY&2Z@A$G^V-+G*8KdMpPFJ-o3sDqDw8?--%RGHkDBMc
z@|$K~ziaNl{~mM26<3&F{NfkM6-+vgLn@Wxr$75Sr=RgWZoTq#-2Ko_q*R=F>Pjl5
z0lxk1@3D00Qrg<uk}H_J@WKmu`st_1WHR*h^x#-<-svkw9rg~+KKpD21_rp~l1q5x
zkw=o#GNqJQmNg~kQc8`07c{M9s{Ca$x?gtJZ<?(!m*AWn_wS56Y;r>aJ`fWkObPUO
zD}S<F_8yE$B4RFm94ikdAMXlnp=1(}|Gzz{*86ACG<yGZ0e8&4FLU&Gw)fA>S?067
zf9A?e?Ktt+nO%8HlLeDTDSBd}vJd+*2a`Z$*Fiv7EaJxmf6Mgtq7!L}=ll3WLj*BV
z*|99bXY(?fwU6VDM0BoStzF9k+eTL6K~XxbtsGD)DbAH8w(*w~=kkL9lTKsJHTat}
zhG$C27eqGXMT4JxrRn&ykjifyN<T;=at7lIy5HkN7V`g<fwaL?1#MRZw7*7D{C0}&
zcmKROu~_-Ng~*;t+bct?P8;uz$jfLfiNKIPK9XA5GZophC8euVlz;m~0)}}yz<<0#
z@Z=!vZwyJTw5Z(Z;2aS`+7N8a&~l-~St1$yw=^c~fm9MKb11;>E}{;W82SXXzB0gB
zWuy8cctdAJ6{|}!_=z;S;$tsx2!|5b)!Ek+NmmXMrpu^<Q2d&p{S5)_ua#(ND1ARo
z;p-`^t}4zFLu$2z(@Mh?Dl^|)Lqo@z&Q66cm5_S{-aR(XGEK|*3M?pHox*sKJxAdz
z)>s`K6bd%o-A^{Rx%PimAqx)Sjx=(=h3XTuy*eblR$_ec9uib<bg-{-a29A%D;)+p
z6A1C$ws4JE=A=<27b^{&@AUE4+lZ6}0(3=_J5!PWN*e77?2a6}Wx)CSH#Qk*b9{_3
zq?Q{Ne9c7_Evh%Cu$L>GH4^uZH1dGOg0Fd`S4B<LeJ2U&ln=<97_#`sA;D8w%2%~w
zwWmm}bV#pousR&d*R<k4lx5M6L$ap@ctZ&sr_99xd;hwRO<zxu|3(@sS3!G%o{Ep9
z4FlyYB4f~>7IY2-w7ok|HkF2-H+hdQeACrt^$`b{-{o;IpJnro`2e)172nzV{YfwE
zx#jxicJ;DFgS`87A-AqS5-r+TvnrCyg+eFY-@I;Wjk6iTFFWrsHf%hRn{LW+#M)h4
ze$In{;EO*ymHg#jiAs$|ndeq-FX0nUCcvw4$roIPiXJ_cDpE!XMWw1s*Drro_adbf
zIL%?GIzPGo2;TF?C%JJ6Jh`QXk9_?k0Qv`7893?mi7VXIg_{Ik=KUMG`4?Bx-T5?_
zc7Fed6<`cqZAE$?d7$n^`FtL_n?qF=k1t$i78o$4a=Z)L+c+R#-TvLp?XJUy%D(5=
z6KTn|U_7tpViHrjokTXvo&-RZ4<{;ndWNX%LGuyw{O&yfbS)cOIX+c~$)!JU68tT{
zYd878M*z;je%j{G8~Jc{J4|BGN};5TK+i|}v}UuzWXF;v*!vHlm7;UWlCfseEOwZ5
zf*_z{$>RF<S-wv7W>R^X^<X)M$LM^_5tSvWyv(VL?0PNK63xq;$`+n*j}ywvoSN{g
zcbJ@v?re6LoGM~Is~slyyz;d(;?+&F%x4QG8_xRKro8{>e3|2`e;SQhtNv;9m|a+o
zDSfE3RQ)qo!`XfO-Z5`1{`Jqe=&e8G=5N1|zL&jv(hHX~Tm6GlWKKSD%$p~#T>wDl
zgySbLO)&Ty9!-X2>TxV{+wS}!)n_~`M^Y?v1j%TWVmDNbc5U6ZwU#w|upB2|{`J`}
zm^}8yUnDf?3FV+|r+u>S1)c2~Qlk0eRJUL<cglaxe!=9H=bTNDN};Qf&3nZD9V2kV
z+ZRp*)V5l3>`G#Dd4Z3yoiV#tOr>RNgBK(f{>kRXzzC19&vdGedYf49AH!pX{Ky*v
z4?RR_a61n@^bmVTy`Q+2`A3(^e)tH_B*!v|yi98*LOl^hV9RsQr9-ONdbQQjLD8`j
zU?8qbI~J&zeau6NmxO)nyB;Eyirqk6$Pj<FSmu;7o=uiHCE?j(nRBLPe&c(8b?AHw
zfo%+5`_|-vX`?hwZ#R7Z$|h&5H7CzMGSabxz%qu+36q=VMl0lwUCqxpRFYEQa?mTI
zZNpNl!a&z<IyPv80yD1G#_H?@nM94b3>fq)1hT*ds-O0QRrJ9;gGXoRcuHdrg0aTB
z3S<(!23+4`U$x5f=WpZ{PZn`YFF`N23HooMyz(IJw`VY^L#_#<6@f~qtwUb#WiYjc
zhqq_2FTNDno@41(zKgqfCz;)?V?q_8wFPg{!USgQRSE1C`obJ;TY+O9_&qY+igVf!
zne9N;K*o$^nQjs|^sbN9lIGr_1srukk->+*$Jr0(QR`eXH>5zQsPbsUml@(G;5N1b
z-$S4n40C*W|8ZQsY5{)QqW3EqtiBYa#Ml~hZIW?C1VKm^LyKb(3Wu%10_NSZ4VAW`
zPTrA`Dj6YRq@u7nsxg<Az|m8)P$L!gyx!&spLXDF6W+XR&)7(L-y7N{Ub%B~lPptd
zP8)}0ggw?!&zz7;-Y^eBMR6RG5qkR=XJ)vgHF?9_4?>2D-iR?C-N>=`Sm$NphI!Qc
zC+|`y`G*==m^`D~mg#~T)4?os6KOi+vU!IZYnbb?E}d{&=NK*1O+?G|JdERvL&q2=
z1e8u*%k+F7o0hS?f5zm~o3XGQ32B*@@3|9vnG-yi<5^}BT4r5erWnU7NB90otdT_>
zh~bAG9vjTuTWDVJKWmu(@fqgMX@C1G7W8&fs03qbed_gj1n6o_b6}v*JYm=O*wQB`
zRO2y)&XyF8NrG2bJ;-EZc9?`v8o~r3ZQ{<QN1ElMe3=b5Ma`Fa&YrE!R{uO}n9t34
zmSxVJ4`g&x-u^%TGo0g&kD66H@(8_GUO9U#bKON>XTgFlmMqBd73q^X{&)}q^~i&~
z?ys)lsm(>O4{d|4jw}au4<w`BZr)c$h92qS7R-Hjfn|~2v4vgjMYbHMkg*Rb0wp&@
zi{>-R9nbYJsWu9p;YVsMcl~fTQrKKH|0uKuZ7f`KNG)=-jqnmkWxw;t8q0KD4y-<z
z%gieYjLr4dPg$^e!^GW~tFg?j&9Y42$2bwoT(IR4e!DvQVE*PuCQmX-tokRHgH#F(
zEZMpNVGMzjo+R$1@yg|dSZ2N+%XFs@6#D-z%N&!Py=PyZQpKgSy_H4t+M}+avn?d5
z{dxZOUvD6^E2LB_U--zSw9M<8Js~m7{*2Zfb3`xic<W0z=7`=Y?_(k?^VG|}#e(^r
z9Nay`N8YlQ<5qX`^xbgw>wki&Q|H#zk>$X_d@`JC%MQa}G2oxR{2;%(X(P8jSzv$+
zHWM|Ck{gmrf@M}c7n~FV!@e-Z&!2FCbPX=5j+Uu3p>&gFnXxv-Y_QCD%HC|S%vkDe
zl3Hed?zK$kv~w?-*_FTeNt3P!rO2Fg$aiUvG8dy3cr~WMp@s|oBMBxM>A@ia47-$M
zw^B$Gd4en<SZ>=awH>kutR$0+oLXL{Hip~W3Xg<7ZI*=qidu6*D$N^nZD=9DPNw(I
zNFxi11(Y^~UYSbZ^Ndy)V_0fCgsBY5S7;$H27*Ko$y}H8wr!YV5!V>@Rg0V?Y@Tq-
zNDME@wR1o#s;%v$gawJEvb!$rmW9!p46sxP`jw>BfEG|zk|mZ!&VV)=Aw#?*QrUga
zhg!ruD+FtWL)q5sv@9fWs_oDs1UX{}jH#uvClxWTu}mL$UM7o!pvQJl#&Bjjg9N-<
z<K8HhJrS1aLoSC%rw~9;dz_q#!U0tbjP96b66#|vwc*jB!vM>1>PhE}76GHYTa)ix
zLjbq@rg@f`J?+Fp#5!y0P9b1|r@qEB-G?4XfMo_Dx>!OD48fXtnB#3w3h^MY>0q69
zY26T539-zf0&1v$+7;j|R|q2rc01VlIxr4Ng?}zv^cog)%*Up{H%~5Ol>&t0V4mB;
z8*g_giOd+UW>-gs1M`M}o0>JuJvMJWKqjbSKmWzpciaI2taHy}`&GXqAKGIo2Rhp`
zq+~S#2I9FGA8fBm_0BuU76vg|Q@!ghWYI<IG>AhpmKapE`7WYj+qP}yh$D^w;PH#k
zr}Lt-0Yl;DyIJ>#+v;AlefxG+ty<Nb2{StSz4p65A~SC_nfYs2``yW#(If``Hu7TG
zQWpH>TMwPtNyh)}-ar5J>#?fsb$@@TLCFh0_4l(!SZd9wM~;g5kBXL`ctm$Sj>-D1
z2{_n7X(+iN1H)lly?sO!Y};R+aI1UUGlVh$M6w_V7^(#1D>buZRJ6QM4eD@Akw|)^
zs2(`U<Z=tZ6d+CjNOa-42WVOFNRxfcJ(pZ&OO0@xKeZFzbCO}1bTU!)PC7z7F9Bum
zq<{Da?6w6|e2D<^Uwu2nQlax5U!73+-I8%o<paRGnj&oZo{!OBjYP;Th9l*}?}<^*
zMw3W(lM{qKnbD~1qoU>Gk=kLn!(;-4wNe!NHjcb8I$A#Z{lq<cdoO#{jJUy)-(1tA
zFSAbd&lG<rNhKK_zJS+Zi<qyw>?<so-#IqPh(o=O>-#d3h?v()GMZu}RsAzblF{Tt
zDvgq}(8yx0U^xz7iRjknokzB#b6OW|EhezJ4qGbwbDn=bCJ3hAw&9v<nj?%-WKK9C
zvJj=jXpL|jL_Kijnwsf9nv^fISVRpDl3KZv)Y7HMy?Y6F?mU#aHrg=nPO@O~zyVrb
z@)Fu!{c7Cnu0vNUh=T`_`y%+!F+c`M8Rntqk()oCj<>vpq5t|X%2!>5XlqBL99o|L
ze5!x=12|4J%i8QiFQL55j&vG~q5RXIA_oQ#g#z90c`xm6dmC138~Lw%IfCD@?I<tP
zPN@1P+`JitAbaMS6tBDztG%7UPk#!GVd(S!eQ2q*#z>h6NQM0;?d>0J-MIsUp!@GX
zfZg4V-O&!dPvy72Mc6hB_a86@%d!{@0<Ihy`dD)__I<D&@}K$?)f;ajz4jQwJ$sOS
zeTYnE!p=@M{FBWh+S>`9e1hPyM<JD(l%XUZ{t=nXp?4Gb;fAWy3%+vGj6~e^@4Tcr
zEmLaEsmtOe<Bu5TNo2l+%24t`1}fv)rHxW(#~9|V8A6qmVO|Z$yYcR;C6Y1B9oG*S
ztOgXkFjgCL5V#4H9f_fxYfM+CoR(ppFF16sXcnXVa2e*F=YzIK5gw1jHokk9!b>2#
zDbg~<7|=rM19Di=LukBY(5k{{wj!?1rSX%fX_Hb<NL`;3Epy2iUpm7}lh86xtYeth
zV_k`BnWYkHIND~wNJt+U*}%aT8{r)K1CrG;3k7tc5ak6}pz?z36_G;c-krnh(uaa@
zNotv?p`i%-!x&mG3urlCVlOcW+c1Brg?GP0>E~&v9pA*X%+$7RQH{BV{1-uJpU(HY
zk)!38Ifg!$#RPy2Rz5*3v)!^r3T<>jpawK@qW~$;MU5ITSRDp5iD{XR?~ST4H(<4a
zk%qq4wqQJHy*$M3Q5ZkkU?NPa#(Z>=QH?Vef0T`6qJZM}GKdT#QQgF}OgEoL%c+^Z
z85Pkpo`;)6UZ%<Aczn8kt6UCZ0_IOj__XtCNk*!+oHk@nmw5L&^_8yS@$&?djB@9l
zKx&C5+-spr0$qXjD-`}Sb}hSTv?nvEBqKM(=`N6a{sGjF9D;4pOy%}b%zD(U6Gbxe
zpC};@R0%g*r~?)v3)$yNyoVeJ$1ZmS{+0yGlpf*s0^WU9M9P2znG-^)H>9F_E+=Y2
z$t4+W+I9$*!+~(~B<dGQ_Az%|+AIq*T&oz?9;y1eUSfEezUNPb<*+B$c4sBYD9%VO
z$>@)+_s<ibzjl%(J*3~&9dA0d$r)?Ik&D_Hww|;$*p|SmC2%Qi(Ar>G0;{HFZrxW(
zfO9EL)t3~jA?cLOqMjTBMW2*ykxp3zp{BjX;b6hT^A#N}DP#g56;=>RDxRcJ4OqLp
zlZD+mf>2TMLR??6Y+eiVI&&O<L^nk@q~b|}Fae{@_kGIM5UmXDt!bXvmM3l7tXtK?
zDM!yk8hC8$Ag$RHMjJ}iFd5iN*Y)Wea@o^gW#2%R_LdYU9@WE+ePx!<Z)MNH3jGC-
zfr3ZhK$U%iF0PvpUZ&QDKq~r+9?KWB^5l*|b|0)zawUP(oV>c1!IDqamuO=WYRc<-
zD6J6)9@{!dTP{U9WmByBeE)`xbmSb4Uf#*WoB9!e(i$&;N=?gmJ&Xaz7WC&muD*E-
z0$9+~LN4PVgy8C%HnX?Ciep<*nzNe_US>qt!m%w5=3Q=l&?V(W%?+N~k;f8{%Qz#9
zB@uU%){?#3pPX}+DPHuCFEX}eC;r2~{kPvvDefFw*j#w>g^3cq{n6XwI8h~j;8Um+
zFc<`4q!XbftT8<ojWJ{18^$^wz7C+PwF{+H3?ZQuRj*3LtJI{Ch`a(O`a#RG&|2d-
z4#pUiQdpLSF(%5lMvVDm(ssITE8~e;rVc6lWy)R|tu+g}7jVMLb!5{yp5FB|N-J8k
zt@L#C(3WkZR4rlI76*n7(9_<-yv}*-?%&P&P3y5N3&(L{&Dc_*qEsnSs+K5Li}bYh
zuy*CKbhdU<^{bTKGTBU)l$~OrI6x|uVz4+!Tds{vI)iQ7^ymAjcoj<35~WIsFb1fU
zBbB63El{i!QAV+T(|WwXW9^EyoOIMlY}>bu1A_<f1D~byma>0nKbcep*LT@<U>9es
zJ%g%WrR0_{I!gYIx70GESSeDh7ExM}OXtu=(_ido|G<8vk*t`%f~E78vh%=Bw(Q-)
z@&(HYWk^SB2YdSW(2{E*U&<qdKnOt~gBYAE4A^yW7x_vasU(?H24f6;{e5iPw~gnl
zc@DR1xP_IAR`S%2r`R{NkBz%Gl1`;ar!r)m40{LnvVH$HY}=u$+C|pMHfA8lz4bT~
z>X2eBtyL*CVm(+Q+P$h)Gm%MWMs~K=8U&=A6k6+%p1K_^9c1k+k6rngXt>lG9sSVo
zajF@K!{>RJvndt*0qIm4+qNl{ODGYwAs@b8YfWh4Y%VF$mPQ#hN_Ey;e)i?qmObHU
zXrpP%wK1=K9)9Ta!$16xvR59Naj3${jrsAr+F(Zh;^FbDyMIMJ9zHzd`5p6F(6az-
zbhI-1&>t46Fy5{nSt>Esc`B70>yD^dkAVy*R0?d`vkAwJWVSZZ^-3#L7>8v_h3(k1
zWLpvu5W|}<7Oz%SRh#Va|3!`QGp0@Np?{eP=JV)pix@Xq$O8vV`S;fWg0>gGkOP1F
z-pIXZHD`P;x%vlFA14!pq>fyLuxxN_vge#tzah>vhId!v?r{z^+t~O%2!TG>9~tR2
z_BVXrhV#3|zc>8v5vkMJG2w*NpK)ZFjqF-ot&Yt2(0w~}SIrndOr28jR2maUNXP>R
z2_AbKQ*}wLT!E=nYYx<zt+jC+jEu3X$z>58?TB<5kxrq?CD5bmjHXH0w$LiZjE!TH
zUbzx%3v35dEJtWnVrIMA2n!v=;9T1E(0lg+g4E*0k-w{nr4|tH9&4>eK+v_6gnRZj
zb&gfJg34xMEVb=mFIt3^uBBiMABCA>1t^J%QI_QBFeH3<10o1Xtv+hz1c!%I7!gN0
z4dn@+c#2fTM-Aoq_~)BTQ_ng!+7obj1H$&g`J~T16I<D&mM%f}YmCu|8SZM0M#bV>
zLSQT#LJhW!sR{O(iU?yADh3>rqg@ZHQUOw!ARuG6M1*I0jt%i_Cu0c)2M0-Mn{2T_
zwdgfPIQDs;X?}IXA8wF;efR){W@Ex}e)Eryu=CQN{S!y`ETiC85+T}|X=U3`Upz~q
z7*r{S4T>ORDu6-=f>@S>QWU}}#h{whIf~`acBGQ*E%hh1)aAe>tL=D%Rn0<7Vki|4
zX4;WbAuTbnYG5*G!A9cPXoQMk!aRQBX{N;(OakF|0MXh?)wWsp$b+JR1|p*ro{^;%
z)K4Z8<DTo-uNZ_jXcI>|Ng1iOBQkXSGgG`@=igdk;>cs8C0Hq}mRwS73lm47S5h%3
z6>~oR<Lh^uay2wbkA_0x)>}98<KI6)Uw>szCv2&V&7QplK7ZxC+<e~-k`Pw0#G;a#
zYN*Ip0)Fz#$N0+C>tokGHAOg7in1G0@j@zEbN9X5_@~d^%K9hw%`RanHKlSuvGyn_
z!_HlKKKi-a`1UUzC6szr2s=_L3T2-{dED}9!*_r5Aop$9!w3K3Oja%Hif>KCu_QvN
zD3m;klib()?%&B9o<7L?-hMW(x#+0mW*ml!oqa{}MQ;)dKZSL$%u|2;LAL72OGfR^
zs94MDXeWqK!sLWf5-NLwy<-p{(i{~Y;A7R>I3w6YX$k>9oY!fTBuJ&>-D7RU7~ETf
z4Z`Bp?!$bbdM{nZrz}!ayG4fYYi#>CRA^z35H=!Br!MoM%3ZuBcp6_=RI$Ls<L9R4
zhK`~7D2!#08W3ro8*Jm>Dz|Zr8l)uBHBP3dC684cc`T*II2J;~UwU`*9`^y#Mo|>b
zM3D3(<+0Q@D^#9;QMYp*J8@fb_=uTXb8+SInchbJv2rg9beWwZ1tidCFUD}bbzBu;
zp8`O~s1FujHLkV8>)$-RU*0iw+XqKjR^+2@<jslko#7G7U#*pbAV3$2WBk$+j_JYv
zg#Fc_L|3YjpSl){sAru;_|^&ftF@AtsvG&Kr`oJBQ(j~HtBq8satU27HE@o`OQnkI
zuNJ=VoAh)GVjGMg2*_kI;(w<PBq{TBx*Et~Bkb%r|6*FDMvpU7S8X1fhO=$;aq$%O
zwl=CMC+0ae2GhXtX>>e!td&H^k;jwU$4t;V=g2;uM75b~`#84!+^l`vF*vrJ^k4#c
zdSf`(C6`=cY&-dUuIsPAero57Wm#Nw(M5?8z4g{x<0yL)-}lMq^Wy~Ks8=Il-BJ5^
zR20x)z(fK1&hD;wQ5dBZl}d$5B^i%EDxE@xu@w4{a=A=7AqSh|IPtO~ekjxAN+G%!
zCPLV<L)<XMsyK>(E*2Vh5sjO$U<*u~v??V7OuksZpY=@6rx55Mj?NWIf}MNN3E>;7
zVi}do#+Y#sMvWWCYzQ&Q+D=vgKI*$NL<KP%<wnXV9V01)Kxs^zWWfc$R&=zP_;t^X
zbsCBl1t-RlPKI$NX)~Ih#>9!j7&BZ~l+=_}EVpEhume_0LWB(_mIk6FgF~{;ZXW+<
zPf>S1L1k*pX`DCT@m*}of|Sk0$1UOSFIdZ`Zhe|RJTj^&YsQ&DL}qGH>sUf?(b~me
zTO7A2a*`dls1xHK;yx=Eb&QC@IAg=!Jl8jr$CkjCihR*!S#Q+PvEYX6FIGpE>;o@Y
zH?6t8_N3+fS0lm~9lwOt^V+F~3ctp^e5F{oYW~QVZrr#(cKj>jSo9Sd$0>!Ba!Q@c
zmx@38-d&&!*o`+$S4*15cMWpe2VOGem&He}eZ(y3ZlM}PvwiQm$MCs3o*DC{Ggr*R
z5~Eb_DMs41D7rouu30>_viIBjx3Xeh2Se3>OHW-1fE#LVSifWBXubE`W2S8%$5Qt4
zZa~2eaBJm6ZYU}Eazt>v@SC^cSR&Rv?#MV4tBrMVCsdl9gB9}Cfc_dvXn!SOXZ4Vy
ztvXnVeT+M^DYC?HMU=~B)7sjas9s&ERA_5!oBAH#x1*nQOEs!pGp3d&C}x@~h;0di
zYBdJS{Kl<lCrimoM$2r=q)6$;{!r)bmmEhX*Oo{Z=i%cNxMe=_xdvYx8X8JGpgA-&
z)Nn64fA*96$+Wd6y1D!q&N%0~M|aIEv3NZ57SmJwomZDE>}eJ<f1-S6!|yC=MA)(f
z?|%2C+<*UO&NyRrtmj+<lpF7^`x`IVo8SCR^W5hi$*HFv$t|}$$%PjlH}ZVztxs~n
z1;>qfUkLcnhhEgsrD$1Ga{@<7!*iZ<B)|LJBRv24>$vvXsh@AW@o@(J?xT~d)gA44
z4?h;iFqd3+-D6yE!EyZZmk;rhmz*-?Gk}?bGa1Lh#7nu+oOj+@uD<$SUh#_4`SFjZ
ze*VQT9$?<rJ~`!&N+}`r{l>0{pZw&0Uh<Mt`TqCs<h8FobINCc{V#jV<V)Szfwyme
zV@oFt6)%4A$$ayhH}i^DoZj%cRB}<J(&Ud~2_2_Q`1#NOw7KxYPn&Ol`vG&>Y5&&n
z`Lxsits%>-R;wn)J(m30pIyplKJz>N=5JoW7rt=al+XY3Ki9MC$TOzc)or+$#-Rpr
z?z#VNw00<$<A?TslmFG^gxlMwrfk+ceDl<dvrs4`E}aU6LgS_0bNUM?2n$nA#=$1q
zS}BV-Zet}u*a^BK)Ff@k#*M+j!Niw(aB#5kQg2^&3fpI|<=*6k7oT+;%!0p~>vv2|
z7|SMiQL^>N?yWKEkF}I&-$&;QOd4ewaZZ~$@7463+9g(Z7dloBy;4xAHjPYlNWV=(
z3|{Rl`elfnDT7JIUyX3+2o!WRbT=t5rRd>Ao~O#LEX6$zmSt#PDQW4PPNsy7iBlq~
zbq&DL6w$7s&}Wc4QdAx^&|+a}LwR1nf~9eHzKB_9WkN7TpnwrJfm)7watmf?F&(Sl
zfz$IiuD%z{-k6?pfiXdx83&+ufi;B5=SXijj-BiKSZ`W6<!PJc>26Xgi=MX=D=Qj%
z9z_>gH}+Rs+Q<l44-Hz9T4J-}`2judJ~rR_A>3!aOu8#q^JnYE4<pg0@lsnxgy3kf
z6tcr+=TaZF(BZTT+BkBahu_xE-XkTZMS!iM?>2bE%IDHy%~5U)S*J*wzk!~UJUD49
zOI{OwX;1&7*hWUsN)2yuh>r0+XV+<xc5Tq5;hVREofE#cgY9ws<n5Z06>G*J29Zd=
zTL7a}OqMAX!nUzn6Y^IZGcK?)sgO_%j(l+r{nelS@HNer8rL8HFtw<4gav0EzbH|f
z_dT^g#!@RyAQi=GFjnl=aW9OC8ISw-@Yma0(lJX?w4v%tTtAsSddHFRs`#YTRQ)Kw
zI*DQ1pyJGU=d~ZEW$jvq66!$M-QCU3&70%7jf=%1#ajHhQJz5K8QbyjK%|u9^LYw|
zWI%UCOnhr63`2JA+(|y6_;ImVB$sQPCF2A^fRr+kUN6J`kJzDs5nz!-Y&I3^9v?RQ
z_}NO$IV0>CV;CHlyEPYM()!~UzWPgJUSIdKcTJa(Ozpj$?1PKWJ7!jA?2OKn9zFK&
zFOHSRvvH5>5w3W_>~F4mV>+I`L<tv5?yM3Pr=I^GX2sGTh6?U<#O~yZKxdA<`|{j>
z^FK6*NraMo$)`|CCht;MRxDUcCzO(%dj`qplPP>ImOXNr7z%wLB{H;7DjC)(Llvt_
zu_%>Frmd}Q!Ur8I{%-6{c78fG@p8FLdwY9>GT=!RfMyhfcm*1hZ2dS&`K+8{eYgm>
zwxnmqsGF6?fj8E-nY7GyUi;eb){P&ZbK)AVyYAgnUcBwHH_x1KlwW=9j4p1wuzn3x
z`Suv~PEsm-KO~>8PMc4M2l~et$O5psI?yUsezm4j@u^g%FMmyCtOPTFNXM*q3PVM?
z9Lz}m>N>G1;W!wj;w^Ql<Wek7U;e66owN(viWN<Dq*N4(hX_ySKC5E6o?JxBm{^MW
zyhouheR*6j8C(eB<yVKHV&~48$>U(>-ia&S6%(H;2ozGrbC}d&=o5FklxS(iS?Um_
zoEZs)x{g<^&|%#AV=ZPTf9o6@6G~K^dZ)-6V9!kT8B?lMa|vpLi33|1hEc4c`K7K^
zY%7IUab_$vmJO|~nQ0TQTLTrh-YJw4q3VbC8p+^7FzW12H=paQ&$LDP)pbTsPtTMW
zAN!Fh01e)=Ifgtw`m`Cz<MgrhledFsZjEt{mBN<+dAB?YhdSOy(}n#L)>pK2#mjC|
zT2To+D#7%5wF&CPob41w#{`Wk2Oj01%5>q2v|pYOKCx^E9ZMdokdjxX=uKZp7`He9
zT_8eXh=pIRDY{jPZe`l?*tm5{m4qEr5l|s{uS~(4eyHAfb$r~G02RbzAUpF1$h*_;
zilGK4Mj<V)h!%1D)k-3TL5(lMiLuA(Rp=Teks^-2T1k{WL$kC_#gH*7Ca+c!Z5;x=
zZ&m|AO0<sQicm_TZF}NU$C`1y^BS|>DO3`an3+9nCQ*Iju}qDHp*5YIKH<#7q<@2n
zRTl1qN+BxljO1~?Jad1iD17@(#>_%LiLO8SZUg*kOOQJ9tVD^1+wP6wiclJ4fbojN
zshY2^<BS3n&vwMS$3`nmSiyt|VJX@UM#rg5^~>mL0pm^{)O2hy0&uU5K~4dkCA3Dz
zz-1I+7#hc!8e(DpfXDVdQGEG`rQIy-o%-lWDM_VLQ^RsJ;?W25KKDO0fR)bTWV1Z*
z)Bt_`ZqqKsh5@f<wjN|&8{BsHMsB?A8RoSMp4ob^c?Vmgzpm<rWYRYMd6ytm_<_Xr
zWz#cmNce=+3%K)vJzReNT7)Ioxwps}Coh`)rCz+Sl`~FT%0Rh7f3eINr!HaT()Q+;
z`m}Gq6O*+l1(R=>v}4tdlR-ZX!4&X0ZRspd49}HgSr(Q^k+$SSMl|Ym#Ehah(w0>p
zP7_FrG+1%aF_Z+XC?|R{h|Id{S^u?0#Y>OWT4Nb#ak7bU%m}|aR<4gimJ;IA(-_WO
z_c(|+`PB`3<c%Fm8xa<kMef}C^4L-)>Z@Q|2vcjbEut2A+6eR{MY6H+xr`swAR7+J
zT}x~7y$cELG($2&bzwW6?V$StmRkkdsM5Z_A0x(Em{w;@f3=YkQ>oTUi4OgUw$t3T
z?nw4~Ha)lRpuEZubZN3diEWw1EbW2k-PDg2Rv8WaZJcz&mbcMys#H*gLM@|w^amkb
zyGoRotYV)1G)p%fKsy2*c(9;_#eI3ifj-oj0}sY%RE$bZQM~OAlkVu4(1cYu4&KgP
zRDXLN3*PZo+#CLYsZ?ow%`4gWwJT}4_(Hl~_3|0ZV<+>xGnfpYD|O@%m|Z&~u+EB$
zKoEF7Eo+aa<B|)S5)ycxH)+m}92zoVf4|xLr+;Cpciv;Fciv<6y#6gF+_TrnDJncY
z&uc6ts@3Y`g!}u=mbE9Du&>YT|GR%MeSh|Lql!hd<=B&r?C)=?-f7DEV>K{<e(*sC
ze{&t}FTV_c($B7;`{ggee(rOzdwc6%7pMMsN_lMe_Oiq3ple<`X6JTH-yS;Wcd^HA
zpOk1^c`TMZ_Y+2&6s3B0kP$4fs=V*TYk5uhFaSSIox=az@C<u`9MmZ<YHLlCvO{*?
z`=P0KwGsktJE&Cso!CbQANb97KHb`l5OAQp4V`X>^d#ZmltUN`FH`BrxSVu(3?}W+
z7t~yaX#@3S_sCH)@d92-87$k-+LB5{+!;)~6xdKoge)=F!+B=Gg9zJ6{D+r5+E5<b
z<SsfdQKH_hcf^p#QesBxou*LiM1%K6>YX}crei3HsWgVIjJ>(i>39Jz9V&FWJONp7
z=DQ|d{5Y0<Jl&CqeLRzqh|xAPrT$sG%>PA8?Hu#jSD{l-@{>8oZRr+LaytHMoy^R&
zF@$j}iBPGioGl?>FcsThtrQm4%>31p$>Uft39S(2x$h_8Y}$52Jo|W>V+r>(wvVTS
zO&v=fH;Z3AyZsg?#jiHA+ix*0es%0!oiu)RY{IeoElP<gmZCn3Nf3_PZ&8IIrci7Q
z)ERTc?YAhZ)vAe8pERA}x-Km(Ezhbxf9x}Uw%%#Z<ne3&{stUpVm{ZkU%O(Yhs5Hm
zzR!!^{*z=0+qU4M=dP^#;b=KM*>~!VTkqcy$N8f0d`Z6KO$Z<BgZ(34+}B@@6F#P^
zBO9+8S4l(F4XC;y<Ac+~JtP3Cu4L-E^Jt_~VZ6fUP%6r<r0j+hes^>aiE=fV9C3K`
z52h?+tSF39lqykgrwKapC>dRhnQ?C07BYq+Fl9f9y|1_;(ind+y&WB=pM=<a{w1cR
zyBn2|JhnSJaEnEby14-yyq1z+Zy!3L!sodCkEirkZ(9?=&aT?{__T<}!pmIuvTq=b
zGhuTT?tkByw5iTBJ{yZ@M_Zb-9W&c_bbqHYr)5+kN!;uwsSHA^c*n_Dy1sop>b<!3
zv(`GMzdBUlOfsWUOC5K{N)az1RB03CbJg)zkItWt>(7q-)iGISJ%9D!;NVCPiH^ZR
zf@-opZSk64{Hw7i0eZaZWgnjM;;DK*ExGy!4f;t4!8yxLm`dPGIwrHLW7)?_D*_c#
z@GFyou1vavYw~(V_Hk%573ooxGblT%x-++rl~Pm#e`bl@b-=`8+s9H%%7IHcm_fZ$
z9h*9~eH^?0alIMWv8iL*$IbLVu3PUE(>`vh|8cly?~LVfbN!F&U85u_h*j@2MgQZO
z5RTn%QA>=m(Ik^m9=pF&s1-t6k=UCqQbL`2r`Y|Sq>|WJ(Tq(q_jsE9otnw#YO3C8
zs(h|Sc5^d5pM;qWmjI3NKxP9HES_P0@!$WJ3r<=>z8oC#L66T?tATMf@>dI>vn|bC
zk2mfl>?o<JxRQ!16PZcMQAimh0i{ttiQ)0&&LNb76IOM{P;nKG<A{b{pE%>%2X+%k
z9gA?Rl$)vS;{$n*&;0x`q}H_O(%6<DU-ofqi+8{LIF|Ib&e%Sl(!sW%E6cGfx{=E8
zk=LKhKfnHDEL*U8Nynr_V|(@*i9^?y3>1BaLDmP00p$jGZB6G_?;UWt@!>s$O7qSy
z-i>Vw_UEe%KJM{~Gmqeig>5q?OsQ0g1%36FPu*%>^Y4F%_1#jbWSW}s=<(J|*AT?)
z@EvQZ*Sz`asF6iA8JxZLmK2tX)vQE;HCfM>$$W@oh5zVhrHK_kK79Dq|LgF%{=b#S
zhc_lM)vBnz{kXT^MYuikx;x94(Q^LT*h`l*C!MB}$L{TSQ@rv!Xjw%t{2hg`vvj=q
zjpQ!5FnM_#Zrnot^Ph(>1X7q$Fuw+u{1?B7y>KDv6ONnNQcuR-%D?ypa$p}8Er2_L
ze`s7v*IYwy9l|q*P%;L8{bQIy1wBd2BtwY5;c-kDB2uY@W^4?yuMfF%CooxT*+)2;
zx;@lpp3h}jq>eipt%3;YdE}vL4~<qH>0?$S>ZnakMN>Qf^iL618l%0a^hc}6NYfgl
zeT25?c<Y}guli)4cRKSw@m~l7S{E_8g3%SUE`nCf``3Rbck%f%md7HW&zsK9&Pl)E
zuYZK%SHFq3;W5yf%n8TS@y<Udd&cB24~0U3uCA`BeG0MrJ1G@ClIrgin^#W*^7;QJ
zUgn(3<9++~O{+m~wOXaGuW$PH@o2GFE|>ZJ?|)A=o8|P=PiOV&)su=$V+>ojZsoxT
zAEaC^bHx=`(B9r2{~VA0(oHwrgzLH#3I*=H_ufN9jlsAs#&r*YfC<6<_utRKg9piE
zGCch7!_(hf0FOWZIFCR6I2|1wRLW&u_Oh2nj=HT|sr>%;gga`Az={>Lz2qf0M;^%w
zUho2Lz4cah?b^k*ZQJPV?Bt}APMY3~SFc{pMHgK}p-|vCr=QN!rArB)e3F5WeT?eu
zw<G)dP<?&K+i#=rv5yiw`Y1g;J<OXok3ylq1s7bvF~=M;bNhJDo;@sBxR8|NaPWiw
zK)B&yL`y3ILki7)s|~waX7SpUbbRg$NUhnocQ4D9Eo;s`Ub=K?M0B9cz9+Vj4qPY|
z$P|b8QLvJ~Fc<KS%m52P^uDEByUByyJ8&#(4AG{AL{Zs%eQ+T|dk$ju?B?48^Z4k{
zYBu&&c(hOQ*}>)bp-Ij@-o1M_ixw^9s0BHmUULpF$#*cn#bTq=gRMer46Yl}cHB}j
zD_5YkV$YtvEMLBSX7bqgeXhU$dfxy3_w%b?{ThG|z2i&<TY7n{+J+25WGJbW0)!B}
z=P%9y%i@>6{1xwe-~0I8?|z3@b1_b9sqeVs4nFgl&#-XeLVo(wpR#%LW-fZ(N`C$I
zD>(Pe6|}XaY00HI{j_CV^Oe_f*~M$vzkfg5w{K_BqD6f6v!CU*+ishgJpRB3K7bH{
zef##&+S<yOzx?Ie4;c;&l+gwj_O^~-FTUqJ?_pqIfKyLB6~}RS*Sp?@Wm&Q0@t9rx
z-uJ$jr=ENYr4*N4cG(DSxn&6!&2MMPg7y)j#uzTU>@pn3;pUrf=GCu$^$5s8EV(n@
zKED6{`^~OhyJFkId-v`!_uO;OwC!UtFfcGHVzIZkcWM)+%Xu4^xwlpwjDXbn$^L41
zXB_FI5Cl>Gp9Jtg5S=l5TpNWjRWJ$lcOs23aq_E;#4_as2|MxPPA|Xl6prp$Hlv_s
zUDGGi%C@02@cXF=$BrMz1nv?-5U5#>A5TI#X0wte;>UG834u#i+wlm`IDR~d<0XjK
z%yWwP@eG)$G#a5AZwB%BiKm$sV=xJo4~o`Ss<zF#M;>gDvlmK)7!5%wV!DXybGF#=
zV<RQl*0>-vOb!lW>by7V-*Mx|MoX|#^<%*^b7aPgA1kRCl!u|-sd)74)H|`G0bZuC
zEEZmLQKB>t+<I#a=_Dn}_X+d)aeH<cJM&O4r!f+Ebbludm>L33cURo{V}-0#kO}o$
zl<Cw2q>V|=afmFJkx4NSCnjE|k`h@e5hhjrW80`0GoCVjJk!y1{CMU(<k|Y;I-Bd-
z<BumTWn!Bv)zLu^W6wA$3`ZQ`$sA;fjsdge=vp@`lTa%yt#w=ggAfCW_FIgV=B%Uw
z+rnvWjb%B(<ggK@c9ddqE+a#VYVI2#i-AwR#&rIv#F_`yYaI&T%pe@Ya469zusaRC
zANLSxL;pYLQ2Pa9IL4*H1cLTA2ee%tqVrJvL57}pUp=+5=iZsdS#%*S=Sf;$tgsh3
zxVPI;=cn5G2^*-TJZ4TzVMZ4UNywh1$ekgPdo0}BQn<Io$gd_Xk$nM$D~n{$4QaVZ
zVLXe<?@|a`fCVNr=zNICXw;r;t@ok<DQJD6Bzt;D^)`p<Ee=+$1Cxn!k3)qCqWa^?
zuLW|8qV0+huqppE1&+Z40yPw1wHS0!Lkb9?^>Ru2BuVi*Y5a#lq(h98ikIdb)gM<e
z)kqO=9}ona4ehUYX}t_eKS^O+f!rgpT0rF`B4cQKg~aaF41OYw>i4iR2IGQB$IP!*
zMTP1wql@KeL)jpA!_cRp^`(-Q3!(fw2X(-p9D&i$a<0Ub4TJxg0v$jKlnW>@p^YlV
zP;cAbRK*E~2)7o|gBH3dFrL7KQ207zj#G5~RY>N<=*P0B+7!Q^#@}Eg(mo;uB4e;R
z4Avq|>IjW>dIfH7MEG?TGO2@TzX%n9&I{xL3v~d3O%_PVob02$nlg8y!C9Qa?t%0%
z8har)^EFntfmVZ+@$thd{AG-LOnMJiI*+jgRvMg~!0r-YEc|CIjP_v|ctRNr8B(h?
z>0>ma!(g==L<U64)cPOC$geJ4BMAC!f^8Yp0fFilsJw-#fEp0w&Q{1RkXjQhb-2yK
zzeh0ii40bc!D@>bjNPlT7aGz>*!T-#n5j=3`&^R?HM(3zSb$@QEOkN0pZQpAhVoC-
zw7o7sq@eVJG_5ZWK|tXvnMl8OqBCtYSZ!^%X@}#Vyr+TAl?ovz5jhDN37*F4RLuXM
zGU>IF{8t@<jRu`J7*7*CV<>#X##ty?_|-D@yb$AR$kcu#8)8z8EB-7UN`z7%H9Bv|
zoE5U<Hzm-TgC9skXdtagA0tT}FA-S-TGRjGG-|-G<TqtnE(*~FAk>k49OE2YMoLUo
zV?sms-*_y(x{Q0b#eu)gMEKN}Mpy=Wk;Lhh;Hb#Fu{8%jkfC~`#iAdS==r;9BrvKv
zo+Y7*iqz52{m;;Psi63SP6j`m#cDMOCz3w2fxSQ@S`5zo9HtsE8WaqDEC<S?=R-c(
z=NSe+E>Ta$FwC<T_&6W%@Q%>*e>F}2#|;QK685!*-*&GdYdnNB6fzcJ|0uC&VDKY?
zUf0n6rZTDjuF&$i9DJw2uD;}LR~frje|-F^gIsXRcJ?0Z;1_pHY<u`!`;ORxe$iLH
zICZ7wrGN2bbMf<z;H-7KICf<}zq)e`#Yz^X1hy09)k|fejm6);`PA5Ymz~QtXo;s3
z?YSanAHSZDeCu4Qp24;%Eb1+D{EB`&-{#4k^XSjFkpKMuOx*w(u-e=4HarqX*)yzL
zwVf?{(i|KTKuBk+&&jK|bJ1zrF$TQgSoRGpqw75}+FJ@itCaB7FE((ZN(H)#=lhgv
zxtVFlCkR|HWzYhps(7x)z`uUH@%ij%$J-dE4Y88k^gu5k`?I?U<w>}{gXbG=-_S)6
zE+&)~_dU_hzClCJCqEp|dm99B<u|7O+NrPlmRYg5i<h5sAE&I@&nLcrHV1}Uuq;D1
zEwP2B>}OC)@MHV7#xrhj$2)L<6<2+K>Ro-}%fD`Vx?0JXd@ebC8>g@BW5>QuestsU
z6TbY=4_+T@SNpzCOZU_vKC$IxuQC}a4?(XqGAHVJ8%KTLYH!C+r#R}DKbx9x@nFAc
zZAqwId~H;!RXXO+oBAC0z3DBq8dJ9e*-VDj)=D)-UXU2tx6gF6w<kK|VyQ&;qD2j6
ze8n3mS#}L@Hvwa;rG;{wbc}($eWt6kV@6?s`o9SILXqAji>IFPo>#txs*|d}W2Z8Z
zCv)Nh`8W=?gS&RmO8j{K@?}%cc;2$5m@p)N-~a&KOD9L3o~qt>+KzIR!f4I#*6Q?q
ztW>IQs$5(guUPfRgM0g^U<jnd0(R`(%e=NW+UL)o@MU%2V1oEuT1Tx}l*UBZ?30xc
zL^)k!_EQu1TwTkS(iMhms^x1Py<!FSBv?*yFuda9a~Xr3PP3@J17K33P`}=I0^zvz
z$69L~$DwP<;>JH31H&tJ{qc1C)p0PqV%Hx}$8B7%-gx5eh*^I;Eq`^K@5Ze^o>pie
z4&k`<$J3c{oJKRT>yM{D<D}xp(;{q0E`B@>!m(n^apT9+$**pv-gv@!-}9Q+n_0oj
zY=j5$EMDgS_jsAl;#ViL+|S03|2HkQv-ZVbLyI(}N{|TAw$?N$5vz;n6!=^-T;}HS
zxn?jD!RMOM{cRSXYqp28dDUZ3r{ChDYp&vje|Z%E*M0r<?0ePgr}e{&A8BMC3ya+O
z=hpr3qURkk^6$yMQ*XF;-W5kW>8PJXp*SjWE81xL`zvE?;|V_Mdj9Ip&UpQgjSOpH
z+=*hb;*P4ojp>du=~O&<Y?MNkD|P!xl&irgn<!qsm$B`5jit1dm~t6Yn)t)T@*$M6
zdY?B%c+u~FIca~V(S#RX_1)N;D+mI}Ol>iW6JPda)6?BXzUU`%KD#<H<cn1{{Nf!`
ztG8jO*x6SiUra_>FIKYTVkE>(iI>^++)qa?!u$SiTEt`FW$rrjd|IVKkJ~&ecWoLY
zICd;QI-Y&i-bOW*igBF65N+ybH;pD7H~UE|g^ts!UQ3BU)cxTxGCC$<p*1>;W2Q<O
zCG#|xaqJ8?rHB24jb^OCv9Rg{L`KVKD{jEV#B403C&{mF8-<ZM8as2WLu=gY(O!v0
zx8zwokU2A9o+bSMzqNSSjJDn9T|znxr|w!donz9~Nsx)*uU26QVTAFK$Osk6isLqx
zvSw)|L|92o7$ePjDtSDkjg^Evo)M2uLLSd-sS}XLGdxSp$>YXr+MGOgKK9i=#S#;x
zqp<{OrTOpgJvFnL|9tz@goO~Czx;%WyHf~K%8)yM9=0|pD`wWYHn?}+9fN@=jjv=4
zzdEXMG8l{yII3nBD~+<Pc=mBeM?CvjqNs)*)$ou`r4dL39j0bGOO3&bvdkOpt&|-f
zzq%ZFltT{zgvO%X30TusqAe9rICF^19viz)U>~qBDU*zuDwU!fRw)Hll(FbdySzNL
z7k7O-K`A60@=?Vs)eAH|k5tJ#?O>*uxv{KxghMSU`VnDQIlO$~Mvg1z@t;^p`n1#O
zUk1I;Y^D0tGn9`gVLzHfRHr&JB3?phs3gVEB_DXCQP^HT5BCX{EpMlC!Rsl8;5a`;
z-+B+C%Ol7Jq<7jd$&worGk&b3Vo&KHgF%%R5z=4j<MExnym8|`w(T!a!J+5reWV8Z
zD5s0q139c+Da<6jajlMaRE&O6PN+gc5k*Rej6+|TWBziV1CMUyj4iiN&MiUizmx2%
z71<$$y+vSz0yTv^c4B&Ol^xX|YXdj;FX6*SKE%@(FQItVmsz*lrT=+8)p>b3ewV?n
z02$4sazH6e7;|$OZKI9GL9@|s=U=y;%9-=}*zqo(B^wUVx=mt#B!m5U8k18@C496}
zXc=e5T7j`fDz4K=HhXPs*>^O{DD#(}KS)Xlq-RGJA3BaajtPz~hViRM7`R3W!GRzP
zS|dV@Nda+0wo>sR8>H4ab?~c|CCH&8IW0Ao6Vtxa8Y6YQrIw}YgaEv>1R~T7dLC(|
z38WQI9xEMHa5o~n?y*;5PXc>*-RFJ;?_4+O#rxjUHgkDw*<y@edhDkcPI+<e{OrvA
z)lw;ZUy(0*k=8PL3H5<-`pnpLRCS<b=KkskzdE2&7dCk6BvDgs!e1RKP1y~{_@)p2
z%G9o6Rn|?&W2q^X{V^`$QBLZqXIyHEu%tMO@EGmXOr1uhOLZ896;mEdsmPZ+3Z;58
zo|>>J)|s&oG4JtI{%XB*YKwIDL<~l&Tt>yQj{~WYib=w9x}lvkWBXW2g)(B2pr&rf
zmuGArhoM9ZYZAg!OPRVp?zr}`QW|ZUN#e)TpK)yaIFt%(Q-8*0CQBXDK32+L*^|VN
z#nd))U7I?teH=<TY5aI_D5xWF8IdAmeAv(WtDp7W{;zSOUigpKvu0^G`GhiGx?0n0
z>1*teb)?i3sv*UMkoScUu^K%(q0|)JkfNIqVM`FiVIYB0>^fLUZmFvwSv!s;5lSRh
zV!1w28KjA&Wg4_FBt#dj4Pl(>pC{LzXj)ACtcQj_*w#wbu{rL^4UKzhKI^ak|Jq+I
zj8bMgXxz`r<NteN(Tuwl?mxVrVAUE@%a>!MME3QO-nNn4e|{!e!e_nwyR2P3pP_=s
zpRBQYak)(R^wT)YmxEFSk3CMBfNMVSbFSLmcuRD3WZAN_Kb{YySoA3tLV}9KRLVG~
z9FN`83rgawT!DFV13|^7SdLM1Y6+?_QnVZyDoRpOP#WJ=m~shw-aPO<jFdPF7GUl#
z;ky9`2Q4xULIXkosTh8)FjVZ?TcST7Q0!EgzP*GW`2f|Iy%td^<J|On(u)^T%oW+W
z*CNv(SF5WMl1;~8nL#KCtsDxAk38tI;+W_1^uC?keNPKH?QpU=iPMfan*Vr4kaA2z
zmM*12idcA=8Woh$wf@J&2lny#V_#2Y-vAi6_t;bU_^m%dFFrE9JdWebyvh9rZ5WJK
zv!5L3S$Q1)-gPXgw9UVCJ;iZP+{Ysa?~BJO-8Ra$L!-1a@zj}TnwES%0=FlETgV^@
zjz0xU2%N{)<Kx7}TNJIWl!f5<#~&As<#DY(b$DC)q_8$TgaQ0?W>V{aQbiyZK9^Ep
z%tU!ydu>ghU&fQiM#{*}oek*9XYJ!LOFgP?Deyy{**?g?P-JxVc6V~j5j~_cscGKk
zY4&&8@x*q%bk);z_C${8!e9&UfBjmHKK1Ct36D_(QWjLI0bSk8>FQoir5eQH_cJ0a
z&b{J$X3dfF$rn9NU+i$qy5+p&vJ(OL-ESV{na6kWKwtdslf&}()*roDH1uT_YX0h5
z9_r`VBRko?KMDz0)gre%v=1-ULOK_db6Elz#<h=29>tOmBF%SxvVphN7{GU~d5nHK
zaiqj6$(YB8SUvlkAe8LtE06fAw;G#AJ`<Jy6|<eB#Po_cV#{M$^H&es#}<Z4CPK@w
zjh?po8e1NRQlm|BhIwpx{HuYl(*nuiSNjou^>K}jHW@JxT`O01UBtK;f1|Y!<HTY-
z&Lt(-_K3VSGe8S9Gm*zyDX<RN$3}<=GoBs$SSbcaebIOxLd-sXrZfLJXCmxbkdE88
zPfb`@g50@hCrUGR{ju?*`r{<}Nm!j7aWPR9rZTbKNsaos^`XyksWckHlVQknQW-?;
zJL4@H<D_E2-8ouHbhV1ER>qu*g3)XYLpm*sEiz=t60{=NsT3I}jRqFj7E8z1!=;><
zTBefda(O~YiqeXGfzSO)vR^CK+G#3AQ!<)ez-l{1Z#sh>ubsw?ADd93OGR{PoD|Xu
z<NI_P%^kkWrb95~JU^4g5;i*RqwR57WtPB%jXlAR3MHmcLKnvpE^0~D_gQW`oD&B8
z&W}u-i!)hPD?y)<6jN!mlN!f9McmS|kYLYVbYZMJzbr%g1CO<tEN21V96E>u&g$x=
z1B<6apS+VIOpT2dtIl#PJP=FC5R^QG=v;d&6oR9KMNS)jS}Adkljd~C;rG=F!WdQ}
zSShRt*F|_BjlKPrk?K%>^{7XyflzDi@?2h>&ayoW*dBzuIF;oo-(yfodJuI8D~ybb
z=4?#V$Z_1bBo&=f3A{bqN=X~m*)}H+@8mky7$sx&)C^^W<~v0{2^+&1PKwYNY;8ut
z7}UoDQ99;1#x(9H(KbwIjI6DL2cqKQfhYw+B->9y$4ZZs3`)sd4`=?GQ)kC0-??RK
z!dMoq7oA&2iyD2er}u|dZ@nvySd8kARlYc8vxu%X%wmP;b1?bRM4fVUel=#~QoFk|
zuCf=RE7ei390v2eHPGr~bP1~?3#E2=U{fpyf=;L6C4{C!AG=&al#4atE(mr$h5ft&
z0*S&wKiNsT>|&1tBB{#?9YIRP@ZP?1+3Q)`KA#~I8Et=FdW5t31_>TtfY=+r@+{fD
zJh$76_-@;Y4S%q^J<H~$>ww=({Rc{IQLHG66-}{d*g1a%ZI@nv8~|SYO60zf)=Ms6
zYv(eGC8F<5`A|q1r`u8BlP{Jj6n*eD18EoMg3DmzZo<MKCby9EMdwnz?ivb%c}QCg
z%$blNjMFkcl<XX~k6p>2sN!^Yk!sE1Jh6$ey%ndoo5B4BcJ7gooq9IKN=Pn-eQX6~
zA6fEIl>k*$eD`2G<)8kBpzi=$DT4lfN<Y7j?;dPNr7e^;Q$D0r1f|BC%aV?T%Gl_P
zgYHbBwW0qv??>)@2yw#6$c^{X|C_%@YZL3Cv_Zzn(=8MV6B_$%dCeJS%iCXJ3MFYa
zz3~NR%bU(M(;0<Ap>Y$y$@(Anf9k7*fk!HpW!?wgF)fyvZ2#kFj5z&|4{xvf!_oiP
zdDH)Fz^+qL^qcp6cFgO`KKs683EM(&;R%cCd@?q-y6$%-8Mi;NKL*Rx8eb|3m0&C!
zh~7U&i#$+p<CHtm)tW}d%CA<Mswb&<<7MbrdwJsL^+(#Vkg>pKl&0*3l*j+@xZLV;
zOu~*W;?7u6s!B@Z)2hbhR+nO?UD-m!aw!VG|4ft4F0J*{Ov0zwN#N}xGw;p@kv0=X
zdDNzu&_NLx6T>jqIsm;3Og<sHU1*(+LD<yb^+_n#$4GRXe6Cae>0i(yJt1}Oz?a5C
zzb|;#mtxWF$fas9Sywdj&`Y$Ps*~od#(9C_36oHn+6p$}TuNgsJ+Z^&xTV)IrI<z&
zs+gexVb#g69+z7kH*}zsLB(oFqct|rk{#!-8kbu=;qxh+=5cO|qm)KfixXU@V{@w^
zs1_%L0wzO<kK^qYeV4z+)Whd$b}asRgZ@ra;d9M&G>y+SLHH(!&n1*n#!5JKPHT;A
z+y6V806J&A;k&Foavnnofkt(AWZArPAO`1}s@`b^!?px6R;A`t^-eR9igDw|hYO#p
zLA}%Thm@K?sCY{~dA-y0hte7uW2x)f$IXs7_VM96$Gc8GgMzTp33ZCKT3abTn_pdz
z@S<~1$4H5YQEND@arO4b{_5;`=V2w-rq;bHjy%>Hd>>UPjFG!WYcK|3S<!pbk;n1y
zt3$Nw!f<+|lo+M3+S?JC45nJacs?Q(FPY4wrh%7f%4M|YK@ecin@8K_my<c+1azrH
zxOFT3`t|rvJQ0uZbnr4&se~z)vAeqH`kTMOUc8vfZ+}bm+G{aVV)ynUgotj3)?iuD
zEohdoDHPB{L$tl}RT0r^uch$$&qFqga2#Y`-w1O^A9WPrwrv=tMzUAO%f(pr$0iIh
zg#rWtnd6R)ydS^)ExKC8GPO{EF_21;J@;HX{_3yr?z)ToXFm&JI4U4gn{nLwV=X1Y
zo;~1sm>^Q()qw+qyLTVrW?CaMS#-6ENTo1AK)7ocNI9X6OYHh%6^1xcqN^3W2OlJT
z(n++u=tWd-y%l5Ih*}<y2}_iJ{&T{eI|-kB5-XEI2SGjKDOQi`2%k%9gzZrL*0*SR
z!3*ek+uP9jJf&}c8>1A?(xsR}0W~myd(%zP=CUmq4qT7b1TZmDb}SQyQNl<nMYw%C
z``++IsyE$4=U@Ldi+=ShdO!Yeq*fh?92$zmo#TLIMc6J{Pk3mhVzwccwSJ4nAhKD)
z&70W&rZ?d%S%THkfjW2)H8g}sr^i|ulgSRPW7*Op`PCyArcz)Ga^F7a>q9us$a}<5
z8fr6-VLR3Gt0w_uojrN16oa0JHP`voFZ${qjBO>KIQHAWyl86s*tP^0u3l8%oUfNf
zRZqhhmyLD%mN@=urSX-b;08&U$8_b=F`H{^P1ToFf@Jap()M)x)j>$vPlm8#O~+sD
zOG<t+)ws4L2;<CHDor8DGGOA?AKO)m%A%-~DFYTNO<*;~GZ)qUCz@O~Ow?cPdRbZ)
zJ}mxs`m2o&LFmSS6tQQlF*;U%r{USEgqUR*D_PlzGLcMjOO3{uSY6A)DDN?;rAEc-
zeC0$SUUoz5k7?|#c)(!BC<cerIHPyG@mo)9O=U300GkOuaPce^SzX=OKF*z+u)jL4
zeQbO`YIir4K&JM-m7sk*SwD#}x6~flv{T-~Y1zlBQoo<X$Or`4Qx&8P-n|ZFOfvSd
zDVHZ!h8P$=6~=?iX_1q)a(xz2v&n=tarV<9tc%47Ee)+!usRG>1@uDdi0D?>^I9;a
z=-8Vo=t?v8aj}RQmDp_*;265!=8=7_!g!3#a{k8)hz$4}Y=*v+Mdt;=o}qml?wy!l
zZFa(ezlE-Md33zNAK?um1En8l82X<qx(s5RmnyD(Y^gA;o8~MWjjn12KbaxiE}&gO
zyF&KC;HT5*f<ZXCZklr(``FS_MwY#<^CN*Fb4oyJT|o63hsuu}oHZfY=LVQS*S|)}
zn8zs$(bTWDHCoVeu2139X$C)^!zk$9B*>i}P`$~nn^mlpiX~u2>YeHl7A;Wvu|v4s
zMr0Hs4f!vpNv%*=IYm7oG(G#+o&*m>gWLroqejlQ$b#GpI649Q*g72k>T&f>b2Xd=
zr%zt*WG&E`Aqz7TBO^||Q}&#*M|iIpmBZim0!iftXWHsm?0P3*`RH<y^eGa5y#vOe
ztAgV91*8pamj{%8l9@)o#W*@wsL(~1mWzvIPLVhZZAw2*V}cr&bisd6p{r_wwq+)j
z$FVk-L>H=f54(u0!n@Z-4~@O4##fk1JiRP_|6?gp<uYo0757eol{IMZkdPH=L+0dw
z>Yed|CC0Yn^*=UJVv0p{AyNd?D6!oAL64zNWf}YrfOuxC5u(0xb)xsSe!UYG41H0f
zi{Z4a8$oP&91_%##{le_fdNyFSMTIR^-jsQb%@pfSW88%@;Mp8ar+-f{Ul5*3on+D
z8n^$k4rOFKOi}MN(Vv(^|6?g5^yLQiPW9h!rvI^4U?p7dr2aS8J6-=DKVw$voZoOt
zL!T$dAJLtJFLC5HKeeN=v(Ax96DmX1lVkfy7;5ojfdFjFs_j1$Vb*JdB}Am5j@o1`
zStpji+R|F%2NFM&1fj+cC0-C6ht9SP7_clsI&IP3lB%h~hOV{@2tn14t{Zs-F{|pO
z20zqzfgaH&(vHoU$1P;A<Wcb?p;TZ5u8}O8--cA0bjoJk5#8Lfp^vIBv1%K|wgghg
zYO|!M`VzPHC{;ri&ugJAm*R=-Llmn4N*TN$npuCrC!2QIvbRVkZL?%v3*~A!a(&g8
zF&*Vnk6dJk_{jXOEV~Yt7%E3r;%O%?qUvihDT_tjE!_IZUIt4ZJNH*u*quWvO(^w9
zDnYD-P^lDEFZxRXq>la&+p=(k#hT?^RD4Cg9B|~KcDmX#6y1<e8vIbAw4mgL*rU#*
zjO(EvEFA(z52R-2{tBxWwX>k7h4W8Y#P@I5gfVd8NsD=EXP)hSB`gaZ+hWK5G6#n|
zQniX7FRQU)XbzTC5~cM>*^n`Yod-&^x26cC;yc%Fq*x6JrKV5`S=^H&m$q5As)zQL
z6gv-;QD$`6k&c%-7nP<SvhXY+*uJmCK*8g}lb3Sc13P(UbDqxDG*@2xG=8XAwYZ&&
zPhQH_z9QTDidf=MHnP&1IOrvgloH3vj0su=q2@RD>>%Y>oOi+!Tu<Rkh0=z$7K?M%
zEn?@vGQYlO2d=M3Io8PaS`!aPKxu<8V{KZ?67=UietO$hj$P43Pe+FB`^qS-S-!ND
zTQ=<FnOz0?3oa?g8gs2SCVr&Nt`i!zZHs&<;I>EhkxtcSWMI>tB0(6<(y^@x*BKM#
zSjQr4j3F}#WKk|-PtZqlQ<M-I6SLx4Nlmp>m~(k7Ui6PIGPX6hL2FA`IJU64@Z<~U
zl<*Tfp1_e>;s-v3N?}B<irO6=Uwb<&tH=L){C7rQJN|oJtz86R5IM@dz{3l?Ihn1O
z@{m&EggT@eRB?l`nM&H|$aP$^{Dl=M073|iF(Y1p5n!6y*0(GRrSwQA4r`o$C6!7M
z$RKJuRB<a*ys`e@bSjN)*`%E`p$u_7ms}=?=X+$*8QOAf2q7p|i_!N|(f2A|h1P5<
zT5BA~q39MzmOoMyY^0LWJubPWF@%*?Ea_ds$w!?`S6dgIEuH-CzTeT)-h&r-EStZK
zbSh0triFQ(^H{%WJx4D+n!N*i=^O0h#b>;j!O|e5YKdRo{mU_ii4X!m^l?HNQmU4y
zdexClVYK0h1xK)E*%~sb40{LmQt>Jjt3{r(<~i85O=oK-n|5!C0@YfwanD9NS~|#O
zb5y(vdk*fQztoTGyC|&=Z8~G{Lmzv=sS7@8+cwppN}vKl72=0Je&}Hdi+m+dzMQ9{
zwS#mj&A!2XJhS^5^2I!>7O&#5ZI5yElB0QK>mw}bUBcGBt#q_>VB0p&?0Sa&Vn0>C
zN~l5t6`+mA4}9!-r_TGR(FWId31x_s5<m1QyA_IV5ve5So^UQ+;IVb@R*qhFG-*4{
zu`7>d<-(ObvExa)+PcW4bGU)a_I=xtN;0o=9woQL*1cP)dexEN)>`994{^-fjxiP%
z;V29btu?)!y_|c(xwNKR(P*CB@gzqqIs(u4IQ^K@kxDXD8RGG6j}wFeD;BOGlp*c8
zcCzU#`AVK_D$6x@UV|5SBi-*(P72$yBY9kQ%Y^C>;V=wYy>vBcJIztcj^gQ^Pm@Vy
zIPK`u*uH-|zrFjnyzHEpasN~I^VF`VSk%1;H*o1_>EM~&&v4}8BiT2wk3a_O?%$0w
z3Xmpcr|4|$M67({N>lMF$Z-~)(uzzfLuYFjRlkC5+0n7F)9l*6i;j*CS~IPb+!BuM
z-~|!bR479n+o7wqi(<7HZLCp>pkq6<=h_iVUc1Ejp&u>vIGbB*jW&9M>(H?sRL$dS
z32THUYNK&%2dy;*gN22##F*bqSt)Yq9F~+3REjowgwXK6hY!3ZECd2eSXjbB>*$Xe
zwwtukWK&sI%wK^Y`1qke!lTFkroj-ZFydUsG8m&V!|sG(!%Z8OFIdiHXI?f&6%e&4
zj5r{SA)Cpuuxlav^ZO}PN__P<U&To|qXfkWmq05WaW31kYkHFzE0qN7I=G83|N6@f
znSV!X2PdvNk(8a{nB~V{#36n@S~>{?fea9BFK#pGOq!}+ohta=5CLv@S%?3fvg>Cj
zw`5uff*?vVY6N{I5Dla60x>}n)%~6jXr-|XW==5I#t=3d$LMG?wddOBjJVMz>KR!q
z7MbfI{HHgX(l35RYS|LP-MeXj=}Q>+_y3&j^+tG)K59%TQ3noU&+EnR?WO$tYiE^i
z@bpF;yQ2et(-v@S<eom9MT^h}`zJ(KhBwA&U8`Qr%Xs!W{(Dwu2Lyfug(e&)LKMuV
zqpAVVpX97g9f6t31A0i!^dXcu2!XKe$ZwU+V2q9`2xe>4;CCF6&Eh@q5b5LA;@xvE
z9mlM}xYgM^N{)qA5+~TS3At|{DxXIU4H0bJf-YBQ@em8}101J!9`?coSZ%F{Tn4+N
zYw9eRW<B^AOc3CZ&Cqh;1^5qdp!L${Bho2!rOM=4zKy)}lX>-P-&Pvq2RN#4AHl|r
zI4f4*uirrGs3Q+mdyVJelVt<Pbf6;yLQ0S!j@8?PJa7=Jy#v`lK=!m#W_5EB24LGb
zLVyW^h?wu9r9$QNvqw0U!ftQJ3HR;C%485dJ%|Gbkp~XcVo)=S!qhMR9<9Dc?M)qP
z{(N%hor`<>9puhC2a(B=b`3#hhEW(Al`|MjsIbDoqxk(FqAL{&-}yc=^axUuWVIym
zFa{F_IHmqQ$cG=n?(ISCKY)4V#r(@xQnPl89V-pW!g7v23cI_D)=MwJ>gXVI+_6M0
zWoGAr5GWbqXxFFhWiLgQO0>P=WvFU3UIoaEStdxWu#}0i6sc8giCHex5Jd0~7P%Zc
zU%+Z>Lk|vNwau>5H=NMq1Uq)ows;}_Baf3g;dsJbyU9AOvr1fRgX8t)*m37AIL91?
zy6YCKGmoN}FEP8r%wDg7hW<<r(|DHfvxH}lkz9Dy`_1Ck9;(ux6M`*HhGI~SnroLr
z7f%LrLRcA%ufm9M*>~}4p1rAZ{~IZ^4TMtEEnF$2R#6zYqCCR!ShWIZhNn$(eW+9v
zB9=x`30*=xH@TT9%cecuiW4e@Qc<SE1O-tvShsqw>nWn6X0C{!Egh*tw9q5LkExB@
zn1=8ahO|Zyny`jeMSL`>rUjyj?z4FMh&3i<%t)E{tTT>un$WUp71xe4y9(YokB^eF
z2H7y$5}bpfwZa<jL7x+sqSjb?IyP=XORcqzfI1NZtF3Jgm)hWH14DD{%QOIA`r(7d
z^QD>VVav=pA5Eog7A<I_HJ6^VSz9XWuyyAUpa1s#-1G3Bxg)HV#?yv;$>#^xJi_;W
z@fekaN`j{(94bxK3vok*Yc#jsv4#Km@|`^X%z;@YY%e+P@{e|RWGPnzLa7OX!NCf5
zJg^gk;P|8G&yHt6DowExP#(X$O7Y#R*Ryfk0PlFiY4mpGlAZDVHJ5!fleVe2Awj4P
zJ(R`=wro1UZ4c~X+2RhCFYZW=aPR7ue$=)ERWBqA)yN|VR0M);1VckruDfjuq12qT
zb|FpzopZ#R7k<^`vJPGiM__!C$sqx5pb~Jx35)sYd(P+h)y>^|apWamGFT9X@iNLy
zB_!9G;{)$Hk3WC;aWmgsq0}QgIu>D(BEP@LruToCt?zwe`V>cenMxs*ZisPd5Fk<<
z754M7%B`Fm?x3Wd>8sw_K+2Drc^We{0;mx-Ab4YSJ@0q#rPsKWL>jE=g8>T5!Wa`J
zl1-*%nn*jNSC#qa%5A*Lf0{tpRB&cq8b0jH45b9D33>0sOM8~TjeoD)%o;U7Sqx`0
zHc{GOh823HupN6$DrK~^7Jpf}j}N+clQKG5+9VXhVJ%ZhjcrHgba-i($UGme-p=Lz
zGkC(m!%kESHCo|lqoO(qED#RQ_c!uym0LMN=P8K{Nh`fV2vnr(X|PhH3HiIqt-RfR
z2!Ws|5(a}CuVreJVvQQ$U-Ye<Y44%Z-ib!cs&hnZgY$C#asGbr9(wWENeY-7Ux?WA
zn%A2+KI+9+eSggBzSqCGspWQrWsyDStZ836lWT@Y@bt!7@1G#*(>6Zya4N^HKG@$}
z#2l$Gt~Vx19_I+fiK^HAt>K8dQ4;NW(~gqQII2DzF-NKhJ#d<V%$Wv0M<V7Zg)UZV
zG2>~>c&1VH;fT2oLv*E#sk+m<euh!?LlJW+(WMGz!abV`7mHC)rZbC}KN}30JHm%!
zrHwI&Eo)CS!uK0i&>p#S^O)CLSFE0yd~h60E{9`eh=}yt=?c~6v`i@#sbTQdY3WTf
zCoH9E!k0PIz0tHUvx!altS@tV44?_$=d^s8T|+}-UN__aG=R9|l1q#|$B>nlW#L$s
z#YGogG^d20c;bmDdEfVa^7;Jah?EA5FrzAa#)p%lHnL)rcs9fDjcZWY-Q9`r`_Vae
zT^G-ro9Z9e%@BqmP8f!`u8Zrsb3!<sPDhE|QcB9@GL?i-*&BNFY&)uVl2TGCl|~4U
zz0YR!O`Bocg>gEU5Ydc(F4H*05L20(XsXa5+O=>9CAw6`xN)`2Ci612j^wckLv*ni
zrB+S&A!~wGJXTeks_Az9XAuT9+eu0&m1CiZB{G5(I1UbBh$>ei^zFGAsT6i+M-BWf
z>SQrTVo{+2S<5J&fzCB!y2fB+7~SI;X_-y96ipc7EV^5fP7T*2C5;|g=d}<7p~i`D
zmTV?A;%($)nCkPX9TG~(@r37QXrr){(sQruDUB6*=I4+wqqR%~SaTRLH^W-ytmk1)
zG(wy=Km4l+JvFcU^Yf8f^U^Etm>n%s2pmfYE?T{C!iSD!)qNjrVnH%Ysb%iV<46<r
z)XckK4fEyD*k5u-l?X!0ws^;xM>R#%u>{p{8IIQAh6=9^zJoV9`ld9-aah%p%qDa~
zWuj<#IFa!9_uL?4)4}F8qHPKMP$6`k5L-RBu@C}ZD*oi^`(mHhdfc!hn_~A+6=y2j
zxZY=FUqRRe<Wi{c-2mt0&tA`x&fFLr`rF<a*;40!<>m?3ed+R3n?6d?fD>v>$q(z^
z<1wK4fh3!DShu(<sm-M+dLe$D`0*G}d;_60JhXdoM8_O1T#3W!hmYlOsKAlhQ1WD5
z(E9Oh04ky6@+<Fb%JGu2EF4=z&?}`t5-N=eB%}`2gAdiofQc0HnX5@D+oCg<Lfp6g
zpwVXT)Br&Q2t6y^2OB$IG|tVN`>-r0R$gWxo7Y4wA<$YPTHpIaV=TMwuAUZSnk)r&
z+{ic<woy@<v+dYuVP<y2CVOwPGiE^;O2i+Y++lLLmN`p-wS>T}RuIKv(X_X>&*|nW
zl}b3jetb6_9UZaY%VIfK8YCb&mY`55B6$1PO?yY@+|Ia|$021=a?5i{n3Rok$<syb
z8RlnwH@$wQ&P=%U(*HJneHHUx|8@PepPL!tqKiIjF1TO~Z++|eeD-tK^1k=Jh|hiQ
zTHZVQ`LoyZ-uE4P{n^i5iva#9^~^+raH`yT!0PHCd}?EaEcmv!ozEve@oV1m?iccj
zPyCv9kAHs8*w^oQ_Y3j7Fp7Q;Km6Kb{Cg8V_afEl?6W^<-t(Rxn{C?)=B;o2PVDEm
zzV$mzEwv-1;yv$qAs_g_kNLzWuHb_ojQ9MZ5B-FLZ~mL<@2mE<2sS`U%?CetHUIwa
zSMaxg`#t{qzuz3|89;}X8S!@$1aQ(x|7tdF%$xJh`;>Y5>7i*oH?^yeJMLdhPfsgf
z|Hhy5<~MzXAAJ9vyy?wf;rrizCvTqO84SNp-#dBPcfF=ifXHUS_i(~c^R=)28Lznf
zb6j)HySe-o|IIbm{4K9|MfCa=Bd^E4|EgDg0h6uHp!_Gqgc4S*`jA<*>YvP`j~+D3
zmVGex^Ri_hY-*`lw(NuE;fD{H*4Do^>(@{3d3*1%(|;^F(d=4twh@aK{hcY7gIGP8
z#*e3SH_gC=a1iaShfm8CTNbV}j#QXnZrsKqokFIZ2prwa1kHJdS|%pKFc+@tnrt>Z
zr%Ua+F5;=SBTX)onRc$vjF-A4M>X)Vls*i;Ol=VPeBN|+&aJXnC=?KnWLKE3j=9yV
zhl(YfuwBugRI9YOY`Yztr6-*@OZ}au)-oL|o7_cni<cQZ@kFiHfbXO81ttw<jA)Bf
zlwg`eyLRLaGyM9H%fagIigNbQx|WwYHxYB=dbRY(Fhsl6sQL0-jC2Ye1UN=2Ou2%Y
zqlme&ZIBXY$&C`M5}3+FAs|4h2&&GpO)|~vgaG5?KnRq8QF)faAf-d4+)BRBLI7P$
z6fLb494CSeZ(`1)2%8d^QTNz}ppc>eD=r9yQHq0DEc)vd);u4pDZG3I1PD`HXP_l&
z)CCwLxc~beN1y2s?oKiAfP-_)3c62M$m$L@-tThm8?%u=a|TF8kf{+a9Al!;drbqe
z6$SlL?ECL#^B4QcW*5@)f-ewgkFJ+}k5D;ux7`5BnW<F{*f=1;lt&1M`z7A(0yY%b
z+G;3zAt&$M!J;KcQ@K?l2UE1Ypr2G%dgg>hCsx#NQPrHl8d3&RHKa~gJa_&8n|J5<
z&2PVl|Hwz6ya{v)9CPUV(|#z738Q|CVpO9?O9XViU?J)D6tZ9Q=hg;x->=#Ekmi)v
z9FLj52nz|up7E|WCdATXI!tPUOb6FK^%PHU&0#VY;gQcJv+@jj7dz~b7PoA90-0%T
zV#Wro!&>~<HY5J_lofE&kx$ayF+|5I8^`UZ_xXm-tV7Z2r=_HDta@EXV@AwtD3jvp
zOsC1%cKt5wv!Qb3a(G(RT4~w#+}4<@T3+ViNRPC%F^44~^iW>r9C~o0h&eD+n)@1a
z@#g=y#mupl8b!>71!o<<Xif=l+>^)A+7L)Zv0CfuJ?^}ZNdpsOmB;ZXa7<q2Xe_`{
z%4%mznjlnBq|FNyelRylMqa3p%HYUaBN8u|n>IWtM-WOKH94qwimE?1S&EirMKe~)
zQ1PPnD&t+uv&6Uvq(+={(n)5?k|lGNiQ3xQN<N>Da&Jqe(wybqYON0?{T7Qwe1C50
z6~i!$2oLAphI5o283X~2<3uwqm&<cTIF(A#+1VM*SV}npc0LzkF$jWa#>SXfJ(&`b
zOvXg{)k>;4Cme<$!uNfXPR||k$?yiV=4z&6>_w#x4`Hn}mO2d0S|cs<aLxE|RPjZ{
z?OHQ5uCiw?j#R@E(HFk@OB3F^?q~06ns`Hh!bRsDGb^)hNO<4=;sh;oP6+$6qy#o3
z?7G3>AzY~*Hp2elAzZ4=&Wy!z&-=LP>2AUG!aBAjNf-Z+%ck&ri4#givE<_q=U~n<
zU}hL<LaCyxh*CKq4Clsn3IZMFWrm@mT&WU<bA*?fvgz!|;mA-Um1&4%l-Q<HCbEyi
zTKrh+xq_{Xv`i6(p>dqaPgQEc-;THW2@ia}DdKWW#r0%=p{}>B6H){k`J`q;%WOR3
zSs?t!sbxBima@GqJ3E9MX_=)u-6xyXN{umyOD_4WiIbOk-F5Gd^`qM^i-B-tiQyXa
zV-s7(whJ309C=S{jHHwAhvf6sDQnDQJ68_$53lElV@sGr&BmOr4oomoV;)3#mPzp9
zItWLj|8DL1Xep!AIoAzw69VU)SjRl>^Hd4~8R3DH%RZHabSu>en8>y;QH{B#RC1|Q
z{Ap`5b<b!c!a_uyaHLcei(X<gHVp_HV<N&~s3?{EI`?>LB%?`}dIZy{{`E%bC@Ufi
zHN~Qb?}s#2Gh;0EWSCC1Fq2Udf)QV)PE5<x4cyNnsP+B{LruAyoR+Bu^HUQ}rLa5O
zqs=9yiPbDQ-jo}(;!z46`Ky!FG8@*ao2d6s&6i1X>TL|d`Vd~Got$o^b%VT2gH{Sh
zN`q}DH)CU_E*BF*AVZ0xl*G23<YpY>cl59mRUD3pdDK{$IVbE4cXV!VPez-x+S_6r
zb%O(@t|mEC%`zVY;m82aC12^rjuA5N?(U97`1t=?7h}1Hk&KQ$EwNjeKDIF`lHBt|
zRK@4ZfV^8CRbzh0yE0vkL>Kl?>6sBNoftW+Wrjgw?O9CNAip!nfC_O!t#CsRH}n%C
z+#o9Jq%kVMkxEhyJSquwZZ|=LIJ9L$)W=*?@+wq(HxVt<c$G<Xx8awfhO?(7MX!?F
zjQvt0fep%y+)X9F-aVd~mN~N2llnq+1U3_DMbWR|kL>DkStipJ$9{Qob|pZlFxu5p
zNlH>p?EN$2rJj0o85JOe6V15nR|pew!k9_}o^GcQxz1?D(rA=P$O&T_Ou&ff9EU2z
z=meEL6GPck5=SXL(#Jd*&1dT05tyjoVkjk8%$?3<Y8d5GDQw$`x<AgvQbROjr4%-E
zt7VRa>gQ6|qt;H`GG>m|+tEly0zrGGC7GYiw#V281_uMBLSxM^ww76F3`S!BQTX<o
zjIrjn`bP*0$5?{Yk!Q^*VRc|*RD^>JFkX?#6SJAbF*6w?8k2rcWIG})6Rk1Q#mKp-
z{y}=66%JZL=tYmY7<LMD7!fu>wXs^7)UfPG12I}*{4yq}&fV^kGsGybdXimxizqZp
z7qrvaHvQfc(<c1H=6-IzcRMGojX=X5-+X}Mj#|J4r!Sx0icjauUJ&w&8=v7dFIY>(
z4Jed-UU~5`Jp9x?`VN+7Z^jQlxsQRoOAu;qx^Fv$qQ~>kTE*%W-RwJ9=A{=NJv%e@
z!^j!u1(K>8Qm%$ny+|!~z3HjP)5_;M{^<GKaQ8Nzd*Tw#f6j7Vbly>1{JbN$_V%ru
ze&Uj8`NF1MV}9HHJGtSW?L7a?BM`vt>vyqwc{i_rN&J>eTI<FU^Lk?-@ABl90hH3L
zIiiOp3#JDMC#6Ij@x|90V_O7jZgOwab_z=oX_<~=jkM321C<M@hjRqX>_o;VQ$Mtl
zSX!yMF8)C)gJrZC)17Sgb<ANclgO9Zmd?!?acyeqZ82Y9u7~sR1Ff^(pME00to8oM
zoqN`_c4b|iZyMVqc&gU>$M{k2pQ&oh9TlR5g=uZW_FTf2cEFITmQmRpqFly8Bc1e=
zTBg-mi<qMn#`8wuSJ%<cEWwsFC$n&HA9tpfb5uu}2aj3_z;m|jV2f_!oXjrv_bg)7
z#tl*MOibp0^AF)yj}*7pQKM}o*?9D+JaVETzikyu@7ThFxg5FUHUaS9Zb`d4zz@$o
zimp{v!s5{!y=gtlcIr;rq*GDg8l}+H%A`?Hp%ks90k#btO<PYJp1ln%VMl2J0Q2Nt
zJli7dS<behGG~?UMOR()WE<A8q8tIFLYF4*{iDN>#Sh=liEB?I>+PnC65ZvUwBNiH
zfRe8mYU!qD?{2(oD~lh#pTM#pm70`=5Cjkx4(H%U{?#13;&q2!U-7z$uRrpy@j;{F
zd+dA|bvtymGUg2FY6UTkLY~;lo<48@Yrz8cUwjDy!Gb^B2*81hpAW!-KioL-omiY}
zy51a9amOZ<jNTj5@s-8BCwt%Yr)JOE<40caS$q71*L&aer}6KxiCYvK`5i}VY~wY!
z*fTc9fKn>fU#Rx(iDq{6F=o%v#~hmJ>SN5F)yItaPQ%|)%EV5cvlcHw@7)Whojw*+
z*%)}v>FB+CuolPDt+m#Owp0Go7%coiP3@=?HYb(0@#`<Xilr~Tm_0{E=E~Boo7nT)
zKk%}@zJ^EIR*krgC%b!@w2dtcB75S$8{0`wYJ!Y8ZN_GPD&S8qT*`^-qvQ1Gsn6#-
zx9s6ym<FLn=~neA=duo328h&gA2;btmTJs=E@K3EA!O6TCM0B2h?v=CE!h-d;2!EQ
z8DC2@kaHL*=g&DzCpA_G4v#PMP>p#Fx~aW&?#jy|UnYi9@i1tayH;#K*v{NijkHXg
z+(ple;T%Zrj|-l7au~@-q4W91Ds3aR7aHSbcDF~Vb7(ckNJgoemKiFHTb(m>43oAo
zL5PD4(dFqkdW>Ti)@3ZVK+7P~GF531T`5m}a}(<QV}uVufGGaxC&p@Pi4Yy<f^(%D
zv>!g(=<$z%@Zst(dDsX$S3hzCmSrUtF>frGER5EO)(@X!jK!!tkl7s>CylK|logR^
z#5@Kk4YjOA%#AarzD#vE@-ic3Pu21==iHZRaEy);LX(P^$Ja8Ap;Rc%^+Cqjv**~k
z_hmNI$Gj;mbGm)ZNB1Nj-=BQEm6&KB^Qqc{P4<4`eavS(n(bpg;|<+xAM=@0ZnBU0
zOh*%a%$w{mS?go&7%9=^@*xlXXvDAa!ejjVGr-FfQo?ZeK`L|DVKR)We-58Q|3{}~
z9zL*{KPtk{A{oss;Xghkqf6d)m2sS@?elBDb_IQ}k7~ykU-f-n^!A@Lt7PKXw&0@Y
zu59?_(VA$S?@u)z-*ga1Dvjq$@+EJ|v`ls2;D`pf?_hbRX_<6&Wbp%uqm{w)C4M9H
zNIw|4ezJ&7oZ<NrDK$<gHC0bi_2ra_r=zvd>M$_PR5PAr)~S?DAa%6V6*r{Xptyas
z7Funh5Z-aDXvR_*ie;a21E?fjK18_OB&?Djs0i1mRPm`ansGH5!p1~Us7@#~rAjb@
z5IW|NkFtA4>)jPMtZQeD_AHFPe)RiV8^Tb<*SU6{a}gNBio0$}#!}sW`dLN@F=tw)
zNTs40bEHI8=D3e}dwbNdHICP3>k(@J!;#xJB_br81!w;^UZ4r5=(p%?`1>)T`RvJ`
zn)!qsi<Ybt;ocfz;P;Fo+zi%_fe0omsxh}P4eFgnSIe7bYNL!nNgd$`*pA(}m-47t
zHdm7+2&3vBjqSw9%N+H2v+7c$-kQUZmuWPXIUG(@rE!LB>qZfCtL;!makJ5N6V;gO
zh7t3jp&^E9wc}kwLkUFK4dOMw_*XN&k2!U`8dtsS!?AvHSQ~A0qa8~K&RKTC<f_Xw
zZ+{%WXz=t#9Az|t3Mu%NhP6Mjtb~L8V~*UUzD#K}t_<+h>>wFU>dRDG;mPER+Z*~s
zhkcpSD5^;ow>R*Kj`%W_Run^*N<xKJqqWiclxx1sP%A2dOI0Q`<LcCeM|_!5D@vi8
z+&!*Ljbt?9%amGC_Feqiu5J#;s4<e!h%ZwrMMZfNYs_beacim#01RrrOh+0;C3FdO
zLP$narS6Q<GM!K<lroVXHCZ2-X{~h(BqJH(NFAbujsn*WLnyI4D^tq{T|+XGO2^YO
z6CxZzDAmw0jBO=GI1YA`lxh~Le;Q3d2$Y<S>Yq4BMp_+?>YrgGqdBhrIfP`CaP`k<
zZFKUbHu0-};`%#>Vj>y+@#S-gi#~L%x!{CF<STR2`=`4#%@aHGI9h33U*Qe=Cnu|C
z8ZRyz^}?OxIybGN7CfQWxPhGD=bEjN_ALUbX1=+$?kl0R;pinDbGx~|b=@<3=Z1}Q
zx2vVn+^~KRLnWV~lFtq6_sncp$60EnH1GP#y$qFnTC)yY_7qvv8|4P=8>q5+X$K`Y
zq^Bdxm)`k2;^64UN}9H9i|3!RgrD5Ljm14JEbeaMpWkp20RQ@<N3bkGWp9D!pRyzt
z(P=I9tIj@xT*l_chxhRQSFa<RcF3k3{_fT5xMBTnvT2)FoqfdY++#OT43z>>qbjsh
zmc>vhz@28CB6g(h=XY)Az)+P7Pg=yse)#an`ycz^!(4dMA`T3>{QR!%v3(%1YRt7U
zT>6jKbFk<!zaz`~jR!gT=y?Ea*woLdYvzx9cEf+X0IPv!5xd4bl$zA2XxvwS`!qkg
zWitS8xNtS^c<I{d9Z4zUMN?DbLV)jh=~|2s7{s)R4$s(`X&CntZ+#A-n%T8VDTMQ)
zuSL~Ab0j2MG7e$j9<Ca5jb%6tzD%PLLqkKRs{z9<JkhIbPSu{Fp`ri9y?_3{(=z|~
z2s<;_8K}WQ!Y$iDhNO-<5^G-XwDWhTMOg0I!_XJLh}^lOW?>2p3cGh6UGI7q>Eq+`
z?by58yXOJ=|NUcFr0d)vgT|-pEpMgmidQ8^SoZB>@9SQRO>Rmbl%mSQ&wP%|b52cw
zurcg^<DV03e2S<e_f&bA8Y`1!$*tERQciRCSoII!t-lY*0^Yd8Fws$}%7X-tK2GMe
zlba*#-}?Z%;v$GEHVu{E-_Sf^U9F;rh7iOJa%oJtF^*Hi8uRSAXJJ$j`{Ze=<X&(|
zLm|;ny>%8ZB6HO780|;y!YLmT%Wffe_H!E(Zm4q!!NQ+@53Q>W2`gP<;dj1)$YdHS
zd$F|4^s&dV=xbLZO%Y=x#^`Ymi8MvJ|LWbez53;`v`k#rjSV{B-g%GNy7FkVQKZc#
z(PlP@cC%5W&F1b!rudU<V*gIHS~a3lshF0Q_~j_Z^>FXFlj@DPV0@pJOD-gL!MRu+
z@jU~TN(E6Y7ESvccJu})l}gX%W&Sa1nNrH8z4lVd=@G6}DtzM`-(dUp?RYb&kqN_)
zy?gia^{;=O{rmUFR|J0aqaWdU9)kmeJnzisv3m7t7A=a`-F<LykWHI5ar4bLvvTE1
zip3)Dc*i>$&-meoA7<;;tyq>tXICdT-E<TC_U(&3+j6<gFMs(<mMmGqz`y{jSFdLM
z`t?)GW7l>0(T{$_Nhh7eGtWH3s#UA#>FMF*lMe}XJv4;3VFPmKPS6Ht*)lSxoQyp$
z@`<civ4WFNKABuDM_*qb`}XbQ_rL!=OP4NX;lhRWm-?ogZeqiR4fOZ-vv%!T?!W(j
zKKaQ{(pHNzRByPE($!a?hlXI-VWTxxdpoVKcm-{*c*V#MfAgE)L<qstPe0AFWy_d1
zZys-W!y86qzx~mVe)OZmUq154BkAnyq`$wPhaY~J*S+p_tXZ=rB6{PE<UjqX2>!^j
zB2V~m!zka!yX!8jT#oed#{-bd<@mu5e!#KE9?L1GoWf<7T{cGHsJpoeg#x$UdMht~
zc_iXgrNV)?yaipz!#G@ttWnr#jM8{chWS@siL-Pm0M}i29qZPuW7)E0Gt;YgUwaGc
zAK!=F+B%{f2q3K`_hgpyu(g;aro_dA53}Iye@WXr-kFREbNf?6Jg-{CwyY6FHfMak
zka-^863>Y;9S~gabnulYpCS&jVl2YzWjA{&i}{OiQ?2oX;m7H9eA+smRKA2&Q|_;;
zF68D=@!B|q;~*KGv2G!MlDn9P)2lgF_4ByBfNRr7W2>-cH`SE?Frc*Vxv_*qU9mVY
zFu>Qo_O+4MFFt=Y%a(R=jakFLWzXlAskI{tp4Mh0kvG?t<pnQ4W8}JTfBV~P*|H^`
zmU+h=cktm4f0!Tq;0OHhhd%_Mtu@Uj|LM}GNrhJ?t$mEqXcOfY1XAG_J^t~p&tv(r
z9sq8+<rcp1`Oov2&wiGl{`994ov5Sxm|uD2mHgoke_-FfeVlyq$y|T^_1t#bZS?l`
z0&w+jpWyxfaXtHY=f~8wwRN}fp}#tp55E2Eksp8m``!-%?z`_kjydKSmM&e&$3FJ4
zk(TkobzPIqW=B}&x#ynCrI%jH;>C;ExpODmwr%5QKl|CC+b~q+ceiflkth35TC--=
zJYIUy8dfan9Qn@s-uFHhFJ4S<Z}0zW@64klxvDe&doLn#slBS#>P70--e^M_Ar?sp
zZ6J(6!ebCZ2pJoY89W@oV{_~=+i2`D-WWjm2r#xWV1qFlV{9xLgg|W;Az`(aRxjFm
zQ+HQ&*OpskM7;Oz{1KV8W>sb_WX~Bo&Pi3PDl%?HWW4vj`0l;m$MEnlU;N@1x%b|C
zC&zObhRi{k_uO+2AN}Y@x&Hd=*|TR4d-m+%gCG1LH{N(-ON+$A4?oN;x7@<zmtRgc
zo8|oT&u8n_tz3Wo^)r^;Io&_kUw=I>e({Uhv112^4<F{;?|wJuop)Z#tJC1%Aa~qx
z2RnD}q*N;Lo$q{SM$kz>KR!M_2XK#%kIQw}T_+Dc^pKQFC0XniMUm{@y<4um_F8%B
zsiztqe_k%r7{g-KVOu@MiRCiw#0`S9nP*cPA5joo+1|i*7d}`Z2AQB8s_dv<kT|Wq
zMM97^wR%$p5`4j+2!S?<qZ6co!GM%O+9i(eAtd;S0V$@z+qT8{*WGgogPj8_R+rgq
z>+rJ_;*Bd`m)UeAi6gSf;_5P2z{VV7EvD|0vXXU~&EB6_i>LL<*JU;xOxmM6)49aD
z%=sh(plQjDrCuz!)Vj=t_FX_m!=Xqd`5Dw@Hc#S^Sc}@d<tzy#t$A+CikQieXpQfT
z0pD+_tZ`)`Pp`|YUxT(0Y!+>uJt4A{+AT)mVuddCl#jVmE!9)5+@%(LC#}^|uIP{g
z{Njb}S29vsr%FcauD-ghfhTtEOchXU6p@UN&yO){X66bt&lD^*9%S0nYwdSR)%L6H
zoayhyMiIU^hYdq)n*@bym_?EVUy>vZ+$OzDoynvg*UlJBsg!o)w&TX~yi}Fl8G|Vn
zu?+*Syk4eKDm`N{hNMtv+Zl^<xG+p5l#*hxZQrpthf7Whb+$9`i4qi2cduF{u3E*l
zsjFTG0lK3j?YP#dk$F?)t%V+K=KK4c;V*(s5`1Tp^iB2r!s4NF)4$LDo3$3-8iVI~
z&D(`ma5G8GVG_@4E6S7;rI%^{pFo*@8|wr_1YdxOVte&61yF}>yjgOW3Vpv8p?U!W
z#lO!`x;sF3&NY^iNRhq3(EnQz_%QLAES2y2=)BB1x+^O>t}*odYJ|$99A4o|S;7Yb
ze4SP3{1ue%g^sHdybX@-w?MEpAlji*K5PbP0&i7H8KH$>Q-+RLsJZ*akU7VZzbZjx
zz#i9x-}AvJymfnOdYKXv?<x>K>*&1Rkh{c@zZ~pwpXx&%DmQgUiWQ_RNSL4y%%K2#
zOi!lHlv21VWVTuIuSif?A$~$r{^tNYq43sD>Sa14tb&V>G8DfG=AfnHdPCO@Riu=m
zy2C@~re+{l09T68TCigviJEkDuvN&M>FE09^oo@K)hGO(2A80GYCYz*u9q3&s^R2!
zQ~9<ce#+AQ=9sQGhuC6<c&Crb)j}r<TZq7S*a-of!fJ`YKSk)iHG&FEd^sTArBK<L
z@vi|gehP0f2C2-IgHLwD*dGhMZ;R>uwUE(2%3z*LFS}I16=HPW;l^b0#_`q&eYaP!
zLyC#Jve@G>Di<TuNJH_x>3W$Z+-$I?z#W6pKZTx~6MElKVeF5ym_rJbB6`G-^b4+H
zp#)x^(EIB#(c_AV&j(0oQCW~ugRvCF_@-b`qh%zjpu7fao`dmEDLP)2(DN%5CO#Kn
z4*Mi~EcgP(NB3BIZjY(l?^F7^j|vRRuU*>dPdN@G1~;Cdj(_+Hu@eI%&&SAwLaHhy
z?Gf-5cn+l%QdVRyHjowi-jU#MN$(~*tQr4A7BWKh`vIy$()GpyPJtEh6e=gE?sWL+
z)fJQtFA^8!kwT0;rZ7i5k^>5JP+<>ym|=~ZP)MXu8OPdBRmhy{aFulFS6PKUsu+G(
z2llvzoZ$5c{u+n3(cy1$_@@ZL28*`_R9}F~Cit#mffBkWLH9%E1u_XITvg!;3OTMY
zhc%^d1o)?ixXRS(E>-Y137K;Y9oHEA4Gz6V&^?mQX1aEntx7q08z2=A9}<)*gGxZj
zw808WD|8NAuR>des4TcJ-A87^88H#w`WV$O=$xeYi^$Zz3eXBA0U|wVPQn!&Zd5SC
z8hcn{o=?xv9MRZeg&hS~)TltH{*t2OYJ)4JccJbSqQ^bLA81Pdm_v7i*DrW$1%J@t
z4+{P!hquAutrNTfhw4dC2XA<RxWfr{#Nf&bNmS~*qDVirSHogeMbFzJ%<~>SzZ#K$
zsR6Bsp3sc_uN=9HEn|0PP#W+6qf%3xx<`E=s7~+)JoLsa>Z#4!L^}g6p;oIsbJ$e@
z9|k^L#oy#O{@y&Utnt@5@WC9_DCJo7hgDPn$A3GI6cwst?rMbqI>31W+Iohx8Mszs
z>84(`DCl*T^<OEHJ>M|=?ksj(aG|5~^)bD_UPVHOi-cqE%c8QD4c{o>pOs)IWX7>X
zTw2E93)VAeXUtTiY5nB{Hx9W=5;lITh_~8t^sPCh1S*^Eli8M#y&wVYP+t1G;oI}r
zF~!DjmFRd?j2kB%$J38p<1+OOE>i@F1y_ddH%AP9tqcy1zBP|MuF{}ZP@cmZaOiHA
z4jC&bKYj1e+jAt(DF(k(ruW@dBoZW&8MQ%kxJ;=iR1Q}EX~??IRFE<py|sg6uSR!F
z4Gq-^-YS=l)gGBNvQjy4$2CK@br3(TS@XvsYd=@PTP3)XYRqN2f+DlcGWeA;eeaAh
z!<wPDcMv_|p}VGIV(@wd-4Ch*^eU-Mv9%A?Atd`XLvQOK-s{o*hJ?YdmC3)XJ_PG1
z(+aMn>ApFW-noN$%n`-0_veXr1o(q8=Pvg*J9HQ5oZz3@fq5!Gbxu>V=>&5?aqPXF
zthqBJbFO3kmlUIal%e=#g*Afj0N#EK|MrN2Qn+Ve<O4a%_k!-Jz$}_mDvFM5LarL3
z43s(&3KJQ$o%<x>zNZ+!&9LT^RlL;>{r&=aFav*@L0$W+f7?_qvoS<XdA`3m^3|nr
znXT$&HcDzJ1*<Rm(Bj#>k<nC3u^QQ$UZ${lU6HH*(|!WavE%8rJbSp0(TPczIrVT?
zn+mfRy<|zC-gh;j&M2~6vh6Ux@(Yjg5BG0l`=gt&R;T2tvSc%ce8vzZ9!cU68xI8x
zzxTf_juGhXA=&#>T`w~s@JrnG>IeDScenAcKiZH&2xZX-1HB;|Ru?&SeSzVz4)!1E
zqY~ywtVh>tU$f}+kGu5J^ir3@giFua4-#_U!)s?am}LV)S8jsWUiJiA2geyN=J?uo
zw=r~lJ(W01$2C_i?NS@-D3oGO9Xw2-lrTIh#M6iv)e*72e~7_>A;8erU1HO^!#wz8
zFQtm+@Gre_ahJNQ6LakNlwRf|ySupN;xT+(WVF&b6<A`PJL2=);ec&hCKw*=WbeKl
zV+Bj864P_*EsML<zK@HOx?X0)cOG8DZ@sz9RTuB#FaP<1$>CBC6<T-jnSVT!Gd8Ve
zc(j9E`v(|0W{6!(*XwUs;-xl@LOEu5%;WZtUBRFK=Dk!Z5nsILJR;-cY2oQZ84e8(
z@YvIxgw=p338=;jRLuU1Uer3NrW7iZK@x*H?Yd738j>VkVzzA=;WvKiA^N)`?)&K$
z?t6F(`;PWDn7K3x#}l{qE|Ou>pfzgqRiBb#C=04bHrx`2@-4-Or^c~_E#@_pLOs3Z
zOp$U0OncgZ@qKi67i#o#e<{kj=0ZR#MrLZn^OojgzHDaC7}S%i*Gu4PhO9IC(;Agj
zO~a~l^gd>*l+cilRoN_wr%^{gd8g#EIiyYBvGRSwIA+n^KP$17%Vqr0yFN$K)!A0N
zv|_1@`f0vbdb>JtrS{~VbXO-6r80i+XFg3|Z*N;KwTzFWMn*=YowV`fyuF-+*O8lV
zMWU!_*IuJ3bH>bZZ2x`$)|}cJ>damKGDr*ri<^Mr-Fv43$A=FyS}VKhJ$!`BhQa1A
zb@*5+#yri>x^?d#;OH~YFm6pc!-()~sYv&p0vpdhd*R4YjKnd@NlO_RU`j8up5e5!
zlrCEN;$5|x24BnqGwJ;U44!!=1N-;0x5m_;)!j|Dh3{Fy3Q~<xuJy@h%KN7dV^2Mm
zu16o8{C6vxD^=3FdNK2ST`zO`@3vle;o`<)rIK3rEW!+9%KK*-n=6;oGq#RJd;csi
zaC*k76$zHvdYQ|b`oc<T&$Jll!n$7Oasu1&aj1k4FQRU@u9w-ek9osuoswwEIT~xE
zHTtwQz0BnWuD5wlr*jvcdM5QUopUskP--4{Q6BZFUgmQ8kLx_;Vgnmvmlt>jN4bc#
zcxGK@y8=&gnQiv|nc_0r-D5r@W4>gl+J$J1TI2&kT9>(u?w_$j0SUv!EsOPO=J_|=
zEGHc%PdZGl==O8#FnO{{@nqniUEq@rlkM1?bEvM1KPG}+miO9Xwrs}3Q?dx}pOssT
z7wP@8g4;>&pSBLCmb`y{2BGl}Z`%!eVU)T4>wm}f@BBLe?)mJ^9R1HXFLS<B_$W>O
z$}5`gd-Y4UO#Zu-{TD=;yLRD=bx0K9CJK#>m22D4W97+T+o9pcvh0oCJ8M7P+Y3>G
zk2N)vxiHv^;;E;FNq6X_e7n^uVv-u>3PW6z&XBM=71%AOizEorG_K53mpOZz?#C$0
z2rRx2#^8&wNU?}CX~HRoQ!S*jjD{V78l{*d*ixyfXHRjOtE5{_U=fI-^yYHK(%hSC
zR;I69Nu~v^EY-$5r5}?Rf8&q7-_j>deKgZ(8}Gk&`E&NxYwr}aOlHh~)>{y0e67=}
zh*Bk9e8zmKfqhMHcdm7Z$^1nhOULsgA6S{yY5y7LqM~TQq~?~P{kUn^Xy3Y}y8)}f
zNAmf!7sju3|15|Mr_amFB;{O^;Jd^iNYfO~bXQ4nuCYT#gJIYxuuTlUvxXYlYjVaj
z-`sLLe*=_htx4;-@Ms!%1`1s!B6ZfGt#c=&2}ir-F!W1BnJJg)TIw;MjzX8)kM6{!
zb(v$ug?r3<rnyRvjg2+kzm=u&B>8eO@X5d@1D_1s`eJe51s91eSK8}i-qT%Exv{o=
z<&oCn5|chHs#*_BTQ0G<^!d0|l(~YG&*D&K1I*SQl-Y1KZwJa;$?YV{Y~Q7B6=kmY
zhyv7&|M(Hns`V-R(_eUU1y%@!uax4-&F8oLp8S=omK`_VwF}=mM`TUS$Gn#1uFVFs
z-D4Fh<uPk_=d!p=iz7^;mL(0B!(+lUF4H<oXd=QEMI7C7)o|)urg4sni3ppV@tPoH
zlPXd?qe%X+#v550hM43sjaZ6tg>urEHtzOfu3!B;yQ5zGTu8Qif~YftJ=>7~VSraw
ziylf6$M}gel;Ubbz06Kk<vrccviE^?TyV&t`y!5wWm$DF%Ym|H;7#N7{<Xm`v>tqt
z%e2;|dYLw!v8;&*AKCU0{iQq`4)5ZuBbzxops{PR=wlAD`>@Y;F?#bcR)4%_vUPao
zEW!L-X5tLRI3%hCPMZRSZZE+^1zZgM|LRzM{~xexyc6Su3*Qkk@v1lBy*MH{5MweW
zyiwg00H72k1~H~4)ES3!^fEWeD94Lc{(awOE_n4*9DMj0#(Pe|ILCMP9in{Q2&d=!
zk&DJDAIj5xu*ItKH~~-NCz5*A&(_O4CRNHwfuofwH-9B!|79LWog=YAN7duZuf`1h
z!Z`B$7#*WAc0AMaaPoS((Z*V=lS#et`s+~KK}oV4?hSZuqetKP|6$X*0Zv`NinYi8
ziKn+JHr*H!6cn9LdM()V)LwOzX<UNT^)jbzp(q|3>){=nw)4PkFX6R+^JQLm=Oe^{
z=Gm^j=(i6Lp1X&>A9kY4LaREab(HCKzvldpI0PeZvJJfcdc3-dOS(q!`;PHf123h}
z@3FBofwh|as{MqI`*eJ=10}P%suy@EPp1Q5@Y6R5o+h@*94Wi{&#QZ%=S2fUcz(py
zkB$)>*XYOd<bND28fB_%hD7O9P{{K&j=2T+^`G}mY+zT|$JuI#D<7!P{Zs~TNY6a_
zVo|1b4zC3t^XH>H&$ER;*?zc{qc=yH?RJ>tMERJj89wGHx`Nhx%vS=9I&t`jP@HHT
zWv&Dw6+m74wl9n4H^0>PeEe@)I_S~2ws1wX!q=Xfkqw`B^IPjP&R>~p4P_eZh$72)
zp*pp6Ht;dW4bh4!yB+Rm4P~Z2<_XofS^aElU{I>MHI$iHA*`Ai8S%#NXboMuX1h(I
zOyek3k{KEC##?JS<7S_43T4`~<GP*^pH~*swHUbEBFZ$zQYc3&cE-&<-z3URjH6hJ
z=X%x8Mu}2tF|cY8Wg17J98Ih9m`|Lr(zrln)(RtKuSJw;9K}l1JYzon%UfXWoj33t
zl-X*=Tt-`C498t-T&A%WV;#0>(O!!LTr;AsjxrPDQbnC+fn{X^PvbIMRb^kHGp=))
zi7|klkr8jsA<DeuX2WcHBQDd}R_iidYagspHoYOrG_EF>xtKF<@>JLo%9Im@GR2)B
zF4MJGm#JFQ(`*HWrYI9>sV;MDtTl8wR&0LtPG-zc20j^hWhassz3*GHVO5?=)E-%m
zj;zl_ImS<%qZlTHv)dKsL5WR8uA98yIw3Z$_9PJ|RBM4}H_Xk!#LR4%YjvKl?`y3~
z11DA}hNf-hk+IQuTBVOLrO=SrHq~W%n%>SJMIg53o!E}eiX*WWKS@$aLf59A6j6#K
zarnj=1l_h?7@_9<vv+W-1PBr>()(wL8S_al^JK=nZ7B0(#=Koa>LkiM8Te<m&8zuR
z{K6NSzPbCh+g3iXL=oZk?dcfr>7oC3f0vQp`@OW<%^31mF3<ARzx4Hg!-jQTRAzCR
zU%Mp2jg8?A4yHX6P7q^IL4X?`MxuyU-nMw@*^Yd`L?Oa2mtscz$_&0blk<@%!j6v8
z|2w~ff9k2|RRgT~!#^ba!4DYwlRrVCh*CKro`l7%!OSq1P^}t#?Q3G=NSsVAt4Sq6
z;uzi4Md1ryz>SVE@caLhk@x>5{^m`nTn<T6j$5^~R?1}f*f<Q-*xO1xhs%^WM)mYC
zaK|0k{rmAZY-Hd=AH>_ZiJ>>$ghbJtuctMXS$CK;t|6Bxl?u^A4{`9KiwHc$hHrd>
zqp!LS>FNfh$yF+hPAp#LA?^OjqK!3JJ7o)Af0YtYVFf=E@L2v-Zn^6jhWa)kK^8wO
zF*dMa&U;#US?frQ#V;9;DvD$pSDBN9uXkU<_Kl8RNe_wgIkbI<o!xI_M6$eb<1ic4
zIXJhQstOi&#%Pq$sI@Qpgcu8PGPl+Hov%NKPyX$0GI^C6%ZkFp@cZw+h&%q`KbACp
zGl56ogW9+ClsOKQo;ZkOGTXLs*HypGNB;RJZe)V&`c-`Lra@l+_a7mC_Gy%#!KlT}
zx^;(1wP*8Y$@>0`E<TxdXZNn|Vb2@i!$0|FbBni^!N2-53gZ=2CYXV0TMnGdQMDHJ
z<i?GX&t&H5zEluL<kzmkZaWWe=VOG&#~`!xCTW$=Q%RCERX;z<6v$)<$BXczAJx93
zWp-wtc$Dc*0LpZAlvy~5GJoDMR~T6i9v<iTSen*b-QU6H4gKV^D<>{B_d70)@teQD
zol0Qn%*A-hQ4F&LCd(&&_cG|}{~29s5vrv!qvLs!B-OPZ8Sfw}6j$^adhVt61LA5z
zsH?17b2{2nJayn8J+8Vq&BUf$=8a#F=_vDtm#kyQ!_V^G|NeTmZS6xu*t4&|pWpHK
zoOkgS?tXY|Spg?eW<6tGEXDYN=F8tb#GB8_bLxg3M#s|?Yx7_i7oFb6=N}keK9^~Q
zII%U%RgQ@gOO#j=Ja+Clz?Z)GL(Y5ASqQ?;ho0uK2cKa~HjojwEFW`g>Rjd=l$mg^
zTSfHM`#8-nqfq?ht3Tp<W<8#cST4ET6lH#mH5C8+y8ztdP9ej}cwpC2rav8JPTxE%
z_t;J8zm=O&)3+=xvyL+7&zQ^PAa9zPUChd)>s+R3vyVBD7=zlob?ZqV^R_^rpGPk9
z=M820YhQj1%4;+9N`1@~`717KYutEO&0$iaR4<eHoy@2Ge&M>zx$m91pYH8J;s_t>
z(pt%7cJ;LU{Z2Ye8iRx(QVkbA!A1|m3!U&hCoLJjE}>*_l?tvhe?g^1@M?DP`%FSn
zgctbfgZYytp<5}o_(6&=YWvO)FKa&L7>g^G78D8kNgQ#8?{nM<+v6(FnS|Rr(@L1X
zD;L@72V9ZKv05vhHij2xnskZ8aoU^e%B58Ddp^P>iFw3YLJ<xo5wFR1@a@qN0AAx~
zxVJLF-k{1srC8;8h?!rrZ%UQjB)DR^fs&C-RtiT+%!oBSVPYOlVqVx`_;FYP6a)D@
zk5o!nKj8czOPA;2GPxP=pS~6->yT>Ax!n~@Q+M_BvgFzuGA2Sy!fI<MRYN{inko+c
zR57g+T9fZYVnZefaE(eW>#FQYO_g1Yg>ng5pw;_W6yiC@1{CX}h-YU>3ZLftY`_PE
zV_GBG1+eI(D!WOr<?@0(=KCupssa}T89tyjpDb1Q_awbSmj_wi)78s(T;j1LW=w(W
zSYW}atFpVqATxT*=feLpwZ~Cs=>rCUZJy8ftEsHkww%vEZND`N)@!d;csRc*yEO(a
z)}($AlP@>zXZk8x%bCh!EsD<;C%`#g>Ib~k55PG-Tby7miZhi*seTeOjyd&8RoM+%
z5>xY7oWDouGC#xJl@gCeRnFEPSrN8ZL$+5#vLc+VJsyp!++8VgnV(s>->Ig`u8lE>
z%yNUA_41r!qtZmya$S(6Lxl6Zfb+b74iT;kvP90ZQ7gO!j*~h~rmE~}=f<sbxXfnT
zu(N!-<{o@qF3(!sIz>_EGM9uh*D5_(1+!M^MI%&kHtkJSN-g>k<#qX`85Pxi%>AYM
znD?k9!ll_h=IzaxORCn;?u<DC{+btF2JKd5*9sr4>Ad=iw#JQi?yA{|M-g^>0hB3j
zT3e9Rc)3}COqj8h&M*>V>dD^g??s{nU!1`$sF!KL%b_+q#3(qTz?NZ&b|WsVrgq|z
zETEUEfOAemZ|cPO1&AHq);`?9GVFeKY5YVcK;pWOd8vYw8wAc}acB70_!&4h28qLM
zSOsTnLO<bBP5H&%(B3q?Ojj&6Mw#Uj$$dXS|8j+3ivlMk;V|y*{RAVxQrZp`xHv{#
zSmQDqb^qKodM`N%(P#Cbj}$>^++Y`O&jb-!ZeR84MaS*T2aFe*bpNPRHq-UOO_U3d
z;h*tJbUsUE<N><2T|@lSeUy(Si{>(&6_Ui(yMN+_`qlc}Gtp;k#k}V$sJq^bt5mTc
zdlc`kx8lV)O8>I>#C2jENxdMnQN|oV4Xnj~`HKmD?Iz@jJt!-9@3;l;<(DEyj#Cbg
zEQ!mk>1DckyML5c1fGwV4bXd@!&!@*v4uc;Xiqb?jEuQ&teLm_Cq6z(W#=BulY8hs
z<21xrihG_Sd~z>lWUPgbp$0d#b?I3z)cq6g+E3x>$KjMUlpfuMbq-#ziHXnuC1KQw
zbKQ#{$68?$w{Z8*kwZJ^9QY>k^#S_t{2Q1kGWvnrQLid;Wc(L#^0K9@h$O~96h$)M
zR(jw8dHhmO_WqZPq);|8eyk|Fer20HeyJzL`|p>fZc!A;f)+fTS6soy+x~*#kKf7Y
z`i~>AK_1Am;k}=w>lLq924`(sbC@*GAEml$4=6?MoU`yZu3y%ATrQVUg+f8PySr)U
zRxB1zoaFxrF*!)N%w>50EE!~q;J@WlJMi?v>*_b(|7SD)|FwVi{$+wph3_fFRp&Rk
zOK0_$H{HL<w)4O^zHvfiEEDB;eo=NeG=nV|8V{E$WJF(QCQb1<m-?7j7xa^uiLIh!
z>E097*kG(p`y?unC5#q0*sT8T1@~>XEP9&QNLq4Jjx6N`&v+&fEHA@t!}B!8y3|0u
zScxew)Kx#Lf4dwmUH(vs5G4*jF+#Cwnsoon3cQR?A*tOXt#$v*>Mt)<&9b|HloZYr
z=m4qC%Vo~sBWI79R@sEfeX~G}k0d}5NanKc%kk8j_kA(o;e)AN$~Ng`5`gMWA5)dG
zwA@j>?9C#Qpf=q4HHnN{u-|FoGq=z9|K8g_v#bdupV6&$|F~JK&9ZoxwBN}Zhv>AA
zZ9XNV*{WZ4@Gzfs=RzqjL2%aAdd#&q16R+r<($bsH`;fhbkyt*6&sUMiXN&79Vrcm
z^AaabtP!-eLR(wRseAvN2-6{F>)t<#?)(Df%Cq{*7u>g1u!lGbh4BS<oZVmEZ2wl~
zZFTh3Hwx{}m@ADhT9Lo%%C^Q$p4e5hJ&YpU_{4(VKMj}6rRZh$_0}@x&O#VMyNn*I
zRWRmc?d{J&VD*Auyh{dp^Ualv8vT9=C^Mh+sYYfoN=CF0t=S5vNQ|A%WkzlD{)x>A
z_WoIflF<s?RMw>kq-7<emEu2YT&7BrM10?G>rgVroIsxIL<CNa9#52+=M(vU>B{Gk
zHn{<-&JIdp^#s*r%JhtRcbhZjX^(lat>3W#{`%Lwvi%uzRm+&?uV`<^Jaw3KHHXPU
zp*<+Gw-=In{<vCQRLRY<zTavsW8SL6<jSp!L8>~pki(?Eb}g9;F2LWs8CNb7KlT{$
z?%m5f<4K1}+t^_;ciClh-Sj5BfqoFd96Ls^aU=ewO;o<~oh7?WF6c1Xaou(FzUy58
zL_c|m!WaG;b2!yB_SUXNcXpB-KfWY`lPQNuV{oM@he?0kdV1dZ&h%;H!5=g7p%2fT
zb@uI>x`8v<lulVhtAlcB!>un#0;Q?C%=~39L)F?B3ZMJ@Os~yZ!%cY}-EX~>@;`hX
zZ__5CpZ>HtmuYHxnPM%J%ae7P*-I`-*UZsTl0CcUHTm>5Y@p+sYv_LCO?2LHBSSae
z+|&>>eMU{vigJ<!Q<?Jqne>No4m&=Mo9AG<uMd^Uq}8Q>9T~xnkGC|OyzXxF4DTQ3
zh#q(#J)>2t@HcImx7sjy_E{$Gx{KmhzQW-fUPo}+X|1cW8-sdo+cr^Agw)Df{f!&h
z^uPn)`;_j!o8#|$-~10=`FuJ&7BTrKKXsV&{%e2#M|ACzAc89tup=XMTzf5<ZRZed
z-AcS;$K+h@tzAd3c@uVIB)yxHq-8~RL{Pe>%06HBPxo8i!oUYUfF4K-T;siau|q>d
zKm92apZgrHmG86B8P|KvcQ@!UuWy-i&!ywK>j+Le4OcEx-M*djz4xY9XQ@kZYdz*a
z0}N2>F+bV;(>6eV;(E+qeb;@`EMvanjE_?Io>p9S#<UE0BLZb1GG-w{rZEk|&Lj1V
zxwTA$aXUaJefbQrt!K<*Lv<Nh@I_IXNj+okgi2xw+Y~tPG_jS`kfxki%54ffl`(fh
zu^KNc8NH|p1R=6@5yz^b61OL?2t=lyF^`hAeaBWLy{nCLl&T5UT8~oQ`=|cznZt0d
z)mE$S8})syb!p(l3Poc`TpRT=J%y5q)8*$XWA2M2wf?+z1(r0ha|Z3TH?VUFzH=5P
z11shiylm77Is5PPwU|!-f2o(w8Bktr36TX3yd1fBnX!CX8`sV_70hfS^s#7bEwnjj
zUZaiWgal5xOjOIN>nn4q1>d>W71vjCg;Gb}@CG@_WuD|R8$JzmrE`v3EWy_bm$}g9
zpJl;==sy;BV>ab7n{C<iBc!URZeN@x+k#wX)6oz>=JaxE2x&TzXfb1W9xih(St6(`
zU?*2Kf-Mf+UjYl5(;d~v_2g=*GT;`lc9@sToIPZ;FXS#U^u4o+@&vJ<JOw5lG6Nr|
zAhALPg2amP&txgz8#LuI)qzVd6{XaIJ>~$xR?EPLLo!?4T(F`benvBTM+eD1-Q;Tu
zKx@>2i!KsdY0bx6WrfwhQ>F8UXa=|_-JNCR5Auj@Z8)Vp=8Nz#mk^Qz0&3>IW(cI!
z8iN{_sl}M|3vcD69G$O;07v*kkMPGj{oO08>4$0I7|OYH=30!8dFFgea7Mz|C-O|(
zmFhwC{YI6(cU8%poe)3awKAS+KIYSU%$sew3loNJ&r|tcFbRjpKA9ofsmNZO5Iv?^
z3Y-cGwW?&KAbLzu-7$CH@OwVl3k}nIP#0Q@7pG(-P<^;D8kJ=Jzs*Omo#ZnA|K~FO
zbyv=>WTbL}?iK9N3fG&dnvzlO^2SO={u&|sLQDBRe?^~S<J~nSBjQxaXto(iJm#=R
z1Y0vzo^52(sK9Z$kx8TdbZ-yDQLVW>tfmS>fPbpPJg=!M`I!>vPNCy<3DqC?m;-vj
zhgNC!a674FWDQ~}2o=!K`MQYlJG1E|6xBYxf$)BZ8#B1-GKXHqufbbmaOIHvWkot(
zl_0TV)rZPdz8z5hmtgW!$GcYOj`lsAH8os4R-*XT7_UDjcZH$4-KY3fftrk=@*#7c
z#T?Su<7)Y1DVnZi6o!aI481d;=hiY3PHVL35^^tzDSy*PD$9Got1B6)16N!ny00IC
z5GkoCw3v6G6<&|S9QI~?<fRv8s$34KR%=Q|jZkI@GG{ruZ%G*WAGvfKuR!;YGO3c0
z+V`TDiBdE~nYshK)k1Pmtr$0>f?!I?$jqZ;WXB;nywX(WG$kXNC>b@d6rJb$ov%q{
zF3R*%lqu8v7NyA?Buz-Qg};-!l2IDCMU=Tx%!?#3zA=WNMU=TxfsL_0cY2u?T~{({
zH`volRWe#Gyge~WMo#dZoFJ6>Z~yyW+Up`pEn}_~oV#TO<iF=jV>B2nhmMu;trHR}
zRH~+73UB6dW~Tq7!BJ<wclLfAIiDoWn5W_|iLnh9f~lYBf8Aswp_;WktI2(2)*>>C
zwn)-O0pAKl#t|*hu3(MB^HW&sYfa#%`N6=`#EB(N9I>@%mD;cPo}M?`;CT*XC7rpV
z#5T0<kQy*QWo<XBda~?2IDw}XiA_~8yK)|-Fd-9Yj1x{9>?Vv2&mAq|M9>ZHT2Cvi
z6SQ+sjSNw2iDFB2+RsYWuyuV8SH5sCJriG(7)O*itg(!hBAgRmdhU9<^F9-mn9I)}
z<bu;yQH>nc$W9)2^7xU#8izL4rS1H2`l{A`Rw9E|iu1PgQz|Dsxo@08B_Rkj)=Jum
zA10JT!?E#@7i{h4ndb{UKT_fRtpjxAe9BQWdE9XFxHionTPH-ZB{s7=ZiT^t3|$==
z9(;0`iBd%1E5fQ_<LVB=*wB^F(3$gj{Mk{0AT2t0WbZKsUwjG!-5G{PD;Q;GCbuP3
z?e?v6RH7-P$2!Oq5l&gxMWGxsJYFH=YZB);b7L1bU3EI&-*E(#;>rux^UUEQ-+J%>
zpr}Naqhldk*7xw(v!jz8CzDjB)wR32_8ps9Eh*Ls&kt8PXLCQ|V62>Q{%L(!C)~f|
z2t#8Py7MVlJyxnRTBzcjV5}n>cnpnJQd6Q?H<+&-N~^REq#D~fO*qC1g)rvmScR_6
z4Cim{=Z#mM#t)u2%C{aoKxfY9rmN0iycBWoLx&iisNx)KSlz{;V<n1JL#b-!+}WO1
zbmV;Wr0<W+d<nu+&rgu?Jl6E)c<xA%?T;VjoKyRWjpOAP4syoEZu+{iyzul@bY^^V
zfo98K7pr=5?AkY$s=d!Tu5*Gh4&O*^Hj=s1Y^7=#EvA?7;xkwC%^&UO-yS}Mh;aWS
zhZ!0RdDB&=Gc*?Bl<>0i))8pUNTJGjIZo%X*_QGOjC1Lw2Ho)Kz8YJ8vga6YzUp*5
zPhmy)){pm-4bq9@k*7x3bzq#K(F&KHyPk{BTutC<?s@1SW5p`jz-w?^mG;6|W9O~k
z3_Q(aPmgf_qlX!psB+=y1N3xeYxje~SjX|PD!$gd^xSonD+v$pJ;wJRJwo7l^By-H
zPSz24(r~3o=T^AqCkLrUma8w`$jw)u&e743qoWn7v0=;lZdUc=0C;@g7~gtue>!yZ
zJPCazn8c*x*k7>6T;X|&2OdAlo<kG(TCrhuCyzfnN@6U<FyYvE72|~A(F!7J-t1pG
zf23E+x7IdITdUf{a&$CxTR1XW!AaVi{>W3uCl?c~bW=2=>dYR_wG4ect!KcO=?81|
wAWEe*+<x6PA(v@i4mtHP7ojjQPP@1N3!ffB9Bt-&2><{907*qoM6N<$g7r|DWB>pF


From 3829135d936dc2ce57412ea1c6ad986f064e214f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 26 Feb 2018 09:19:14 +0100
Subject: [PATCH 099/107] [ClamAV] Add directory to make bootstrap not complain
 about missing directories

---
 data/Dockerfiles/clamd/bootstrap.sh | 1 +
 docker-compose.yml                  | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/Dockerfiles/clamd/bootstrap.sh b/data/Dockerfiles/clamd/bootstrap.sh
index ffe582c9..c4c9e04c 100755
--- a/data/Dockerfiles/clamd/bootstrap.sh
+++ b/data/Dockerfiles/clamd/bootstrap.sh
@@ -7,6 +7,7 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 fi
 
 # Create log pipes
+mkdir /var/log/clamav
 touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
 mkfifo -m 600 /tmp/logpipe_clamd
 mkfifo -m 600 /tmp/logpipe_freshclam
diff --git a/docker-compose.yml b/docker-compose.yml
index 5e167164..d5d2f962 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -59,7 +59,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.8
+      image: mailcow/clamd:1.9
       build: ./data/Dockerfiles/clamd
       restart: always
       environment:

From 1aa940abc955a2952b00d0492f39c5ec6ec21bcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 26 Feb 2018 17:44:24 +0100
Subject: [PATCH 100/107] [Web] Add missing string

---
 data/web/lang/lang.en.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index a9145f30..d1d08b24 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -435,6 +435,7 @@ $lang['diagnostics']['optional'] = 'This record is optional.';
 $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.';
 
 $lang['admin']['relay_from'] = '"From:" address';
+$lang['admin']['relay_run'] = "Run test";
 $lang['admin']['api_allow_from'] = "Allow API access from these IPs";
 $lang['admin']['api_key'] = "API key";
 $lang['admin']['activate_api'] = "Activate API";

From 410cbf55b62f753c8bfb5b28332df3d8d69f0d6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 26 Feb 2018 18:53:56 +0100
Subject: [PATCH 101/107] Update dovecot.conf

---
 data/conf/dovecot/dovecot.conf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index b3e45171..9acbfbe7 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -281,10 +281,8 @@ plugin {
   #mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
   #mail_crypt_save_version = 2
   # Enable compression while saving, lz4 Dovecot v2.2.11+
-  zlib_save_level = 9
   zlib_save = lz4
 }
-
 dict {
   sqlquota = mysql:/usr/local/etc/dovecot/sql/dovecot-dict-sql-quota.conf
   sieve_after = mysql:/usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf

From ebc395a4ae0d0b09f10ed69e9bb9dcee9d34e4d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Mon, 26 Feb 2018 21:57:32 +0100
Subject: [PATCH 102/107] [Web] Fix update for mailbox

---
 data/web/inc/functions.mailbox.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index f0d10397..695bde3b 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -2115,7 +2115,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               $password_hashed = hash_password($password);
               try {
                 $stmt = $pdo->prepare("UPDATE `mailbox` SET
-                    `password` = :password_hashed,
+                    `password` = :password_hashed
                       WHERE `username` = :username");
                 $stmt->execute(array(
                   ':password_hashed' => $password_hashed,

From fc37a5aba5c40b35059375ee46f5e47325df8053 Mon Sep 17 00:00:00 2001
From: Pascal Jufer <pascal-jufer@bluewin.ch>
Date: Tue, 27 Feb 2018 10:29:13 +0100
Subject: [PATCH 103/107] Reorder navigation items

---
 data/web/debug.php          | 126 ++++++++++++++++++------------------
 data/web/inc/header.inc.php |   4 +-
 2 files changed, 65 insertions(+), 65 deletions(-)

diff --git a/data/web/debug.php b/data/web/debug.php
index f6ced28f..09616791 100644
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -9,14 +9,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 <div class="container">
 
   <ul class="nav nav-tabs" role="tablist">
-    <li class="dropdown active"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Rspamd
-      <span class="caret"></span></a>
-      <ul class="dropdown-menu">
-        <li role="presentation" class="active"><a href="#tab-rspamd-ui" aria-controls="tab-rspamd-ui" role="tab" data-toggle="tab">Rspamd UI</a></li>
-        <li role="presentation"><a href="#tab-rspamd-settings" aria-controls="tab-rspamd-settings" role="tab" data-toggle="tab">Rspamd settings map</a></li>
-      </ul>
-    </li>
-    <li role="presentation"><a href="#tab-containers" aria-controls="tab-containers" role="tab" data-toggle="tab">Containers & System</a></li>
+    <li role="presentation" class="active"><a href="#tab-containers" aria-controls="tab-containers" role="tab" data-toggle="tab">Containers & System</a></li>
     <li class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Logs
       <span class="caret"></span></a>
       <ul class="dropdown-menu">
@@ -31,71 +24,24 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
         <li role="presentation"><a href="#tab-api-logs" aria-controls="tab-api-logs" role="tab" data-toggle="tab">API</a></li>
       </ul>
     </li>
+    <li class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">Rspamd
+      <span class="caret"></span></a>
+      <ul class="dropdown-menu">
+        <li role="presentation"><a href="#tab-rspamd-ui" aria-controls="tab-rspamd-ui" role="tab" data-toggle="tab">Rspamd UI</a></li>
+        <li role="presentation"><a href="#tab-rspamd-settings" aria-controls="tab-rspamd-settings" role="tab" data-toggle="tab">Rspamd settings map</a></li>
+      </ul>
+    </li>
   </ul>
 
 	<div class="row">
 		<div class="col-md-12">
       <div class="tab-content" style="padding-top:20px">
 
-        <div role="tabpanel" class="tab-pane active" id="tab-rspamd-ui">
-          <div class="panel panel-default">
-            <div class="panel-heading">
-              <h3 class="panel-title">Rspamd UI</h3>
-            </div>
-            <div class="panel-body">
-              <div class="row">
-                <div class="col-sm-9">
-                <form class="form-horizontal" autocapitalize="none" data-id="admin" autocorrect="off" role="form" method="post">
-                  <div class="form-group">
-                    <div class="col-sm-offset-3 col-sm-9">
-                      <label>
-                        <a href="/rspamd/" target="_blank"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Rspamd UI</a>
-                      </label>
-                    </div>
-                  </div>
-                  <div class="form-group">
-                    <label class="control-label col-sm-3" for="rspamd_ui_pass"><?=$lang['admin']['password'];?>:</label>
-                    <div class="col-sm-9">
-                    <input type="password" class="form-control" name="rspamd_ui_pass" id="rspamd_ui_pass">
-                    </div>
-                  </div>
-                  <div class="form-group">
-                    <label class="control-label col-sm-3" for="rspamd_ui_pass2"><?=$lang['admin']['password_repeat'];?>:</label>
-                    <div class="col-sm-9">
-                    <input type="password" class="form-control" name="rspamd_ui_pass2" id="rspamd_ui_pass2">
-                    </div>
-                  </div>
-                  <div class="form-group">
-                    <div class="col-sm-offset-3 col-sm-9">
-                      <button type="submit" class="btn btn-default" id="rspamd_ui" name="rspamd_ui" href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
-                    </div>
-                  </div>
-                </form>
-                </div>
-                <div class="col-sm-3">
-                  <img class="img-responsive" src="/img/rspamd_logo.png" alt="Rspamd UI" />
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
-
-        <div role="tabpanel" class="tab-pane" id="tab-rspamd-settings">
-          <div class="panel panel-default">
-            <div class="panel-heading">
-              <h3 class="panel-title">Rspamd settings map</h3>
-            </div>
-            <div class="panel-body">
-            <textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control" rows="20" id="settings_map" name="settings_map" readonly><?=file_get_contents('http://nginx:8081/settings.php');?></textarea>
-            </div>
-          </div>
-        </div>
-
         <?php
           $exec_fields = array('cmd' => 'df', 'dir' => '/var/vmail');
           $vmail_df = explode(',', json_decode(docker('dovecot-mailcow', 'post', 'exec', $exec_fields), true));
         ?>
-        <div role="tabpanel" class="tab-pane" id="tab-containers">
+        <div role="tabpanel" class="tab-pane active" id="tab-containers">
           <div class="panel panel-default">
             <div class="panel-heading">
               <h3 class="panel-title">Disk usage</h3>
@@ -327,6 +273,60 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
           </div>
         </div>
 
+        <div role="tabpanel" class="tab-pane" id="tab-rspamd-ui">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title">Rspamd UI</h3>
+            </div>
+            <div class="panel-body">
+              <div class="row">
+                <div class="col-sm-9">
+                <form class="form-horizontal" autocapitalize="none" data-id="admin" autocorrect="off" role="form" method="post">
+                  <div class="form-group">
+                    <div class="col-sm-offset-3 col-sm-9">
+                      <label>
+                        <a href="/rspamd/" target="_blank"><span class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Rspamd UI</a>
+                      </label>
+                    </div>
+                  </div>
+                  <div class="form-group">
+                    <label class="control-label col-sm-3" for="rspamd_ui_pass"><?=$lang['admin']['password'];?>:</label>
+                    <div class="col-sm-9">
+                    <input type="password" class="form-control" name="rspamd_ui_pass" id="rspamd_ui_pass">
+                    </div>
+                  </div>
+                  <div class="form-group">
+                    <label class="control-label col-sm-3" for="rspamd_ui_pass2"><?=$lang['admin']['password_repeat'];?>:</label>
+                    <div class="col-sm-9">
+                    <input type="password" class="form-control" name="rspamd_ui_pass2" id="rspamd_ui_pass2">
+                    </div>
+                  </div>
+                  <div class="form-group">
+                    <div class="col-sm-offset-3 col-sm-9">
+                      <button type="submit" class="btn btn-default" id="rspamd_ui" name="rspamd_ui" href="#"><span class="glyphicon glyphicon-check"></span> <?=$lang['admin']['save'];?></button>
+                    </div>
+                  </div>
+                </form>
+                </div>
+                <div class="col-sm-3">
+                  <img class="img-responsive" src="/img/rspamd_logo.png" alt="Rspamd UI" />
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+
+        <div role="tabpanel" class="tab-pane" id="tab-rspamd-settings">
+          <div class="panel panel-default">
+            <div class="panel-heading">
+              <h3 class="panel-title">Rspamd settings map</h3>
+            </div>
+            <div class="panel-body">
+            <textarea autocorrect="off" spellcheck="false" autocapitalize="none" class="form-control" rows="20" id="settings_map" name="settings_map" readonly><?=file_get_contents('http://nginx:8081/settings.php');?></textarea>
+            </div>
+          </div>
+        </div>
+
       </div> <!-- /tab-content -->
     </div> <!-- /col-md-12 -->
   </div> <!-- /row -->
diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index 0c516d39..3b464a49 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -75,8 +75,8 @@
             if (isset($_SESSION['mailcow_cc_role'])) {
               if ($_SESSION['mailcow_cc_role'] == 'admin') {
               ?>
-                <li<?= (preg_match("/debug/i", $_SERVER['REQUEST_URI'])) ? ' class="active"' : ''; ?>><a href="/debug.php"><?= $lang['header']['debug']; ?></a></li>
                 <li<?= (preg_match("/admin/i", $_SERVER['REQUEST_URI'])) ? ' class="active"' : ''; ?>><a href="/admin.php"><?= $lang['header']['administration']; ?></a></li>
+                <li<?= (preg_match("/debug/i", $_SERVER['REQUEST_URI'])) ? ' class="active"' : ''; ?>><a href="/debug.php"><?= $lang['header']['debug']; ?></a></li>
               <?php
               }
               if ($_SESSION['mailcow_cc_role'] == 'admin' || $_SESSION['mailcow_cc_role'] == 'domainadmin') {
@@ -119,7 +119,7 @@
             foreach ($row as $key => $val):
           ?>
             <li><a href="<?= htmlspecialchars($val); ?>"><?= htmlspecialchars($key); ?></a></li>
-          <?php 
+          <?php
             endforeach;
           }
           ?>

From 0553dc59596ddae12bad0a7f4576cf6a653d01d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 27 Feb 2018 15:02:31 +0100
Subject: [PATCH 104/107] [Postfix] Fix query

---
 data/Dockerfiles/postfix/postfix.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index a80e6900..489f676f 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -39,7 +39,7 @@ query = SELECT IF(EXISTS(
           SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
             WHERE alias_domain='%d'
         )
-      ) AND json_extract(attributes, '$.tls_enforce_in') LIKE '%1%' AND mailbox.active = '1'
+      ) AND json_extract(attributes, '$.tls_enforce_in') LIKE '%%1%%' AND mailbox.active = '1'
   ), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
 EOF
 
@@ -58,7 +58,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
               WHERE alias_domain = '%d'
           )
         )
-        AND json_extract(attributes, '$.tls_enforce_out') LIKE '%1%'
+        AND json_extract(attributes, '$.tls_enforce_out') LIKE '%%1%%'
         AND mailbox.active = '1'
     ), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
     UNION ALL

From 2b786c13de99c10a6524fbfa7649a09e884c0dde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 27 Feb 2018 15:02:49 +0100
Subject: [PATCH 105/107] [Web] Add default json attributes when adding mailbox

---
 data/web/inc/functions.mailbox.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 695bde3b..ff6a56d5 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -891,8 +891,8 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             return false;
           }
           try {
-            $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `active`) 
-              VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :active)");
+            $stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `attributes`, `active`) 
+              VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, '{\"force_pw_update\": \"0\", \"tls_enforce_in\": \"0\", \"tls_enforce_out\": \"0\"}', :active)");
             $stmt->execute(array(
               ':username' => $username,
               ':password_hashed' => $password_hashed,

From 6a01411460f305aa672d05f7bb9bb0b37a37a99a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 27 Feb 2018 15:12:21 +0100
Subject: [PATCH 106/107] [Dovecot] Fix imapsync

---
 data/Dockerfiles/dovecot/imapsync_cron.pl | 9 ++++-----
 docker-compose.yml                        | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/dovecot/imapsync_cron.pl b/data/Dockerfiles/dovecot/imapsync_cron.pl
index 47f9bbf7..bb9cafba 100755
--- a/data/Dockerfiles/dovecot/imapsync_cron.pl
+++ b/data/Dockerfiles/dovecot/imapsync_cron.pl
@@ -76,16 +76,15 @@ while ($row = $sth->fetchrow_arrayref()) {
 	"--subscribeall",
 	"--nofoldersizes",
 	"--skipsize",
-	"--buffersize 8192000",
-	"--skipheader 'X-*'",
-	"--split1 3000",
-	"--split2 3000",
+	"--buffersize", "8192000",
+	"--split1", "3000",
+	"--split2", "3000",
 	"--fastio1",
 	"--fastio2",
 	($exclude eq ""	? () : ("--exclude", $exclude)),
 	($subfolder2 eq "" ? () : ('--subfolder2', $subfolder2)),
 	($maxage eq "0" ? () : ('--maxage', $maxage)),
-  ($maxbytespersecond eq "0" ? () : ('--maxbytespersecond', $maxage)),
+	($maxbytespersecond eq "0" ? () : ('--maxbytespersecond', $maxbytespersecond)),
 	($delete2duplicates	ne "1" ? () : ('--delete2duplicates')),
 	($delete1	ne "1" ? () : ('--delete')),
   ($delete2 ne "1" ? () : ('--delete2')),
diff --git a/docker-compose.yml b/docker-compose.yml
index d5d2f962..bbd83f54 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -165,7 +165,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.22
+      image: mailcow/dovecot:1.23
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE

From 5106eea86f0e0ea0c7918b328564b485d0bd859f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Tue, 27 Feb 2018 15:45:08 +0100
Subject: [PATCH 107/107] [Web] Fix sorting by returning a number, fixes #1092

---
 data/web/js/mailbox.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/js/mailbox.js b/data/web/js/mailbox.js
index ea7ce5f6..7f0129be 100644
--- a/data/web/js/mailbox.js
+++ b/data/web/js/mailbox.js
@@ -165,7 +165,7 @@ jQuery(function($){
         },
         "sortValue": function(value){
           res = value.split("/");
-          return res[0];
+          return Number(res[0]);
         },
         },
         {"name":"max_quota_for_mbox","title":lang.mailbox_quota,"breakpoints":"xs sm"},
@@ -229,7 +229,7 @@ jQuery(function($){
         },
         "sortValue": function(value){
           res = value.split("/");
-          return res[0];
+          return Number(res[0]);
         },
         },
         {"name":"spam_aliases","filterable": false,"title":lang.spam_aliases,"breakpoints":"xs sm md"},