diff --git a/data/web/add.php b/data/web/add.php
index 276082df..5d28d88b 100644
--- a/data/web/add.php
+++ b/data/web/add.php
@@ -339,7 +339,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
-							<button type="submit" name="trigger_add_syncjob" value="1" class="btn btn-success "><?=$lang['add']['save'];?></button>
+							<button type="submit" name="add_syncjob" value="1" class="btn btn-success "><?=$lang['add']['save'];?></button>
 						</div>
 					</div>
 				</form>
diff --git a/data/web/admin.php b/data/web/admin.php
index 6d41ba9b..1845bcb5 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -49,7 +49,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 				</div>
 				<div class="form-group">
 					<div class="col-sm-offset-2 col-sm-10">
-						<button type="submit" name="trigger_set_admin" class="btn btn-default"><?=$lang['admin']['save'];?></button>
+						<button type="submit" name="set_admin_account" class="btn btn-default"><?=$lang['admin']['save'];?></button>
 					</div>
 				</div>
 			</form>
@@ -162,7 +162,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
-							<button type="submit" name="trigger_add_domain_admin" class="btn btn-default"><?=$lang['admin']['add'];?></button>
+							<button type="submit" name="add_domain_admin" class="btn btn-default"><?=$lang['admin']['add'];?></button>
 						</div>
 					</div>
 				</form>
@@ -180,93 +180,110 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
   <p style="margin-bottom:40px"><?=$lang['admin']['dkim_key_hint'];?></p>
 	<?php
 	foreach(mailbox_get_domains() as $domain) {
-    if ($pubkey = dkim_table('get', $domain)) {
+      if (!empty($dkim = dkim_get_key_details($domain))) {
     ?>
       <div class="row">
         <div class="col-xs-3">
-          <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span></p>
+          <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br />
+            <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
+            <span class="label label-info"><?=$dkim['length'];?> bit</span>
+          </p>
         </div>
         <div class="col-xs-8">
-          <pre><?=$pubkey;?></pre>
+            <pre><?=$dkim['dkim_txt'];?></pre>
         </div>
         <div class="col-xs-1">
           <form class="form-inline" method="post">
-            <input type="hidden" name="dkim[domain]" value="<?=$domain;?>">
-            <input type="hidden" name="delete_dkim_record" value="1">
-            <a href="#" onclick="$(this).closest('form').submit()"><span class="glyphicon glyphicon-remove-circle"></span></a>
+            <input type="hidden" name="domain" value="<?=$domain;?>">
+            <input type="hidden" name="dkim_delete_key" value="1">
+              <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
           </form>
         </div>
       </div>
     <?php
     }
+    else {
+    ?>
+    <div class="row">
+      <div class="col-xs-3">
+        <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
+      </div>
+      <div class="col-xs-8"><pre>-</pre></div>
+      <div class="col-xs-1">&nbsp;</div>
+    </div>
+    <?php
+    }
     foreach(mailbox_get_alias_domains($domain) as $alias_domain) {
-      if ($pubkey = dkim_table('get', $alias_domain)) {
+      if (!empty($dkim = dkim_get_key_details($alias_domain))) {
       ?>
         <div class="row">
           <div class="col-xs-offset-1 col-xs-2">
-            <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small><span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span></p>
+            <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small>
+              <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
+              <span class="label label-info"><?=$dkim['length'];?> bit</span>
+          </p>
           </div>
           <div class="col-xs-8">
-            <pre><?=$pubkey;?></pre>
+            <pre><?=$dkim['dkim_txt'];?></pre>
           </div>
           <div class="col-xs-1">
             <form class="form-inline" method="post">
-              <input type="hidden" name="dkim[domain]" value="<?=$alias_domain;?>">
-              <input type="hidden" name="delete_dkim_record" value="1">
-              <a href="#" onclick="$(this).closest('form').submit()"><span class="glyphicon glyphicon-remove-circle"></span></a>
+              <input type="hidden" name="domain" value="<?=$alias_domain;?>">
+              <input type="hidden" name="dkim_delete_key" value="1">
+              <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
             </form>
           </div>
         </div>
       <?php
       }
+      else {
+      ?>
+      <div class="row">
+        <div class="col-xs-2 col-xs-offset-1">
+          <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
+        </div>
+      <div class="col-xs-8"><pre>-</pre></div>
+      <div class="col-xs-1">&nbsp;</div>
+      </div>
+      <?php
+      }
     }
 	}
-  ?><hr><?php
-  foreach(dkim_table('keys-without-domain', null) as $key_wo_domain) {
-    if ($pubkey = dkim_table('get', $key_wo_domain)) {
+  foreach(dkim_get_blind_keys() as $blind) {
+    if (!empty($dkim = dkim_get_key_details($blind))) {
     ?>
       <div class="row">
         <div class="col-xs-3">
-          <p>Domain: <strong><?=htmlspecialchars($key_wo_domain);?></strong><br /><span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span></p>
+          <p>Domain: <strong><?=htmlspecialchars($blind);?></strong><br /><span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span></p>
         </div>
           <div class="col-xs-8">
-            <pre><?=$pubkey;?></pre>
+            <pre><?=$dkim['dkim_txt'];?></pre>
           </div>
           <div class="col-xs-1">
             <form class="form-inline" method="post">
-              <input type="hidden" name="dkim[domain]" value="<?=$key_wo_domain;?>">
-              <input type="hidden" name="delete_dkim_record" value="1">
-              <a href="#" onclick="$(this).closest('form').submit()"><span class="glyphicon glyphicon-remove-circle"></span></a>
+              <input type="hidden" name="domain" value="<?=$blind;?>">
+              <input type="hidden" name="dkim_delete_key" value="1">
+              <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
             </form>
           </div>
       </div>
     <?php
     }
   }
-  ?><hr><?php
-  foreach(dkim_table('domains-without-key', null) as $domain_wo_key) {
   ?>
-    <div class="row">
-      <div class="col-xs-12">
-        <p>(Alias-)Domain: <strong><?=htmlspecialchars($domain_wo_key);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
-      </div>
-    </div>
-  <?php
-  }
-	?>
 	<legend style="margin-top:40px"><?=$lang['admin']['dkim_add_key'];?></legend>
 	<form class="form-inline" role="form" method="post">
 		<div class="form-group">
-			<label for="dkim_domain">Domain</label>
-			<input class="form-control" id="dkim_domain" name="dkim[domain]" placeholder="example.org" required>
+			<label for="domain">Domain</label>
+			<input class="form-control" id="domain" name="domain" placeholder="example.org" required>
 		</div>
 		<div class="form-group">
-			<select data-width="200px" class="form-control" id="dkim_key_size" name="dkim[key_size]" title="<?=$lang['admin']['dkim_key_length'];?>" required>
+			<select data-width="200px" class="form-control" id="key_size" name="key_size" title="<?=$lang['admin']['dkim_key_length'];?>" required>
 				<option data-subtext="bits">1024</option>
 				<option data-subtext="bits">2048</option>
 			</select>
 		</div>
-		<button type="submit" name="add_dkim_record" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
+		<button type="submit" name="dkim_add_key" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
 	</form>
 </div>
 </div>
diff --git a/data/web/delete.php b/data/web/delete.php
index 867459c8..86ac4764 100644
--- a/data/web/delete.php
+++ b/data/web/delete.php
@@ -99,7 +99,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				<input type="hidden" name="username" value="<?=htmlspecialchars($domain_admin);?>">
 					<div class="form-group">
 						<div class="col-sm-offset-1 col-sm-10">
-							<button type="submit" name="trigger_delete_domain_admin" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
+							<button type="submit" name="delete_domain_admin" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
 						</div>
 					</div>
 				</form>
@@ -152,7 +152,7 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 						<div class="form-group">
 							<div class="col-sm-offset-1 col-sm-10">
 								<input type="hidden" name="id" value="<?=$_GET["syncjob"];?>">
-								<button type="submit" name="trigger_delete_syncjob" value="1" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
+								<button type="submit" name="delete_syncjob" value="1" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
 							</div>
 						</div>
 					</form>
diff --git a/data/web/edit.php b/data/web/edit.php
index 0c93a0c9..d9f54b4f 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -159,13 +159,13 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="maxquota"><?=$lang['edit']['max_quota'];?></label>
 						<div class="col-sm-10">
-							<input type="number" class="form-control" name="maxquota" id="maxquota" value="<?=intval($result['max_quota_for_mbox_mib']);?>">
+							<input type="number" class="form-control" name="maxquota" id="maxquota" value="<?=intval($result['max_new_mailbox_quota'] / 1048576);?>">
 						</div>
 					</div>
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="quota"><?=$lang['edit']['domain_quota'];?></label>
 						<div class="col-sm-10">
-							<input type="number" class="form-control" name="quota" id="quota" value="<?=intval($result['max_quota_for_domain_mib']);?>">
+							<input type="number" class="form-control" name="quota" id="quota" value="<?=intval($result['max_quota_for_domain'] / 1048576);?>">
 						</div>
 					</div>
 					<div class="form-group">
@@ -196,7 +196,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					</div>
 				</form>
 				<?php
-				if ($pubkey = dkim_table('get', $result['domain_name'])) {
+        if (!empty($dkim = dkim_get_key_details($domain))) {
 				?>
         <hr>
         <div class="row">
@@ -204,7 +204,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
             <p>Domain: <strong><?=htmlspecialchars($result['domain_name']);?></strong> (dkim._domainkey)</p>
           </div>
           <div class="col-xs-10">
-            <pre><?=$pubkey;?></pre>
+            <pre><?=$dkim['dkim_txt'];?></pre>
           </div>
         </div>
 				<?php
@@ -238,7 +238,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
               if ($wl['object'] == $domain):
               ?>
                 <input type="hidden" name="delete_prefid" value="<?=$wl['prefid'];?>">
-                <input type="hidden" name="trigger_set_policy_list">
+                <input type="hidden" name="trigger_delete_policy_list_item">
                 <input type="hidden" name="domain" value="<?=$domain;?>">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
@@ -264,7 +264,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<input type="hidden" name="domain" value="<?=$domain;?>">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="trigger_add_policy_list_item" name="trigger_add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>
@@ -294,7 +294,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
               <?php
               if ($bl['object'] == $domain):
               ?>
-                <input type="hidden" name="trigger_set_policy_list">
+                <input type="hidden" name="trigger_delete_policy_list_item">
                 <input type="hidden" name="domain" value="<?=$domain;?>">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
@@ -320,7 +320,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<input type="hidden" name="domain" value="<?=$domain;?>">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="trigger_add_policy_list_item" name="trigger_add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>
@@ -364,16 +364,17 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					</div>
 				</form>
 				<?php
-				if ($pubkey = dkim_table('get', $result['alias_domain'])) {
+        if (!empty($dkim = dkim_get_key_details($alias_domain))) {
 				?>
-					<div class="row">
-						<div class="col-xs-2">
-							<p>Domain: <strong><?=htmlspecialchars($result['alias_domain']);?></strong> (dkim._domainkey)</p>
-						</div>
-						<div class="col-xs-10">
-							<pre><?=$pubkey;?></pre>
-						</div>
-					</div>
+        <hr>
+        <div class="row">
+          <div class="col-xs-2">
+            <p>Domain: <strong><?=htmlspecialchars($result['alias_domain']);?></strong> (dkim._domainkey)</p>
+          </div>
+          <div class="col-xs-10">
+          <pre><?=$dkim['dkim_txt'];?></pre>
+          </div>
+        </div>
 				<?php
 				}
 			}
@@ -387,7 +388,6 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 			$mailbox = $_GET["mailbox"];
       $result = mailbox_get_mailbox_details($mailbox);
       if (!empty($result)) {
-        $left_m = remaining_specs($result['domain'], $_GET['mailbox'])['left_m'];
         ?>
 				<h4><?=$lang['edit']['mailbox'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
@@ -400,10 +400,10 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					</div>
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="quota"><?=$lang['edit']['quota_mb'];?>:
-							<br /><span id="quotaBadge" class="badge">max. <?=intval($left_m)?> MiB</span>
+							<br /><span id="quotaBadge" class="badge">max. <?=intval($result['max_new_quota'] / 1048576)?> MiB</span>
 						</label>
 						<div class="col-sm-10">
-							<input type="number" name="quota" id="quota" id="destroyable" style="width:100%" min="1" max="<?=intval($left_m);?>" value="<?=intval($result['quota_bytes']) / 1048576;?>" class="form-control">
+							<input type="number" name="quota" id="quota" id="destroyable" style="width:100%" min="1" max="<?=intval($result['max_new_quota'] / 1048576);?>" value="<?=intval($result['quota']) / 1048576;?>" class="form-control">
 						</div>
 					</div>
 					<div class="form-group">
@@ -411,7 +411,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<div class="col-sm-10">
 							<select data-width="50%" style="width:100%" id="sender_acl" name="sender_acl[]" size="10" multiple>
 							<?php
-							$sender_acl_handles = get_sender_acl_handles($mailbox);
+							$sender_acl_handles = mailbox_get_sender_acl_handles($mailbox);
 
               foreach ($sender_acl_handles['sender_acl_domains']['ro'] as $domain):
                 ?>
diff --git a/data/web/inc/dkim.inc.php b/data/web/inc/dkim.inc.php
new file mode 100644
index 00000000..63c72119
--- /dev/null
+++ b/data/web/inc/dkim.inc.php
@@ -0,0 +1,142 @@
+<?php
+function dkim_add_key($postarray) {
+	global $lang;
+	global $pdo;
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  // if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    // $_SESSION['return'] = array(
+      // 'type' => 'danger',
+      // 'msg' => sprintf($lang['danger']['access_denied'])
+    // );
+    // return false;
+  // }
+  $key_length	= intval($postarray['key_size']);
+  $domain	= $postarray['domain'];
+  if (!is_valid_domain_name($domain) || !is_numeric($key_length)) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
+    );
+    return false;
+  }
+
+  if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
+    );
+    return false;
+  }
+
+  $config = array(
+    "digest_alg" => "sha256",
+    "private_key_bits" => $key_length,
+    "private_key_type" => OPENSSL_KEYTYPE_RSA,
+  );
+  if ($keypair_ressource = openssl_pkey_new($config)) {
+    $key_details = openssl_pkey_get_details($keypair_ressource);
+    $pubKey = implode(array_slice(
+        array_filter(
+          explode(PHP_EOL, $key_details['key'])
+        ), 1, -1)
+      );
+    // Save public key to file
+    file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim', $pubKey);
+    // Save private key to file
+    openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim');
+    $_SESSION['return'] = array(
+      'type' => 'success',
+      'msg' => sprintf($lang['success']['dkim_added'])
+    );
+    return true;
+  }
+  else {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
+    );
+    return false;
+  }
+}
+function dkim_get_key_details($domain) {
+  $data = array();
+  if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    $dkim_pubkey_file = escapeshellarg($GLOBALS["MC_DKIM_TXTS"]. "/" . $domain . "." . "dkim");
+    if (file_exists(substr($dkim_pubkey_file, 1, -1))) {
+      $data['pubkey'] = file_get_contents($GLOBALS["MC_DKIM_TXTS"]. "/" . $domain . "." . "dkim");
+      $data['length'] = (strlen($data['pubkey']) < 391) ? 1024 : 2048;
+      $data['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . file_get_contents($GLOBALS["MC_DKIM_TXTS"]. "/" . $domain . "." . "dkim");
+    }
+  }
+  return $data;
+}
+function dkim_get_blind_keys() {
+	global $lang;
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  $domains = array();
+  $dnstxt_folder = scandir($GLOBALS["MC_DKIM_TXTS"]);
+  $dnstxt_files = array_diff($dnstxt_folder, array('.', '..'));
+  foreach($dnstxt_files as $file) {
+    $domains[] = substr($file, 0, -5);
+  }
+  return array_diff($domains, array_merge(mailbox_get_domains(), mailbox_get_alias_domains()));
+}
+function dkim_delete_key($postarray) {
+	global $lang;
+  $domain	= $postarray['domain'];
+
+  if ($_SESSION['mailcow_cc_role'] != "admin") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  // if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    // $_SESSION['return'] = array(
+      // 'type' => 'danger',
+      // 'msg' => sprintf($lang['danger']['access_denied'])
+    // );
+    // return false;
+  // }
+  if (!is_valid_domain_name($domain)) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
+    );
+    return false;
+  }
+  exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'), $out, $return);
+  if ($return != "0") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_remove_failed'])
+    );
+    return false;
+  }
+  exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim'), $out, $return);
+  if ($return != "0") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['dkim_remove_failed'])
+    );
+    return false;
+  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['dkim_removed'])
+  );
+  return true;
+}
\ No newline at end of file
diff --git a/data/web/inc/domainadmin.inc.php b/data/web/inc/domainadmin.inc.php
new file mode 100644
index 00000000..2e122553
--- /dev/null
+++ b/data/web/inc/domainadmin.inc.php
@@ -0,0 +1,381 @@
+<?php
+function add_domain_admin($postarray) {
+	global $lang;
+	global $pdo;
+	$username		= strtolower(trim($postarray['username']));
+	$password		= $postarray['password'];
+	$password2		= $postarray['password2'];
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	if (empty($postarray['domain'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+	try {
+		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+			WHERE `username` = :username");
+		$stmt->execute(array(':username' => $username));
+		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+		
+		$stmt = $pdo->prepare("SELECT `username` FROM `admin`
+			WHERE `username` = :username");
+		$stmt->execute(array(':username' => $username));
+		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+		
+		$stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+			WHERE `username` = :username");
+		$stmt->execute(array(':username' => $username));
+		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	foreach ($num_results as $num_results_each) {
+		if ($num_results_each != 0) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
+			);
+			return false;
+		}
+	}
+	if (!empty($password) && !empty($password2)) {
+		if ($password != $password2) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['password_mismatch'])
+			);
+			return false;
+		}
+		$password_hashed = hash_password($password);
+		foreach ($postarray['domain'] as $domain) {
+			if (!is_valid_domain_name($domain)) {
+				$_SESSION['return'] = array(
+					'type' => 'danger',
+					'msg' => sprintf($lang['danger']['domain_invalid'])
+				);
+				return false;
+			}
+			try {
+				$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+						VALUES (:username, :domain, :created, :active)");
+				$stmt->execute(array(
+					':username' => $username,
+					':domain' => $domain,
+					':created' => date('Y-m-d H:i:s'),
+					':active' => $active
+				));
+			}
+			catch (PDOException $e) {
+        delete_domain_admin(array('username' => $username));
+				$_SESSION['return'] = array(
+					'type' => 'danger',
+					'msg' => 'MySQL: '.$e
+				);
+				return false;
+			}
+		}
+		try {
+			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
+				VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
+			$stmt->execute(array(
+				':username' => $username,
+				':password_hashed' => $password_hashed,
+				':created' => date('Y-m-d H:i:s'),
+				':modified' => date('Y-m-d H:i:s'),
+				':active' => $active
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	else {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['password_empty'])
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username))
+	);
+}
+function delete_domain_admin($postarray) {
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$username = $postarray['username'];
+	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+		$stmt->execute(array(
+			':username' => $username,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+		$stmt->execute(array(
+			':username' => $username,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username))
+	);
+}
+function get_domain_admins() {
+	global $pdo;
+	global $lang;
+  $domainadmins = array();
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+  try {
+    $stmt = $pdo->query("SELECT DISTINCT
+      `username`
+        FROM `domain_admins` 
+          WHERE `username` IN (
+            SELECT `username` FROM `admin`
+              WHERE `superadmin`!='1'
+          )");
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while ($row = array_shift($rows)) {
+      $domainadmins[] = $row['username'];
+    }
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+  }
+  return $domainadmins;
+}
+function get_domain_admin_details($domain_admin) {
+	global $pdo;
+	global $lang;
+  $domainadmindata = array();
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+  try {
+    $stmt = $pdo->prepare("SELECT
+      `created`,
+      `active` AS `active_int`,
+      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
+        FROM `domain_admins`
+          WHERE `username`= :domain_admin");
+    $stmt->execute(array(
+      ':domain_admin' => $domain_admin
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $domainadmindata['active'] = $row['active'];
+    $domainadmindata['active_int'] = $row['active_int'];
+    $domainadmindata['created'] = $row['created'];
+    // GET SELECTED
+    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      WHERE `domain` IN (
+        SELECT `domain` FROM `domain_admins`
+          WHERE `username`= :domain_admin)");
+    $stmt->execute(array(':domain_admin' => $domain_admin));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while($row = array_shift($rows)) {
+      $domainadmindata['selected_domains'][] = $row['domain'];
+    }
+    // GET UNSELECTED
+    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      WHERE `domain` NOT IN (
+        SELECT `domain` FROM `domain_admins`
+          WHERE `username`= :domain_admin)");
+    $stmt->execute(array(':domain_admin' => $domain_admin));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while($row = array_shift($rows)) {
+      $domainadmindata['unselected_domains'][] = $row['domain'];
+    }
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+  }
+  return $domainadmindata;
+}
+function edit_domain_admin($postarray) {
+	global $lang;
+	global $pdo;
+	$username     = $postarray['username'];
+	$password     = $postarray['password'];
+	$password2    = $postarray['password2'];
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	
+  if(isset($postarray['domain'])) {
+    foreach ($postarray['domain'] as $domain) {
+      if (!is_valid_domain_name($domain)) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['domain_invalid'])
+        );
+        return false;
+      }
+    }
+	}
+
+	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+		$stmt->execute(array(
+			':username' => $username,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+  if(isset($postarray['domain'])) {
+    foreach ($postarray['domain'] as $domain) {
+      try {
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+          VALUES (:username, :domain, :created, :active)");
+        $stmt->execute(array(
+          ':username' => $username,
+          ':domain' => $domain,
+          ':created' => date('Y-m-d H:i:s'),
+          ':active' => $active
+        ));
+      }
+      catch (PDOException $e) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => 'MySQL: '.$e
+        );
+        return false;
+      }
+    }
+	}
+
+	if (!empty($password) && !empty($password2)) {
+		if ($password != $password2) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['password_mismatch'])
+			);
+			return false;
+		}
+		$password_hashed = hash_password($password);
+		try {
+			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+			$stmt->execute(array(
+				':password_hashed' => $password_hashed,
+				':username' => $username,
+				':modified' => date('Y-m-d H:i:s'),
+				':active' => $active
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	else {
+		try {
+			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active WHERE `username` = :username");
+			$stmt->execute(array(
+				':username' => $username,
+				':modified' => date('Y-m-d H:i:s'),
+				':active' => $active
+			));
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['domain_admin_modified'], htmlspecialchars($username))
+	);
+}
\ No newline at end of file
diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index f259461d..cc19ffcf 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1,4 +1,7 @@
 <?php
+require_once 'dkim.inc.php';
+require_once 'mailbox.inc.php';
+require_once 'domainadmin.inc.php';
 function hash_password($password) {
 	$salt_str = bin2hex(openssl_random_pseudo_bytes(8));
 	return "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
@@ -8,21 +11,20 @@ function hasDomainAccess($username, $role, $domain) {
 	if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
 		return false;
 	}
-	if (!is_valid_domain_name($domain)) {
+	if (empty($domain) || !is_valid_domain_name($domain)) {
 		return false;
 	}
 	if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
 		return false;
 	}
 	try {
-		$stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain` = :domain1
-      AND (`domain` in (
-        SELECT `domain` FROM `domain_admins`
-          WHERE (
-            `username` = :username
-            AND `domain` = :domain2
-          )
-      ) OR 'admin' = :role)");
+		$stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins`
+		WHERE (
+			`active`='1'
+			AND `username` = :username
+			AND (`domain` = :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2))
+		)
+    OR 'admin' = :role");
 		$stmt->execute(array(':username' => $username, ':domain1' => $domain, ':domain2' => $domain, ':role' => $role));
 		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
 	}
@@ -215,2092 +217,6 @@ function formatBytes($size, $precision = 2) {
 	}
 	return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
 }
-function dkim_table($action, $item) {
-	global $lang;
-	global $pdo;
-	switch ($action) {
-		case "delete":
-    	if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-			$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
-			if (!is_valid_domain_name($domain)) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
-				);
-				return false;
-			}
-			exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'), $out, $return);
-			if ($return != "0") {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['dkim_remove_failed'])
-				);
-				return false;
-			}
-			exec('rm ' . escapeshellarg($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim'), $out, $return);
-      if ($return != "0") {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['dkim_remove_failed'])
-        );
-        return false;
-      }
-			$_SESSION['return'] = array(
-				'type' => 'success',
-				'msg' => sprintf($lang['success']['dkim_removed'])
-			);
-			break;
-		case "add":
-    	if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-			$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
-			$key_length	= intval($item['dkim']['key_size']);
-      if (!is_valid_domain_name($domain) || !is_numeric($key_length)) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
-        );
-        return false;
-      }
-
-      if (!empty(glob($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim'))) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['dkim_domain_or_sel_invalid'])
-        );
-        return false;
-      }
-
-			$config = array(
-				"digest_alg" => "sha256",
-				"private_key_bits" => $key_length,
-				"private_key_type" => OPENSSL_KEYTYPE_RSA,
-			);
-			$keypair_ressource = openssl_pkey_new($config);
-			$key_details = openssl_pkey_get_details($keypair_ressource);
-			$pubKey = implode(array_slice(
-					array_filter(
-						explode(PHP_EOL, $key_details['key'])
-					), 1, -1)
-				);
-			// Save public key to file
-			file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $domain . '.dkim', $pubKey);
-			// Save private key to file
-			openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.dkim');
-
-			$_SESSION['return'] = array(
-				'type' => 'success',
-				'msg' => sprintf($lang['success']['dkim_added'])
-			);
-			break;
-		case "get":
-      try {
-        $stmt = $pdo->prepare("SELECT `target_domain`
-          FROM `alias_domain`
-            WHERE `alias_domain` = :item");
-        $stmt->execute(array(':item' => $item));
-        $AdDomainData = $stmt->fetch(PDO::FETCH_ASSOC);
-      }
-      catch(PDOException $e) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => 'MySQL: '.$e
-        );
-        return false;
-      }
-      (is_valid_domain_name($AdDomainData['target_domain'])) ? $item = $AdDomainData['target_domain'] : null;
-    	if (!isset($_SESSION['mailcow_cc_role'])) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-      $dkim_pubkey_file = escapeshellarg($GLOBALS["MC_DKIM_TXTS"]. "/" . $item . "." . "dkim");
-      if (file_exists(substr($dkim_pubkey_file, 1, -1))) {
-        return 'v=DKIM1;k=rsa;t=s;s=email;p=' . file_get_contents($GLOBALS["MC_DKIM_TXTS"]. "/" . $item . "." . "dkim");
-      }
-      return false;
-			break;
-		case "keys-without-domain":
-    	if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-      $dnstxt_folder = scandir($GLOBALS["MC_DKIM_TXTS"]);
-      $dnstxt_files = array_diff($dnstxt_folder, array('.', '..'));
-      foreach($dnstxt_files as $file) {
-        $pubKey = file_get_contents($GLOBALS["MC_DKIM_TXTS"]."/".$file);
-        $domains[] = substr($file, 0, -5);
-      }
-      return array_diff($domains, mailbox_get_domains());
-      break;
-		case "domains-without-key":
-    	if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-      $dnstxt_folder = scandir($GLOBALS["MC_DKIM_TXTS"]);
-      $dnstxt_files = array_diff($dnstxt_folder, array('.', '..'));
-      foreach($dnstxt_files as $file) {
-        $pubKey = file_get_contents($GLOBALS["MC_DKIM_TXTS"]."/".$file);
-        $domains[] = substr($file, 0, -5);
-      }
-      return array_diff(mailbox_get_domains(), $domains);
-      break;
-	}
-}
-function mailbox_add_domain($postarray) {
-  // Array elements
-  // domain                 string
-  // description            string
-  // aliases                int
-  // mailboxes              int
-  // maxquota               int
-  // quota                  int
-  // active                 int
-  // relay_all_recipients   int
-  // backupmx               int
-	global $pdo;
-	global $lang;
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	$domain				= idn_to_ascii(strtolower(trim($postarray['domain'])));
-	$description  = $postarray['description'];
-	$aliases			= $postarray['aliases'];
-	$mailboxes    = $postarray['mailboxes'];
-	$maxquota			= $postarray['maxquota'];
-	$quota				= $postarray['quota'];
-
-	if ($maxquota > $quota) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
-		);
-		return false;
-	}
-
-	isset($postarray['active'])               ? $active = '1'                 : $active = '0';
-	isset($postarray['relay_all_recipients'])	? $relay_all_recipients = '1'   : $relay_all_recipients = '0';
-	isset($postarray['backupmx'])             ? $backupmx = '1'               : $backupmx = '0';
-	isset($postarray['relay_all_recipients']) ? $backupmx = '1'               : true;
-
-	if (!is_valid_domain_name($domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-
-	foreach (array($quota, $maxquota, $mailboxes, $aliases) as $data) {
-		if (!is_numeric($data)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['object_is_not_numeric'], htmlspecialchars($data))
-			);
-			return false;
-		}
-	}
-
-	try {
-		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-			WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
-			WHERE `alias_domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$num_results = $num_results + count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if ($num_results != 0) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_exists'], htmlspecialchars($domain))
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `created`, `modified`, `active`, `relay_all_recipients`)
-			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :created, :modified, :active, :relay_all_recipients)");
-		$stmt->execute(array(
-			':domain' => $domain,
-			':description' => $description,
-			':aliases' => $aliases,
-			':mailboxes' => $mailboxes,
-			':maxquota' => $maxquota,
-			':quota' => $quota,
-			':backupmx' => $backupmx,
-			':active' => $active,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
-			':relay_all_recipients' => $relay_all_recipients
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => sprintf($lang['success']['domain_added'], htmlspecialchars($domain))
-		);
-	}
-	catch (PDOException $e) {
-    mailbox_delete_domain(array('domain' => $domain));
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-}
-function mailbox_add_alias($postarray) {
-  // Array elements
-  // address  string  (separated by " ", "," ";" "\n") - email address or domain
-  // goto     string  (separated by " ", "," ";" "\n")
-  // active   int
-	global $lang;
-	global $pdo;
-	$addresses  = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['address']));
-	$gotos      = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if (empty($addresses[0])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_empty'])
-		);
-		return false;
-	}
-
-	if (empty($gotos[0])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['goto_empty'])
-		);
-		return false;
-	}
-
-	foreach ($addresses as $address) {
-		if (empty($address)) {
-			continue;
-		}
-
-		$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
-		$local_part   = strstr($address, '@', true);
-		$address      = $local_part.'@'.$domain;
-
-		try {
-			$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-				WHERE `domain`= :domain");
-			$stmt->execute(array(':domain' => $domain));
-			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results == 0) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
-        );
-        return false;
-      }
-
-			$stmt = $pdo->prepare("SELECT `address` FROM `alias`
-				WHERE `address`= :address");
-			$stmt->execute(array(':address' => $address));
-			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results != 0) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['is_alias_or_mailbox'], htmlspecialchars($address))
-        );
-        return false;
-      }
-
-			$stmt = $pdo->prepare("SELECT `address` FROM `spamalias`
-				WHERE `address`= :address");
-			$stmt->execute(array(':address' => $address));
-			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-      if ($num_results != 0) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($address))
-        );
-        return false;
-      }
-		}
-		catch(PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-
-		if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['alias_invalid'])
-			);
-			return false;
-		}
-
-		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['access_denied'])
-			);
-			return false;
-		}
-
-		foreach ($gotos as &$goto) {
-			if (empty($goto)) {
-				continue;
-			}
-
-			$goto_domain		= idn_to_ascii(substr(strstr($goto, '@'), 1));
-			$goto_local_part	= strstr($goto, '@', true);
-			$goto				= $goto_local_part.'@'.$goto_domain;
-
-			if (!filter_var($goto, FILTER_VALIDATE_EMAIL) === true) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['goto_invalid'])
-				);
-				return false;
-			}
-			if ($goto == $address) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['alias_goto_identical'])
-				);
-				return false;
-			}
-		}
-
-		$gotos = array_filter($gotos);
-		$goto = implode(",", $gotos);
-
-		try {
-			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-				VALUES (:address, :goto, :domain, :created, :modified, :active)");
-
-			if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
-				$stmt->execute(array(
-					':address' => '@'.$domain,
-					':goto' => $goto,
-					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
-					':active' => $active
-				));
-			}
-			else {
-				$stmt->execute(array(
-					':address' => $address,
-					':goto' => $goto,
-					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':modified' => date('Y-m-d H:i:s'),
-					':active' => $active
-				));
-			}
-			$_SESSION['return'] = array(
-				'type' => 'success',
-				'msg' => sprintf($lang['success']['alias_added'])
-			);
-		}
-		catch (PDOException $e) {
-      mailbox_delete_alias(array('address' => $address));
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_added'])
-	);
-}
-function mailbox_add_alias_domain($postarray) {
-  // Array elements
-  // active         int
-  // alias_domain   string
-  // target_domain  string
-	global $lang;
-	global $pdo;
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	$alias_domain     = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
-	$target_domain    = idn_to_ascii(strtolower(trim($postarray['target_domain'])));
-
-	if (!is_valid_domain_name($alias_domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
-		);
-		return false;
-	}
-
-	if (!is_valid_domain_name($target_domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['target_domain_invalid'])
-		);
-		return false;
-	}
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $target_domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-	if ($alias_domain == $target_domain) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-			WHERE `domain`= :target_domain");
-		$stmt->execute(array(':target_domain' => $target_domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results == 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['targetd_not_found'])
-      );
-      return false;
-    }
-
-		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain
-			UNION
-			SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain_in_domain");
-		$stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['aliasd_exists'])
-      );
-      return false;
-    }
-  }
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`)
-			VALUES (:alias_domain, :target_domain, :created, :modified, :active)");
-		$stmt->execute(array(
-			':alias_domain' => $alias_domain,
-			':target_domain' => $target_domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
-			':active' => $active
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => sprintf($lang['success']['aliasd_added'], htmlspecialchars($alias_domain))
-		);
-	}
-	catch (PDOException $e) {
-    mailbox_delete_alias_domain(array('alias_domain' => $alias_domain));
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-}
-function mailbox_add_mailbox($postarray) {
-  // Array elements
-  // active             int
-  // local_part         string
-  // domain             string
-  // name               string    (username if empty)
-  // password           string
-  // password2          string
-  // quota              int       (MiB)
-  // active             int
-
-	global $pdo;
-	global $lang;
-	$local_part   = strtolower(trim($postarray['local_part']));
-	$domain       = idn_to_ascii(strtolower(trim($postarray['domain'])));
-  $username     = $local_part . '@' . $domain;
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_invalid'])
-		);
-		return false;
-	}
-	if (empty($postarray['local_part'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_invalid'])
-		);
-		return false;
-	}
-	$password     = $postarray['password'];
-	$password2    = $postarray['password2'];
-	$name         = $postarray['name'];
-  $quota_m			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
-
-	if (empty($name)) {
-		$name = $local_part;
-	}
-
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-
-	$quota_b		= ($quota_m * 1048576);
-	$maildir		= $domain."/".$local_part."/";
-
-	if (!is_valid_domain_name($domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain`
-			WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT 
-			COUNT(*) as count,
-			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota`
-				FROM `mailbox`
-					WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain");
-		$stmt->execute(array(':local_part' => $local_part, ':domain' => $domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
-      );
-      return false;
-    }
-
-		$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username");
-		$stmt->execute(array(':username' => $username));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['is_alias'], htmlspecialchars($username))
-      );
-      return false;
-    }
-
-		$stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username");
-		$stmt->execute(array(':username' => $username));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results != 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($username))
-      );
-      return false;
-    }
-
-		$stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    if ($num_results == 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
-      );
-      return false;
-    }
-  }
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-	if (!is_numeric($quota_m) || $quota_m == "0") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'])
-		);
-		return false;
-	}
-
-	if (!empty($password) && !empty($password2)) {
-		if ($password != $password2) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['password_mismatch'])
-			);
-			return false;
-		}
-		$password_hashed = hash_password($password);
-	}
-	else {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['password_empty'])
-		);
-		return false;
-	}
-
-	if ($MailboxData['count'] >= $DomainData['mailboxes']) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['max_mailbox_exceeded'], $MailboxData['count'], $DomainData['mailboxes'])
-		);
-		return false;
-	}
-
-	if ($quota_m > $DomainData['maxquota']) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
-		);
-		return false;
-	}
-
-	if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) {
-		$quota_left_m = ($DomainData['quota'] - $MailboxData['quota']);
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) 
-			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)");
-		$stmt->execute(array(
-			':username' => $username,
-			':password_hashed' => $password_hashed,
-			':name' => $name,
-			':maildir' => $maildir,
-			':quota_b' => $quota_b,
-			':local_part' => $local_part,
-			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
-			':active' => $active
-		));
-
-		$stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`)
-			VALUES (:username, '0', '0')");
-		$stmt->execute(array(':username' => $username));
-
-		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
-			VALUES (:username1, :username2, :domain, :created, :modified, :active)");
-		$stmt->execute(array(
-			':username1' => $username,
-			':username2' => $username,
-			':domain' => $domain,
-			':created' => date('Y-m-d H:i:s'),
-			':modified' => date('Y-m-d H:i:s'),
-			':active' => $active
-		));
-
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username))
-		);
-	}
-	catch (PDOException $e) {
-    mailbox_delete_mailbox(array('address' => $username));
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-}
-function mailbox_edit_alias_domain($postarray) {
-  // Array elements
-  // active             int
-  // alias_domain_now   string
-  // alias_domain       string
-	global $lang;
-	global $pdo;
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	$alias_domain       = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
-	$alias_domain_now   = strtolower(trim($postarray['alias_domain_now']));
-	if (!is_valid_domain_name($alias_domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
-		);
-		return false;
-	}
-
-	if (!is_valid_domain_name($alias_domain_now)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
-				WHERE `alias_domain`= :alias_domain_now");
-		$stmt->execute(array(':alias_domain_now' => $alias_domain_now));
-		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
-		WHERE `target_domain`= :alias_domain");
-		$stmt->execute(array(':alias_domain' => $alias_domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if ($num_results != 0) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("UPDATE `alias_domain` SET `alias_domain` = :alias_domain, `active` = :active WHERE `alias_domain` = :alias_domain_now");
-		$stmt->execute(array(
-			':alias_domain' => $alias_domain,
-			':alias_domain_now' => $alias_domain_now,
-			':active' => $active
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['aliasd_modified'], htmlspecialchars($alias_domain))
-	);
-}
-function mailbox_edit_alias($postarray) {
-  // Array elements
-  // address            string
-  // goto               string    (separated by " ", "," ";" "\n") - email address or domain
-  // active             int
-	global $lang;
-	global $pdo;
-	$address      = $postarray['address'];
-	$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
-	$local_part   = strstr($address, '@', true);
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (empty($postarray['goto'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['goto_empty'])
-		);
-		return false;
-	}
-	$gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
-	foreach ($gotos as &$goto) {
-		if (empty($goto)) {
-			continue;
-		}
-		if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' =>sprintf($lang['danger']['goto_invalid'])
-			);
-			return false;
-		}
-		if ($goto == $address) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['alias_goto_identical'])
-			);
-			return false;
-		}
-	}
-	$gotos = array_filter($gotos);
-	$goto = implode(",", $gotos);
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['alias_invalid'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto, `active`= :active WHERE `address` = :address");
-		$stmt->execute(array(
-			':goto' => $goto,
-			':active' => $active,
-			':address' => $address
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars($address))
-		);
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-}
-function mailbox_edit_domain($postarray) {
-  // Array elements
-  // domain                 string
-  // description            string
-  // active                 int
-  // relay_all_recipients   int
-  // backupmx               int
-  // aliases                float
-  // mailboxes              float
-  // maxquota               float
-  // quota                  float     (Byte)
-  // active                 int
-
-	global $lang;
-	global $pdo;
-  
-  $domain       = idn_to_ascii($postarray['domain']);
-	if (!is_valid_domain_name($domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-
-	if ($_SESSION['mailcow_cc_role'] == "domainadmin" && 	hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-    $description  = $postarray['description'];
-    isset($postarray['active']) ? $active = '1' : $active = '0';
-    try {
-      $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
-      `description` = :description
-        WHERE `domain` = :domain");
-      $stmt->execute(array(
-        ':modified' => date('Y-m-d H:i:s'),
-        ':description' => $description,
-        ':domain' => $domain
-      ));
-      $_SESSION['return'] = array(
-        'type' => 'success',
-        'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain))
-      );
-    }
-    catch (PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-  }
-  elseif ($_SESSION['mailcow_cc_role'] == "admin") {
-    $description  = $postarray['description'];
-    isset($postarray['active']) ? $active = '1' : $active = '0';
-    $aliases		= filter_var($postarray['aliases'], FILTER_SANITIZE_NUMBER_FLOAT);
-    $mailboxes  = filter_var($postarray['mailboxes'], FILTER_SANITIZE_NUMBER_FLOAT);
-    $maxquota		= filter_var($postarray['maxquota'], FILTER_SANITIZE_NUMBER_FLOAT);
-    $quota			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
-    isset($postarray['relay_all_recipients']) ? $relay_all_recipients = '1' : $relay_all_recipients = '0';
-    isset($postarray['backupmx']) ? $backupmx = '1' : $backupmx = '0';
-    isset($postarray['relay_all_recipients']) ? $backupmx = '1' : true;
-    try {
-      // GET MAILBOX DATA
-      $stmt = $pdo->prepare("SELECT 
-          COUNT(*) AS count,
-          MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `maxquota`,
-          COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota`
-            FROM `mailbox`
-              WHERE domain= :domain");
-      $stmt->execute(array(':domain' => $domain));
-      $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
-      // GET ALIAS DATA
-      $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias`
-          WHERE domain = :domain
-          AND address NOT IN (
-            SELECT `username` FROM `mailbox`
-          )");
-      $stmt->execute(array(':domain' => $domain));
-      $AliasData = $stmt->fetch(PDO::FETCH_ASSOC);
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-
-    if ($maxquota > $quota) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
-      );
-      return false;
-    }
-
-    if ($MailboxData['maxquota'] > $maxquota) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['max_quota_in_use'], $MailboxData['maxquota'])
-      );
-      return false;
-    }
-
-    if ($MailboxData['quota'] > $quota) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['domain_quota_m_in_use'], $MailboxData['quota'])
-      );
-      return false;
-    }
-
-    if ($MailboxData['count'] > $mailboxes) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['mailboxes_in_use'], $MailboxData['count'])
-      );
-      return false;
-    }
-
-    if ($AliasData['count'] > $aliases) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['aliases_in_use'], $AliasData['count'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("UPDATE `domain` SET 
-      `modified`= :modified,
-      `relay_all_recipients` = :relay_all_recipients,
-      `backupmx` = :backupmx,
-      `active` = :active,
-      `quota` = :quota,
-      `maxquota` = :maxquota,
-      `mailboxes` = :mailboxes,
-      `aliases` = :aliases,
-      `description` = :description
-        WHERE `domain` = :domain");
-      $stmt->execute(array(
-        ':relay_all_recipients' => $relay_all_recipients,
-        ':backupmx' => $backupmx,
-        ':active' => $active,
-        ':quota' => $quota,
-        ':maxquota' => $maxquota,
-        ':mailboxes' => $mailboxes,
-        ':aliases' => $aliases,
-        ':modified' => date('Y-m-d H:i:s'),
-        ':description' => $description,
-        ':domain' => $domain
-      ));
-      $_SESSION['return'] = array(
-        'type' => 'success',
-        'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain))
-      );
-    }
-    catch (PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-  }
-}
-function mailbox_edit_mailbox($postarray) {
-	global $lang;
-	global $pdo;
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	$quota_m      = $postarray['quota'];
-	$quota_b      = $quota_m*1048576;
-	$username     = $postarray['username'];
-	$name         = $postarray['name'];
-	$password     = $postarray['password'];
-	$password2    = $postarray['password2'];
-
-	try {
-		$stmt = $pdo->prepare("SELECT `domain`
-			FROM `mailbox`
-				WHERE username = :username");
-		$stmt->execute(array(':username' => $username));
-		$MailboxData1 = $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT 
-			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_now`
-				FROM `mailbox`
-					WHERE `username` = :username");
-		$stmt->execute(array(':username' => $username));
-		$MailboxData2 = $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT 
-			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_in_use`
-				FROM `mailbox`
-					WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $MailboxData1['domain']));
-		$MailboxData3 = $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT `quota`, `maxquota`
-			FROM `domain`
-				WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $MailboxData1['domain']));
-		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $MailboxData1['domain'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (!is_numeric($quota_m) || $quota_m == "0") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'], htmlspecialchars($quota_m))
-		);
-		return false;
-	}
-	if ($quota_m > $DomainData['maxquota']) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
-		);
-		return false;
-	}
-	if (($MailboxData3['quota_m_in_use'] - $MailboxData2['quota_m_now'] + $quota_m) > $DomainData['quota']) {
-		$quota_left_m = ($DomainData['quota'] - $MailboxData3['quota_m_in_use'] + $MailboxData2['quota_m_now']);
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
-		);
-		return false;
-	}
-
-  // Get sender_acl items set by admin
-  $sender_acl_admin = array_merge(
-    get_sender_acl_handles($username)['sender_acl_domains']['ro'],
-    get_sender_acl_handles($username)['sender_acl_addresses']['ro']
-  );
-
-  // Get sender_acl items from POST array
-  (isset($postarray['sender_acl'])) ? $sender_acl_domain_admin = $postarray['sender_acl'] : $sender_acl_domain_admin = array();
-
-	if (!empty($sender_acl_domain_admin) || !empty($sender_acl_admin)) {
-    // Check items in POST array
-		foreach ($sender_acl_domain_admin as $sender_acl) {
-			if (!filter_var($sender_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name(ltrim($sender_acl, '@'))) {
-					$_SESSION['return'] = array(
-						'type' => 'danger',
-						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
-					);
-					return false;
-			}
-      if (is_valid_domain_name(ltrim($sender_acl, '@'))) {
-        if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], ltrim($sender_acl, '@'))) {
-					$_SESSION['return'] = array(
-						'type' => 'danger',
-						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
-					);
-					return false;
-        }
-      }
-			if (filter_var($sender_acl, FILTER_VALIDATE_EMAIL)) {
-        if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $sender_acl)) {
-					$_SESSION['return'] = array(
-						'type' => 'danger',
-						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
-					);
-					return false;
-        }
-      }
-    }
-
-    // Merge both arrays
-    $sender_acl_merged = array_merge($sender_acl_domain_admin, $sender_acl_admin);
-
-    try {
-      $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
-      $stmt->execute(array(
-        ':username' => $username
-      ));
-    }
-    catch (PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-
-		foreach ($sender_acl_merged as $sender_acl) {
-      $domain = ltrim($sender_acl, '@');
-      if (is_valid_domain_name($domain)) {
-        $sender_acl = '@' . $domain;
-      }
-			try {
-				$stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`)
-					VALUES (:sender_acl, :username)");
-				$stmt->execute(array(
-					':sender_acl' => $sender_acl,
-					':username' => $username
-				));
-			}
-			catch (PDOException $e) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => 'MySQL: '.$e
-				);
-				return false;
-			}
-		}
-	}
-  else {
-    try {
-      $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
-      $stmt->execute(array(
-        ':username' => $username
-      ));
-    }
-    catch (PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-  }
-	if (!empty($password) && !empty($password2)) {
-		if ($password != $password2) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['password_mismatch'])
-			);
-			return false;
-		}
-		$password_hashed = hash_password($password);
-		try {
-			$stmt = $pdo->prepare("UPDATE `alias` SET
-					`modified` = :modified,
-					`active` = :active
-						WHERE `address` = :address");
-			$stmt->execute(array(
-				':address' => $username,
-				':modified' => date('Y-m-d H:i:s'),
-				':active' => $active
-			));
-			$stmt = $pdo->prepare("UPDATE `mailbox` SET
-					`modified` = :modified,
-					`active` = :active,
-					`password` = :password_hashed,
-					`name`= :name,
-					`quota` = :quota_b
-						WHERE `username` = :username");
-			$stmt->execute(array(
-				':modified' => date('Y-m-d H:i:s'),
-				':password_hashed' => $password_hashed,
-				':active' => $active,
-				':name' => $name,
-				':quota_b' => $quota_b,
-				':username' => $username
-			));
-			$_SESSION['return'] = array(
-				'type' => 'success',
-				'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-			);
-			return true;
-		}
-		catch (PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-	}
-	try {
-		$stmt = $pdo->prepare("UPDATE `alias` SET
-				`modified` = :modified,
-				`active` = :active
-					WHERE `address` = :address");
-		$stmt->execute(array(
-			':address' => $username,
-			':modified' => date('Y-m-d H:i:s'),
-			':active' => $active
-		));
-		$stmt = $pdo->prepare("UPDATE `mailbox` SET
-				`modified` = :modified,
-				`active` = :active,
-				`name`= :name,
-				`quota` = :quota_b
-					WHERE `username` = :username");
-		$stmt->execute(array(
-			':active' => $active,
-			':modified' => date('Y-m-d H:i:s'),
-			':name' => $name,
-			':quota_b' => $quota_b,
-			':username' => $username
-		));
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-		);
-		return true;
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-}
-function mailbox_get_mailboxes($domain) {
-	global $lang;
-	global $pdo;
-  $mailboxes = array();
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-  try {
-    $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `domain` != 'ALL' AND `domain` = :domain");
-    $stmt->execute(array(
-      ':domain' => $domain,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $mailboxes[] = $row['username'];
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  return $mailboxes;
-}
-function mailbox_get_alias_domains($domain) {
-	global $lang;
-	global $pdo;
-  $aliasdomains = array();
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-  try {
-    $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain");
-    $stmt->execute(array(
-      ':domain' => $domain,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $aliasdomains[] = $row['alias_domain'];
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  return $aliasdomains;
-}
-function mailbox_get_aliases($domain) {
-	global $lang;
-	global $pdo;
-  $aliases = array();
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-  try {
-    $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain");
-    $stmt->execute(array(
-      ':domain' => $domain,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $aliases[] = $row['address'];
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  return $aliases;
-}
-function mailbox_get_alias_details($address) {
-	global $lang;
-	global $pdo;
-  $aliasdata = array();
-  try {
-    $stmt = $pdo->prepare("SELECT
-      `domain`,
-      `goto`,
-      `address`,
-      `active` as `active_int`,
-      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
-      `created`,
-      `modified`
-        FROM `alias`
-            WHERE `address` = :address AND `address` != `goto`");
-    $stmt->execute(array(
-      ':address' => $address,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $aliasdata['domain'] = $row['domain'];
-      $aliasdata['goto'] = $row['goto'];
-      $aliasdata['address'] = $row['address'];
-      (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
-      $aliasdata['active'] = $row['active'];
-      $aliasdata['active_int'] = $row['active_int'];
-      $aliasdata['created'] = $row['created'];
-      $aliasdata['modified'] = $row['modified'];
-      if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['access_denied'])
-        );
-        return false;
-      }
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  return $aliasdata;
-}
-function mailbox_get_alias_domain_details($aliasdomain) {
-	global $lang;
-	global $pdo;
-  $aliasdomaindata = array();
-  try {
-    $stmt = $pdo->prepare("SELECT
-      `alias_domain`,
-      `target_domain`,
-      `active` AS `active_int`,
-      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
-      `created`,
-      `modified`
-        FROM `alias_domain`
-            WHERE `alias_domain` = :aliasdomain");
-    $stmt->execute(array(
-      ':aliasdomain' => $aliasdomain,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $aliasdomaindata['alias_domain'] = $row['alias_domain'];
-      $aliasdomaindata['target_domain'] = $row['target_domain'];
-      $aliasdomaindata['active'] = $row['active'];
-      $aliasdomaindata['active_int'] = $row['active_int'];
-      $aliasdomaindata['created'] = $row['created'];
-      $aliasdomaindata['modified'] = $row['modified'];
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  if (isset($aliasdomaindata['target_domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdomaindata['target_domain'])) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
-    );
-    return false;
-  }
-  return $aliasdomaindata;
-}
-function mailbox_get_domains() {
-	global $lang;
-	global $pdo;
-
-  try {
-    $domains = array();
-    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-      WHERE (`domain` IN (
-        SELECT `domain` from `domain_admins`
-          WHERE (`active`='1' AND `username` = :username))
-        )
-        OR ('admin'= :role)
-        AND `domain` != 'ALL'");
-    $stmt->execute(array(
-      ':username' => $_SESSION['mailcow_cc_username'],
-      ':role' => $_SESSION['mailcow_cc_role'],
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $domains[] = $row['domain'];
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  return $domains;
-}
-function mailbox_get_domain_details($domain) {
-	global $lang;
-	global $pdo;
-
-  $domaindata = array();
-	$domain = idn_to_ascii(strtolower(trim($domain)));
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-  try {
-    $stmt = $pdo->prepare("SELECT 
-        `domain`,
-        `description`,
-        `aliases`,
-        `mailboxes`, 
-        `maxquota`,
-        `quota`,
-        `relay_all_recipients` as `relay_all_recipients_int`,
-        `backupmx` as `backupmx_int`,
-        `active` as `active_int`,
-        CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`,
-        CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`,
-        CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
-          FROM `domain` WHERE `domain`= :domain");
-    $stmt->execute(array(
-      ':domain' => $domain,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $domaindata['domain_name'] = $row['domain'];
-      $domaindata['description'] = $row['description'];
-      $domaindata['max_num_aliases_for_domain'] = $row['aliases'];
-      $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes'];
-      $domaindata['max_quota_for_mbox'] = formatBytes(intval($row['maxquota'] * 1048576), 2);
-      $domaindata['max_quota_for_mbox_mib'] = $row['maxquota'];
-      $domaindata['max_quota_for_domain'] = formatBytes(intval($row['quota'] * 1048576), 2);
-      $domaindata['max_quota_for_domain_mib'] = $row['quota'];
-      $domaindata['backupmx'] = $row['backupmx'];
-      $domaindata['backupmx_int'] = $row['backupmx_int'];
-      $domaindata['active'] = $row['active'];
-      $domaindata['active_int'] = $row['active_int'];
-      $domaindata['relay_all_recipients'] = $row['relay_all_recipients'];
-      $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int'];
-      $domaindata['relay_all_recipients'] = $row['relay_all_recipients'];
-
-      $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
-        WHERE `domain`= :domain
-          AND `address` NOT IN (
-            SELECT `username` FROM `mailbox`
-          )");
-      $stmt->execute(array(
-        ':domain' => $domain,
-      ));
-      $row = $stmt->fetchAll();
-      (isset($row[0]['alias_count'])) ? $domaindata['aliases_in_domain'] = $row[0]['alias_count'] : null;
-      $stmt = $pdo->prepare("SELECT COUNT(`username`) AS `mailbox_count`, SUM(`quota`) AS `quota` FROM `mailbox`
-          WHERE `domain` = :domain");
-      $stmt->execute(array(
-        ':domain' => $domain,
-      ));
-      $row = $stmt->fetchAll();
-      $domaindata['mboxes_in_domain'] = $row[0]['mailbox_count'];
-      $domaindata['quota_used_in_domain'] = formatBytes(intval($row[0]['quota']), 2);
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-
-  return $domaindata;
-}
-function mailbox_get_mailbox_details($mailbox) {
-	global $lang;
-	global $pdo;
-  $mailboxdata = array();
-  try {
-    $stmt = $pdo->prepare("SELECT
-        `domain`.`backupmx`,
-        `mailbox`.`username`,
-        `mailbox`.`name`,
-        `mailbox`.`active` AS `active_int`,
-        CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
-        `mailbox`.`domain`,
-        `mailbox`.`quota`,
-        `quota2`.`bytes`,
-        `quota2`.`messages`
-          FROM `mailbox`, `quota2`, `domain`
-            WHERE `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox");
-    $stmt->execute(array(
-      ':mailbox' => $mailbox,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $mailboxdata['username'] = $row['username'];
-      $mailboxdata['is_relayed'] = $row['backupmx'];
-      $mailboxdata['name'] = $row['name'];
-      $mailboxdata['active'] = $row['active'];
-      $mailboxdata['active_int'] = $row['active_int'];
-      $mailboxdata['domain'] = $row['domain'];
-      $mailboxdata['quota'] = formatBytes(intval($row['quota']), 2);
-      $mailboxdata['quota_bytes'] = $row['quota'];
-      $mailboxdata['quota_used'] = formatBytes(intval($row['bytes']), 2);
-      $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100);
-      $mailboxdata['messages'] = $row['messages'];
-      if ($mailboxdata['percent_in_use'] >= 90) {
-        $mailboxdata['percent_class'] = "danger";
-      }
-      elseif ($mailboxdata['percent_in_use'] >= 75) {
-        $mailboxdata['percent_class'] = "warning";
-      }
-      else {
-        $mailboxdata['percent_class'] = "success";
-      }
-    }
-  }
-  catch (PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-    return false;
-  }
-  if (isset($mailboxdata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailboxdata['domain'])) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
-    );
-    return false;
-  }
-  return $mailboxdata;
-}
-function mailbox_delete_domain($postarray) {
-	global $lang;
-	global $pdo;
-	$domain = $postarray['domain'];
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (!is_valid_domain_name($domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-	$domain	= strtolower(trim($domain));
-
-
-	try {
-		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-			WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	if ($num_results != 0 || !empty($num_results)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_not_empty'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `domain` WHERE `domain` = :domain");
-		$stmt->execute(array(
-			':domain' => $domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `domain` = :domain");
-		$stmt->execute(array(
-			':domain' => $domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :domain");
-		$stmt->execute(array(
-			':domain' => $domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `target_domain` = :domain");
-		$stmt->execute(array(
-			':domain' => $domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `domain` = :domain");
-		$stmt->execute(array(
-			':domain' => $domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` LIKE :domain");
-		$stmt->execute(array(
-			':domain' => '%@'.$domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :domain");
-		$stmt->execute(array(
-			':domain' => '%@'.$domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `address` = :domain");
-		$stmt->execute(array(
-			':domain' => '%@'.$domain,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :domain");
-		$stmt->execute(array(
-			':domain' => '%@'.$domain,
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['domain_removed'], htmlspecialchars($domain))
-	);
-	return true;
-}
-function mailbox_delete_alias($postarray) {
-	global $lang;
-	global $pdo;
-	$address		= $postarray['address'];
-	$local_part		= strstr($address, '@', true);
-	$domain			= substr(strrchr($address, "@"), 1);
-	try {
-		$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
-		$stmt->execute(array(':address' => $address));
-		$gotos = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$goto_array = explode(',', $gotos['goto']);
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
-		$stmt->execute(array(
-			':address' => $address
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars($address))
-	);
-
-}
-function mailbox_delete_alias_domain($postarray) {
-	global $lang;
-	global $pdo;
-	if (!is_valid_domain_name($postarray['alias_domain'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-	$alias_domain = $postarray['alias_domain'];
-	try {
-		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
-				WHERE `alias_domain`= :alias_domain");
-		$stmt->execute(array(':alias_domain' => $alias_domain));
-		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `alias_domain` = :alias_domain");
-		$stmt->execute(array(
-			':alias_domain' => $alias_domain,
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['alias_domain_removed'], htmlspecialchars($alias_domain))
-	);
-}
-function mailbox_delete_mailbox($postarray) {
-	global $lang;
-	global $pdo;
-	$domain		= substr(strrchr($postarray['username'], "@"), 1);
-	$username	= $postarray['username'];
-	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username");
-		$stmt->execute(array(
-			':username' => $username
-		));
-		$stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias`
-				WHERE `goto` LIKE :username");
-		$stmt->execute(array(':username' => '%'.$username.'%'));
-		$GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC);
-		foreach ($GotoData as $gotos) {
-			$goto_exploded = explode(',', $gotos['goto']);
-			if (($key = array_search($username, $goto_exploded)) !== false) {
-				unset($goto_exploded[$key]);
-			}
-			$gotos_rebuild = implode(',', $goto_exploded);
-			$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto WHERE `address` = :address");
-			$stmt->execute(array(
-				':goto' => $gotos_rebuild,
-				':address' => $gotos['address']
-			));
-		}
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['mailbox_removed'], htmlspecialchars($username))
-	);
-}
-function edit_domain_admin($postarray) {
-	global $lang;
-	global $pdo;
-	$username     = $postarray['username'];
-	$password     = $postarray['password'];
-	$password2    = $postarray['password2'];
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	
-  if(isset($postarray['domain'])) {
-    foreach ($postarray['domain'] as $domain) {
-      if (!is_valid_domain_name($domain)) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => sprintf($lang['danger']['domain_invalid'])
-        );
-        return false;
-      }
-    }
-	}
-
-	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-		$stmt->execute(array(
-			':username' => $username,
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-
-  if(isset($postarray['domain'])) {
-    foreach ($postarray['domain'] as $domain) {
-      try {
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-          VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
-          ':username' => $username,
-          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
-        ));
-      }
-      catch (PDOException $e) {
-        $_SESSION['return'] = array(
-          'type' => 'danger',
-          'msg' => 'MySQL: '.$e
-        );
-        return false;
-      }
-    }
-	}
-
-	if (!empty($password) && !empty($password2)) {
-		if ($password != $password2) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['password_mismatch'])
-			);
-			return false;
-		}
-		$password_hashed = hash_password($password);
-		try {
-			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-			$stmt->execute(array(
-				':password_hashed' => $password_hashed,
-				':username' => $username,
-				':modified' => date('Y-m-d H:i:s'),
-				':active' => $active
-			));
-		}
-		catch (PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-	}
-	else {
-		try {
-			$stmt = $pdo->prepare("UPDATE `admin` SET `modified` = :modified, `active` = :active WHERE `username` = :username");
-			$stmt->execute(array(
-				':username' => $username,
-				':modified' => date('Y-m-d H:i:s'),
-				':active' => $active
-			));
-		}
-		catch (PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['domain_admin_modified'], htmlspecialchars($username))
-	);
-}
 function set_admin_account($postarray) {
 	global $lang;
 	global $pdo;
@@ -2436,13 +352,7 @@ function set_time_limited_aliases($postarray) {
     );
     return false;
   }
-	if ($_SESSION['mailcow_cc_role'] != "user" || empty($username) || empty($domain)) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['access_denied'])
-				);
-				return false;
-	}
+
 	switch ($postarray["trigger_set_time_limited_aliases"]) {
 		case "generate":
 			if (!is_numeric($postarray["validity"]) || $postarray["validity"] > 672) {
@@ -2551,15 +461,7 @@ function get_time_limited_aliases($username = null) {
   // 'username' can be be set, if not, default to mailcow_cc_username
   global $lang;
 	global $pdo;
-  $spamaliasdata = array();
-	if ($_SESSION['mailcow_cc_role'] != "user" &&
-		$_SESSION['mailcow_cc_role'] != "admin") {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['access_denied'])
-			);
-			return false;
-	}
+  $data = array();
   if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
     if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
       $_SESSION['return'] = array(
@@ -2580,7 +482,7 @@ function get_time_limited_aliases($username = null) {
           WHERE `goto` = :username
             AND `validity` >= :unixnow");
     $stmt->execute(array(':username' => $username, ':unixnow' => time()));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);
   }
   catch(PDOException $e) {
     $_SESSION['return'] = array(
@@ -2588,12 +490,26 @@ function get_time_limited_aliases($username = null) {
       'msg' => 'MySQL: '.$e
     );
   }
-  return $rows;
+  return $data;
 }
-function set_user_account($postarray) {
+function edit_user_account($postarray) {
 	global $lang;
 	global $pdo;
-	$username			= $_SESSION['mailcow_cc_username'];
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
 	$password_old		= $postarray['user_old_pass'];
 	isset($postarray['togglePwNew']) ? $pwnew_active = '1' : $pwnew_active = '0';
 
@@ -2610,15 +526,6 @@ function set_user_account($postarray) {
 		return false;
 	}
 
-	if ($_SESSION['mailcow_cc_role'] != "user" &&
-		$_SESSION['mailcow_cc_role'] != "domainadmin") {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['access_denied'])
-			);
-			return false;
-	}
-
 	if (isset($password_new) && isset($password_new2)) {
 		if (!empty($password_new2) && !empty($password_new)) {
 			if ($password_new2 != $password_new) {
@@ -2660,273 +567,9 @@ function set_user_account($postarray) {
 		'msg' => sprintf($lang['success']['mailbox_modified'], $username)
 	);
 }
-function add_domain_admin($postarray) {
-	global $lang;
-	global $pdo;
-	$username		= strtolower(trim($postarray['username']));
-	$password		= $postarray['password'];
-	$password2		= $postarray['password2'];
-	isset($postarray['active']) ? $active = '1' : $active = '0';
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	if (empty($postarray['domain'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['domain_invalid'])
-		);
-		return false;
-	}
-	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-			WHERE `username` = :username");
-		$stmt->execute(array(':username' => $username));
-		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		
-		$stmt = $pdo->prepare("SELECT `username` FROM `admin`
-			WHERE `username` = :username");
-		$stmt->execute(array(':username' => $username));
-		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-		
-		$stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-			WHERE `username` = :username");
-		$stmt->execute(array(':username' => $username));
-		$num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-	}
-	catch(PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	foreach ($num_results as $num_results_each) {
-		if ($num_results_each != 0) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
-			);
-			return false;
-		}
-	}
-	if (!empty($password) && !empty($password2)) {
-		if ($password != $password2) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['password_mismatch'])
-			);
-			return false;
-		}
-		$password_hashed = hash_password($password);
-		foreach ($postarray['domain'] as $domain) {
-			if (!is_valid_domain_name($domain)) {
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => sprintf($lang['danger']['domain_invalid'])
-				);
-				return false;
-			}
-			try {
-				$stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-						VALUES (:username, :domain, :created, :active)");
-				$stmt->execute(array(
-					':username' => $username,
-					':domain' => $domain,
-					':created' => date('Y-m-d H:i:s'),
-					':active' => $active
-				));
-			}
-			catch (PDOException $e) {
-        delete_domain_admin(array('username' => $username));
-				$_SESSION['return'] = array(
-					'type' => 'danger',
-					'msg' => 'MySQL: '.$e
-				);
-				return false;
-			}
-		}
-		try {
-			$stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)
-				VALUES (:username, :password_hashed, '0', :created, :modified, :active)");
-			$stmt->execute(array(
-				':username' => $username,
-				':password_hashed' => $password_hashed,
-				':created' => date('Y-m-d H:i:s'),
-				':modified' => date('Y-m-d H:i:s'),
-				':active' => $active
-			));
-		}
-		catch (PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-	}
-	else {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['password_empty'])
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username))
-	);
-}
-function delete_domain_admin($postarray) {
-	global $pdo;
-	global $lang;
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	$username = $postarray['username'];
-	if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-		$stmt->execute(array(
-			':username' => $username,
-		));
-		$stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-		$stmt->execute(array(
-			':username' => $username,
-		));
-	}
-	catch (PDOException $e) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => 'MySQL: '.$e
-		);
-		return false;
-	}
-	$_SESSION['return'] = array(
-		'type' => 'success',
-		'msg' => sprintf($lang['success']['domain_admin_removed'], htmlspecialchars($username))
-	);
-}
-function get_domain_admins() {
-	global $pdo;
-	global $lang;
-  $domainadmins = array();
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-  try {
-    $stmt = $pdo->query("SELECT DISTINCT
-      `username`
-        FROM `domain_admins` 
-          WHERE `username` IN (
-            SELECT `username` FROM `admin`
-              WHERE `superadmin`!='1'
-          )");
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($row = array_shift($rows)) {
-      $domainadmins[] = $row['username'];
-    }
-  }
-  catch(PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-  }
-  return $domainadmins;
-}
-function get_domain_admin_details($domain_admin) {
-	global $pdo;
-	global $lang;
-  $domainadmindata = array();
-	if ($_SESSION['mailcow_cc_role'] != "admin") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-  if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
-  try {
-    $stmt = $pdo->prepare("SELECT
-      `created`,
-      `active` AS `active_int`,
-      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
-        FROM `domain_admins`
-          WHERE `username`= :domain_admin");
-    $stmt->execute(array(
-      ':domain_admin' => $domain_admin
-    ));
-    $row = $stmt->fetch(PDO::FETCH_ASSOC);
-    $domainadmindata['active'] = $row['active'];
-    $domainadmindata['active_int'] = $row['active_int'];
-    $domainadmindata['created'] = $row['created'];
-    // GET SELECTED
-    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-      WHERE `domain` IN (
-        SELECT `domain` FROM `domain_admins`
-          WHERE `username`= :domain_admin)");
-    $stmt->execute(array(':domain_admin' => $domain_admin));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $domainadmindata['selected_domains'][] = $row['domain'];
-    }
-    // GET UNSELECTED
-    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-      WHERE `domain` NOT IN (
-        SELECT `domain` FROM `domain_admins`
-          WHERE `username`= :domain_admin)");
-    $stmt->execute(array(':domain_admin' => $domain_admin));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while($row = array_shift($rows)) {
-      $domainadmindata['unselected_domains'][] = $row['domain'];
-    }
-  }
-  catch(PDOException $e) {
-    $_SESSION['return'] = array(
-      'type' => 'danger',
-      'msg' => 'MySQL: '.$e
-    );
-  }
-  return $domainadmindata;
-}
 function get_spam_score($username = null) {
 	global $pdo;
 	$default = "5, 15";
-	if ($_SESSION['mailcow_cc_role'] != "user" &&
-		$_SESSION['mailcow_cc_role'] != "admin") {
-			return false;
-	}
   if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
     if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
       return false;
@@ -2972,26 +615,31 @@ function get_spam_score($username = null) {
 		}
 	}
 }
-function set_spam_score($postarray) {
+function edit_spam_score($postarray) {
+  // Array items
+  // 'username' can be set, defaults to mailcow_cc_username
+  // 'lowspamlevel'
+  // 'highspamlevel'
 	global $lang;
 	global $pdo;
-	if ($_SESSION['mailcow_cc_role'] != "user") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-	$username		= $_SESSION['mailcow_cc_username'];
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
 	$lowspamlevel	= explode(',', $postarray['score'])[0];
 	$highspamlevel	= explode(',', $postarray['score'])[1];
-	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['username_invalid'])
-		);
-		return false;
-	}
+
 	if (!is_numeric($lowspamlevel) || !is_numeric($highspamlevel)) {
 		$_SESSION['return'] = array(
 			'type' => 'danger',
@@ -3021,6 +669,11 @@ function set_spam_score($postarray) {
 		));
 	}
 	catch (PDOException $e) {
+		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username
+			AND (`option` = 'lowspamlevel' OR `option` = 'highspamlevel')");
+		$stmt->execute(array(
+			':username' => $username
+		));
 		$_SESSION['return'] = array(
 			'type' => 'danger',
 			'msg' => 'MySQL: '.$e
@@ -3036,13 +689,6 @@ function get_policy_list($object = null) {
   // 'object' can be be set, if not, default to mailcow_cc_username
 	global $lang;
 	global $pdo;
-	if (!isset($_SESSION['mailcow_cc_role'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
   if (isset($object)) {
     if (!filter_var($object, FILTER_VALIDATE_EMAIL) && is_valid_domain_name($object)) {
       $object = idn_to_ascii(strtolower(trim($object)));
@@ -3085,7 +731,7 @@ function get_policy_list($object = null) {
   }
   return $rows;
 }
-function set_policy_list($postarray) {
+function add_policy_list_item($postarray) {
   // Array data
   // Either 'domain' or 'username' can be be set
   // If none of the above is set, default to mailcow_cc_username
@@ -3097,15 +743,6 @@ function set_policy_list($postarray) {
   (isset($postarray['domain']))   ? $object = $postarray['domain'] : null;
   (!isset($object))               ? $object = $_SESSION['mailcow_cc_username'] : null;
 
-  // Can be user, domainadmin or admin
-	if (!isset($_SESSION['mailcow_cc_role'])) {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
-
   if (is_valid_domain_name($object)) {
 		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
 			$_SESSION['return'] = array(
@@ -3126,37 +763,6 @@ function set_policy_list($postarray) {
 		}
   }
 
-  // DELETE
-	if (isset($postarray['delete_prefid'])) {
-		if (!is_numeric($postarray['delete_prefid'])) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['access_denied'])
-			);
-			return false;
-		}
-		try {
-			$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
-			$stmt->execute(array(
-				':object' => $object,
-				':prefid' => $postarray['delete_prefid']
-			));
-		}
-		catch (PDOException $e) {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => 'MySQL: '.$e
-			);
-			return false;
-		}
-		$_SESSION['return'] = array(
-			'type' => 'success',
-			'msg' => sprintf($lang['success']['object_modified'], $object)
-		);
-		return true;
-	}
-  
-  // ADD WL/BL
 	($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : null;
 	($postarray['object_list'] == "wl") ? $object_list = "whitelist_from" : null;
 	$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
@@ -3218,19 +824,71 @@ function set_policy_list($postarray) {
 		'msg' => sprintf($lang['success']['object_modified'], $object)
 	);
 }
-function get_syncjobs($username = null) {
-  // 'username' can be be set, if not, default to mailcow_cc_username
+function delete_policy_list_item($postarray) {
+  // Array data
+  // Either 'domain' or 'username' can be be set
+  // If none of the above is set, default to mailcow_cc_username
+  //
+  // 'delete_prefid' is item to be deleted
 	global $lang;
 	global $pdo;
-  $syncjobs = array();
-	if ($_SESSION['mailcow_cc_role'] != "user" &&
-		$_SESSION['mailcow_cc_role'] != "admin") {
+  (isset($postarray['username'])) ? $object = $postarray['username'] : null;
+  (isset($postarray['domain']))   ? $object = $postarray['domain'] : null;
+  (!isset($object))               ? $object = $_SESSION['mailcow_cc_username'] : null;
+
+  if (is_valid_domain_name($object)) {
+		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
 			$_SESSION['return'] = array(
 				'type' => 'danger',
 				'msg' => sprintf($lang['danger']['access_denied'])
 			);
 			return false;
-	}
+		}
+    $object = idn_to_ascii(strtolower(trim($object)));
+  }
+  else {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+  }
+
+  if (!is_numeric($postarray['delete_prefid'])) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+
+  try {
+    $stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :object AND `prefid` = :prefid");
+    $stmt->execute(array(
+      ':object' => $object,
+      ':prefid' => $postarray['delete_prefid']
+    ));
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['object_modified'], $object)
+  );
+  return true;
+}
+function get_syncjobs($username = null) {
+  // 'username' can be be set, if not, default to mailcow_cc_username
+	global $lang;
+	global $pdo;
+  $data = array();
   if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
     if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
       $_SESSION['return'] = array(
@@ -3248,7 +906,7 @@ function get_syncjobs($username = null) {
         FROM `imapsync`
           WHERE `user2` = :username");
     $stmt->execute(array(':username' => $username));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);
   }
   catch(PDOException $e) {
     $_SESSION['return'] = array(
@@ -3256,7 +914,7 @@ function get_syncjobs($username = null) {
       'msg' => 'MySQL: '.$e
     );
   }
-  return $rows;
+  return $data;
 }
 function get_syncjob_details($id) {
 	global $lang;
@@ -3270,7 +928,7 @@ function get_syncjob_details($id) {
 			);
 			return false;
 	}
-  if (!isset($id) || !is_numeric($id)) {
+  if (!is_numeric($id)) {
     $_SESSION['return'] = array(
       'type' => 'danger',
       'msg' => sprintf($lang['danger']['access_denied'])
@@ -3290,11 +948,17 @@ function get_syncjob_details($id) {
   }
   return $syncjobdetails;
 }
-function set_syncjob($postarray, $action) {
+function delete_syncjob($postarray) {
+  // Array items
+  // 'username' can be set, defaults to mailcow_cc_username
 	global $lang;
 	global $pdo;
-  if (isset($postarray['username']) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
     if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
       return false;
     }
     else {
@@ -3304,284 +968,303 @@ function set_syncjob($postarray, $action) {
   else {
     $username = $_SESSION['mailcow_cc_username'];
   }
-  if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
+  $id = $postarray['id'];
+  if (!is_numeric($id)) {
     $_SESSION['return'] = array(
       'type' => 'danger',
       'msg' => sprintf($lang['danger']['access_denied'])
     );
     return false;
   }
-  if ($_SESSION['mailcow_cc_role'] != "user" && $_SESSION['mailcow_cc_role'] != "admin") {
+  try {
+    $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username AND `id`= :id");
+    $stmt->execute(array(
+      ':username' => $username,
+      ':id' => $id,
+    ));
+  }
+  catch (PDOException $e) {
     $_SESSION['return'] = array(
       'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
+      'msg' => 'MySQL: '.$e
     );
     return false;
   }
-  // DELETE
-  if ($action == "delete") {
-    $id = $postarray['id'];
-    if (!is_numeric($id)) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username AND `id`= :id");
-      $stmt->execute(array(
-        ':username' => $username,
-        ':id' => $id,
-      ));
-    }
-    catch (PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    $_SESSION['return'] = array(
-      'type' => 'success',
-      'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
-    );
-    return true;
-  }
-  // ADD
-  elseif ($action == "add") {
-    isset($postarray['active']) ? $active = '1' : $active = '0';
-    isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
-    $port1            = $postarray['port1'];
-    $host1            = $postarray['host1'];
-    $password1        = $postarray['password1'];
-    $exclude          = $postarray['exclude'];
-    $maxage           = $postarray['maxage'];
-    $subfolder2       = $postarray['subfolder2'];
-    $user1            = $postarray['user1'];
-    $mins_interval    = $postarray['mins_interval'];
-    $enc1             = $postarray['enc1'];
-
-    if (empty($subfolder2)) {
-      $subfolder2 = "";
-    }
-    if (!isset($maxage) || !filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 32767)))) {
-      $maxage = "0";
-    }
-    if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (!is_valid_domain_name($host1)) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (@preg_match("/" . $exclude . "/", null) === false) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("SELECT `user2`, `user1` FROM `imapsync`
-        WHERE `user2` = :user2 AND `user1` = :user1");
-      $stmt->execute(array(':user1' => $user1, ':user2' => $username));
-      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    if ($num_results != 0) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($host1 . ' / ' . $user1))
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("INSERT INTO `imapsync` (`user2`, `exclude`, `maxage`, `subfolder2`, `host1`, `authmech1`, `user1`, `password1`, `mins_interval`, `port1`, `enc1`, `delete2duplicates`, `active`)
-        VALUES (:user2, :exclude, :maxage, :subfolder2, :host1, :authmech1, :user1, :password1, :mins_interval, :port1, :enc1, :delete2duplicates, :active)");
-      $stmt->execute(array(
-        ':user2' => $username,
-        ':exclude' => $exclude,
-        ':maxage' => $maxage,
-        ':subfolder2' => $subfolder2,
-        ':host1' => $host1,
-        ':authmech1' => 'PLAIN',
-        ':user1' => $user1,
-        ':password1' => $password1,
-        ':mins_interval' => $mins_interval,
-        ':port1' => $port1,
-        ':enc1' => $enc1,
-        ':delete2duplicates' => $delete2duplicates,
-        ':active' => $active,
-      ));
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    $_SESSION['return'] = array(
-      'type' => 'success',
-      'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-    );
-    return true;
-  }
-  // EDIT
-  elseif ($action == "edit") {
-    isset($postarray['active']) ? $active = '1' : $active = '0';
-    isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
-    $id               = $postarray['id'];
-    $port1            = $postarray['port1'];
-    $host1            = $postarray['host1'];
-    $password1        = $postarray['password1'];
-    $exclude          = $postarray['exclude'];
-    $maxage           = $postarray['maxage'];
-    $subfolder2       = $postarray['subfolder2'];
-    $user1            = $postarray['user1'];
-    $mins_interval    = $postarray['mins_interval'];
-    $enc1             = $postarray['enc1'];
-
-    if (empty($subfolder2)) {
-      $subfolder2 = "";
-    }
-    if (empty($maxage)) {
-      $maxage = 0;
-    }
-
-    if (!filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 0, 'max_range' => 32767)))) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (!is_valid_domain_name($host1)) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    if (@preg_match("/" . $exclude . "/", null) === false) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync`
-        WHERE `user2` = :user2 AND `id` = :id");
-      $stmt->execute(array(':user2' => $username, ':id' => $id));
-      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    if (empty($num_results)) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['access_denied'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("UPDATE `imapsync` set `maxage` = :maxage, `subfolder2` = :subfolder2, `exclude` = :exclude, `host1` = :host1, `user1` = :user1, `password1` = :password1, `mins_interval` = :mins_interval, `port1` = :port1, `enc1` = :enc1, `delete2duplicates` = :delete2duplicates, `active` = :active
-        WHERE `user2` = :user2 AND `id` = :id");
-      $stmt->execute(array(
-        ':user2' => $username,
-        ':id' => $id,
-        ':exclude' => $exclude,
-        ':maxage' => $maxage,
-        ':subfolder2' => $subfolder2,
-        ':host1' => $host1,
-        ':user1' => $user1,
-        ':password1' => $password1,
-        ':mins_interval' => $mins_interval,
-        ':port1' => $port1,
-        ':enc1' => $enc1,
-        ':delete2duplicates' => $delete2duplicates,
-        ':active' => $active,
-      ));
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    $_SESSION['return'] = array(
-      'type' => 'success',
-      'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-    );
-    return true;
-  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['mailbox_modified'], htmlspecialchars($username))
+  );
+  return true;
 }
-function set_tls_policy($postarray) {
+function add_syncjob($postarray) {
+  // Array items
+  // 'username' can be set, defaults to mailcow_cc_username
 	global $lang;
 	global $pdo;
-	if ($_SESSION['mailcow_cc_role'] != "user") {
-		$_SESSION['return'] = array(
-			'type' => 'danger',
-			'msg' => sprintf($lang['danger']['access_denied'])
-		);
-		return false;
-	}
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
+  isset($postarray['active']) ? $active = '1' : $active = '0';
+  isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
+  $port1            = $postarray['port1'];
+  $host1            = $postarray['host1'];
+  $password1        = $postarray['password1'];
+  $exclude          = $postarray['exclude'];
+  $maxage           = $postarray['maxage'];
+  $subfolder2       = $postarray['subfolder2'];
+  $user1            = $postarray['user1'];
+  $mins_interval    = $postarray['mins_interval'];
+  $enc1             = $postarray['enc1'];
+
+  if (empty($subfolder2)) {
+    $subfolder2 = "";
+  }
+  if (!isset($maxage) || !filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 32767)))) {
+    $maxage = "0";
+  }
+  if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (!is_valid_domain_name($host1)) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (@preg_match("/" . $exclude . "/", null) === false) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  try {
+    $stmt = $pdo->prepare("SELECT `user2`, `user1` FROM `imapsync`
+      WHERE `user2` = :user2 AND `user1` = :user1");
+    $stmt->execute(array(':user1' => $user1, ':user2' => $username));
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  if ($num_results != 0) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($host1 . ' / ' . $user1))
+    );
+    return false;
+  }
+  try {
+    $stmt = $pdo->prepare("INSERT INTO `imapsync` (`user2`, `exclude`, `maxage`, `subfolder2`, `host1`, `authmech1`, `user1`, `password1`, `mins_interval`, `port1`, `enc1`, `delete2duplicates`, `active`)
+      VALUES (:user2, :exclude, :maxage, :subfolder2, :host1, :authmech1, :user1, :password1, :mins_interval, :port1, :enc1, :delete2duplicates, :active)");
+    $stmt->execute(array(
+      ':user2' => $username,
+      ':exclude' => $exclude,
+      ':maxage' => $maxage,
+      ':subfolder2' => $subfolder2,
+      ':host1' => $host1,
+      ':authmech1' => 'PLAIN',
+      ':user1' => $user1,
+      ':password1' => $password1,
+      ':mins_interval' => $mins_interval,
+      ':port1' => $port1,
+      ':enc1' => $enc1,
+      ':delete2duplicates' => $delete2duplicates,
+      ':active' => $active,
+    ));
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['mailbox_modified'], $username)
+  );
+  return true;
+}
+function edit_syncjob($postarray) {
+  // Array items
+  // 'username' can be set, defaults to mailcow_cc_username
+	global $lang;
+	global $pdo;
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
+  isset($postarray['active']) ? $active = '1' : $active = '0';
+  isset($postarray['delete2duplicates']) ? $delete2duplicates = '1' : $delete2duplicates = '0';
+  $id               = $postarray['id'];
+  $port1            = $postarray['port1'];
+  $host1            = $postarray['host1'];
+  $password1        = $postarray['password1'];
+  $exclude          = $postarray['exclude'];
+  $maxage           = $postarray['maxage'];
+  $subfolder2       = $postarray['subfolder2'];
+  $user1            = $postarray['user1'];
+  $mins_interval    = $postarray['mins_interval'];
+  $enc1             = $postarray['enc1'];
+
+  if (empty($subfolder2)) {
+    $subfolder2 = "";
+  }
+  if (!isset($maxage) || !filter_var($maxage, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 32767)))) {
+    $maxage = "0";
+  }
+  if (!filter_var($port1, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 65535)))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (!is_valid_domain_name($host1)) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if ($enc1 != "TLS" && $enc1 != "SSL" && $enc1 != "PLAIN") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  if (@preg_match("/" . $exclude . "/", null) === false) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  try {
+    $stmt = $pdo->prepare("SELECT `user2` FROM `imapsync`
+      WHERE `user2` = :user2 AND `id` = :id");
+    $stmt->execute(array(':user2' => $username, ':id' => $id));
+    $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  if (empty($num_results)) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  try {
+    $stmt = $pdo->prepare("UPDATE `imapsync` set `maxage` = :maxage, `subfolder2` = :subfolder2, `exclude` = :exclude, `host1` = :host1, `user1` = :user1, `password1` = :password1, `mins_interval` = :mins_interval, `port1` = :port1, `enc1` = :enc1, `delete2duplicates` = :delete2duplicates, `active` = :active
+      WHERE `user2` = :user2 AND `id` = :id");
+    $stmt->execute(array(
+      ':user2' => $username,
+      ':id' => $id,
+      ':exclude' => $exclude,
+      ':maxage' => $maxage,
+      ':subfolder2' => $subfolder2,
+      ':host1' => $host1,
+      ':user1' => $user1,
+      ':password1' => $password1,
+      ':mins_interval' => $mins_interval,
+      ':port1' => $port1,
+      ':enc1' => $enc1,
+      ':delete2duplicates' => $delete2duplicates,
+      ':active' => $active,
+    ));
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['mailbox_modified'], $username)
+  );
+  return true;
+}
+function edit_tls_policy($postarray) {
+	global $lang;
+	global $pdo;
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
 	isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0';
 	isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0';
 	$username = $_SESSION['mailcow_cc_username'];
@@ -3615,15 +1298,7 @@ function set_tls_policy($postarray) {
 function get_tls_policy($username = null) {
 	global $lang;
 	global $pdo;
-  $TLSData = array();
-	if ($_SESSION['mailcow_cc_role'] != "user" &&
-		$_SESSION['mailcow_cc_role'] != "admin") {
-			$_SESSION['return'] = array(
-				'type' => 'danger',
-				'msg' => sprintf($lang['danger']['access_denied'])
-			);
-			return false;
-	}
+  $data = array();
   if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
     if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
       $_SESSION['return'] = array(
@@ -3639,7 +1314,7 @@ function get_tls_policy($username = null) {
 	try {
 		$stmt = $pdo->prepare("SELECT `tls_enforce_out`, `tls_enforce_in` FROM `mailbox` WHERE `username` = :username");
 		$stmt->execute(array(':username' => $username));
-		$TLSData = $stmt->fetch(PDO::FETCH_ASSOC);
+		$data = $stmt->fetch(PDO::FETCH_ASSOC);
 	}
 	catch(PDOException $e) {
 		$_SESSION['return'] = array(
@@ -3648,138 +1323,72 @@ function get_tls_policy($username = null) {
 		);
 		return false;
 	}
-	return $TLSData;
+	return $data;
 }
-function remaining_specs($domain, $object = null, $js = null) {
-	// left_m	without object given	= MiB left in domain
-	// left_m	with object given		= Max. MiB we can assign to given object
-	// limit_m							= Domain limit in MiB
-	// left_c							= Mailboxes we can create depending on domain quota
-	global $pdo;
-	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
-		return false;
-	}
-	try {
-		$stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain` WHERE `domain` = :domain");
-		$stmt->execute(array(':domain' => $domain));
-		$DomainData			= $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `in_use_m` FROM `mailbox` WHERE `domain` = :domain AND `username` != :object");
-		$stmt->execute(array(':domain' => $domain, ':object' => $object));
-		$MailboxDataDomain	= $stmt->fetch(PDO::FETCH_ASSOC);
-
-		$quota_left_m	= $DomainData['quota']		- $MailboxDataDomain['in_use_m'];
-		$mboxs_left		= $DomainData['mailboxes']	- $MailboxDataDomain['count'];
-
-		if ($quota_left_m > $DomainData['maxquota']) {
-			$quota_left_m = $DomainData['maxquota'];
-		}
-
-	}
-	catch (PDOException $e) {
-		return false;
-	}
-	if (is_numeric($quota_left_m)) {
-		$spec['left_m']		= $quota_left_m;
-		$spec['limit_m']	= $DomainData['maxquota'];
-	}
-	if (is_numeric($mboxs_left)) {
-		$spec['left_c']		= $mboxs_left;
-	}
-	if (!empty($js)) {
-		echo $quota_left_m;
-		exit;
-	}
-	return $spec;
-}
-function get_sender_acl_handles($mailbox) {
-	global $pdo;
+function edit_delimiter_action($postarray) {
+  // Array items
+  // 'username' can be set, defaults to mailcow_cc_username
 	global $lang;
-	if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+	global $pdo;
+  if (isset($postarray['username']) && filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $postarray['username'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+    else {
+      $username = $postarray['username'];
+    }
+  }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
+  ($postarray['tagged_mail_handler'] == "subject") ? $wants_tagged_subject = '1' : $wants_tagged_subject = '0';
+  if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
     $_SESSION['return'] = array(
       'type' => 'danger',
-      'msg' => sprintf($lang['danger']['access_denied'])
+      'msg' => sprintf($lang['danger']['username_invalid'])
     );
     return false;
-	}
-
-  $data['sender_acl_domains']['ro']               = array();
-  $data['sender_acl_domains']['rw']               = array();
-  $data['sender_acl_domains']['selectable']       = array();
-  $data['sender_acl_addresses']['ro']             = array();
-  $data['sender_acl_addresses']['rw']             = array();
-  $data['sender_acl_addresses']['selectable']     = array();
-  $data['fixed_sender_aliases']                   = array();
-  
+  }
   try {
-    $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :goto AND `address` NOT LIKE '@%'");
-    $stmt->execute(array(':goto' => $mailbox));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($row = array_shift($rows)) {
-      $data['fixed_sender_aliases'][] = $row['address'];
-    }
-
-    // Return array $data['sender_acl_domains/addresses']['ro'] with read-only objects
-    // Return array $data['sender_acl_domains/addresses']['rw'] with read-write objects (can be deleted)
-    $stmt = $pdo->prepare("SELECT REPLACE(`send_as`, '@', '') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` LIKE '@%'");
-    $stmt->execute(array(':logged_in_as' => $mailbox));
-    $domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($domain_row = array_shift($domain_rows)) {
-      if (is_valid_domain_name($domain_row['send_as']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) {
-        $data['sender_acl_domains']['ro'][] = $domain_row['send_as'];
-        continue;
-      }
-      if (is_valid_domain_name($domain_row['send_as']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) {
-        $data['sender_acl_domains']['rw'][] = $domain_row['send_as'];
-        continue;
-      }
-    }
-
-    $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` NOT LIKE '@%'");
-    $stmt->execute(array(':logged_in_as' => $mailbox));
-    $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($address_row = array_shift($address_rows)) {
-      if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
-        $data['sender_acl_addresses']['ro'][] = $address_row['send_as'];
-        continue;
-      }
-      if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
-        $data['sender_acl_addresses']['rw'][] = $address_row['send_as'];
-        continue;
-      }
-    }
-
-    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-      WHERE `domain` NOT IN (
-        SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` 
-          WHERE `logged_in_as` = :logged_in_as
-            AND `send_as` LIKE '@%')");
-    $stmt->execute(array(
-      ':logged_in_as' => $mailbox,
-    ));
-    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($row = array_shift($rows)) {
-      if (is_valid_domain_name($row['domain']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['domain'])) {
-        $data['sender_acl_domains']['selectable'][] = $row['domain'];
-      }
-    }
-
-    $stmt = $pdo->prepare("SELECT `address` FROM `alias`
-      WHERE `goto` != :goto
-        AND `address` NOT IN (
-          SELECT `send_as` FROM `sender_acl` 
-            WHERE `logged_in_as` = :logged_in_as
-              AND `send_as` NOT LIKE '@%')");
-    $stmt->execute(array(
-      ':logged_in_as' => $mailbox,
-      ':goto' => $mailbox
-    ));
-    while ($row = array_shift($rows)) {
-      if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) {
-        $data['sender_acl_addresses']['selectable'][] = $row['address'];
-      }
+    $stmt = $pdo->prepare("UPDATE `mailbox` SET `wants_tagged_subject` = :wants_tagged_subject WHERE `username` = :username");
+    $stmt->execute(array(':username' => $username, ':wants_tagged_subject' => $wants_tagged_subject));
+    $SelectData = $stmt->fetch(PDO::FETCH_ASSOC);
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  $_SESSION['return'] = array(
+    'type' => 'success',
+    'msg' => sprintf($lang['success']['mailbox_modified'], $username)
+  );
+  return true;
+}
+function get_delimiter_action($username = null) {
+  // 'username' can be set, defaults to mailcow_cc_username
+	global $lang;
+	global $pdo;
+	$data = array();
+  if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
+    if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
+      return false;
     }
   }
+  else {
+    $username = $_SESSION['mailcow_cc_username'];
+  }
+  try {
+    $stmt = $pdo->prepare("SELECT `wants_tagged_subject` FROM `mailbox` WHERE `username` = :username");
+    $stmt->execute(array(':username' => $username));
+    $data = $stmt->fetch(PDO::FETCH_ASSOC);
+  }
   catch(PDOException $e) {
     $_SESSION['return'] = array(
       'type' => 'danger',
@@ -3789,56 +1398,6 @@ function get_sender_acl_handles($mailbox) {
   }
   return $data;
 }
-function tagging_options($action, $data = null) {
-	global $lang;
-	global $pdo;
-  $username	= $_SESSION['mailcow_cc_username'];
-  if ($action == "get") {
-    if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("SELECT `wants_tagged_subject` FROM `mailbox` WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
-      $SelectData = $stmt->fetch(PDO::FETCH_ASSOC);
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    return $SelectData['wants_tagged_subject'];
-  }
-  elseif ($action == "set") {
-    ($data['tagged_mail_handler'] == "subject") ? $wants_tagged_subject = '1' : $wants_tagged_subject = '0';
-    if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => sprintf($lang['danger']['username_invalid'])
-      );
-      return false;
-    }
-    try {
-      $stmt = $pdo->prepare("UPDATE `mailbox` SET `wants_tagged_subject` = :wants_tagged_subject WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username, ':wants_tagged_subject' => $wants_tagged_subject));
-      $SelectData = $stmt->fetch(PDO::FETCH_ASSOC);
-    }
-    catch(PDOException $e) {
-      $_SESSION['return'] = array(
-        'type' => 'danger',
-        'msg' => 'MySQL: '.$e
-      );
-      return false;
-    }
-    $_SESSION['return'] = array(
-      'type' => 'success',
-      'msg' => sprintf($lang['success']['mailbox_modified'], $username)
-    );
-  }
-  return false;
-}
 function user_get_alias_details($username) {
 	global $lang;
 	global $pdo;
diff --git a/data/web/inc/mailbox.inc.php b/data/web/inc/mailbox.inc.php
new file mode 100644
index 00000000..2b66ea20
--- /dev/null
+++ b/data/web/inc/mailbox.inc.php
@@ -0,0 +1,1974 @@
+<?php
+function mailbox_add_domain($postarray) {
+  // Array elements
+  // domain                 string
+  // description            string
+  // aliases                int
+  // mailboxes              int
+  // maxquota               int
+  // quota                  int
+  // active                 int
+  // relay_all_recipients   int
+  // backupmx               int
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	$domain				= idn_to_ascii(strtolower(trim($postarray['domain'])));
+	$description  = $postarray['description'];
+	$aliases			= $postarray['aliases'];
+	$mailboxes    = $postarray['mailboxes'];
+	$maxquota			= $postarray['maxquota'];
+	$quota				= $postarray['quota'];
+
+	if ($maxquota > $quota) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
+		);
+		return false;
+	}
+
+	isset($postarray['active'])               ? $active = '1'                 : $active = '0';
+	isset($postarray['relay_all_recipients'])	? $relay_all_recipients = '1'   : $relay_all_recipients = '0';
+	isset($postarray['backupmx'])             ? $backupmx = '1'               : $backupmx = '0';
+	isset($postarray['relay_all_recipients']) ? $backupmx = '1'               : true;
+
+	if (!is_valid_domain_name($domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+
+	foreach (array($quota, $maxquota, $mailboxes, $aliases) as $data) {
+		if (!is_numeric($data)) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['object_is_not_numeric'], htmlspecialchars($data))
+			);
+			return false;
+		}
+	}
+
+	try {
+		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+			WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
+			WHERE `alias_domain` = :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$num_results = $num_results + count($stmt->fetchAll(PDO::FETCH_ASSOC));
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	if ($num_results != 0) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_exists'], htmlspecialchars($domain))
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `maxquota`, `quota`, `transport`, `backupmx`, `created`, `modified`, `active`, `relay_all_recipients`)
+			VALUES (:domain, :description, :aliases, :mailboxes, :maxquota, :quota, 'virtual', :backupmx, :created, :modified, :active, :relay_all_recipients)");
+		$stmt->execute(array(
+			':domain' => $domain,
+			':description' => $description,
+			':aliases' => $aliases,
+			':mailboxes' => $mailboxes,
+			':maxquota' => $maxquota,
+			':quota' => $quota,
+			':backupmx' => $backupmx,
+			':active' => $active,
+			':created' => date('Y-m-d H:i:s'),
+			':modified' => date('Y-m-d H:i:s'),
+			':relay_all_recipients' => $relay_all_recipients
+		));
+		$_SESSION['return'] = array(
+			'type' => 'success',
+			'msg' => sprintf($lang['success']['domain_added'], htmlspecialchars($domain))
+		);
+	}
+	catch (PDOException $e) {
+    mailbox_delete_domain(array('domain' => $domain));
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+}
+function mailbox_add_alias($postarray) {
+  // Array elements
+  // address  string  (separated by " ", "," ";" "\n") - email address or domain
+  // goto     string  (separated by " ", "," ";" "\n")
+  // active   int
+	global $lang;
+	global $pdo;
+	$addresses  = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['address']));
+	$gotos      = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	if (empty($addresses[0])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['alias_empty'])
+		);
+		return false;
+	}
+
+	if (empty($gotos[0])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['goto_empty'])
+		);
+		return false;
+	}
+
+	foreach ($addresses as $address) {
+		if (empty($address)) {
+			continue;
+		}
+
+		$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
+		$local_part   = strstr($address, '@', true);
+		$address      = $local_part.'@'.$domain;
+
+		try {
+			$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+				WHERE `domain`= :domain1 OR `domain` = (SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain2)");
+			$stmt->execute(array(':domain1' => $domain, ':domain2' => $domain));
+			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results == 0) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
+        );
+        return false;
+      }
+
+			$stmt = $pdo->prepare("SELECT `address` FROM `alias`
+				WHERE `address`= :address");
+			$stmt->execute(array(':address' => $address));
+			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['is_alias_or_mailbox'], htmlspecialchars($address))
+        );
+        return false;
+      }
+
+			$stmt = $pdo->prepare("SELECT `address` FROM `spamalias`
+				WHERE `address`= :address");
+			$stmt->execute(array(':address' => $address));
+			$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      if ($num_results != 0) {
+        $_SESSION['return'] = array(
+          'type' => 'danger',
+          'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($address))
+        );
+        return false;
+      }
+		}
+		catch(PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+
+		if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['alias_invalid'])
+			);
+			return false;
+		}
+
+		if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['access_denied'])
+			);
+			return false;
+		}
+
+		foreach ($gotos as &$goto) {
+			if (empty($goto)) {
+				continue;
+			}
+
+			$goto_domain		= idn_to_ascii(substr(strstr($goto, '@'), 1));
+			$goto_local_part	= strstr($goto, '@', true);
+			$goto				= $goto_local_part.'@'.$goto_domain;
+
+			if (!filter_var($goto, FILTER_VALIDATE_EMAIL) === true) {
+				$_SESSION['return'] = array(
+					'type' => 'danger',
+					'msg' => sprintf($lang['danger']['goto_invalid'])
+				);
+				return false;
+			}
+			if ($goto == $address) {
+				$_SESSION['return'] = array(
+					'type' => 'danger',
+					'msg' => sprintf($lang['danger']['alias_goto_identical'])
+				);
+				return false;
+			}
+		}
+
+		$gotos = array_filter($gotos);
+		$goto = implode(",", $gotos);
+
+		try {
+			$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
+				VALUES (:address, :goto, :domain, :created, :modified, :active)");
+
+			if (!filter_var($address, FILTER_VALIDATE_EMAIL) === true) {
+				$stmt->execute(array(
+					':address' => '@'.$domain,
+					':goto' => $goto,
+					':domain' => $domain,
+					':created' => date('Y-m-d H:i:s'),
+					':modified' => date('Y-m-d H:i:s'),
+					':active' => $active
+				));
+			}
+			else {
+				$stmt->execute(array(
+					':address' => $address,
+					':goto' => $goto,
+					':domain' => $domain,
+					':created' => date('Y-m-d H:i:s'),
+					':modified' => date('Y-m-d H:i:s'),
+					':active' => $active
+				));
+			}
+			$_SESSION['return'] = array(
+				'type' => 'success',
+				'msg' => sprintf($lang['success']['alias_added'])
+			);
+		}
+		catch (PDOException $e) {
+      mailbox_delete_alias(array('address' => $address));
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['alias_added'])
+	);
+}
+function mailbox_add_alias_domain($postarray) {
+  // Array elements
+  // active         int
+  // alias_domain   string
+  // target_domain  string
+	global $lang;
+	global $pdo;
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	$alias_domain     = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
+	$target_domain    = idn_to_ascii(strtolower(trim($postarray['target_domain'])));
+
+	if (!is_valid_domain_name($alias_domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
+		);
+		return false;
+	}
+
+	if (!is_valid_domain_name($target_domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['target_domain_invalid'])
+		);
+		return false;
+	}
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $target_domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+	if ($alias_domain == $target_domain) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+			WHERE `domain`= :target_domain");
+		$stmt->execute(array(':target_domain' => $target_domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results == 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['targetd_not_found'])
+      );
+      return false;
+    }
+
+		$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain
+			UNION
+			SELECT `alias_domain` FROM `alias_domain` WHERE `alias_domain`= :alias_domain_in_domain");
+		$stmt->execute(array(':alias_domain' => $alias_domain, ':alias_domain_in_domain' => $alias_domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['aliasd_exists'])
+      );
+      return false;
+    }
+  }
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("INSERT INTO `alias_domain` (`alias_domain`, `target_domain`, `created`, `modified`, `active`)
+			VALUES (:alias_domain, :target_domain, :created, :modified, :active)");
+		$stmt->execute(array(
+			':alias_domain' => $alias_domain,
+			':target_domain' => $target_domain,
+			':created' => date('Y-m-d H:i:s'),
+			':modified' => date('Y-m-d H:i:s'),
+			':active' => $active
+		));
+		$_SESSION['return'] = array(
+			'type' => 'success',
+			'msg' => sprintf($lang['success']['aliasd_added'], htmlspecialchars($alias_domain))
+		);
+	}
+	catch (PDOException $e) {
+    mailbox_delete_alias_domain(array('alias_domain' => $alias_domain));
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+}
+function mailbox_add_mailbox($postarray) {
+  // Array elements
+  // active             int
+  // local_part         string
+  // domain             string
+  // name               string    (username if empty)
+  // password           string
+  // password2          string
+  // quota              int       (MiB)
+  // active             int
+
+	global $pdo;
+	global $lang;
+	$local_part   = strtolower(trim($postarray['local_part']));
+	$domain       = idn_to_ascii(strtolower(trim($postarray['domain'])));
+  $username     = $local_part . '@' . $domain;
+	if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_invalid'])
+		);
+		return false;
+	}
+	if (empty($postarray['local_part'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_invalid'])
+		);
+		return false;
+	}
+	$password     = $postarray['password'];
+	$password2    = $postarray['password2'];
+	$name         = $postarray['name'];
+  $quota_m			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
+
+	if (empty($name)) {
+		$name = $local_part;
+	}
+
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+
+	$quota_b		= ($quota_m * 1048576);
+	$maildir		= $domain."/".$local_part."/";
+
+	if (!is_valid_domain_name($domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("SELECT `mailboxes`, `maxquota`, `quota` FROM `domain`
+			WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		$stmt = $pdo->prepare("SELECT 
+			COUNT(*) as count,
+			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota`
+				FROM `mailbox`
+					WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		$stmt = $pdo->prepare("SELECT `local_part` FROM `mailbox` WHERE `local_part` = :local_part and `domain`= :domain");
+		$stmt->execute(array(':local_part' => $local_part, ':domain' => $domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))
+      );
+      return false;
+    }
+
+		$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE address= :username");
+		$stmt->execute(array(':username' => $username));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['is_alias'], htmlspecialchars($username))
+      );
+      return false;
+    }
+
+		$stmt = $pdo->prepare("SELECT `address` FROM `spamalias` WHERE `address`= :username");
+		$stmt->execute(array(':username' => $username));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results != 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['is_spam_alias'], htmlspecialchars($username))
+      );
+      return false;
+    }
+
+		$stmt = $pdo->prepare("SELECT `domain` FROM `domain` WHERE `domain`= :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+    if ($num_results == 0) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['domain_not_found'], $domain)
+      );
+      return false;
+    }
+  }
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+	if (!is_numeric($quota_m) || $quota_m == "0") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'])
+		);
+		return false;
+	}
+
+	if (!empty($password) && !empty($password2)) {
+		if ($password != $password2) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['password_mismatch'])
+			);
+			return false;
+		}
+		$password_hashed = hash_password($password);
+	}
+	else {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['password_empty'])
+		);
+		return false;
+	}
+
+	if ($MailboxData['count'] >= $DomainData['mailboxes']) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['max_mailbox_exceeded'], $MailboxData['count'], $DomainData['mailboxes'])
+		);
+		return false;
+	}
+
+	if ($quota_m > $DomainData['maxquota']) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
+		);
+		return false;
+	}
+
+	if (($MailboxData['quota'] + $quota_m) > $DomainData['quota']) {
+		$quota_left_m = ($DomainData['quota'] - $MailboxData['quota']);
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("INSERT INTO `mailbox` (`username`, `password`, `name`, `maildir`, `quota`, `local_part`, `domain`, `created`, `modified`, `active`) 
+			VALUES (:username, :password_hashed, :name, :maildir, :quota_b, :local_part, :domain, :created, :modified, :active)");
+		$stmt->execute(array(
+			':username' => $username,
+			':password_hashed' => $password_hashed,
+			':name' => $name,
+			':maildir' => $maildir,
+			':quota_b' => $quota_b,
+			':local_part' => $local_part,
+			':domain' => $domain,
+			':created' => date('Y-m-d H:i:s'),
+			':modified' => date('Y-m-d H:i:s'),
+			':active' => $active
+		));
+
+		$stmt = $pdo->prepare("INSERT INTO `quota2` (`username`, `bytes`, `messages`)
+			VALUES (:username, '0', '0')");
+		$stmt->execute(array(':username' => $username));
+
+		$stmt = $pdo->prepare("INSERT INTO `alias` (`address`, `goto`, `domain`, `created`, `modified`, `active`)
+			VALUES (:username1, :username2, :domain, :created, :modified, :active)");
+		$stmt->execute(array(
+			':username1' => $username,
+			':username2' => $username,
+			':domain' => $domain,
+			':created' => date('Y-m-d H:i:s'),
+			':modified' => date('Y-m-d H:i:s'),
+			':active' => $active
+		));
+
+		$_SESSION['return'] = array(
+			'type' => 'success',
+			'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username))
+		);
+	}
+	catch (PDOException $e) {
+    mailbox_delete_mailbox(array('address' => $username));
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+}
+function mailbox_edit_alias_domain($postarray) {
+  // Array elements
+  // active             int
+  // alias_domain_now   string
+  // alias_domain       string
+	global $lang;
+	global $pdo;
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	$alias_domain       = idn_to_ascii(strtolower(trim($postarray['alias_domain'])));
+	$alias_domain_now   = strtolower(trim($postarray['alias_domain_now']));
+	if (!is_valid_domain_name($alias_domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
+		);
+		return false;
+	}
+
+	if (!is_valid_domain_name($alias_domain_now)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['alias_domain_invalid'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
+				WHERE `alias_domain`= :alias_domain_now");
+		$stmt->execute(array(':alias_domain_now' => $alias_domain_now));
+		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
+		WHERE `target_domain`= :alias_domain");
+		$stmt->execute(array(':alias_domain' => $alias_domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	if ($num_results != 0) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['aliasd_targetd_identical'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("UPDATE `alias_domain` SET `alias_domain` = :alias_domain, `active` = :active WHERE `alias_domain` = :alias_domain_now");
+		$stmt->execute(array(
+			':alias_domain' => $alias_domain,
+			':alias_domain_now' => $alias_domain_now,
+			':active' => $active
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['aliasd_modified'], htmlspecialchars($alias_domain))
+	);
+}
+function mailbox_edit_alias($postarray) {
+  // Array elements
+  // address            string
+  // goto               string    (separated by " ", "," ";" "\n") - email address or domain
+  // active             int
+	global $lang;
+	global $pdo;
+	$address      = $postarray['address'];
+	$domain       = idn_to_ascii(substr(strstr($address, '@'), 1));
+	$local_part   = strstr($address, '@', true);
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	if (empty($postarray['goto'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['goto_empty'])
+		);
+		return false;
+	}
+	$gotos = array_map('trim', preg_split( "/( |,|;|\n)/", $postarray['goto']));
+	foreach ($gotos as &$goto) {
+		if (empty($goto)) {
+			continue;
+		}
+		if (!filter_var($goto, FILTER_VALIDATE_EMAIL)) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' =>sprintf($lang['danger']['goto_invalid'])
+			);
+			return false;
+		}
+		if ($goto == $address) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['alias_goto_identical'])
+			);
+			return false;
+		}
+	}
+	$gotos = array_filter($gotos);
+	$goto = implode(",", $gotos);
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	if ((!filter_var($address, FILTER_VALIDATE_EMAIL) === true) && !empty($local_part)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['alias_invalid'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto, `active`= :active WHERE `address` = :address");
+		$stmt->execute(array(
+			':goto' => $goto,
+			':active' => $active,
+			':address' => $address
+		));
+		$_SESSION['return'] = array(
+			'type' => 'success',
+		'msg' => sprintf($lang['success']['alias_modified'], htmlspecialchars($address))
+		);
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+}
+function mailbox_edit_domain($postarray) {
+  // Array elements
+  // domain                 string
+  // description            string
+  // active                 int
+  // relay_all_recipients   int
+  // backupmx               int
+  // aliases                float
+  // mailboxes              float
+  // maxquota               float
+  // quota                  float     (Byte)
+  // active                 int
+
+	global $lang;
+	global $pdo;
+  
+  $domain       = idn_to_ascii($postarray['domain']);
+	if (!is_valid_domain_name($domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+
+	if ($_SESSION['mailcow_cc_role'] == "domainadmin" && 	hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    $description  = $postarray['description'];
+    isset($postarray['active']) ? $active = '1' : $active = '0';
+    try {
+      $stmt = $pdo->prepare("UPDATE `domain` SET 
+      `modified`= :modified,
+      `description` = :description
+        WHERE `domain` = :domain");
+      $stmt->execute(array(
+        ':modified' => date('Y-m-d H:i:s'),
+        ':description' => $description,
+        ':domain' => $domain
+      ));
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain))
+      );
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+  elseif ($_SESSION['mailcow_cc_role'] == "admin") {
+    $description  = $postarray['description'];
+    isset($postarray['active']) ? $active = '1' : $active = '0';
+    $aliases		= filter_var($postarray['aliases'], FILTER_SANITIZE_NUMBER_FLOAT);
+    $mailboxes  = filter_var($postarray['mailboxes'], FILTER_SANITIZE_NUMBER_FLOAT);
+    $maxquota		= filter_var($postarray['maxquota'], FILTER_SANITIZE_NUMBER_FLOAT);
+    $quota			= filter_var($postarray['quota'], FILTER_SANITIZE_NUMBER_FLOAT);
+    isset($postarray['relay_all_recipients']) ? $relay_all_recipients = '1' : $relay_all_recipients = '0';
+    isset($postarray['backupmx']) ? $backupmx = '1' : $backupmx = '0';
+    isset($postarray['relay_all_recipients']) ? $backupmx = '1' : true;
+    try {
+      // GET MAILBOX DATA
+      $stmt = $pdo->prepare("SELECT 
+          COUNT(*) AS count,
+          MAX(COALESCE(ROUND(`quota`/1048576), 0)) AS `maxquota`,
+          COALESCE(ROUND(SUM(`quota`)/1048576), 0) AS `quota`
+            FROM `mailbox`
+              WHERE domain= :domain");
+      $stmt->execute(array(':domain' => $domain));
+      $MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
+      // GET ALIAS DATA
+      $stmt = $pdo->prepare("SELECT COUNT(*) AS `count` FROM `alias`
+          WHERE domain = :domain
+          AND address NOT IN (
+            SELECT `username` FROM `mailbox`
+          )");
+      $stmt->execute(array(':domain' => $domain));
+      $AliasData = $stmt->fetch(PDO::FETCH_ASSOC);
+    }
+    catch(PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+
+    if ($maxquota > $quota) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['mailbox_quota_exceeds_domain_quota'])
+      );
+      return false;
+    }
+
+    if ($MailboxData['maxquota'] > $maxquota) {
+      echo $MailboxData['maxquota'];
+      die();
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['max_quota_in_use'], $MailboxData['maxquota'])
+      );
+      return false;
+    }
+
+    if ($MailboxData['quota'] > $quota) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['domain_quota_m_in_use'], $MailboxData['quota'])
+      );
+      return false;
+    }
+
+    if ($MailboxData['count'] > $mailboxes) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['mailboxes_in_use'], $MailboxData['count'])
+      );
+      return false;
+    }
+
+    if ($AliasData['count'] > $aliases) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['aliases_in_use'], $AliasData['count'])
+      );
+      return false;
+    }
+    try {
+      $stmt = $pdo->prepare("UPDATE `domain` SET 
+      `modified`= :modified,
+      `relay_all_recipients` = :relay_all_recipients,
+      `backupmx` = :backupmx,
+      `active` = :active,
+      `quota` = :quota,
+      `maxquota` = :maxquota,
+      `mailboxes` = :mailboxes,
+      `aliases` = :aliases,
+      `description` = :description
+        WHERE `domain` = :domain");
+      $stmt->execute(array(
+        ':relay_all_recipients' => $relay_all_recipients,
+        ':backupmx' => $backupmx,
+        ':active' => $active,
+        ':quota' => $quota,
+        ':maxquota' => $maxquota,
+        ':mailboxes' => $mailboxes,
+        ':aliases' => $aliases,
+        ':modified' => date('Y-m-d H:i:s'),
+        ':description' => $description,
+        ':domain' => $domain
+      ));
+      $_SESSION['return'] = array(
+        'type' => 'success',
+        'msg' => sprintf($lang['success']['domain_modified'], htmlspecialchars($domain))
+      );
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+}
+function mailbox_edit_mailbox($postarray) {
+	global $lang;
+	global $pdo;
+	isset($postarray['active']) ? $active = '1' : $active = '0';
+	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['username_invalid'])
+		);
+		return false;
+	}
+	$quota_m      = $postarray['quota'];
+	$quota_b      = $quota_m*1048576;
+	$username     = $postarray['username'];
+	$name         = $postarray['name'];
+	$password     = $postarray['password'];
+	$password2    = $postarray['password2'];
+
+	try {
+		$stmt = $pdo->prepare("SELECT `domain`
+			FROM `mailbox`
+				WHERE username = :username");
+		$stmt->execute(array(':username' => $username));
+		$MailboxData1 = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		$stmt = $pdo->prepare("SELECT 
+			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_now`
+				FROM `mailbox`
+					WHERE `username` = :username");
+		$stmt->execute(array(':username' => $username));
+		$MailboxData2 = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		$stmt = $pdo->prepare("SELECT 
+			COALESCE(ROUND(SUM(`quota`)/1048576), 0) as `quota_m_in_use`
+				FROM `mailbox`
+					WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $MailboxData1['domain']));
+		$MailboxData3 = $stmt->fetch(PDO::FETCH_ASSOC);
+
+		$stmt = $pdo->prepare("SELECT `quota`, `maxquota`
+			FROM `domain`
+				WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $MailboxData1['domain']));
+		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $MailboxData1['domain'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	if (!is_numeric($quota_m) || $quota_m == "0") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['quota_not_0_not_numeric'], htmlspecialchars($quota_m))
+		);
+		return false;
+	}
+	if ($quota_m > $DomainData['maxquota']) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_quota_exceeded'], $DomainData['maxquota'])
+		);
+		return false;
+	}
+	if (($MailboxData3['quota_m_in_use'] - $MailboxData2['quota_m_now'] + $quota_m) > $DomainData['quota']) {
+		$quota_left_m = ($DomainData['quota'] - $MailboxData3['quota_m_in_use'] + $MailboxData2['quota_m_now']);
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['mailbox_quota_left_exceeded'], $quota_left_m)
+		);
+		return false;
+	}
+
+  // Get sender_acl items set by admin
+  $sender_acl_admin = array_merge(
+    mailbox_get_sender_acl_handles($username)['sender_acl_domains']['ro'],
+    mailbox_get_sender_acl_handles($username)['sender_acl_addresses']['ro']
+  );
+
+  // Get sender_acl items from POST array
+  (isset($postarray['sender_acl'])) ? $sender_acl_domain_admin = $postarray['sender_acl'] : $sender_acl_domain_admin = array();
+
+	if (!empty($sender_acl_domain_admin) || !empty($sender_acl_admin)) {
+    // Check items in POST array
+		foreach ($sender_acl_domain_admin as $sender_acl) {
+			if (!filter_var($sender_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name(ltrim($sender_acl, '@'))) {
+					$_SESSION['return'] = array(
+						'type' => 'danger',
+						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
+					);
+					return false;
+			}
+      if (is_valid_domain_name(ltrim($sender_acl, '@'))) {
+        if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], ltrim($sender_acl, '@'))) {
+					$_SESSION['return'] = array(
+						'type' => 'danger',
+						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
+					);
+					return false;
+        }
+      }
+			if (filter_var($sender_acl, FILTER_VALIDATE_EMAIL)) {
+        if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $sender_acl)) {
+					$_SESSION['return'] = array(
+						'type' => 'danger',
+						'msg' => sprintf($lang['danger']['sender_acl_invalid'])
+					);
+					return false;
+        }
+      }
+    }
+
+    // Merge both arrays
+    $sender_acl_merged = array_merge($sender_acl_domain_admin, $sender_acl_admin);
+
+    try {
+      $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+
+		foreach ($sender_acl_merged as $sender_acl) {
+      $domain = ltrim($sender_acl, '@');
+      if (is_valid_domain_name($domain)) {
+        $sender_acl = '@' . $domain;
+      }
+			try {
+				$stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`)
+					VALUES (:sender_acl, :username)");
+				$stmt->execute(array(
+					':sender_acl' => $sender_acl,
+					':username' => $username
+				));
+			}
+			catch (PDOException $e) {
+				$_SESSION['return'] = array(
+					'type' => 'danger',
+					'msg' => 'MySQL: '.$e
+				);
+				return false;
+			}
+		}
+	}
+  else {
+    try {
+      $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
+      $stmt->execute(array(
+        ':username' => $username
+      ));
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+	if (!empty($password) && !empty($password2)) {
+		if ($password != $password2) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => sprintf($lang['danger']['password_mismatch'])
+			);
+			return false;
+		}
+		$password_hashed = hash_password($password);
+		try {
+			$stmt = $pdo->prepare("UPDATE `alias` SET
+					`modified` = :modified,
+					`active` = :active
+						WHERE `address` = :address");
+			$stmt->execute(array(
+				':address' => $username,
+				':modified' => date('Y-m-d H:i:s'),
+				':active' => $active
+			));
+			$stmt = $pdo->prepare("UPDATE `mailbox` SET
+					`modified` = :modified,
+					`active` = :active,
+					`password` = :password_hashed,
+					`name`= :name,
+					`quota` = :quota_b
+						WHERE `username` = :username");
+			$stmt->execute(array(
+				':modified' => date('Y-m-d H:i:s'),
+				':password_hashed' => $password_hashed,
+				':active' => $active,
+				':name' => $name,
+				':quota_b' => $quota_b,
+				':username' => $username
+			));
+			$_SESSION['return'] = array(
+				'type' => 'success',
+				'msg' => sprintf($lang['success']['mailbox_modified'], $username)
+			);
+			return true;
+		}
+		catch (PDOException $e) {
+			$_SESSION['return'] = array(
+				'type' => 'danger',
+				'msg' => 'MySQL: '.$e
+			);
+			return false;
+		}
+	}
+	try {
+		$stmt = $pdo->prepare("UPDATE `alias` SET
+				`modified` = :modified,
+				`active` = :active
+					WHERE `address` = :address");
+		$stmt->execute(array(
+			':address' => $username,
+			':modified' => date('Y-m-d H:i:s'),
+			':active' => $active
+		));
+		$stmt = $pdo->prepare("UPDATE `mailbox` SET
+				`modified` = :modified,
+				`active` = :active,
+				`name`= :name,
+				`quota` = :quota_b
+					WHERE `username` = :username");
+		$stmt->execute(array(
+			':active' => $active,
+			':modified' => date('Y-m-d H:i:s'),
+			':name' => $name,
+			':quota_b' => $quota_b,
+			':username' => $username
+		));
+		$_SESSION['return'] = array(
+			'type' => 'success',
+			'msg' => sprintf($lang['success']['mailbox_modified'], $username)
+		);
+		return true;
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+}
+function mailbox_get_mailboxes($domain = null) {
+	global $lang;
+	global $pdo;
+  $mailboxes = array();
+	if (isset($domain) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+  elseif (isset($domain) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    try {
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `domain` != 'ALL' AND `domain` = :domain");
+      $stmt->execute(array(
+        ':domain' => $domain,
+      ));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $mailboxes[] = $row['username'];
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+  else {
+    try {
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role");
+      $stmt->execute(array(
+        ':username' => $_SESSION['mailcow_cc_username'],
+        ':role' => $_SESSION['mailcow_cc_role'],
+      ));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $mailboxes[] = $row['username'];
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+  return $mailboxes;
+}
+function mailbox_get_alias_domains($domain = null) {
+  // Get all domains assigned to mailcow_cc_username or domain, if set
+  // Domain admin needs to be active
+  // Domain does not need to be active
+	global $lang;
+	global $pdo;
+  $aliasdomains = array();
+	if (isset($domain) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+  }
+  elseif (isset($domain) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+    try {
+      $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain");
+      $stmt->execute(array(
+        ':domain' => $domain,
+      ));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $aliasdomains[] = $row['alias_domain'];
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+	else {
+    try {
+      $stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` IN (SELECT `domain` FROM `domain_admins` WHERE `active` = '1' AND `username` = :username) OR 'admin' = :role");
+      $stmt->execute(array(
+        ':username' => $_SESSION['mailcow_cc_username'],
+        ':role' => $_SESSION['mailcow_cc_role'],
+      ));
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      while($row = array_shift($rows)) {
+        $aliasdomains[] = $row['alias_domain'];
+      }
+    }
+    catch (PDOException $e) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => 'MySQL: '.$e
+      );
+      return false;
+    }
+  }
+  return $aliasdomains;
+}
+function mailbox_get_aliases($domain) {
+	global $lang;
+	global $pdo;
+  $aliases = array();
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+  try {
+    $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain");
+    $stmt->execute(array(
+      ':domain' => $domain,
+    ));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while($row = array_shift($rows)) {
+      $aliases[] = $row['address'];
+    }
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  return $aliases;
+}
+function mailbox_get_alias_details($address) {
+	global $lang;
+	global $pdo;
+  $aliasdata = array();
+  try {
+    $stmt = $pdo->prepare("SELECT
+      `domain`,
+      `goto`,
+      `address`,
+      `active` as `active_int`,
+      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
+      `created`,
+      `modified`
+        FROM `alias`
+            WHERE `address` = :address AND `address` != `goto`");
+    $stmt->execute(array(
+      ':address' => $address,
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $aliasdata['domain'] = $row['domain'];
+    $aliasdata['goto'] = $row['goto'];
+    $aliasdata['address'] = $row['address'];
+    (!filter_var($aliasdata['address'], FILTER_VALIDATE_EMAIL)) ? $aliasdata['is_catch_all'] = 1 : $aliasdata['is_catch_all'] = 0;
+    $aliasdata['active'] = $row['active'];
+    $aliasdata['active_int'] = $row['active_int'];
+    $aliasdata['created'] = $row['created'];
+    $aliasdata['modified'] = $row['modified'];
+    if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) {
+      $_SESSION['return'] = array(
+        'type' => 'danger',
+        'msg' => sprintf($lang['danger']['access_denied'])
+      );
+      return false;
+    }
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  return $aliasdata;
+}
+function mailbox_get_alias_domain_details($aliasdomain) {
+	global $lang;
+	global $pdo;
+  $aliasdomaindata = array();
+  try {
+    $stmt = $pdo->prepare("SELECT
+      `alias_domain`,
+      `target_domain`,
+      `active` AS `active_int`,
+      CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
+      `created`,
+      `modified`
+        FROM `alias_domain`
+            WHERE `alias_domain` = :aliasdomain");
+    $stmt->execute(array(
+      ':aliasdomain' => $aliasdomain,
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $aliasdomaindata['alias_domain'] = $row['alias_domain'];
+    $aliasdomaindata['target_domain'] = $row['target_domain'];
+    $aliasdomaindata['active'] = $row['active'];
+    $aliasdomaindata['active_int'] = $row['active_int'];
+    $aliasdomaindata['created'] = $row['created'];
+    $aliasdomaindata['modified'] = $row['modified'];
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdomaindata['target_domain'])) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  return $aliasdomaindata;
+}
+function mailbox_get_domains() {
+  // Get all domains assigned to mailcow_cc_username
+  // Domain admin needs to be active
+  // Domain does not need to be active
+	global $lang;
+	global $pdo;
+
+  try {
+    $domains = array();
+    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      WHERE (`domain` IN (
+        SELECT `domain` from `domain_admins`
+          WHERE (`active`='1' AND `username` = :username))
+        )
+        OR ('admin'= :role)
+        AND `domain` != 'ALL'");
+    $stmt->execute(array(
+      ':username' => $_SESSION['mailcow_cc_username'],
+      ':role' => $_SESSION['mailcow_cc_role'],
+    ));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while($row = array_shift($rows)) {
+      $domains[] = $row['domain'];
+    }
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  return $domains;
+}
+function mailbox_get_domain_details($domain) {
+	global $lang;
+	global $pdo;
+
+  $domaindata = array();
+	$domain = idn_to_ascii(strtolower(trim($domain)));
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+  try {
+    $stmt = $pdo->prepare("SELECT 
+        `domain`,
+        `description`,
+        `aliases`,
+        `mailboxes`, 
+        `maxquota`,
+        `quota`,
+        `relay_all_recipients` as `relay_all_recipients_int`,
+        `backupmx` as `backupmx_int`,
+        `active` as `active_int`,
+        CASE `relay_all_recipients` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `relay_all_recipients`,
+        CASE `backupmx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `backupmx`,
+        CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
+          FROM `domain` WHERE `domain`= :domain");
+    $stmt->execute(array(
+      ':domain' => $domain,
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `domain` = :domain");
+    $stmt->execute(array(':domain' => $row['domain']));
+    $MailboxDataDomain	= $stmt->fetch(PDO::FETCH_ASSOC);
+
+    $domaindata['max_new_mailbox_quota']	= ($row['quota'] * 1048576) - $MailboxDataDomain['in_use'];
+    if ($domaindata['max_new_mailbox_quota'] > ($row['maxquota'] * 1048576)) {
+      $domaindata['max_new_mailbox_quota'] = ($row['maxquota'] * 1048576);
+    }
+    $domaindata['quota_used_in_domain'] = $MailboxDataDomain['in_use'];
+    $domaindata['mboxes_in_domain'] = $MailboxDataDomain['count'];
+    $domaindata['mboxes_left'] = $row['mailboxes']	- $MailboxDataDomain['count'];
+    $domaindata['domain_name'] = $row['domain'];
+    $domaindata['description'] = $row['description'];
+    $domaindata['max_num_aliases_for_domain'] = $row['aliases'];
+    $domaindata['max_num_mboxes_for_domain'] = $row['mailboxes'];
+    $domaindata['max_quota_for_mbox'] = $row['maxquota'] * 1048576;
+    $domaindata['max_quota_for_domain'] = $row['quota'] * 1048576;
+    $domaindata['backupmx'] = $row['backupmx'];
+    $domaindata['backupmx_int'] = $row['backupmx_int'];
+    $domaindata['active'] = $row['active'];
+    $domaindata['active_int'] = $row['active_int'];
+    $domaindata['relay_all_recipients'] = $row['relay_all_recipients'];
+    $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients_int'];
+
+    $stmt = $pdo->prepare("SELECT COUNT(*) AS `alias_count` FROM `alias`
+      WHERE `domain`= :domain
+        AND `address` NOT IN (
+          SELECT `username` FROM `mailbox`
+        )");
+    $stmt->execute(array(
+      ':domain' => $domain,
+    ));
+    $AliasData = $stmt->fetch(PDO::FETCH_ASSOC);
+    (isset($AliasData['alias_count'])) ? $domaindata['aliases_in_domain'] = $AliasData['alias_count'] : $domaindata['aliases_in_domain'] = "0";
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+
+  return $domaindata;
+}
+function mailbox_get_mailbox_details($mailbox) {
+	global $lang;
+	global $pdo;
+  $mailboxdata = array();
+  try {
+    $stmt = $pdo->prepare("SELECT
+        `domain`.`backupmx`,
+        `mailbox`.`username`,
+        `mailbox`.`name`,
+        `mailbox`.`active` AS `active_int`,
+        CASE `mailbox`.`active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
+        `mailbox`.`domain`,
+        `mailbox`.`quota`,
+        `quota2`.`bytes`,
+        `quota2`.`messages`
+          FROM `mailbox`, `quota2`, `domain`
+            WHERE `mailbox`.`username` = `quota2`.`username` AND `domain`.`domain` = `mailbox`.`domain` AND `mailbox`.`username` = :mailbox");
+    $stmt->execute(array(
+      ':mailbox' => $mailbox,
+    ));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    $stmt = $pdo->prepare("SELECT `maxquota`, `quota` FROM  `domain` WHERE `domain` = :domain");
+    $stmt->execute(array(':domain' => $row['domain']));
+    $DomainQuota  = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    $stmt = $pdo->prepare("SELECT COUNT(*) AS `count`, COALESCE(SUM(`quota`), 0) as `in_use` FROM `mailbox` WHERE `domain` = :domain AND `username` != :username");
+    $stmt->execute(array(':domain' => $row['domain'], ':username' => $row['username']));
+    $MailboxUsage	= $stmt->fetch(PDO::FETCH_ASSOC);
+
+    $mailboxdata['max_new_quota'] = ($DomainQuota['quota'] * 1048576) - $MailboxUsage['in_use'];
+    if ($mailboxdata['max_new_quota'] > ($DomainQuota['maxquota'] * 1048576)) {
+      $mailboxdata['max_new_quota'] = ($DomainQuota['maxquota'] * 1048576);
+    }
+
+    $mailboxdata['username'] = $row['username'];
+    $mailboxdata['is_relayed'] = $row['backupmx'];
+    $mailboxdata['name'] = $row['name'];
+    $mailboxdata['active'] = $row['active'];
+    $mailboxdata['active_int'] = $row['active_int'];
+    $mailboxdata['domain'] = $row['domain'];
+    $mailboxdata['quota'] = $row['quota'];
+    $mailboxdata['quota_used'] = intval($row['bytes']);
+    $mailboxdata['percent_in_use'] = round((intval($row['bytes']) / intval($row['quota'])) * 100);
+    $mailboxdata['messages'] = $row['messages'];
+    if ($mailboxdata['percent_in_use'] >= 90) {
+      $mailboxdata['percent_class'] = "danger";
+    }
+    elseif ($mailboxdata['percent_in_use'] >= 75) {
+      $mailboxdata['percent_class'] = "warning";
+    }
+    else {
+      $mailboxdata['percent_class'] = "success";
+    }
+  }
+  catch (PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  if (!isset($mailboxdata['domain']) ||
+    (isset($mailboxdata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailboxdata['domain']))) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+  }
+  
+  return $mailboxdata;
+}
+function mailbox_delete_domain($postarray) {
+	global $lang;
+	global $pdo;
+	$domain = $postarray['domain'];
+	if ($_SESSION['mailcow_cc_role'] != "admin") {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	if (!is_valid_domain_name($domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+	$domain	= strtolower(trim($domain));
+
+
+	try {
+		$stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+			WHERE `domain` = :domain");
+		$stmt->execute(array(':domain' => $domain));
+		$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	if ($num_results != 0 || !empty($num_results)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_not_empty'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `domain` WHERE `domain` = :domain");
+		$stmt->execute(array(
+			':domain' => $domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `domain` = :domain");
+		$stmt->execute(array(
+			':domain' => $domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :domain");
+		$stmt->execute(array(
+			':domain' => $domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `target_domain` = :domain");
+		$stmt->execute(array(
+			':domain' => $domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `domain` = :domain");
+		$stmt->execute(array(
+			':domain' => $domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` LIKE :domain");
+		$stmt->execute(array(
+			':domain' => '%@'.$domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :domain");
+		$stmt->execute(array(
+			':domain' => '%@'.$domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `address` = :domain");
+		$stmt->execute(array(
+			':domain' => '%@'.$domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :domain");
+		$stmt->execute(array(
+			':domain' => '%@'.$domain,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['domain_removed'], htmlspecialchars($domain))
+	);
+	return true;
+}
+function mailbox_delete_alias($postarray) {
+	global $lang;
+	global $pdo;
+	$address		= $postarray['address'];
+	$local_part		= strstr($address, '@', true);
+  $domain = mailbox_get_alias_details($address)['domain'];
+	try {
+		$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :address");
+		$stmt->execute(array(':address' => $address));
+		$gotos = $stmt->fetch(PDO::FETCH_ASSOC);
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$goto_array = explode(',', $gotos['goto']);
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `address` = :address AND `address` NOT IN (SELECT `username` FROM `mailbox`)");
+		$stmt->execute(array(
+			':address' => $address
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['alias_removed'], htmlspecialchars($address))
+	);
+
+}
+function mailbox_delete_alias_domain($postarray) {
+	global $lang;
+	global $pdo;
+	if (!is_valid_domain_name($postarray['alias_domain'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['domain_invalid'])
+		);
+		return false;
+	}
+	$alias_domain = $postarray['alias_domain'];
+	try {
+		$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`
+			WHERE `alias_domain`= :alias_domain");
+		$stmt->execute(array(':alias_domain' => $alias_domain));
+		$DomainData = $stmt->fetch(PDO::FETCH_ASSOC);
+	}
+	catch(PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `alias_domain` WHERE `alias_domain` = :alias_domain");
+		$stmt->execute(array(
+			':alias_domain' => $alias_domain,
+		));
+		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `domain` = :alias_domain");
+		$stmt->execute(array(
+			':alias_domain' => $alias_domain,
+		));
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['alias_domain_removed'], htmlspecialchars($alias_domain))
+	);
+}
+function mailbox_delete_mailbox($postarray) {
+	global $lang;
+	global $pdo;
+	$username	= $postarray['username'];
+  $domain = mailbox_get_mailbox_details($username)['domain'];
+	if (!filter_var($postarray['username'], FILTER_VALIDATE_EMAIL)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+	if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => sprintf($lang['danger']['access_denied'])
+		);
+		return false;
+	}
+
+	try {
+		$stmt = $pdo->prepare("DELETE FROM `alias` WHERE `goto` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `quota2` WHERE `username` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `mailbox` WHERE `username` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `logged_in_as` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `spamalias` WHERE `goto` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `imapsync` WHERE `user2` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("DELETE FROM `filterconf` WHERE `object` = :username");
+		$stmt->execute(array(
+			':username' => $username
+		));
+		$stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias`
+				WHERE `goto` LIKE :username");
+		$stmt->execute(array(':username' => '%'.$username.'%'));
+		$GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC);
+		foreach ($GotoData as $gotos) {
+			$goto_exploded = explode(',', $gotos['goto']);
+			if (($key = array_search($username, $goto_exploded)) !== false) {
+				unset($goto_exploded[$key]);
+			}
+			$gotos_rebuild = implode(',', $goto_exploded);
+			$stmt = $pdo->prepare("UPDATE `alias` SET `goto` = :goto WHERE `address` = :address");
+			$stmt->execute(array(
+				':goto' => $gotos_rebuild,
+				':address' => $gotos['address']
+			));
+		}
+	}
+	catch (PDOException $e) {
+		$_SESSION['return'] = array(
+			'type' => 'danger',
+			'msg' => 'MySQL: '.$e
+		);
+		return false;
+	}
+	$_SESSION['return'] = array(
+		'type' => 'success',
+		'msg' => sprintf($lang['success']['mailbox_removed'], htmlspecialchars($username))
+	);
+}
+function mailbox_get_sender_acl_handles($mailbox) {
+	global $pdo;
+	global $lang;
+	if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => sprintf($lang['danger']['access_denied'])
+    );
+    return false;
+	}
+
+  $data['sender_acl_domains']['ro']               = array();
+  $data['sender_acl_domains']['rw']               = array();
+  $data['sender_acl_domains']['selectable']       = array();
+  $data['sender_acl_addresses']['ro']             = array();
+  $data['sender_acl_addresses']['rw']             = array();
+  $data['sender_acl_addresses']['selectable']     = array();
+  $data['fixed_sender_aliases']                   = array();
+  
+  try {
+    $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :goto AND `address` NOT LIKE '@%'");
+    $stmt->execute(array(':goto' => $mailbox));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while ($row = array_shift($rows)) {
+      $data['fixed_sender_aliases'][] = $row['address'];
+    }
+
+    // Return array $data['sender_acl_domains/addresses']['ro'] with read-only objects
+    // Return array $data['sender_acl_domains/addresses']['rw'] with read-write objects (can be deleted)
+    $stmt = $pdo->prepare("SELECT REPLACE(`send_as`, '@', '') AS `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` LIKE '@%'");
+    $stmt->execute(array(':logged_in_as' => $mailbox));
+    $domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while ($domain_row = array_shift($domain_rows)) {
+      if (is_valid_domain_name($domain_row['send_as']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) {
+        $data['sender_acl_domains']['ro'][] = $domain_row['send_as'];
+        continue;
+      }
+      if (is_valid_domain_name($domain_row['send_as']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain_row['send_as'])) {
+        $data['sender_acl_domains']['rw'][] = $domain_row['send_as'];
+        continue;
+      }
+    }
+
+    $stmt = $pdo->prepare("SELECT `send_as` FROM `sender_acl` WHERE `logged_in_as` = :logged_in_as AND `send_as` NOT LIKE '@%'");
+    $stmt->execute(array(':logged_in_as' => $mailbox));
+    $address_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while ($address_row = array_shift($address_rows)) {
+      if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
+        $data['sender_acl_addresses']['ro'][] = $address_row['send_as'];
+        continue;
+      }
+      if (filter_var($address_row['send_as'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $address_row['send_as'])) {
+        $data['sender_acl_addresses']['rw'][] = $address_row['send_as'];
+        continue;
+      }
+    }
+
+    $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      WHERE `domain` NOT IN (
+        SELECT REPLACE(`send_as`, '@', '') FROM `sender_acl` 
+          WHERE `logged_in_as` = :logged_in_as
+            AND `send_as` LIKE '@%')");
+    $stmt->execute(array(
+      ':logged_in_as' => $mailbox,
+    ));
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    while ($row = array_shift($rows)) {
+      if (is_valid_domain_name($row['domain']) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['domain'])) {
+        $data['sender_acl_domains']['selectable'][] = $row['domain'];
+      }
+    }
+
+    $stmt = $pdo->prepare("SELECT `address` FROM `alias`
+      WHERE `goto` != :goto
+        AND `address` NOT IN (
+          SELECT `send_as` FROM `sender_acl` 
+            WHERE `logged_in_as` = :logged_in_as
+              AND `send_as` NOT LIKE '@%')");
+    $stmt->execute(array(
+      ':logged_in_as' => $mailbox,
+      ':goto' => $mailbox
+    ));
+    while ($row = array_shift($rows)) {
+      if (filter_var($row['address'], FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['address'])) {
+        $data['sender_acl_addresses']['selectable'][] = $row['address'];
+      }
+    }
+  }
+  catch(PDOException $e) {
+    $_SESSION['return'] = array(
+      'type' => 'danger',
+      'msg' => 'MySQL: '.$e
+    );
+    return false;
+  }
+  return $data;
+}
\ No newline at end of file
diff --git a/data/web/inc/triggers.inc.php b/data/web/inc/triggers.inc.php
index 1d52ceb7..c5e274fb 100644
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -39,64 +39,64 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
       }
     }
   }
-	if (isset($_POST["trigger_set_admin"])) {
+  
+	if (isset($_POST["set_admin_account"])) {
 		set_admin_account($_POST);
 	}
-	if (isset($_POST["delete_dkim_record"])) {
-		dkim_table("delete", $_POST);
+	if (isset($_POST["dkim_delete_key"])) {
+		dkim_delete_key($_POST);
 	}
-	if (isset($_POST["add_dkim_record"])) {
-		dkim_table("add", $_POST);
+	if (isset($_POST["dkim_add_key"])) {
+		dkim_add_key($_POST);
 	}
-	if (isset($_POST["trigger_add_domain_admin"])) {
+	if (isset($_POST["add_domain_admin"])) {
 		add_domain_admin($_POST);
 	}
-	if (isset($_POST["trigger_delete_domain_admin"])) {
+	if (isset($_POST["delete_domain_admin"])) {
 		delete_domain_admin($_POST);
 	}
-	if (isset($_POST["trigger_edit_domain_admin"])) {
+	if (isset($_POST["edit_domain_admin"])) {
 		edit_domain_admin($_POST);
 	}
 }
 if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "user") {
-	if (isset($_POST["trigger_set_user_account"])) {
-		set_user_account($_POST);
+	if (isset($_POST["edit_user_account"])) {
+		edit_user_account($_POST);
 	}
-	if (isset($_POST["trigger_set_spam_score"])) {
-		set_spam_score($_POST);
+	if (isset($_POST["edit_spam_score"])) {
+		edit_spam_score($_POST);
 	}
-	if (isset($_POST["trigger_set_tagging_options"])) {
-		tagging_options('set', $_POST);
+	if (isset($_POST["edit_delimiter_action"])) {
+		edit_delimiter_action($_POST);
 	}
-	if (isset($_POST["trigger_set_policy_list"])) {
-		set_policy_list($_POST);
+	if (isset($_POST["add_policy_list_item"])) {
+		add_policy_list_item($_POST);
 	}
-	if (isset($_POST["trigger_set_tls_policy"])) {
-		set_tls_policy($_POST);
+	if (isset($_POST["delete_policy_list_item"])) {
+		delete_policy_list_item($_POST);
 	}
-	if (isset($_POST["trigger_add_syncjob"])) {
-		set_syncjob($_POST, "add");
+	if (isset($_POST["edit_tls_policy"])) {
+		edit_tls_policy($_POST);
 	}
-	if (isset($_POST["trigger_edit_syncjob"])) {
-		set_syncjob($_POST, "edit");
+	if (isset($_POST["add_syncjob"])) {
+		add_syncjob($_POST);
 	}
-	if (isset($_POST["trigger_delete_syncjob"])) {
-		set_syncjob($_POST, "delete");
+	if (isset($_POST["edit_syncjob"])) {
+		edit_syncjob($_POST);
+	}
+	if (isset($_POST["delete_syncjob"])) {
+		delete_syncjob($_POST);
 	}
 	if (isset($_POST["trigger_set_time_limited_aliases"])) {
 		set_time_limited_aliases($_POST);
 	}
 }
 if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
-	if (isset($_GET["js"])) {
-		switch ($_GET["js"]) {
-			case "remaining_specs":
-				remaining_specs($_GET['domain'], $_GET['object'], "y");
-			break;
-		}
+	if (isset($_POST["trigger_add_policy_list_item"])) {
+		add_policy_list_item($_POST);
 	}
-	if (isset($_POST["trigger_set_policy_list"])) {
-		set_policy_list($_POST);
+	if (isset($_POST["trigger_delete_policy_list_item"])) {
+		delete_policy_list_item($_POST);
 	}
 	if (isset($_POST["trigger_mailbox_action"])) {
 		switch ($_POST["trigger_mailbox_action"]) {
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 76abf325..84073eb6 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -1,6 +1,5 @@
 <?php
-error_reporting(E_ALL);
-//error_reporting(E_ERROR | E_WARNING);
+error_reporting(E_ERROR | E_WARNING);
 
 /*
 PLEASE USE THE FILE "vars.local.inc.php" TO OVERWRITE SETTINGS AND MAKE THEM PERSISTENT!
diff --git a/data/web/js/add.js b/data/web/js/add.js
index e3089c53..1ebcdbb2 100644
--- a/data/web/js/add.js
+++ b/data/web/js/add.js
@@ -2,13 +2,15 @@ $(document).ready(function() {
 	// add.php
 	// Get max. possible quota for a domain when domain field changes
 	$('#addSelectDomain').on('change', function() {
-		$.get("add.php", { js:"remaining_specs", domain:this.value, object:"new" }, function(data){
-			if (data != '0') {
-				$("#quotaBadge").html('max. ' + data + ' MiB');
-				$('#addInputQuota').attr({"disabled": false, "value": "", "type": "number", "max": data});
+		$.get("json_api.php", { action:"get_domain_details", object:this.value }, function(data){
+      var result = jQuery.parseJSON( data );
+      max_new_mailbox_quota = ( result.max_new_mailbox_quota / 1048576);
+			if (max_new_mailbox_quota != '0') {
+				$("#quotaBadge").html('max. ' +  max_new_mailbox_quota + ' MiB');
+				$('#addInputQuota').attr({"disabled": false, "value": "", "type": "number", "max": max_new_mailbox_quota});
 			}
 			else {
-				$("#quotaBadge").html('max. ' + data + ' MiB');
+				$("#quotaBadge").html('max. ' + max_new_mailbox_quota + ' MiB');
 				$('#addInputQuota').attr({"disabled": true, "value": "", "type": "text", "value": "n/a"});
 			}
 		});
diff --git a/data/web/json_api.php b/data/web/json_api.php
new file mode 100644
index 00000000..48849acf
--- /dev/null
+++ b/data/web/json_api.php
@@ -0,0 +1,32 @@
+<?php
+require_once 'inc/prerequisites.inc.php';
+error_reporting(0);
+if (isset($_SESSION['mailcow_cc_role'])) {
+  if ($_GET['action'] && $_GET['object']) {
+    $action = $_GET['action'];
+    $object = $_GET['object'];
+    switch ($action) {
+      case "get_mailbox_details":
+        $data = mailbox_get_mailbox_details($object);
+        if (!$data || empty($data)) {
+          echo '{}';
+        }
+        else {
+          echo json_encode(mailbox_get_mailbox_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+        }
+        break;
+      case "get_domain_details":
+        $data = mailbox_get_domain_details($object);
+        if (!$data || empty($data)) {
+          echo '{}';
+        }
+        else {
+          echo json_encode(mailbox_get_domain_details($object), JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+        }
+        break;
+      default:
+        echo '{}';
+        break;
+    }
+  }
+}
\ No newline at end of file
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index b22db9c7..a8197f62 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -55,7 +55,7 @@ $lang['danger']['exit_code_not_null'] = 'Fehler: Exit-Code ist %d';
 $lang['danger']['mailbox_not_available'] = 'Mailbox nicht verfügbar';
 $lang['danger']['username_invalid'] = 'Benutzername kann nicht verwendet werden';
 $lang['danger']['password_mismatch'] = 'Passwort-Wiederholung stimmt nicht überein';
-$lang['danger']['password_complexity'] = 'Passwort entspricht nicht den Vorgaben';
+$lang['danger']['password_complexity'] = 'Passwort entspricht nicht den Vorgaben (Klein- und Großschreibung und mindestens eine Ziffer, mindestens 6 Zeichen lang)';
 $lang['danger']['password_empty'] = 'Passwort darf nicht leer sein';
 $lang['danger']['login_failed'] = 'Anmeldung fehlgeschlagen';
 $lang['danger']['mailbox_invalid'] = 'Mailboxname ist ungültig';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 8bc5d50d..c7d7415e 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -57,7 +57,7 @@ $lang['danger']['exit_code_not_null'] = "Error: Exit code was %d";
 $lang['danger']['mailbox_not_available'] = "Mailbox not available";
 $lang['danger']['username_invalid'] = "Username cannot be used";
 $lang['danger']['password_mismatch'] = "Confirmation password is not identical";
-$lang['danger']['password_complexity'] = "Password does not meet requirements";
+$lang['danger']['password_complexity'] = "Password does not meet requirements (upper and lowercase letters and at least one number, min. 6 characters long)";
 $lang['danger']['password_empty'] = "Password must not be empty";
 $lang['danger']['login_failed'] = "Login failed";
 $lang['danger']['mailbox_invalid'] = "Mailbox name is invalid";
@@ -385,7 +385,7 @@ $lang['admin']['dkim_key_length'] = 'DKIM key length (bits)';
 $lang['admin']['dkim_key_valid'] = 'Key valid';
 $lang['admin']['dkim_key_unused'] = 'Key unused';
 $lang['admin']['dkim_key_missing'] = 'Key missing';
-$lang['admin']['dkim_key_hint'] = 'Selector for DKIM keys is always dkim.';
+$lang['admin']['dkim_key_hint'] = 'Selector for DKIM keys is always <code>dkim</code>.';
 $lang['admin']['previous'] = 'Previous page';
 $lang['admin']['quota_mb'] = 'Quota (MiB):';
 $lang['admin']['sender_acl'] = 'Allow to send as:';
diff --git a/data/web/mailbox.php b/data/web/mailbox.php
index fffd8c58..d83c89dd 100644
--- a/data/web/mailbox.php
+++ b/data/web/mailbox.php
@@ -58,8 +58,8 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 							<td><?=htmlspecialchars($domaindata['domain_name']);?></td>
 							<td><?=$domaindata['aliases_in_domain'];?> / <?=$domaindata['max_num_aliases_for_domain'];?></td>
 							<td><?=$domaindata['mboxes_in_domain'];?> / <?=$domaindata['max_num_mboxes_for_domain'];?></td>
-							<td><?=$domaindata['max_quota_for_mbox'];?></td>
-							<td><?=$domaindata['quota_used_in_domain'];?> / <?=$domaindata['max_quota_for_domain'];?></td>
+							<td><?=formatBytes($domaindata['max_quota_for_mbox']);?></td>
+							<td><?=formatBytes($domaindata['quota_used_in_domain'], 2);?> / <?=formatBytes($domaindata['max_quota_for_domain'], 2);?></td>
 							<?php
 							if ($_SESSION['mailcow_cc_role'] == "admin"):
 							?>
@@ -222,7 +222,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 							<td><?=($mailboxdata['is_relayed'] == "0") ? htmlspecialchars($mailboxdata['username']) : '<span data-toggle="tooltip" title="Relayed"><i class="glyphicon glyphicon-forward"></i>' . htmlspecialchars($mailboxdata['username']) . '</span>';?></td>
 							<td><?=htmlspecialchars($mailboxdata['name'], ENT_QUOTES, 'UTF-8');?></td>
 							<td><?=htmlspecialchars($mailboxdata['domain']);?></td>
-							<td><?=$mailboxdata['quota_used'];?> / <?=$mailboxdata['quota'];?></td>
+							<td><?=formatBytes($mailboxdata['quota_used'], 2);?> / <?=formatBytes($mailboxdata['quota'], 2);?></td>
 							<td style="min-width:120px;">
 								<div class="progress">
 									<div class="progress-bar progress-bar-<?=$mailboxdata['percent_class'];?>" role="progressbar" aria-valuenow="<?=$mailboxdata['percent_in_use'];?>" aria-valuemin="0" aria-valuemax="100" style="min-width:2em;width: <?=$mailboxdata['percent_in_use'];?>%;">
@@ -293,7 +293,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 					</thead>
 					<tbody>
 					<?php
-          foreach (mailbox_get_domains() as $domain) {
+          foreach (array_merge(mailbox_get_domains(), mailbox_get_alias_domains()) as $domain) {
             $aliases = mailbox_get_aliases($domain);
             if (!empty($aliases)) {
               foreach ($aliases as $alias) {
diff --git a/data/web/user.php b/data/web/user.php
index 8697017f..32542b01 100644
--- a/data/web/user.php
+++ b/data/web/user.php
@@ -44,7 +44,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
     </div>
     <div class="form-group">
       <div class="col-sm-offset-3 col-sm-9">
-        <button type="submit" name="trigger_set_user_account" class="btn btn-success btn-default"><?=$lang['user']['save_changes'];?></button>
+        <button type="submit" name="edit_user_account" class="btn btn-success btn-default"><?=$lang['user']['save_changes'];?></button>
       </div>
     </div>
   </form>
@@ -84,11 +84,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
   <hr>
   <?php // Show tagging options ?>
   <form class="form-horizontal" role="form" method="post">
-  <?php $get_tagging_options = tagging_options('get');?>
+  <?php $get_tagging_options = get_delimiter_action()['wants_tagged_subject'];?>
   <div class="row">
     <div class="col-md-3 col-xs-5 text-right"><?=$lang['user']['tag_handling'];?>:</div>
     <div class="col-md-9 col-xs-7">
-    <input type="hidden" name="trigger_set_tagging_options" value="1">
+    <input type="hidden" name="edit_delimiter_action" value="1">
     <select name="tagged_mail_handler" class="selectpicker" onchange="this.form.submit()">
       <option value="subfolder" <?=($get_tagging_options == "0") ? 'selected' : null; ?>><?=$lang['user']['tag_in_subfolder'];?></option>
       <option value="subject" <?=($get_tagging_options == "1") ? 'selected' : null; ?>><?=$lang['user']['tag_in_subject'];?></option>
@@ -189,7 +189,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 						data-slider-range="true"
 						data-slider-tooltip='always'
 						data-slider-id="slider1"
-						data-slider-value="[<?=get_spam_score($_SESSION['mailcow_cc_username']);?>]"
+						data-slider-value="[<?=get_spam_score($username);?>]"
 						data-slider-step="1" />
 					<br /><br />
 					<ul>
@@ -203,7 +203,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 			</div>
 			<div class="form-group">
 				<div class="col-sm-offset-2 col-sm-10">
-					<button type="submit" id="trigger_set_spam_score" name="trigger_set_spam_score" class="btn btn-success"><?=$lang['user']['save_changes'];?></button>
+					<button type="submit" id="edit_spam_score" name="edit_spam_score" class="btn btn-success"><?=$lang['user']['save_changes'];?></button>
 				</div>
 			</div>
 		</form>
@@ -235,7 +235,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
               <?php
               if (filter_var($wl['object'], FILTER_VALIDATE_EMAIL)):
               ?>
-                <input type="hidden" name="trigger_set_policy_list">
+                <input type="hidden" name="delete_policy_list_item">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
               else:
@@ -259,7 +259,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 						<input type="hidden" name="object_list" value="wl">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="add_policy_list_item" name="add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>
@@ -289,7 +289,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
               if (filter_var($bl['object'], FILTER_VALIDATE_EMAIL)):
               ?>
                 <input type="hidden" name="delete_prefid" value="<?=$bl['prefid'];?>">
-                <input type="hidden" name="trigger_set_policy_list">
+                <input type="hidden" name="delete_policy_list_item">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
               else:
@@ -313,7 +313,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 						<input type="hidden" name="object_list" value="bl">
 					</div>
 					<div class="col-xs-6">
-						<button type="submit" id="trigger_set_policy_list" name="trigger_set_policy_list" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
+						<button type="submit" id="add_policy_list_item" name="add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
 					</div>
 					</form>
 				</div>
@@ -339,7 +339,7 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
 			</div>
 			<div class="form-group">
 				<div class="col-sm-12">
-					<button type="submit" id="trigger_set_tls_policy" name="trigger_set_tls_policy" class="btn btn-default"><?=$lang['user']['save_changes'];?></button>
+					<button type="submit" id="edit_tls_policy" name="edit_tls_policy" class="btn btn-default"><?=$lang['user']['save_changes'];?></button>
 				</div>
 			</div>
 		</form>
