diff --git a/data/web/inc/functions.acl.inc.php b/data/web/inc/functions.acl.inc.php
index b2fbd766..ffce9f44 100644
--- a/data/web/inc/functions.acl.inc.php
+++ b/data/web/inc/functions.acl.inc.php
@@ -136,6 +136,16 @@ function acl($_action, $_scope = null, $_data = null) {
           $stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
           $stmt->execute(array(':username' => $_data));
           $data = $stmt->fetch(PDO::FETCH_ASSOC);
+          if ($_SESSION['mailcow_cc_role'] == 'domainadmin') {
+            // Domain admins cannot see, add or remove user ACLs they don't have access to by themselves
+            // Editing a user will use acl("get", "user") to determine granted ACLs and therefore block unallowed access escalation via form editing
+            $self_da_acl = acl('get', 'domainadmin', $_SESSION['mailcow_cc_username']);
+            foreach ($self_da_acl as $self_da_acl_key => $self_da_acl_val) {
+              if ($self_da_acl_val == 0) {
+                unset($data[$self_da_acl_key]);
+              }
+            }
+          }
           if (!empty($data)) {
             unset($data['username']);
             return $data;
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index 3506c97d..e8f47111 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "16042020_2104";
+    $db_version = "19042020_1437";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -372,9 +372,9 @@ function init_db_schema() {
           "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
-          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
-          "pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
+          "pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
           // quarantine is for quarantine actions, todo: rename
           "quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
diff --git a/data/web/modals/mailbox.php b/data/web/modals/mailbox.php
index b3f4b8a5..2e00a273 100644
--- a/data/web/modals/mailbox.php
+++ b/data/web/modals/mailbox.php
@@ -448,7 +448,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
           <div class="form-group">
             <label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
             <div class="col-sm-10">
-            <input type="text" class="form-control" name="subfolder2" value="External">
+            <input type="text" class="form-control" name="subfolder2" value="">
             </div>
           </div>
           <div class="form-group">
diff --git a/data/web/modals/user.php b/data/web/modals/user.php
index 90e50a68..d61d5faf 100644
--- a/data/web/modals/user.php
+++ b/data/web/modals/user.php
@@ -60,7 +60,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
 						<div class="col-sm-10">
-						<input type="text" class="form-control" name="subfolder2" value="External">
+						<input type="text" class="form-control" name="subfolder2" value="">
 						</div>
 					</div>
 					<div class="form-group">