Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #5578 from mailcow/staging

2023-11a
Niklas Meyer 1 year ago
parent
8b784c0eb1 03aaf4ad76
commit
2024cda560
26 changed files with 657 additions and 105 deletions
Split View Show Diff Stats
  1. 3 0
      data/Dockerfiles/rspamd/docker-entrypoint.sh
  2. 17 9
      data/conf/postfix/postscreen_access.cidr
  3. 91 0
      data/conf/rspamd/dynmaps/footer.php
  4. 9 0
      data/conf/rspamd/local.d/ratelimit.conf
  5. 32 24
      data/conf/rspamd/lua/rspamd.local.lua
  6. 0 8
      data/conf/rspamd/override.d/ratelimit.conf
  7. 195 0
      data/web/api/openapi.yaml
  8. 3 0
      data/web/edit.php
  9. 148 36
      data/web/inc/functions.mailbox.inc.php
  10. 16 1
      data/web/inc/init_db.inc.php
  11. 17 0
      data/web/js/site/edit.js
  12. 12 2
      data/web/json_api.php
  13. 1 1
      data/web/lang/lang.cs-cz.json
  14. 4 0
      data/web/lang/lang.de-de.json
  15. 6 1
      data/web/lang/lang.en-gb.json
  16. 12 0
      data/web/lang/lang.fi-fi.json
  17. 10 5
      data/web/lang/lang.pt-br.json
  18. 10 4
      data/web/lang/lang.ru-ru.json
  19. 10 4
      data/web/lang/lang.uk-ua.json
  20. 1 0
      data/web/templates/edit.twig
  21. 23 5
      data/web/templates/edit/domain.twig
  22. 32 0
      data/web/templates/edit/mailbox.twig
  23. 1 1
      docker-compose.yml
  24. 2 2
      generate_config.sh
  25. 1 1
      helper-scripts/nextcloud.sh
  26. 1 1
      update.sh

+ 3 - 0
data/Dockerfiles/rspamd/docker-entrypoint.sh
View File 

@@ -79,6 +79,9 @@ EOF
 
   redis-cli -h redis-mailcow SLAVEOF NO ONE
 
 fi
 
 
+# Provide additional lua modules
 
+ln -s /usr/lib/$(uname -m)-linux-gnu/liblua5.1-cjson.so.0.0.0 /usr/lib/rspamd/cjson.so
 
+
 
 chown -R _rspamd:_rspamd /var/lib/rspamd \
 
   /etc/rspamd/local.d \
 
   /etc/rspamd/override.d \

+ 17 - 9
data/conf/postfix/postscreen_access.cidr
View File 

@@ -1,6 +1,6 @@
 
-# Whitelist generated by Postwhite v3.4 on Wed Nov  1 00:14:24 UTC 2023
 
+# Whitelist generated by Postwhite v3.4 on Fri Dec  1 00:15:18 UTC 2023
 
 # https://github.com/stevejenkins/postwhite/
 
-# 2030 total rules
 
+# 2038 total rules
 
 2a00:1450:4000::/36	permit
 
 2a01:111:f400::/48	permit
 
 2a01:111:f403:8000::/50	permit
 
@@ -10,10 +10,10 @@
 
 2a02:a60:0:5::/64	permit
 
 2c0f:fb50:4000::/36	permit
 
 2.207.151.53	permit
 
-3.14.230.16	permit
 
 3.70.123.177	permit
 
 3.93.157.0/24	permit
 
 3.129.120.190	permit
 
+3.137.78.75	permit
 
 3.210.190.0/24	permit
 
 8.20.114.31	permit
 
 8.25.194.0/23	permit
 
@@ -183,8 +183,6 @@
 
 50.18.125.237	permit
 
 50.18.126.162	permit
 
 50.31.32.0/19	permit
 
-50.31.156.96/27	permit
 
-50.31.205.0/24	permit
 
 51.137.58.21	permit
 
 51.140.75.55	permit
 
 51.144.100.179	permit
 
@@ -304,22 +302,31 @@
 
 64.147.123.27	permit
 
 64.147.123.28	permit
 
 64.147.123.29	permit
 
+64.147.123.128/27	permit
 
 64.207.219.7	permit
 
 64.207.219.8	permit
 
 64.207.219.9	permit
 
+64.207.219.10	permit
 
+64.207.219.11	permit
 
+64.207.219.12	permit
 
 64.207.219.13	permit
 
 64.207.219.14	permit
 
 64.207.219.15	permit
 
 64.207.219.71	permit
 
 64.207.219.72	permit
 
 64.207.219.73	permit
 
+64.207.219.74	permit
 
 64.207.219.75	permit
 
+64.207.219.76	permit
 
 64.207.219.77	permit
 
 64.207.219.78	permit
 
 64.207.219.79	permit
 
 64.207.219.135	permit
 
 64.207.219.136	permit
 
 64.207.219.137	permit
 
+64.207.219.138	permit
 
+64.207.219.139	permit
 
+64.207.219.140	permit
 
 64.207.219.141	permit
 
 64.207.219.142	permit
 
 64.207.219.143	permit
 
@@ -397,7 +404,6 @@
 
 66.196.81.232/31	permit
 
 66.196.81.234	permit
 
 66.211.168.230/31	permit
 
-66.211.170.86/31	permit
 
 66.211.170.88/29	permit
 
 66.211.184.0/23	permit
 
 66.218.74.64/30	permit
 
@@ -621,7 +627,9 @@
 
 82.165.229.130	permit
 
 82.165.230.21	permit
 
 82.165.230.22	permit
 
+84.116.6.0/23	permit
 
 84.116.36.0/24	permit
 
+84.116.50.0/23	permit
 
 85.158.136.0/21	permit
 
 86.61.88.25	permit
 
 87.198.219.130	permit
 
@@ -1193,7 +1201,6 @@
 
 104.130.96.0/28	permit
 
 104.130.122.0/23	permit
 
 104.214.25.77	permit
 
-104.245.209.192/26	permit
 
 106.10.144.64/27	permit
 
 106.10.144.100/31	permit
 
 106.10.144.103	permit
 
@@ -1422,6 +1429,7 @@
 
 136.143.182.0/23	permit
 
 136.143.184.0/24	permit
 
 136.143.188.0/24	permit
 
+136.143.190.0/23	permit
 
 136.147.128.0/20	permit
 
 136.147.135.0/24	permit
 
 136.147.176.0/20	permit
 
@@ -1458,7 +1466,6 @@
 
 146.20.215.0/24	permit
 
 146.20.215.182	permit
 
 146.88.28.0/24	permit
 
-147.160.158.0/24	permit
 
 147.243.1.47	permit
 
 147.243.1.48	permit
 
 147.243.1.153	permit
 
@@ -1558,6 +1565,7 @@
 
 168.245.127.231	permit
 
 169.148.129.0/24	permit
 
 169.148.131.0/24	permit
 
+169.148.142.10	permit
 
 169.148.144.0/25	permit
 
 170.10.68.0/22	permit
 
 170.10.128.0/24	permit
 
@@ -1710,7 +1718,6 @@
 
 198.244.60.0/22	permit
 
 198.245.80.0/20	permit
 
 198.245.81.0/24	permit
 
-199.15.176.173	permit
 
 199.15.213.187	permit
 
 199.15.226.37	permit
 
 199.16.156.0/22	permit
 
@@ -1718,6 +1725,7 @@
 
 199.33.145.32	permit
 
 199.34.22.36	permit
 
 199.59.148.0/22	permit
 
+199.67.80.2	permit
 
 199.67.84.0/24	permit
 
 199.67.86.0/24	permit
 
 199.67.88.0/24	permit

+ 91 - 0
data/conf/rspamd/dynmaps/footer.php
View File 

@@ -0,0 +1,91 @@
 
+<?php
 
+// File size is limited by Nginx site to 10M
 
+// To speed things up, we do not include prerequisites
 
+header('Content-Type: text/plain');
 
+require_once "vars.inc.php";
 
+// Do not show errors, we log to using error_log
 
+ini_set('error_reporting', 0);
 
+// Init database
 
+//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
 
+$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
 
+$opt = [
 
+    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
 
+    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
 
+    PDO::ATTR_EMULATE_PREPARES   => false,
 
+];
 
+try {
 
+  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
 
+}
 
+catch (PDOException $e) {
 
+  error_log("FOOTER: " . $e . PHP_EOL);
 
+  http_response_code(501);
 
+  exit;
 
+}
 
+
 
+if (!function_exists('getallheaders'))  {
 
+  function getallheaders() {
 
+    if (!is_array($_SERVER)) {
 
+      return array();
 
+    }
 
+    $headers = array();
 
+    foreach ($_SERVER as $name => $value) {
 
+      if (substr($name, 0, 5) == 'HTTP_') {
 
+        $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
 
+      }
 
+    }
 
+    return $headers;
 
+  }
 
+}
 
+
 
+// Read headers
 
+$headers = getallheaders();
 
+// Get Domain
 
+$domain = $headers['Domain'];
 
+// Get Username
 
+$username = $headers['Username'];
 
+// Get From
 
+$from = $headers['From'];
 
+// define empty footer
 
+$empty_footer = json_encode(array(
 
+  'html' => '',
 
+  'plain' => '',
 
+  'vars' => array()
 
+));
 
+
 
+error_log("FOOTER: checking for domain " . $domain . ", user " . $username . " and address " . $from . PHP_EOL);
 
+
 
+try {
 
+  $stmt = $pdo->prepare("SELECT `plain`, `html`, `mbox_exclude` FROM `domain_wide_footer` 
+    WHERE `domain` = :domain");
 
+  $stmt->execute(array(
 
+    ':domain' => $domain
 
+  ));
 
+  $footer = $stmt->fetch(PDO::FETCH_ASSOC);
 
+  if (in_array($from, json_decode($footer['mbox_exclude']))){
 
+    $footer = false;
 
+  }
 
+  if (empty($footer)){
 
+    echo $empty_footer;
 
+    exit;
 
+  }
 
+  error_log("FOOTER: " . json_encode($footer) . PHP_EOL);
 
+
 
+  $stmt = $pdo->prepare("SELECT `custom_attributes` FROM `mailbox` WHERE `username` = :username");
 
+  $stmt->execute(array(
 
+    ':username' => $username
 
+  ));
 
+  $custom_attributes = $stmt->fetch(PDO::FETCH_ASSOC)['custom_attributes'];
 
+  if (empty($custom_attributes)){
 
+    $custom_attributes = (object)array();
 
+  }
 
+}
 
+catch (Exception $e) {
 
+  error_log("FOOTER: " . $e->getMessage() . PHP_EOL);
 
+  http_response_code(502);
 
+  exit;
 
+}
 
+
 
+
 
+// return footer
 
+$footer["vars"] = $custom_attributes;
 
+echo json_encode($footer);

+ 9 - 0
data/conf/rspamd/local.d/ratelimit.conf
View File 

@@ -0,0 +1,9 @@
 
+# Uncomment below to apply the ratelimits globally. Use Ratelimits inside mailcow UI to overwrite them for a specific domain/mailbox.
 
+# rates {
 
+#     # Format: "1 / 1h" or "20 / 1m" etc.
 
+#     to = "100 / 1s";
 
+#     to_ip = "100 / 1s";
 
+#     to_ip_from = "100 / 1s";
 
+#     bounce_to = "100 / 1h";
 
+#     bounce_to_ip = "7 / 1m";
 
+# }

+ 32 - 24
data/conf/rspamd/lua/rspamd.local.lua
View File 

@@ -527,20 +527,21 @@ rspamd_config:register_symbol({
 
   name = 'MOO_FOOTER',
 
   type = 'prefilter',
 
   callback = function(task)
 
+    local cjson = require "cjson"
 
     local lua_mime = require "lua_mime"
 
     local lua_util = require "lua_util"
 
     local rspamd_logger = require "rspamd_logger"
 
-    local rspamd_redis = require "rspamd_redis"
 
-    local ucl = require "ucl"
 
-    local redis_params = rspamd_parse_redis_server('footer')
 
+    local rspamd_http = require "rspamd_http"
 
     local envfrom = task:get_from(1)
 
     local uname = task:get_user()
 
     if not envfrom or not uname then
 
       return false
 
     end
 
     local uname = uname:lower()
 
-    local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case
 
+    local env_from_domain = envfrom[1].domain:lower()
 
+    local env_from_addr = envfrom[1].addr:lower()
 
 
+    -- determine newline type
 
     local function newline(task)
 
       local t = task:get_newlines_type()
 
     
@@ -552,20 +553,19 @@ rspamd_config:register_symbol({
 
     
       return '\r\n'
 
     end
 
-    local function redis_cb_footer(err, data)
 
+    -- retrieve footer
 
+    local function footer_cb(err_message, code, data, headers)
 
       if err or type(data) ~= 'string' then
 
         rspamd_logger.infox(rspamd_config, "domain wide footer request for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err)
 
       else
 
+        
         -- parse json string
 
-        local parser = ucl.parser()
 
-        local res,err = parser:parse_string(data)
 
-        if not res then
 
+        local footer = cjson.decode(data)
 
+        if not footer then
 
           rspamd_logger.infox(rspamd_config, "parsing domain wide footer for user %s returned invalid or empty data (\"%s\") or error (\"%s\")", uname, data, err)
 
         else
 
-          local footer = parser:get_object()
 
-
 
           if footer and type(footer) == "table" and (footer.html and footer.html ~= "" or footer.plain and footer.plain ~= "")  then
 
-            rspamd_logger.infox(rspamd_config, "found domain wide footer for user %s: html=%s, plain=%s", uname, footer.html, footer.plain)
 
+            rspamd_logger.infox(rspamd_config, "found domain wide footer for user %s: html=%s, plain=%s, vars=%s", uname, footer.html, footer.plain, footer.vars)
 
 
             local envfrom_mime = task:get_from(2)
 
             local from_name = ""
 
@@ -575,6 +575,7 @@ rspamd_config:register_symbol({
 
               from_name = envfrom[1].name
 
             end
 
 
+            -- default replacements
 
             local replacements = {
 
               auth_user = uname,
 
               from_user = envfrom[1].user,
 
@@ -582,10 +583,20 @@ rspamd_config:register_symbol({
 
               from_addr = envfrom[1].addr,
 
               from_domain = envfrom[1].domain:lower()
 
             }
 
-            if footer.html then
 
+            -- add custom mailbox attributes
 
+            if footer.vars and type(footer.vars) == "string" then
 
+              local footer_vars = cjson.decode(footer.vars)
 
+
 
+              if type(footer_vars) == "table" then
 
+                for key, value in pairs(footer_vars) do
 
+                  replacements[key] = value
 
+                end
 
+              end
 
+            end
 
+            if footer.html and footer.html ~= "" then
 
               footer.html = lua_util.jinja_template(footer.html, replacements, true)
 
             end
 
-            if footer.plain then
 
+            if footer.plain and footer.plain ~= "" then
 
               footer.plain = lua_util.jinja_template(footer.plain, replacements, true)
 
             end
 
   
@@ -653,17 +664,14 @@ rspamd_config:register_symbol({
 
       end
 
     end
 
 
-    local redis_ret_footer = rspamd_redis_make_request(task,
 
-      redis_params, -- connect params
 
-      env_from_domain, -- hash key
 
-      false, -- is write
 
-      redis_cb_footer, --callback
 
-      'HGET', -- command
 
-      {"DOMAIN_WIDE_FOOTER", env_from_domain} -- arguments
 
-    )
 
-    if not redis_ret_footer then
 
-      rspamd_logger.infox(rspamd_config, "cannot make request to load footer for domain")
 
-    end
 
+    -- fetch footer
 
+    rspamd_http.request({
 
+      task=task,
 
+      url='http://nginx:8081/footer.php',
 
+      body='',
 
+      callback=footer_cb,
 
+      headers={Domain=env_from_domain,Username=uname,From=env_from_addr},
 
+    })
 
 
     return true
 
   end,

+ 0 - 8
data/conf/rspamd/override.d/ratelimit.conf
View File 

@@ -1,11 +1,3 @@
 
-rates {
 
-    # Format: "1 / 1h" or "20 / 1m" etc. - global ratelimits are disabled by default
 
-    to = "100 / 1s";
 
-    to_ip = "100 / 1s";
 
-    to_ip_from = "100 / 1s";
 
-    bounce_to = "100 / 1h";
 
-    bounce_to_ip = "7 / 1m";
 
-}
 
 whitelisted_rcpts = "postmaster,mailer-daemon";
 
 max_rcpt = 25;
 
 custom_keywords = "/etc/rspamd/lua/ratelimit.lua";

+ 195 - 0
data/web/api/openapi.yaml
View File 

@@ -3137,6 +3137,86 @@ paths:
 
                     type: string
 
               type: object
 
       summary: Update domain
 
+  /api/v1/edit/domain/footer:
 
+    post:
 
+      responses:
 
+        "401":
 
+          $ref: "#/components/responses/Unauthorized"
 
+        "200":
 
+          content:
 
+            application/json:
 
+              examples:
 
+                response:
 
+                  value:
 
+                  - log:
 
+                      - mailbox
 
+                      - edit
 
+                      - domain_wide_footer
 
+                      - domains:
 
+                          - mailcow.tld
 
+                        html: "<br>foo {= foo =}"
 
+                        plain: "<foo {= foo =}"
 
+                        mbox_exclude:
 
+                          - moo@mailcow.tld
 
+                      - null
 
+                    msg:
 
+                      - domain_footer_modified
 
+                      - mailcow.tld
 
+                    type: success
 
+              schema:
 
+                properties:
 
+                  log:
 
+                    description: contains request object
 
+                    items: {}
 
+                    type: array
 
+                  msg:
 
+                    items: {}
 
+                    type: array
 
+                  type:
 
+                    enum:
 
+                      - success
 
+                      - danger
 
+                      - error
 
+                    type: string
 
+                type: object
 
+          description: OK
 
+          headers: {}
 
+      tags:
 
+        - Domains
 
+      description: >-
 
+        You can update the footer of one or more domains per request.
 
+      operationId: Update domain wide footer
 
+      requestBody:
 
+        content:
 
+          application/json:
 
+            schema:
 
+              example:
 
+                attr:
 
+                  html: "<br>foo {= foo =}"
 
+                  plain: "foo {= foo =}"
 
+                  mbox_exclude:
 
+                    - moo@mailcow.tld
 
+                items: mailcow.tld
 
+              properties:
 
+                attr:
 
+                  properties:
 
+                    html:
 
+                      description: Footer text in HTML format
 
+                      type: string
 
+                    plain:
 
+                      description: Footer text in PLAIN text format
 
+                      type: string
 
+                    mbox_exclude:
 
+                      description: Array of mailboxes to exclude from domain wide footer
 
+                      type: object
 
+                  type: object
 
+                items:
 
+                  description: contains a list of domain names where you want to update the footer
 
+                  type: array
 
+                  items:
 
+                    type: string
 
+              type: object
 
+      summary: Update domain wide footer
 
   /api/v1/edit/fail2ban:
 
     post:
 
       responses:
 
@@ -3336,6 +3416,86 @@ paths:
 
                   type: object
 
               type: object
 
       summary: Update mailbox
 
+  /api/v1/edit/mailbox/custom-attribute:
 
+    post:
 
+      responses:
 
+        "401":
 
+          $ref: "#/components/responses/Unauthorized"
 
+        "200":
 
+          content:
 
+            application/json:
 
+              examples:
 
+                response:
 
+                  value:
 
+                  - log:
 
+                      - mailbox
 
+                      - edit
 
+                      - mailbox_custom_attribute
 
+                      - mailboxes:
 
+                          - moo@mailcow.tld
 
+                        attribute:
 
+                          - role
 
+                          - foo
 
+                        value:
 
+                          - cow
 
+                          - bar
 
+                      - null
 
+                    msg:
 
+                      - mailbox_modified
 
+                      - moo@mailcow.tld
 
+                    type: success
 
+              schema:
 
+                properties:
 
+                  log:
 
+                    description: contains request object
 
+                    items: {}
 
+                    type: array
 
+                  msg:
 
+                    items: {}
 
+                    type: array
 
+                  type:
 
+                    enum:
 
+                      - success
 
+                      - danger
 
+                      - error
 
+                    type: string
 
+                type: object
 
+          description: OK
 
+          headers: {}
 
+      tags:
 
+        - Mailboxes
 
+      description: >-
 
+        You can update custom attributes of one or more mailboxes per request.
 
+      operationId: Update mailbox custom attributes
 
+      requestBody:
 
+        content:
 
+          application/json:
 
+            schema:
 
+              example:
 
+                attr:
 
+                  attribute:
 
+                    - role
 
+                    - foo
 
+                  value:
 
+                    - cow
 
+                    - bar
 
+                items:
 
+                  - moo@mailcow.tld
 
+              properties:
 
+                attr:
 
+                  properties:
 
+                    attribute:
 
+                      description: Array of attribute keys
 
+                      type: object
 
+                    value:
 
+                      description: Array of attribute values
 
+                      type: object
 
+                  type: object
 
+                items:
 
+                  description: contains list of mailboxes you want update
 
+                  type: object
 
+              type: object
 
+      summary: Update mailbox custom attributes
 
   /api/v1/edit/mailq:
 
     post:
 
       responses:
 
@@ -5581,6 +5741,7 @@ paths:
 
                         sogo_access: "1"
 
                         tls_enforce_in: "0"
 
                         tls_enforce_out: "0"
 
+                      custom_attributes: {}
 
                       domain: domain3.tld
 
                       is_relayed: 0
 
                       local_part: info
 
@@ -5646,6 +5807,40 @@ paths:
 
                       items:
 
                         type: string
 
       summary: Edit Cross-Origin Resource Sharing (CORS) settings
 
+  "/api/v1/get/spam-score/{mailbox}":
 
+    get:
 
+      parameters:
 
+        - description: name of mailbox or empty for current user - admin user will retrieve the global spam filter score
 
+          in: path
 
+          name: mailbox
 
+          required: true
 
+          schema:
 
+            type: string
 
+        - description: e.g. api-key-string
 
+          example: api-key-string
 
+          in: header
 
+          name: X-API-Key
 
+          required: false
 
+          schema:
 
+            type: string
 
+      responses:
 
+        "401":
 
+          $ref: "#/components/responses/Unauthorized"
 
+        "200":
 
+          content:
 
+            application/json:
 
+              examples:
 
+                response:
 
+                  value:
 
+                    spam_score: "8,15"
 
+          description: OK
 
+          headers: {}
 
+      tags:
 
+        - Mailboxes
 
+      description: >-
 
+        Using this endpoint you can get the global spam filter score or the spam filter score of a certain mailbox.
 
+      operationId: Get mailbox or global spam filter score
 
+      summary: Get mailbox or global spam filter score
 
 
 tags:
 
   - name: Domains

+ 3 - 0
data/web/edit.php
View File 

@@ -58,6 +58,8 @@ if (isset($_SESSION['mailcow_cc_role'])) {
 
             'dkim' => dkim('details', $domain),
 
             'domain_details' => $result,
 
             'domain_footer' => $domain_footer,
 
+            'mailboxes' => mailbox('get', 'mailboxes', $_GET["domain"]),
 
+            'aliases' => mailbox('get', 'aliases', $_GET["domain"], 'address')
 
           ];
 
       }
 
     }
 
@@ -218,6 +220,7 @@ $js_minifier->add('/web/js/site/pwgen.js');
 
 $template_data['result'] = $result;
 
 $template_data['return_to'] = $_SESSION['return_to'];
 
 $template_data['lang_user'] = json_encode($lang['user']);
 
+$template_data['lang_admin'] = json_encode($lang['admin']);
 
 $template_data['lang_datatables'] = json_encode($lang['datatables']);
 
 
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';

+ 148 - 36
data/web/inc/functions.mailbox.inc.php
View File 

@@ -3264,6 +3264,62 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           );

           return true;

         break;

+        case 'mailbox_custom_attribute':

+          $_data['attribute'] = isset($_data['attribute']) ? $_data['attribute'] : array();

+          $_data['attribute'] = is_array($_data['attribute']) ? $_data['attribute'] : array($_data['attribute']);

+          $_data['attribute'] = array_map(function($value) { return str_replace(' ', '', $value); }, $_data['attribute']);

+          $_data['value']     = isset($_data['value']) ? $_data['value'] : array();

+          $_data['value']     = is_array($_data['value']) ? $_data['value'] : array($_data['value']);

+          $attributes         = (object)array_combine($_data['attribute'], $_data['value']);

+          $mailboxes          = is_array($_data['mailboxes']) ? $_data['mailboxes'] : array($_data['mailboxes']);

+

+          foreach ($mailboxes as $mailbox) {

+            if (!filter_var($mailbox, FILTER_VALIDATE_EMAIL)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                'msg' => array('username_invalid', $mailbox)

+              );

+              continue;

+            }

+            $is_now = mailbox('get', 'mailbox_details', $mailbox);            

+            if(!empty($is_now)){

+              if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $is_now['domain'])) {

+                $_SESSION['return'][] = array(

+                  'type' => 'danger',

+                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                  'msg' => 'access_denied'

+                );

+                continue;

+              }

+            }

+            else {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                'msg' => 'access_denied'

+              );

+              continue;

+            }

+

+

+            $stmt = $pdo->prepare("UPDATE `mailbox`

+              SET `custom_attributes` = :custom_attributes

+              WHERE username = :username");

+            $stmt->execute(array(

+              ":username" => $mailbox,

+              ":custom_attributes" => json_encode($attributes)

+            ));             

+            

+            $_SESSION['return'][] = array(

+              'type' => 'success',

+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+              'msg' => array('mailbox_modified', $mailbox)

+            );

+          }

+          

+          return true;

+        break;

         case 'resource':

           if (!is_array($_data['name'])) {

             $names = array();

@@ -3343,44 +3399,89 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
             );

           }

         break;

-        case 'domain_wide_footer':

-          $domain = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);

-          if (!is_valid_domain_name($domain)) {

-            $_SESSION['return'][] = array(

-              'type' => 'danger',

-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

-              'msg' => 'domain_invalid'

-            );

-            return false;

+        case 'domain_wide_footer':  

+          if (!is_array($_data['domains'])) {

+            $domains = array();

+            $domains[] = $_data['domains'];

           }

-          if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {

-            $_SESSION['return'][] = array(

-              'type' => 'danger',

-              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

-              'msg' => 'access_denied'

-            );

-            return false;

+          else {

+            $domains = $_data['domains'];

           }

 

           $footers = array();

-          $footers['html'] = isset($_data['footer_html']) ? $_data['footer_html'] : '';

-          $footers['plain'] = isset($_data['footer_plain']) ? $_data['footer_plain'] : '';

-          try {

-            $redis->hSet('DOMAIN_WIDE_FOOTER', $domain, json_encode($footers));

+          $footers['html'] = isset($_data['html']) ? $_data['html'] : '';

+          $footers['plain'] = isset($_data['plain']) ? $_data['plain'] : '';

+          $footers['mbox_exclude'] = array();

+          if (isset($_data["mbox_exclude"])){

+            if (!is_array($_data["mbox_exclude"])) {

+              $_data["mbox_exclude"] = array($_data["mbox_exclude"]);

+            }

+            foreach ($_data["mbox_exclude"] as $mailbox) {

+              if (!filter_var($mailbox, FILTER_VALIDATE_EMAIL)) {

+                $_SESSION['return'][] = array(

+                  'type' => 'danger',

+                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                  'msg' => array('username_invalid', $mailbox)

+                );

+                continue;

+              }

+              $is_now = mailbox('get', 'mailbox_details', $mailbox);            

+              if(empty($is_now)){

+                $_SESSION['return'][] = array(

+                  'type' => 'danger',

+                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                  'msg' => array('username_invalid', $mailbox)

+                );

+                continue;

+              }

+              

+              array_push($footers['mbox_exclude'], $mailbox);

+            }

           }

-          catch (RedisException $e) {

+          foreach ($domains as $domain) {

+            $domain = idn_to_ascii(strtolower(trim($domain)), 0, INTL_IDNA_VARIANT_UTS46);

+            if (!is_valid_domain_name($domain)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                'msg' => 'domain_invalid'

+              );

+              return false;

+            }

+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                'msg' => 'access_denied'

+              );

+              return false;

+            }

+

+            try {

+              $stmt = $pdo->prepare("DELETE FROM `domain_wide_footer` WHERE `domain`= :domain");

+              $stmt->execute(array(':domain' => $domain));

+              $stmt = $pdo->prepare("INSERT INTO `domain_wide_footer` (`domain`, `html`, `plain`, `mbox_exclude`) VALUES (:domain, :html, :plain, :mbox_exclude)");

+              $stmt->execute(array(

+                ':domain' => $domain,

+                ':html' => $footers['html'],

+                ':plain' => $footers['plain'],

+                ':mbox_exclude' => json_encode($footers['mbox_exclude']),

+              ));

+            }

+            catch (PDOException $e) {

+              $_SESSION['return'][] = array(

+                'type' => 'danger',

+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

+                'msg' => $e->getMessage()

+              );

+              return false;

+            }

             $_SESSION['return'][] = array(

-              'type' => 'danger',

+              'type' => 'success',

               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

-              'msg' => array('redis_error', $e)

+              'msg' => array('domain_footer_modified', htmlspecialchars($domain))

             );

-            return false;

           }

-          $_SESSION['return'][] = array(

-            'type' => 'success',

-            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

-            'msg' => array('domain_footer_modified', htmlspecialchars($domain))

-          );

         break;

       }

     break;

@@ -3934,13 +4035,17 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {

             return false;

           }

-          $stmt = $pdo->prepare("SELECT `id` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain");

+          $stmt = $pdo->prepare("SELECT `id`, `address` FROM `alias` WHERE `address` != `goto` AND `domain` = :domain");

           $stmt->execute(array(

             ':domain' => $_data,

           ));

           $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

           while($row = array_shift($rows)) {

-            $aliases[] = $row['id'];

+            if ($_extra == "address"){

+              $aliases[] = $row['address'];

+            } else {

+              $aliases[] = $row['id'];

+            }

           }

           return $aliases;

         break;

@@ -4292,6 +4397,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
               `mailbox`.`modified`,

               `quota2`.`bytes`,

               `attributes`,

+              `custom_attributes`,

               `quota2`.`messages`

                 FROM `mailbox`, `quota2`, `domain`

                   WHERE (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)

@@ -4312,6 +4418,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
               `mailbox`.`modified`,

               `quota2replica`.`bytes`,

               `attributes`,

+              `custom_attributes`,

               `quota2replica`.`messages`

                 FROM `mailbox`, `quota2replica`, `domain`

                   WHERE (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)

@@ -4334,6 +4441,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           $mailboxdata['quota'] = $row['quota'];

           $mailboxdata['messages'] = $row['messages'];

           $mailboxdata['attributes'] = json_decode($row['attributes'], true);

+          $mailboxdata['custom_attributes'] = json_decode($row['custom_attributes'], true);

           $mailboxdata['quota_used'] = intval($row['bytes']);

           $mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100);

           $mailboxdata['created'] = $row['created'];

@@ -4514,19 +4622,23 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
           }

 

           try {

-            $footers = $redis->hGet('DOMAIN_WIDE_FOOTER', $domain);

-            $footers = json_decode($footers, true);

+            $stmt = $pdo->prepare("SELECT `html`, `plain`, `mbox_exclude` FROM `domain_wide_footer`

+              WHERE `domain` = :domain");

+            $stmt->execute(array(

+              ':domain' => $domain

+            ));

+            $footer = $stmt->fetch(PDO::FETCH_ASSOC);

           }

-          catch (RedisException $e) {

+          catch (PDOException $e) {

             $_SESSION['return'][] = array(

               'type' => 'danger',

               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

-              'msg' => array('redis_error', $e)

+              'msg' => $e->getMessage()

             );

             return false;

           }

 

-          return $footers;

+          return $footer;

         break;

       }

     break;

+ 16 - 1
data/web/inc/init_db.inc.php
View File 

@@ -3,7 +3,7 @@ function init_db_schema() {
 
   try {
 
     global $pdo;
 
 
-    $db_version = "15112023_1536";
 
+    $db_version = "21112023_1644";
 
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
 
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
 
@@ -267,6 +267,20 @@ function init_db_schema() {
 
         ),
 
         "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
 
       ),
 
+      "domain_wide_footer" => array(
 
+        "cols" => array(
 
+          "domain" => "VARCHAR(255) NOT NULL",
 
+          "html" => "LONGTEXT",
 
+          "plain" => "LONGTEXT",
 
+          "mbox_exclude" => "JSON NOT NULL DEFAULT ('[]')",
 
+        ),
 
+        "keys" => array(
 
+          "primary" => array(
 
+            "" => array("domain")
 
+          )
 
+        ),
 
+        "attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
 
+      ),
 
       "tags_domain" => array(
 
         "cols" => array(
 
           "tag_name" => "VARCHAR(255) NOT NULL",
 
@@ -344,6 +358,7 @@ function init_db_schema() {
 
           "local_part" => "VARCHAR(255) NOT NULL",
 
           "domain" => "VARCHAR(255) NOT NULL",
 
           "attributes" => "JSON",
 
+          "custom_attributes" => "JSON NOT NULL DEFAULT ('{}')",
 
           "kind" => "VARCHAR(100) NOT NULL DEFAULT ''",
 
           "multiple_bookings" => "INT NOT NULL DEFAULT -1",
 
           "created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",

+ 17 - 0
data/web/js/site/edit.js
View File 

@@ -199,6 +199,23 @@ jQuery(function($){
 
     });
 
   }
 
 
+  function add_table_row(table_id, type) {
 
+    var row = $('<tr />');
 
+    if (type == "mbox_attr") {
 
+      cols = '<td><input class="input-sm input-xs-lg form-control" data-id="mbox_attr" type="text" name="attribute" required></td>';
 
+      cols += '<td><input class="input-sm input-xs-lg form-control" data-id="mbox_attr" type="text" name="value" required></td>';
 
+      cols += '<td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">' + lang_admin.remove_row + '</a></td>';
 
+    }
 
+    row.append(cols);
 
+    table_id.append(row);
 
+  }
 
+  $('#mbox_attr_table').on('click', 'tr a', function (e) {
 
+    e.preventDefault();
 
+    $(this).parents('tr').remove();
 
+  });
 
+  $('#add_mbox_attr_row').click(function() {
 
+    add_table_row($('#mbox_attr_table'), "mbox_attr");
 
+  });
 
 
   // detect element visibility changes
 
   function onVisible(element, callback) {

+ 12 - 2
data/web/json_api.php
View File 

@@ -1591,6 +1591,12 @@ if (isset($_GET['query'])) {
 
               }

             }

           break;

+          case "spam-score":

+            $score = mailbox('get', 'spam_score', $object);

+            if ($score)

+              $score = array("score" => preg_replace("/\s+/", "", $score));

+            process_get_return($score);

+          break;

         break;

         // return no route found if no case is matched

         default:

@@ -1867,8 +1873,6 @@ if (isset($_GET['query'])) {
 
         case "quota_notification_bcc":

           process_edit_return(quota_notification_bcc('edit', $attr));

         break;

-        case "domain-wide-footer":

-          process_edit_return(mailbox('edit', 'domain_wide_footer', $attr));

         break;

         case "mailq":

           process_edit_return(mailq('edit', array_merge(array('qid' => $items), $attr)));

@@ -1881,6 +1885,9 @@ if (isset($_GET['query'])) {
 
             case "template":

               process_edit_return(mailbox('edit', 'mailbox_templates', array_merge(array('ids' => $items), $attr)));

             break;

+            case "custom-attribute":

+              process_edit_return(mailbox('edit', 'mailbox_custom_attribute', array_merge(array('mailboxes' => $items), $attr)));

+            break;

             default:

               process_edit_return(mailbox('edit', 'mailbox', array_merge(array('username' => $items), $attr)));

             break;

@@ -1900,6 +1907,9 @@ if (isset($_GET['query'])) {
 
             case "template":

               process_edit_return(mailbox('edit', 'domain_templates', array_merge(array('ids' => $items), $attr)));

             break;

+            case "footer":

+              process_edit_return(mailbox('edit', 'domain_wide_footer', array_merge(array('domains' => $items), $attr)));

+            break;

             default:

               process_edit_return(mailbox('edit', 'domain', array_merge(array('domain' => $items), $attr)));

             break;

+ 1 - 1
data/web/lang/lang.cs-cz.json
View File 

@@ -209,7 +209,7 @@
 
         "include_exclude_info": "Ve výchozím nastavení (bez výběru), jsou adresovány <b>všechny mailové schránky</b>",
 
         "includes": "Zahrnout tyto přijemce",
 
         "ip_check": "Kontrola IP",
 
-        "ip_check_disabled": "Kontrola IP je vypnuta. Můžete ji zapnout v <br> <strong>System > Nastavení > Options > Přizpůsobení</strong>",
 
+        "ip_check_disabled": "Kontrola IP je zakázána. Můžete ji povolit v nabídce<br> <strong>Systém > Nastavení > Možnosti > Přizpůsobení</strong>",
 
         "ip_check_opt_in": "Přihlásit se k používání služby třetí strany <strong>ipv4.mailcow.email</strong> a <strong>ipv6.mailcow.email</strong> pro zjištění externích IP adres.",
 
         "is_mx_based": "Na základě MX",
 
         "last_applied": "Naposledy použité",

+ 4 - 0
data/web/lang/lang.de-de.json
View File 

@@ -574,6 +574,7 @@
 
         "client_secret": "Client-Secret",
 
         "comment_info": "Ein privater Kommentar ist für den Benutzer nicht einsehbar. Ein öffentlicher Kommentar wird als Tooltip im Interface des Benutzers angezeigt.",
 
         "created_on": "Erstellt am",
 
+        "custom_attributes": "benutzerdefinierte Attribute",
 
         "delete1": "Lösche Nachricht nach Übertragung vom Quell-Server",
 
         "delete2": "Lösche Nachrichten von Ziel-Server, die nicht auf Quell-Server vorhanden sind",
 
         "delete2duplicates": "Lösche Duplikate im Ziel",
 
@@ -614,6 +615,7 @@
 
         "max_quota": "Max. Größe per Mailbox (MiB)",
 
         "maxage": "Maximales Alter in Tagen einer Nachricht, die kopiert werden soll<br><small>(0 = alle Nachrichten kopieren)</small>",
 
         "maxbytespersecond": "Max. Übertragungsrate in Bytes/s (0 für unlimitiert)",
 
+        "mbox_exclude": "Mailboxen ausschließen",
 
         "mbox_rl_info": "Dieses Limit wird auf den SASL Loginnamen angewendet und betrifft daher alle Absenderadressen, die der eingeloggte Benutzer verwendet. Bei Mailbox Ratelimit überwiegt ein Domain-weites Ratelimit.",
 
         "mins_interval": "Intervall (min)",
 
         "multiple_bookings": "Mehrfaches Buchen",
 
@@ -1125,6 +1127,7 @@
 
         "apple_connection_profile_complete": "Dieses Verbindungsprofil beinhaltet neben IMAP- und SMTP-Konfigurationen auch Pfade für die Konfiguration von CalDAV (Kalender) und CardDAV (Adressbücher) für ein Apple-Gerät.",
 
         "apple_connection_profile_mailonly": "Dieses Verbindungsprofil beinhaltet IMAP- und SMTP-Konfigurationen für ein Apple-Gerät.",
 
         "apple_connection_profile_with_app_password": "Es wird ein neues App-Passwort erzeugt und in das Profil eingefügt, damit bei der Einrichtung kein Passwort eingegeben werden muss. Geben Sie das Profil nicht weiter, da es einen vollständigen Zugriff auf Ihr Postfach ermöglicht.",
 
+        "attribute": "Attribut",
 
         "change_password": "Passwort ändern",
 
         "change_password_hint_app_passwords": "Ihre Mailbox hat %d App-Passwörter, die nicht geändert werden. Um diese zu verwalten, gehen Sie bitte zum App-Passwörter-Tab.",
 
         "clear_recent_successful_connections": "Alle erfolgreichen Verbindungen bereinigen",
 
@@ -1244,6 +1247,7 @@
 
         "tls_policy_warning": "<strong>Vorsicht:</strong> Entscheiden Sie sich unverschlüsselte Verbindungen abzulehnen, kann dies dazu führen, dass Kontakte Sie nicht mehr erreichen.<br>Nachrichten, die die Richtlinie nicht erfüllen, werden durch einen Hard-Fail im Mailsystem abgewiesen.<br>Diese Einstellung ist aktiv für die primäre Mailbox, für alle Alias-Adressen, die dieser Mailbox <b>direkt zugeordnet</b> sind (lediglich eine einzige Ziel-Adresse) und der Adressen, die sich aus Alias-Domains ergeben. Ausgeschlossen sind temporäre Aliasse (\"Spam-Alias-Adressen\"), Catch-All Alias-Adressen sowie Alias-Adressen mit mehreren Zielen.",
 
         "user_settings": "Benutzereinstellungen",
 
         "username": "Benutzername",
 
+        "value": "Wert",
 
         "verify": "Verifizieren",
 
         "waiting": "Warte auf Ausführung",
 
         "week": "Woche",

+ 6 - 1
data/web/lang/lang.en-gb.json
View File 

@@ -576,6 +576,7 @@
 
         "client_secret": "Client secret",
 
         "comment_info": "A private comment is not visible to the user, while a public comment is shown as tooltip when hovering it in a user's overview",
 
         "created_on": "Created on",
 
+        "custom_attributes": "Custom attributes",
 
         "delete1": "Delete from source when completed",
 
         "delete2": "Delete messages on destination that are not on source",
 
         "delete2duplicates": "Delete duplicates on destination",
 
@@ -592,7 +593,8 @@
 
             "from_user": "{= from_user =}   - From user part of envelope, e.g for \"moo@mailcow.tld\" it returns \"moo\"",
 
             "from_name": "{= from_name =}   - From name of envelope, e.g for \"Mailcow &lt;moo@mailcow.tld&gt;\" it returns \"Mailcow\"",
 
             "from_addr": "{= from_addr =}   - From address part of envelope",
 
-            "from_domain": "{= from_domain =} - From domain part of envelope"
 
+            "from_domain": "{= from_domain =} - From domain part of envelope",
 
+            "custom": "{= foo =}         - If mailbox has the custom attribute \"foo\" with value \"bar\" it returns \"bar\""
 
         },
 
         "domain_footer_plain": "PLAIN footer",
 
         "domain_quota": "Domain quota",
 
@@ -623,6 +625,7 @@
 
         "max_quota": "Max. quota per mailbox (MiB)",
 
         "maxage": "Maximum age of messages in days that will be polled from remote<br><small>(0 = ignore age)</small>",
 
         "maxbytespersecond": "Max. bytes per second <br><small>(0 = unlimited)</small>",
 
+        "mbox_exclude": "Exclude mailboxes",
 
         "mbox_rl_info": "This rate limit is applied on the SASL login name, it matches any \"from\" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.",
 
         "mins_interval": "Interval (min)",
 
         "multiple_bookings": "Multiple bookings",
 
@@ -1141,6 +1144,7 @@
 
         "apple_connection_profile_complete": "This connection profile includes IMAP and SMTP parameters as well as CalDAV (calendars) and CardDAV (contacts) paths for an Apple device.",
 
         "apple_connection_profile_mailonly": "This connection profile includes IMAP and SMTP configuration parameters for an Apple device.",
 
         "apple_connection_profile_with_app_password": "A new app password is generated and added to the profile so that no password needs to be entered when setting up your device. Please do not share the file as it grants full access to your mailbox.",
 
+        "attribute": "Attribute",
 
         "change_password": "Change password",
 
         "change_password_hint_app_passwords": "Your account has %d app passwords that will not be changed. To manage these, go to the App passwords tab.",
 
         "clear_recent_successful_connections": "Clear seen successful connections",
 
@@ -1271,6 +1275,7 @@
 
         "tls_policy_warning": "<strong>Warning:</strong> If you decide to enforce encrypted mail transfer, you may lose emails.<br>Messages to not satisfy the policy will be bounced with a hard fail by the mail system.<br>This option applies to your primary email address (login name), all addresses derived from alias domains as well as alias addresses <b>with only this single mailbox</b> as target.",
 
         "user_settings": "User settings",
 
         "username": "Username",
 
+        "value": "Value",
 
         "verify": "Verify",
 
         "waiting": "Waiting",
 
         "week": "week",

+ 12 - 0
data/web/lang/lang.fi-fi.json
View File 

@@ -891,5 +891,17 @@
 
         "no_active_admin": "Viimeistä aktiivista järjestelmänvalvojaa ei voi poistaa käytöstä",
 
         "session_token": "Lomakkeen tunnus sanoma ei kelpaa: tunnus sanoman risti riita",
 
         "session_ua": "Lomakkeen tunnus sanoma ei kelpaa: käyttäjä agentin tarkistus virhe"
 
+    },
 
+    "datatables": {
 
+        "emptyTable": "Tietoja ei ole saatavilla taulukossa",
 
+        "expand_all": "Laajenna kaikki",
 
+        "lengthMenu": "Näytä menu merkinnät",
 
+        "loadingRecords": "Ladataan...",
 
+        "processing": "Ole hyvä ja odota...",
 
+        "search": "Etsi:",
 
+        "paginate": {
 
+            "first": "Ensimmäinen",
 
+            "last": "Edellinen"
 
+        }
 
     }
 
 }

+ 10 - 5
data/web/lang/lang.pt-br.json
View File 

@@ -1,6 +1,6 @@
 
 {
 
     "acl": {
 
-        "alias_domains": "Adicionar domínios de alias",
 
+        "alias_domains": "Adicionar domínios alternativos",
 
         "app_passwds": "Gerenciar senhas de aplicativos",
 
         "bcc_maps": "Mapas BCC",
 
         "delimiter_action": "Ação delimitadora",
 
@@ -107,7 +107,8 @@
 
         "timeout2": "Tempo limite para conexão com o host local",
 
         "username": "Nome de usuário",
 
         "validate": "Validar",
 
-        "validation_success": "Validado com sucesso"
 
+        "validation_success": "Validado com sucesso",
 
+        "dry": "Simular sincronização"
 
     },
 
     "admin": {
 
         "access": "Acesso",
 
@@ -681,7 +682,9 @@
 
         "title": "Editar objeto",
 
         "unchanged_if_empty": "Se inalterado, deixe em branco",
 
         "username": "Nome de usuário",
 
-        "validate_save": "Valide e salve"
 
+        "validate_save": "Valide e salve",
 
+        "custom_attributes": "Atributos personalizados",
 
+        "mbox_exclude": "Excluir caixas de email"
 
     },
 
     "fido2": {
 
         "confirm": "Confirme",
 
@@ -873,7 +876,7 @@
 
         "sieve_preset_5": "Resposta automática (férias)",
 
         "sieve_preset_6": "Rejeitar e-mail com resposta",
 
         "sieve_preset_7": "Redirecionar e manter/soltar",
 
-        "sieve_preset_8": "Descartar mensagem enviada para um endereço de alias do qual o remetente faz parte",
 
+        "sieve_preset_8": "Redirecionar e-mail de um remetente específico, marcar como lido e classificar em subpasta",
 
         "sieve_preset_header": "Veja os exemplos de predefinições abaixo. Para obter mais detalhes, consulte a <a href=\"https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)\" target=\"_blank\">Wikipedia</a>.",
 
         "sogo_visible": "O alias é visível no SoGo",
 
         "sogo_visible_n": "Ocultar alias no SoGo",
 
@@ -1277,7 +1280,9 @@
 
         "weeks": "semanas",
 
         "with_app_password": "com senha do aplicativo",
 
         "year": "ano",
 
-        "years": "anos"
 
+        "years": "anos",
 
+        "attribute": "Atributo",
 
+        "value": "Valor"
 
     },
 
     "warning": {
 
         "cannot_delete_self": "Não é possível excluir o usuário conectado",

+ 10 - 4
data/web/lang/lang.ru-ru.json
View File 

@@ -107,7 +107,8 @@
 
         "validate": "Проверить",
 
         "validation_success": "Проверка прошла успешно",
 
         "tags": "Теги",
 
-        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения"
 
+        "app_passwd_protocols": "Разрешенные протоколы для пароля приложения",
 
+        "dry": "Имитировать синхронизацию"
 
     },
 
     "admin": {
 
         "access": "Настройки доступа",
 
@@ -625,11 +626,14 @@
 
             "auth_user": "{= auth_user =} - Аутентифицированное имя пользователя, указанное MTA",
 
             "from_user": "{= from_user =} - Из пользовательской части envelope, например, для \"moo@mailcow.tld\" возвращается \"moo\"",
 
             "from_addr": "{= from_addr =} - Из адресной части envelope",
 
-            "from_domain": "{= from_domain =} - из доменной части envelope"
 
+            "from_domain": "{= from_domain =} - из доменной части envelope",
 
+            "custom": "{= foo =}         - Если почтовый ящик имеет пользовательский атрибут \"foo\" со значением \"bar\", он возвращает \"bar\"."
 
         },
 
         "domain_footer": "Нижний колонтитул домена",
 
         "domain_footer_html": "HTML нижний колонтитул",
 
-        "domain_footer_plain": "ПРОСТОЙ нижний колонтитул"
 
+        "domain_footer_plain": "ПРОСТОЙ нижний колонтитул",
 
+        "mbox_exclude": "Исключить почтовые ящики",
 
+        "custom_attributes": "Пользовательские атрибуты"
 
     },
 
     "fido2": {
 
         "confirm": "Подтвердить",
 
@@ -1198,7 +1202,9 @@
 
         "apple_connection_profile_with_app_password": "Новый пароль приложения генерируется и добавляется в профиль, поэтому при настройке устройства не требуется вводить пароль. Не предоставляйте доступ к файлу, поскольку он предоставляет полный доступ к вашему почтовому ящику.",
 
         "direct_protocol_access": "Этот пользователь почтового ящика имеет <b>прямой, внешний доступ</b> к следующим протоколам и приложениям. Эта настройка контролируется вашим администратором. Для предоставления доступа к отдельным протоколам и приложениям могут быть созданы пароли приложений.<br> Кнопка \"Вход в веб-почту\" обеспечивает единый вход в SOGo и всегда доступна.",
 
         "with_app_password": "с паролем приложения",
 
-        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\"."
 
+        "change_password_hint_app_passwords": "В вашей учетной записи есть {{number_of_app_passwords}} паролей приложений, которые не будут изменены. Чтобы управлять ими, перейдите на вкладку \"Пароли приложений\".",
 
+        "attribute": "Атрибут",
 
+        "value": "Значение"
 
     },
 
     "warning": {
 
         "cannot_delete_self": "Вы не можете удалить сами себя",

+ 10 - 4
data/web/lang/lang.uk-ua.json
View File 

@@ -107,7 +107,8 @@
 
         "kind": "Вид",
 
         "delete1": "Видалити з джерела після завершення",
 
         "delete2duplicates": "Видалити дублікати на місці призначення",
 
-        "domain_quota_m": "Загальна квота домену (МіБ)"
 
+        "domain_quota_m": "Загальна квота домену (МіБ)",
 
+        "dry": "Імітувати синхронізацію"
 
     },
 
     "admin": {
 
         "access": "Налаштування доступу",
 
@@ -650,10 +651,13 @@
 
             "auth_user": "{= auth_user =} - Аутентифіковане ім'я користувача, вказане MTA",
 
             "from_user": "{= from_user =} - З користувацької частини envelope, наприклад, для \"moo@mailcow.tld\" повертає \"moo\"",
 
             "from_addr": "{= from_addr =} - З адресної частини envelope",
 
-            "from_domain": "{= from_domain =} - З доменної частини envelope"
 
+            "from_domain": "{= from_domain =} - З доменної частини envelope",
 
+            "custom": "{= foo =}         - Якщо поштова скринька має кастомний атрибут \"foo\" зі значенням \"bar\", то повертається \"bar\""
 
         },
 
         "domain_footer_html": "Нижній колонтитул HTML",
 
-        "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул"
 
+        "domain_footer_plain": "ЗВИЧАЙНИЙ нижній колонтитул",
 
+        "custom_attributes": "Користувацькі атрибути",
 
+        "mbox_exclude": "Виключити поштові скриньки"
 
     },
 
     "fido2": {
 
         "confirm": "Підтвердити",
 
@@ -1248,7 +1252,9 @@
 
         "tls_policy_warning": "<strong>Попередження:</strong> якщо ви увімкнете примусове шифрування пошти, ви можете зіткнутися з втратою листів.<br>Повідомлення, які не відповідають політиці, будуть відкидатися з повідомленням поштовим сервером про серйозний збій.<br>Цей параметр застосовується до вашої основної адреси електронної пошти (логіну), усім особистим псевдонімам та псевдонімам доменів. Маються на увазі лише псевдоніми <b>з однією поштовою скринькою</b>, як одержувач.",
 
         "year": "рік",
 
         "years": "років",
 
-        "pushover_sound": "Звук"
 
+        "pushover_sound": "Звук",
 
+        "value": "Значення",
 
+        "attribute": "Атрибут"
 
     },
 
     "warning": {
 
         "domain_added_sogo_failed": "Домен був доданий, але перезавантажити SOGo не вдалося, будь ласка, перевірте журнали сервера.",

+ 1 - 0
data/web/templates/edit.twig
View File 

@@ -24,6 +24,7 @@
 
 
 <script type='text/javascript'>
 
   var lang_user = {{ lang_user|raw }};
 
+  var lang_admin = {{ lang_admin|raw }};
 
   var lang_datatables = {{ lang_datatables|raw }};
 
   var csrf_token = '{{ csrf_token }}';
 
   var pagination_size = Math.trunc('{{ pagination_size }}');

+ 23 - 5
data/web/templates/edit/domain.twig
View File 

@@ -168,7 +168,7 @@
 
                     <label class="control-label col-sm-2">{{ lang.edit.ratelimit }}</label>
 
                     <div class="col-sm-10">
 
                       <div class="input-group">
 
-                        <input name="rl_value" type="number" value="{{ rl.value }}" autocomplete="off" class="form-control placeholder="{{ lang.ratelimit.disabled }}">
 
+                        <input name="rl_value" type="number" value="{{ rl.value }}" autocomplete="off" class="form-control" placeholder="{{ lang.ratelimit.disabled }}">
 
                         <select name="rl_frame" class="form-control">
 
                         {% include 'mailbox/rl-frame.twig' %}
 
                         </select>
 
@@ -285,23 +285,41 @@
 
 {{ lang.edit.domain_footer_info_vars.from_user }}
 
 {{ lang.edit.domain_footer_info_vars.from_name }}
 
 {{ lang.edit.domain_footer_info_vars.from_addr }}
 
-{{ lang.edit.domain_footer_info_vars.from_domain }}</pre>
 
+{{ lang.edit.domain_footer_info_vars.from_domain }}
 
+{{ lang.edit.domain_footer_info_vars.custom }}</pre>
 
                     <form class="form-horizontal mt-4" data-id="domain_footer">
 
+                      <div class="row mb-4">
 
+                        <label class="control-label col-sm-2" for="mbox_exclude">{{ lang.edit.mbox_exclude }}</label>
 
+                        <div class="col-sm-10">
 
+                          <select data-live-search="true" data-width="100%" style="width:100%" id="editMboxExclude" name="mbox_exclude" size="10" multiple>
 
+                            {% for mailbox in mailboxes %}
 
+                              <option value="{{ mailbox }}" {% if mailbox in domain_footer.mbox_exclude %}selected{% endif %}>
 
+                                {{ mailbox }}
 
+                              </option>
 
+                            {% endfor %}
 
+                            {% for alias in aliases %}
 
+                              <option data-subtext="Alias" value="{{ alias }}" {% if alias in domain_footer.mbox_exclude %}selected{% endif %}>
 
+                                {{ alias }}
 
+                              </option>
 
+                            {% endfor %}
 
+                          </select>
 
+                        </div>
 
+                      </div>
 
                       <div class="row mb-2">
 
                         <label class="control-label col-sm-2" for="domain_footer_html">{{ lang.edit.domain_footer_html }}:</label>
 
                         <div class="col-sm-10">
 
-                          <textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control" rows="10" id="domain_footer_html" name="footer_html">{{ domain_footer.html }}</textarea>
 
+                          <textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control" rows="10" id="domain_footer_html" name="html">{{ domain_footer.html }}</textarea>
 
                         </div>
 
                       </div>
 
                       <div class="row mb-4">
 
                         <label class="control-label col-sm-2" for="domain_footer_plain">{{ lang.edit.domain_footer_plain }}:</label>
 
                         <div class="col-sm-10">
 
-                          <textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control" rows="10" id="domain_footer_plain" name="footer_plain">{{ domain_footer.plain }}</textarea>
 
+                          <textarea spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control" rows="10" id="domain_footer_plain" name="plain">{{ domain_footer.plain }}</textarea>
 
                         </div>
 
                       </div>
 
                       <div class="row">
 
                         <div class="offset-sm-2 col-sm-10">
 
-                          <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="domain_footer" data-item="domain_footer" data-api-url='edit/domain-wide-footer' data-api-attr='{"domain":"{{ domain }}"}' href="#">{{ lang.edit.save }}</button>
 
+                          <button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="domain_footer" data-item="{{ domain }}" data-api-url='edit/domain/footer' data-api-attr='{}' href="#">{{ lang.edit.save }}</button>
 
                         </div>
 
                       </div>
 
                     </form>

+ 32 - 0
data/web/templates/edit/mailbox.twig
View File 

@@ -5,6 +5,7 @@
 
 <div id="mailbox-content" class="responsive-tabs">
 
     <ul class="nav nav-tabs" role="tablist">
 
       <li role="presentation" class="nav-item"><button class="nav-link active" data-bs-toggle="tab" data-bs-target="#medit">{{ lang.edit.mailbox }}</button></li>
 
+      <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mattr">{{ lang.edit.custom_attributes }}</button></li>
 
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mpushover">{{ lang.edit.pushover }}</button></li>
 
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#macl">{{ lang.edit.acl }}</button></li>
 
       <li role="presentation" class="nav-item"><button class="nav-link" data-bs-toggle="tab" data-bs-target="#mrl">{{ lang.edit.ratelimit }}</button></li>
 
@@ -275,6 +276,37 @@
 
             </div>
 
         </div>
 
       </div>
 
+      <div id="mattr" class="tab-pane fade" role="tabpanel" aria-labelledby="mailbox-attr">
 
+        <div class="card mb-4">
 
+          <div class="card-header d-flex d-md-none fs-5">
 
+            <button class="btn flex-grow-1 text-start" data-bs-target="#collapse-tab-mattr" data-bs-toggle="collapse" aria-controls="collapse-tab-mattr">
 
+              {{ lang.edit.mailbox }} <span class="badge bg-info table-lines"></span>
 
+            </button>
 
+          </div>
 
+          <div id="collapse-tab-mattr" class="card-body collapse show" data-bs-parent="#mailbox-content">
 
+            <form class="form-inline" data-id="mbox_attr" role="form" method="post">
 
+              <table class="table table-condensed" style="white-space: nowrap;" id="mbox_attr_table">
 
+                <tr>
 
+                  <th>{{ lang.user.attribute }}</th>
 
+                  <th>{{ lang.user.value }}</th>
 
+                  <th style="width:100px;">&nbsp;</th>
 
+                </tr>
 
+                {% for key, val in result.custom_attributes %}
 
+                  <tr>
 
+                    <td><input class="input-sm input-xs-lg form-control" data-id="mbox_attr" type="text" name="attribute" required value="{{ key }}"></td>
 
+                    <td><input class="input-sm input-xs-lg form-control" data-id="mbox_attr" type="text" name="value" required value="{{ val }}"></td>
 
+                    <td><a href="#" role="button" class="btn btn-sm btn-xs-lg btn-secondary h-100 w-100" type="button">{{ lang.admin.remove_row }}</a></td>
 
+                  </tr>
 
+                {% endfor %}
 
+              </table>
 
+              <p><div class="btn-group">
 
+                <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-success" data-action="edit_selected" data-item="{{ mailbox }}" data-id="mbox_attr" data-api-url='edit/mailbox/custom-attribute' data-api-attr='{}' href="#"><i class="bi bi-check-lg"></i> {{ lang.admin.save }}</button>
 
+                <button class="btn btn-sm btn-xs-half d-block d-sm-inline btn-secondary" type="button" id="add_mbox_attr_row">{{ lang.admin.add_row }}</button>
 
+              </div></p>
 
+            </form>
 
+          </div>
 
+        </div>
 
+      </div>
 
       <div id="mpushover" class="tab-pane fade" role="tabpanel" aria-labelledby="mailbox-pushover">
 
         <div class="card mb-4">
 
             <div class="card-header d-flex d-md-none fs-5">

+ 1 - 1
docker-compose.yml
View File 

@@ -77,7 +77,7 @@ services:
 
             - clamd
 
 
     rspamd-mailcow:
 
-      image: mailcow/rspamd:1.93
 
+      image: mailcow/rspamd:1.94
 
       stop_grace_period: 30s
 
       depends_on:
 
         - dovecot-mailcow

+ 2 - 2
generate_config.sh
View File 

@@ -26,7 +26,7 @@ for bin in openssl curl docker git awk sha1sum grep cut; do
 
 done
 
 
 if docker compose > /dev/null 2>&1; then
 
-    if docker compose version --short | grep "^2." > /dev/null 2>&1; then
 
+    if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
 
       COMPOSE_VERSION=native
 
       echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
 
       echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
 
@@ -553,4 +553,4 @@ else
 
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
 
 fi
 
 
-detect_bad_asn
 
+detect_bad_asn

+ 1 - 1
helper-scripts/nextcloud.sh
View File 

@@ -1,6 +1,6 @@
 
 #!/usr/bin/env bash
 
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
 
-NEXTCLOUD_VERSION=27.1.3
 
+NEXTCLOUD_VERSION=27.1.4
 
 
 echo -ne "Checking prerequisites..."
 
 sleep 1

+ 1 - 1
update.sh
View File 

@@ -171,7 +171,7 @@ remove_obsolete_nginx_ports() {
 
 detect_docker_compose_command(){
 
 if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
 
   if docker compose > /dev/null 2>&1; then
 
-      if docker compose version --short | grep "2." > /dev/null 2>&1; then
 
+      if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
 
         DOCKER_COMPOSE_VERSION=native
 
         COMPOSE_COMMAND="docker compose"
 
         echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"