diff --git a/data/conf/rspamd/dynmaps/settings.php b/data/conf/rspamd/dynmaps/settings.php
index fcc656a89..bcb822640 100644
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@@ -157,7 +157,7 @@ while ($row = array_shift($rows)) {
 ?>
 	whitelist_<?=$username_sane;?> {
 <?php
-	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
+	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(CONCAT('^', `value`, '$'), '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
 		WHERE `object`= :object
 			AND `option` = 'whitelist_from'");
 	$stmt->execute(array(':object' => $row['object']));
@@ -196,7 +196,7 @@ while ($row = array_shift($rows)) {
 	}
 	whitelist_header_<?=$username_sane;?> {
 <?php
-	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
+	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(CONCAT('^', `value`, '$'), '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
 		WHERE `object`= :object
 			AND `option` = 'whitelist_from'");
 	$stmt->execute(array(':object' => $row['object']));
@@ -249,7 +249,7 @@ while ($row = array_shift($rows)) {
 ?>
 	blacklist_<?=$username_sane;?> {
 <?php
-	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
+	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(CONCAT('^', `value`, '$'), '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
 		WHERE `object`= :object
 			AND `option` = 'blacklist_from'");
 	$stmt->execute(array(':object' => $row['object']));
@@ -288,7 +288,7 @@ while ($row = array_shift($rows)) {
 	}
 	blacklist_header_<?=$username_sane;?> {
 <?php
-	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
+	$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(CONCAT('^', `value`, '$'), '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
 		WHERE `object`= :object
 			AND `option` = 'blacklist_from'");
 	$stmt->execute(array(':object' => $row['object']));
diff --git a/data/web/edit.php b/data/web/edit.php
index 11c924b5a..b53e17940 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -705,7 +705,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             <div class="form-group">
               <label class="control-label col-sm-2" for="mins_interval"><?=$lang['edit']['mins_interval'];?></label>
               <div class="col-sm-10">
-                <input type="number" class="form-control" name="mins_interval" min="10" max="3600" value="<?=htmlspecialchars($result['mins_interval'], ENT_QUOTES, 'UTF-8');?>" required>
+                <input type="number" class="form-control" name="mins_interval" min="1" max="3600" value="<?=htmlspecialchars($result['mins_interval'], ENT_QUOTES, 'UTF-8');?>" required>
               </div>
             </div>
             <div class="form-group">
diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php
index d6c989b3e..23d990418 100644
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -7,7 +7,7 @@ define('state_missing', '<span class="glyphicon glyphicon-remove text-danger"></
 define('state_nomatch', "?");
 define('state_optional', " <sup>2</sup>");
 
-if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
+if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"|| $_SESSION['mailcow_cc_role'] == "domainadmin")) {
 
 $domains = mailbox('get', 'domains');
 foreach(mailbox('get', 'domains') as $dn) {
@@ -73,108 +73,119 @@ if (!isset($autodiscover_config['sieve'])) {
 }
 
 // Init records array
-$spf_link = '<a href="http://www.openspf.org/SPF_Record_Syntax" target="_blank">SPF Record Syntax</a>';
+$spf_link = '<a href="http://www.openspf.org/SPF_Record_Syntax" target="_blank">SPF Record Syntax</a><br />';
 $dmarc_link = '<a href="http://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>';
 
 $records = array();
-$records[] = array(
-  $mailcow_hostname,
-  'A',
-  $ip
-);
-$records[] = array(
-  $ptr,
-  'PTR',
-  $mailcow_hostname
-);
-if (!empty($ip6)) {
+if ($_SESSION['mailcow_cc_role'] == "admin") {
   $records[] = array(
     $mailcow_hostname,
-    'AAAA',
-    $ip6
+    'A',
+    $ip
   );
   $records[] = array(
-    $ptr6,
+    $ptr,
     'PTR',
     $mailcow_hostname
   );
+  if (!empty($ip6)) {
+    $records[] = array(
+      $mailcow_hostname,
+      'AAAA',
+      $ip6
+    );
+    $records[] = array(
+      $ptr6,
+      'PTR',
+      $mailcow_hostname
+    );
+  }
+  $records[] = array(
+    '_25._tcp.'.$autodiscover_config['smtp']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1)
+  );
+  $records[] = array(
+    '_'.$https_port.
+    '._tcp.'.$mailcow_hostname,
+    'TLSA',
+    generate_tlsa_digest($mailcow_hostname, $https_port)
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['pop3']['tlsport'].
+    '._tcp.'.$autodiscover_config['pop3']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1)
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['imap']['tlsport'].
+    '._tcp.'.$autodiscover_config['imap']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1)
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['smtp']['port'].
+    '._tcp.'.$autodiscover_config['smtp']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port'])
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['smtp']['tlsport'].
+    '._tcp.'.$autodiscover_config['smtp']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1)
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['imap']['port'].
+    '._tcp.'.$autodiscover_config['imap']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port'])
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['pop3']['port'].
+    '._tcp.'.$autodiscover_config['pop3']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port'])
+  );
+  $records[] = array(
+    '_'.$autodiscover_config['sieve']['port'].
+    '._tcp.'.$autodiscover_config['sieve']['server'],
+    'TLSA',
+    generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1)
+  );
 }
 $records[] = array(
-	'_25._tcp.' . $autodiscover_config['smtp']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1)
+  $domain,
+  'MX',
+  $mailcow_hostname
 );
 $records[] = array(
-	'_' . $https_port . '._tcp.' . $mailcow_hostname,
-	'TLSA',
-	generate_tlsa_digest($mailcow_hostname, $https_port)
+  'autodiscover.'.$domain,
+  'CNAME',
+  $mailcow_hostname
 );
 $records[] = array(
-	'_' . $autodiscover_config['pop3']['tlsport'] . '._tcp.' . $autodiscover_config['pop3']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1)
+  '_autodiscover._tcp.'.$domain,
+  'SRV',
+  $mailcow_hostname.
+  ' '.$https_port
 );
 $records[] = array(
-	'_' . $autodiscover_config['imap']['tlsport'] . '._tcp.' . $autodiscover_config['imap']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1)
+  'autoconfig.'.$domain,
+  'CNAME',
+  $mailcow_hostname
 );
 $records[] = array(
-	'_' . $autodiscover_config['smtp']['port'] . '._tcp.' . $autodiscover_config['smtp']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port'])
+  $domain,
+  'TXT',
+  $spf_link,
+  state_optional
 );
 $records[] = array(
-	'_' . $autodiscover_config['smtp']['tlsport'] . '._tcp.' . $autodiscover_config['smtp']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1)
-);
-$records[] = array(
-	'_' . $autodiscover_config['imap']['port'] . '._tcp.' . $autodiscover_config['imap']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port'])
-);
-$records[] = array(
-	'_' . $autodiscover_config['pop3']['port'] . '._tcp.' . $autodiscover_config['pop3']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port'])
-);
-$records[] = array(
-	'_' . $autodiscover_config['sieve']['port'] . '._tcp.' . $autodiscover_config['sieve']['server'],
-	'TLSA',
-	generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1)
-);
-$records[] = array(
-	$domain,
-	'MX',
-	$mailcow_hostname
-);
-$records[] = array(
-	'autodiscover.' . $domain,
-	'CNAME',
-	$mailcow_hostname
-);
-$records[] = array(
-	'_autodiscover._tcp.' . $domain,
-	'SRV',
-	$mailcow_hostname . ' ' . $https_port
-);
-$records[] = array(
-	'autoconfig.' . $domain,
-	'CNAME',
-	$mailcow_hostname
-);
-$records[] = array(
-	$domain,
-	'TXT',
-	$spf_link,
-	state_optional
-);
-$records[] = array(
-	'_dmarc.' . $domain,
-	'TXT',
-	$dmarc_link,
-	state_optional
+  '_dmarc.'.$domain,
+  'TXT',
+  $dmarc_link,
+  state_optional
 );
 
 if (!empty($dkim = dkim('details', $domain))) {
@@ -345,9 +356,14 @@ foreach ($records as $record) {
         $state = $current[$data_field[$current['type']]] . state_optional;
     }
     elseif ($current['type'] == 'TXT' &&
-      stripos($current['txt'], 'v=spf' &&
-      $record[2] == $spf_link) === 0) {
-        $state = $current[$data_field[$current['type']]] . state_optional;
+      stripos($current['txt'], 'v=spf') === 0 &&
+      $record[2] == $spf_link) {
+        $state = state_nomatch;
+        $rslt = get_spf_allowed_hosts($record[0]);
+        if(in_array($ip, $rslt) && in_array($ip6, $rslt)){
+            $state = state_good;
+        }
+        $state .= '<br />' . $current[$data_field[$current['type']]].state_optional;
     }
     elseif ($current['type'] == 'TXT' &&
       stripos($current['txt'], 'v=dkim') === 0 &&
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 56fe167c6..dac60364d 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -238,7 +238,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
             );
             return false;
           }
-          if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
+          if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 3600)))) {
             $_SESSION['return'] = array(
               'type' => 'danger',
               'msg' => sprintf($lang['danger']['access_denied'])
@@ -1448,7 +1448,7 @@ function mailbox($_action, $_type, $_data = null, $attr = null) {
               );
               return false;
             }
-            if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 10, 'max_range' => 3600)))) {
+            if (!filter_var($mins_interval, FILTER_VALIDATE_INT, array('options' => array('min_range' => 1, 'max_range' => 3600)))) {
               $_SESSION['return'] = array(
                 'type' => 'danger',
                 'msg' => sprintf($lang['danger']['access_denied'])
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 385c55c3d..a3542ef0c 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -613,8 +613,7 @@ $lang['success']['items_released'] = "Ausgewählte Objekte wurden an Mailbox ver
 $lang['danger']['imagick_exception'] = "Fataler Bildverarbeitungsfehler";
 
 $lang['quarantaine']['quarantaine'] = "Quarantäne";
-$lang['quarantaine']['qinfo'] = "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank. Dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde.<br />
-  E-Mails mit einer maximalen Größe von 10 MiB werden gespeichert.";
+$lang['quarantaine']['qinfo'] = "Das Quarantänesystem speichert abgelehnte Nachrichten in der Datenbank. Dem Sender wird <em>nicht</em> signalisiert, dass seine E-Mail zugestellt wurde.";
 $lang['quarantaine']['release'] = "Freigeben";
 $lang['quarantaine']['empty'] = 'Keine Einträge';
 $lang['quarantaine']['toggle_all'] = 'Alle auswählen';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index 1f4636f5b..cce4f7c3b 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -556,6 +556,7 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data';
 $lang['diagnostics']['dns_records_status'] = 'Current State';
 $lang['diagnostics']['optional'] = 'This record is optional.';
 $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.';
+$lang['diagnostics']['allow'] = 'Allow %s';
 
 $lang['admin']['relay_from'] = '"From:" address';
 $lang['admin']['api_allow_from'] = "Allow API access from these IPs";
@@ -607,8 +608,7 @@ $lang['success']['items_released'] = "Selected items were released";
 $lang['danger']['imagick_exception'] = "Error: Imagick exception while reading image";
 
 $lang['quarantaine']['quarantaine'] = "Quarantaine";
-$lang['quarantaine']['qinfo'] = "The quarantaine system will save rejected mail to the database, while the sender will <em>not</em> be given the impression of a delivered mail.<br />
-  Only mails up to 10 MiB will be saved in the quarantaine.";
+$lang['quarantaine']['qinfo'] = "The quarantaine system will save rejected mail to the database, while the sender will <em>not</em> be given the impression of a delivered mail.";
 $lang['quarantaine']['release'] = "Release";
 $lang['quarantaine']['empty'] = 'No results';
 $lang['quarantaine']['toggle_all'] = 'Toggle all';
diff --git a/data/web/modals/mailbox.php b/data/web/modals/mailbox.php
index b70cbe138..3f05f8f87 100644
--- a/data/web/modals/mailbox.php
+++ b/data/web/modals/mailbox.php
@@ -374,7 +374,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="mins_interval"><?=$lang['add']['mins_interval'];?></label>
 						<div class="col-sm-10">
-              <input type="number" class="form-control" name="mins_interval" min="10" max="3600" value="20" required>
+              <input type="number" class="form-control" name="mins_interval" min="1" max="3600" value="20" required>
               <small class="help-block">10-3600</small>
 						</div>
 					</div>
diff --git a/data/web/modals/user.php b/data/web/modals/user.php
index 50a6922c2..8c6072590 100644
--- a/data/web/modals/user.php
+++ b/data/web/modals/user.php
@@ -53,7 +53,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="mins_interval"><?=$lang['add']['mins_interval'];?></label>
 						<div class="col-sm-10">
-              <input type="number" class="form-control" name="mins_interval" min="10" max="3600" value="20" required>
+              <input type="number" class="form-control" name="mins_interval" min="1" max="3600" value="20" required>
               <small class="help-block">10-3600</small>
 						</div>
 					</div>