From 65bc8f09729ff79bb46b885202fd095b09a04d80 Mon Sep 17 00:00:00 2001
From: Amin <74154304+Babybatrick@users.noreply.github.com>
Date: Thu, 19 Dec 2024 21:59:05 +0800
Subject: [PATCH 01/19] Update docker-compose.yml (sogo-mailcow)

This commit includes the addition of 3 lines, in the volumes part of the sogo-mailcow container, to allow for better customisation of the user interface on the web client page.
---
 docker-compose.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index fc2ad58ca..a9c7c9469 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -206,6 +206,9 @@ services:
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
         - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
+        - ./data/conf/sogo/custom-shortlogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
+        - ./data/conf/sogo/custom-fulllogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg:z
+        - ./data/conf/sogo/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
         - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
         - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
         - mysql-socket-vol-1:/var/run/mysqld/

From ade20d79d45a4f82b7c4f5d4896b9e77b501b43f Mon Sep 17 00:00:00 2001
From: Amin <74154304+Babybatrick@users.noreply.github.com>
Date: Thu, 19 Dec 2024 22:13:27 +0800
Subject: [PATCH 02/19] Uploading of the necessary files, after new volumes
 were added to docker-compose.yml (sogo-mailcow container)

After new volumes were added to docker-compose.yml in the sogo-mailcow container, it is necessary to include the specified files in the path, in order for docker to correctly start after running `docker compose up` command, otherwise error will appear, as necessary files would be missing.
The files uploaded are original SOGo UI elements, obtained from the sogo-mailcow container. Whenever users will need to change the UI elements, they would just need to change these files. Hence simplifying the process.
---
 data/conf/sogo/custom-fulllogo.png  | Bin 0 -> 2272 bytes
 data/conf/sogo/custom-fulllogo.svg  |  44 ++++++++++++++++++++++++++++
 data/conf/sogo/custom-shortlogo.svg |  16 ++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 data/conf/sogo/custom-fulllogo.png
 create mode 100644 data/conf/sogo/custom-fulllogo.svg
 create mode 100644 data/conf/sogo/custom-shortlogo.svg

diff --git a/data/conf/sogo/custom-fulllogo.png b/data/conf/sogo/custom-fulllogo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5d3a75562c398f8ef2ff46ca67284882ac69718
GIT binary patch
literal 2272
zcmb7GXH*gl8+DOd4iw8{X^N@2P;=&d9pIuA2cm*2R~F&OELW5>ckb~j9=9oK;)*nj
zw32dVN|6f(`kISObI0fV@BRBd=brmK_nvd_?<WOeXC-+0{Amsj4nZ4hs3Qjlr|QYw
z!^eHXJ0#!dCrb-)%^AjKvk_$L{|j4Zq{mO<BH@m9P8>kfN3TcN<slm0EwfphG6<kT
z^H~lKKDZ6k%=rQ5+E;*Rp9~N%ny8v)v5BV}P)$87_k*=Bn%JE*{C8M}HR8Hq?`V;6
zht5wlZ6zY7D+*-q7n>UYQ+ZzQ`tzSQgw#~VN2&@HRO%Ml#1l73JiW|RByDq<mFI`%
zyBJ)qo^bQ?RS`7LLH^Vxmk|f2H89x<N+l)AW2)g^I%9qUt}T{w{xzSqudtOH!HyQ7
zv@mA917*vfbFS;IrN$)}aw@t|g=FjVs<q6&#HApu^81u)b>F=yU}OnWLgB4U)!18`
zHv1=0H(kwe`QN?ZZR#_>G;|^!+;k@_^~dhJmGrANj%EdC{;B<O=^*Fp<-gc(!o=EL
zwrywI!e3iV6(1I^d)+u)TysTtJnKeS0n>D70^)X?i}EHtjZ1cu-TutE$qS<UJ2Xy7
zH#RatszPE({3u?Y`nqCp!ei1s4IAFSzTKyjXMnF4>^Ly@^`i`3EZ6K<R)=c7$6vX3
zJ7SKYK8quADb0@+X&)Et-SXv$GZ3oYhtjhsBCL&TSkYc?a(#wcS*ot77&Htx?f{)p
z`ZkTYope928vMyu@}4sKaFgu;=niSD2+r#@1`1hcK4seJa0S+>=Q8(Vf__Ml%^60;
zaUo)Ows)J-@l`jY;N^OZJa0Ebh<Efu6r2`;vryzz>+{R@pYW&@cjyFFtc9A#6K7B&
zkQfy$C4J(|;exdOimZYW$&KGP?MT#Z@_IcGzts^#@aNA5fOaHMk#~-51QT1C=#`>j
z>%Q{LoEqaSZZ$_7!N`GU-4Qts8AfK7o1b3El^-IYr;s3;f<ET`+1sJj!(NgdD9UsZ
ze(*R&%tuIEN6dF?r}Sf}+eTH&?!D><N#P7qw9GuOaK52CiSRSq1D*W~4yJgVHwH(k
zfAZh8#E4zc%n-(q(K}T}XZpDmg>22<DU{wq#XtiSc`lFJfu^J%Yww$@olV**hR7ka
zRo<V=l=D=?SPz88=-e7GqmBxjeS17o;ThV=k~*a%G8hPdWQ7lv#hl7XLeIW6?q+PP
zueMWJO15*Q3$EKF-~jC*Q%A_Edak$l@7L|JA4Up;x}6}xY4(gTREO*+L{H*{ZkBL%
z&3ne+)>4RXM~;o{8oEiK_Se&?XX`{iAL8Vw-;U7IT#>z?i<0RX9`M**5v#M=6WxS!
z(iTl}(X3X-e3=HMX{t}f4ScTz-5d+#7EBQ8T#!$5sL9%ZkH5TP+jWGHPLS>pxHua3
z#;-%GM`DI+^`i&aX*8iWt40);98MLuIoF_f{^gC`OU7rsb)N%{7E{7mFLzC1aGA4r
z!A|zS!(aK5#+yI$p05T`x<>lbU#<8|7-U-<L5qIts#yh=P;g=5+OY#P6#wkQkY9l!
zxfeQGaWI?J04c5H`AfI-F7fZfIyn|FW(Hh{pXKBI^g41TLe2CXnas_%fN4!K<0s_o
zd>zo%XJS6$ZaYX|lYD@DJHfd+GBuhOug03{C*hc%E<s_xsPh1MBJGP4-vTS8y&A9L
zW{uiVyC2J*+H5Fo3i5MP=AG=tNE+(v>+qmp{OHY`{Nx^Re2Z+Q8Pw?VElE#D&Q44r
zap+<oY>#S68>W^d+(8n3C+ln$zWJ5wzi-Xuv^l%=wvO6n5ICYiwjJTEU8OjuDeQ0^
zL9(hBKxS{}aVaz`cFY=?u094eopH7L7(p()t4fn~A_UIzx`U`UaYl*`RXDmDvv3xK
z{BFRowm$RPg_<0<I1JdT^jJQJO^RF(Zp7x2?7#b0#MBHCG67#QM=!wAtz{qE(GwBg
z+ownjzEY;vmAU3WUPAGC{y)l;Y04R~=w|P|{nTwpsSGFP;~;$42<LMrabb1k+q60M
zy25+m?;g2Bh7!tad8s~2piW8SLU%As#!+E8kr`1xkkVIU**VxIFlsLo9fI5L#k+rd
z;tRcCA467Wost2W$Z@;=9R0=fVlY|xTJ-z}I9iQWD;0j!zr%;>iO~RD=w4gGHy@OF
z5)ei2TE!Wu&jGujxh2XJ5m>TY@kfyjaUHIFwbp~;&C+T<m|leS7_vpV$vs-1v1P99
zyT^Kw-+~7lWX;5BSC_G6Rft5d$Bijik%WrXq|qq3ubzs(y`Cyxc)^7gUUH+MT!{Vb
zzGVdJkQwlhTGDN#7GO}CF0jS-`)|e*|5|rCT!-&rm}oo?bgRX6Sak!1mz3<?qdHhv
z))M~eb=U>smjjo-boHr~R2!^*a9iBoZ8)4=p9X|6H3S~{IE5HTY~bk-p4zG$XWR~6
z??IH$=h7LPoyvGn2Ip4%$g^wydg~BTu7Klp9vJ%=aJ@YB5%?_Uuz4mi_;o-<PmNCk
zl5_n5%(g3xkXw2!Mb1PuZGJ5$rKnQEQd<OUS7i&vL>D0I!f^>vcl^=G6fsG(6{K=v
zvhS|yQp120iM}ZLrE87Ka<MfLlXwH!%X8k3&9)8td{`Fp<Y0Vp(dfEE6*EII(zCeg
zU_X=<eUr`$hdF>Z;9`Gy;th+WHbW$>i|FW;o#cXr)o9HuUAu?nq?h_VjkDf#uWl{M
zm{+@I9hefu1`xdI7p3@IG*MUml25ec^x_`upnNCSZucl9pe=KZRd-v@b<JhgCap4~
zp!5O5$mjF9<NHi=6N5&TJB}ery3>q_j-0$1dnmcZ{>NSUU`1SLWm!xY_J(C+Ok7QR
zfMR#UtS~%Vu9bA3l?F@oTru2h;nx@_iEm_bT-p7j?<CCIk3p{Q0vqcR=cq$A|4f>2
jFc6>ef|S{3{_`5>1#<RQX{aj6{p;Dl?4Zr&-f{l}h`B~U

literal 0
HcmV?d00001

diff --git a/data/conf/sogo/custom-fulllogo.svg b/data/conf/sogo/custom-fulllogo.svg
new file mode 100644
index 000000000..98ff2fc3b
--- /dev/null
+++ b/data/conf/sogo/custom-fulllogo.svg
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
+	<!ENTITY st0 "fill:#50BD37;">
+]>
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="640px" height="350px" viewBox="78.712 58.488 640 350" style="enable-background:new 78.712 58.488 640 350;"
+	 xml:space="preserve">
+<path style="&st0;" d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057
+	c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893
+	c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729
+	C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212
+	c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z
+	 M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125
+	C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21
+	c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157
+	c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547
+	c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218
+	c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943
+	c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162
+	c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132
+	C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331
+	c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z
+	 M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146
+	c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312
+	c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094
+	c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342
+	C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504
+	c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796
+	c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757
+	c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485
+	c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438
+	c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301
+	c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966
+	c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147
+	c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774
+	c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988
+	c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428
+	c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078
+	c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058
+	c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05
+	c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01
+	c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"/>
+</svg>
diff --git a/data/conf/sogo/custom-shortlogo.svg b/data/conf/sogo/custom-shortlogo.svg
new file mode 100644
index 000000000..b5adf534c
--- /dev/null
+++ b/data/conf/sogo/custom-shortlogo.svg
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
+	<!ENTITY st0 "fill:#50BD37;">
+]>
+<svg version="1.1" id="SOGo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="140.263px" height="140.269px" viewBox="499.737 0 140.263 140.269"
+	 style="enable-background:new 499.737 0 140.263 140.269;" xml:space="preserve">
+<path style="&st0;" d="M569.697,87.024c-9.928,0-16.975-7.264-16.975-17.017c0-9.757,7.047-17.022,16.975-17.022
+	c10.006,0,17.054,7.265,17.054,17.022C586.751,79.76,579.703,87.024,569.697,87.024z M569.667,36.335
+	c-19.657,0-33.614,14.372-33.614,33.673c0,19.294,13.955,33.667,33.614,33.667c19.787,0,33.745-14.372,33.745-33.667
+	C603.411,50.707,589.454,36.335,569.667,36.335z M569.639,121.123c-29.833,0-51.025-21.825-51.025-51.115
+	c0-29.296,21.192-51.111,51.025-51.111c30.025,0,51.213,21.815,51.213,51.111C620.852,99.298,599.664,121.123,569.639,121.123z
+	 M569.602,0c-40.854,0-69.864,29.889-69.864,70.007c0,40.112,29.01,69.993,69.864,69.993c41.116,0,70.136-29.88,70.136-69.993
+	C639.737,29.889,610.719,0,569.602,0z"/>
+</svg>

From d92aa4b15d6639f6e6750a590925ab0a15be7b4f Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Fri, 20 Dec 2024 15:39:41 +0100
Subject: [PATCH 03/19] Update dhparams.pem

Use https://ssl-config.mozilla.org/ffdhe2048.txt due to better security of the key
---
 data/assets/ssl-example/dhparams.pem | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/data/assets/ssl-example/dhparams.pem b/data/assets/ssl-example/dhparams.pem
index b245f051e..9b182b720 100644
--- a/data/assets/ssl-example/dhparams.pem
+++ b/data/assets/ssl-example/dhparams.pem
@@ -1,8 +1,8 @@
 -----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9iHB0CRDhV8wfBgqnmvuJpl0fzL3qL75R4ZvQHlfMNLrxuIz2x9D
-9zcDhPcBTVzV5Ay0AAkke4wP6r6wDQqXqBP4Y8IOkYAyLh3jM40jfHQzQt+5JdQl
-ond3kiscBsFOch/vMfSLMu3lAb0YhPNTvrxhMz7LcVAWYl82swASupdiKR+MgaQr
-XsugpmDKsHW60VmIM9B7K9Y+rNHwvMWkmISd0KxA8oOy1WJvsVEissMALZDE3c4w
-2xHmO2lXxgEx3aez28736t4m/KW3g9Zr31a1M0KusmfY//fGkPk4NUrLBOS2xrgp
-Y/rG1qSBdcVyerM0Ki93qCyHKYu4ene0OwIBAg==
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----

From 83fc2c6387cb5558c929cf5a81fba73a22f08932 Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Fri, 31 Jan 2025 17:20:28 +0100
Subject: [PATCH 04/19] It's github-token now

---
 .github/workflows/check_prs_if_on_staging.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_prs_if_on_staging.yml b/.github/workflows/check_prs_if_on_staging.yml
index 7f840c568..d951e2819 100644
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Send message
         uses: thollander/actions-comment-pull-request@v3.0.1
         with:
-          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
+          github-token: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
           message: |
                    Thanks for contributing!
 

From 743e88fd67c35759686ef8e81c26e5d0d6810419 Mon Sep 17 00:00:00 2001
From: Henry Williams <github@digitalhen.com>
Date: Tue, 11 Feb 2025 07:55:03 -0500
Subject: [PATCH 05/19] Update generate_config.sh version checking for wider
 compatibility (#6270)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Update generate_config.sh version checking for wider compatibility

fix: replace `grep -oP` with `grep -oE` for broader compatibility

The `-P` option (Perl-compatible regex) is not supported in all versions of `grep`, particularly the default BSD `grep` on macOS. This change replaces `-P` with `-E` (extended regex), which is more widely available and ensures compatibility across different environments.

Tested on macOS and Linux.

* Update generate_config.sh to remove use of platform dependent grep

Replaced version checking using free-form text. Instead, uses Docker’s built-in templating instead of parsing free-form text. This gives cross-platform consistency without dependency on particular versions of grep.
---
 generate_config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generate_config.sh b/generate_config.sh
index e3faf7bb7..4a4236ed6 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -26,7 +26,7 @@ for bin in openssl curl docker git awk sha1sum grep cut; do
 done
 
 # Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | head -n 1 | cut -d '.' -f 1)
+docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"

From ef2f5f7be0c2992580c1290e36d08bb73348600e Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 11 Feb 2025 16:59:18 +0100
Subject: [PATCH 06/19] [Dovecot] Use Redis ACL user quota_notify with
 restricted access

---
 data/Dockerfiles/dovecot/quota_notify.py | 2 +-
 data/conf/redis/redis-conf.sh            | 1 +
 docker-compose.yml                       | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/dovecot/quota_notify.py b/data/Dockerfiles/dovecot/quota_notify.py
index c2c73e7a9..598134e22 100755
--- a/data/Dockerfiles/dovecot/quota_notify.py
+++ b/data/Dockerfiles/dovecot/quota_notify.py
@@ -23,7 +23,7 @@ else:
 
 while True:
   try:
-    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
+    r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, username='quota_notify', password='')
     r.ping()
   except Exception as ex:
     print('%s - trying again...'  % (ex))
diff --git a/data/conf/redis/redis-conf.sh b/data/conf/redis/redis-conf.sh
index 95d50a39a..89b2a3bab 100755
--- a/data/conf/redis/redis-conf.sh
+++ b/data/conf/redis/redis-conf.sh
@@ -2,6 +2,7 @@
 
 cat <<EOF > /redis.conf
 requirepass $REDISPASS
+user quota_notify on nopass ~QW_* -@all +get +hget +ping
 EOF
 
 exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index 421610bac..f43edc0cf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,7 +43,7 @@ services:
 
     redis-mailcow:
       image: redis:7-alpine
-      entrypoint: /redis-conf.sh
+      entrypoint: ["/bin/sh","/redis-conf.sh"]
       volumes:
         - redis-vol-1:/data/
         - ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
@@ -230,7 +230,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:2.3
+      image: mailcow/dovecot:2.31
       depends_on:
         - mysql-mailcow
         - netfilter-mailcow

From 4ed3017a02267ed8c02baec46da40ad9661aadb1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 12 Feb 2025 06:56:10 +0100
Subject: [PATCH 07/19] chore(deps): update devops-infra/action-pull-request
 action to v0.6.0 (#6302)

---
 .github/workflows/pr_to_nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_to_nightly.yml b/.github/workflows/pr_to_nightly.yml
index e629e5e9a..0cf59eeac 100644
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.5
+        uses: devops-infra/action-pull-request@v0.6.0
         with:
           github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
           title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}

From 3912341b326fab912ddf47260640cde89fce3bf5 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Wed, 12 Feb 2025 11:31:14 +0100
Subject: [PATCH 08/19] [SOGo] rename custom logo

---
 .gitignore                              | 4 +++-
 data/Dockerfiles/sogo/bootstrap-sogo.sh | 6 +++---
 docker-compose.yml                      | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7894407ae..c1c5e1b8f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,9 @@ data/conf/sogo/custom-theme.js
 data/conf/sogo/plist_ldap
 data/conf/sogo/sieve.creds
 data/conf/sogo/cron.creds
-data/conf/sogo/sogo-full.svg
+data/conf/sogo/custom-fulllogo.svg
+data/conf/sogo/custom-shortlogo.svg
+data/conf/sogo/custom-fulllogo.png
 data/gitea/
 data/gogs/
 data/hooks/dovecot/*
diff --git a/data/Dockerfiles/sogo/bootstrap-sogo.sh b/data/Dockerfiles/sogo/bootstrap-sogo.sh
index 51880ea60..9cf36a805 100755
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@@ -30,7 +30,7 @@ if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
   mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
   while [[ ${VIEW_OK} != 'OK' ]]; do
     mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
-CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS 
+CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS
 SELECT
    mailbox.username,
    mailbox.domain,
@@ -240,8 +240,8 @@ chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
 #  fi
 #fi
 
-# Copy logo, if any
-[[ -f /etc/sogo/sogo-full.svg ]] && cp /etc/sogo/sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
+# Rename custom logo, if any
+[[ -f /etc/sogo/sogo-full.svg ]] && mv /etc/sogo/sogo-full.svg /etc/sogo/custom-fulllogo.svg
 
 # Rsync web content
 echo "Syncing web content with named volume"
diff --git a/docker-compose.yml b/docker-compose.yml
index f5f27ff86..3e413a4f7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -182,7 +182,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.128
+      image: mailcow/sogo:1.129
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}

From aaa7e4a184e2126bc0fa76e600cebb984aff29dc Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Thu, 13 Feb 2025 11:54:55 +0100
Subject: [PATCH 09/19] [Web] Fix incorrect session lifetime in sogo-auth.php

---
 data/web/sogo-auth.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/web/sogo-auth.php b/data/web/sogo-auth.php
index 40fff5856..7ccea95d3 100644
--- a/data/web/sogo-auth.php
+++ b/data/web/sogo-auth.php
@@ -72,7 +72,12 @@ elseif (isset($_GET['login'])) {
 // only check for admin-login on sogo GUI requests
 elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HTTP_X_ORIGINAL_URI'], 0, 9), "/SOGo/so/") === 0) {
   // this is an nginx auth_request call, we check for existing sogo-sso session variables
-  session_start();
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+  if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
+    include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
+  }
+  require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
+
   // extract email address from "/SOGo/so/user@domain/xy"
   $url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
   $email_list = array(

From 836e3f15b71169d87afa93280cc36c8c14e808a3 Mon Sep 17 00:00:00 2001
From: milkmaker <milkmaker@mailcow.de>
Date: Thu, 13 Feb 2025 19:32:39 +0100
Subject: [PATCH 10/19] [Web] Updated lang.es-es.json (#6307)

Co-authored-by: Julie GINESTIERE <julien.ginestiere+git@gmail.com>
---
 data/web/lang/lang.es-es.json | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/data/web/lang/lang.es-es.json b/data/web/lang/lang.es-es.json
index f0c015d57..5547692ff 100644
--- a/data/web/lang/lang.es-es.json
+++ b/data/web/lang/lang.es-es.json
@@ -24,7 +24,9 @@
         "protocol_access": "Cambiar protocolo de acceso",
         "quarantine_category": "Cambiar categoría de las notificaciones de cuarentena",
         "domain_relayhost": "Cambiar relayhost por un dominio",
-        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas"
+        "extend_sender_acl": "Permitir extender la ACL del remitente por direcciones externas",
+        "pw_reset": "Permitir el reset  de la contraseña del usario mailcow",
+        "sogo_access": "Permitir la gestión del acceso a SOGo"
     },
     "add": {
         "activate_filter_warn": "Todos los demás filtros se desactivarán cuando este filtro se active.",
@@ -95,7 +97,10 @@
         "app_password": "Añadir contraseña para la app",
         "public_comment": "Comentarios públicos",
         "disable_login": "Desactivar login (el correo entrante seguirá activo)",
-        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario"
+        "comment_info": "Los comentarios privados no son visibles al usuario, mientras que los comentarios públicos aparecerán sobre la información general del usuario",
+        "dry": "Simular la sincronización",
+        "private_comment": "Comentario privado",
+        "app_passwd_protocols": "Protocolos autorizados para la contraseña de la aplicación"
     },
     "admin": {
         "access": "Acceso",
@@ -777,4 +782,4 @@
         "fuzzy_learn_error": "Error aprendiendo hash: %s",
         "ip_invalid": "IP inválida omitida: %s"
     }
-}
\ No newline at end of file
+}

From d8afa6f393eae461010431a9296df03d1fdbf197 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Fri, 14 Feb 2025 13:12:12 +0100
Subject: [PATCH 11/19] [Dovecot][Netfilter] Fix dovecot failed login regex

---
 data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf | 5 +++++
 data/Dockerfiles/dovecot/syslog-ng.conf             | 5 +++++
 data/Dockerfiles/netfilter/main.py                  | 8 +++-----
 data/conf/dovecot/dovecot.conf                      | 1 +
 docker-compose.yml                                  | 2 +-
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
index 4b9bf287c..c028bcdbf 100644
--- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf
@@ -38,8 +38,13 @@ filter f_replica {
   not match("User has no mail_replica in userdb" value("MESSAGE"));
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
+filter f_dovecot_auth_try {
+  not match("- trying the next passdb" value("MESSAGE")) and
+  not match("- trying the next userdb" value("MESSAGE"));
+};
 log {
   source(s_dgram);
+  filter(f_dovecot_auth_try);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);
diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf
index c79eb92ee..1918f4a23 100644
--- a/data/Dockerfiles/dovecot/syslog-ng.conf
+++ b/data/Dockerfiles/dovecot/syslog-ng.conf
@@ -38,8 +38,13 @@ filter f_replica {
   not match("User has no mail_replica in userdb" value("MESSAGE"));
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
+filter f_dovecot_auth_try {
+  not match("- trying the next passdb" value("MESSAGE")) and
+  not match("- trying the next userdb" value("MESSAGE"));
+};
 log {
   source(s_dgram);
+  filter(f_dovecot_auth_try);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);
diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 36304bf0c..5238d54d9 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,11 +85,9 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = r'-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = r'-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[9] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-    f2bregex[10] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
+    f2bregex[6] = r'auth: static\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+    f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
   else:
     try:
diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index c230c3495..52c258fc1 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -278,6 +278,7 @@ imap_max_line_length = 2 M
 #auth_cache_negative_ttl = 0
 #auth_cache_ttl = 30 s
 #auth_cache_size = 2 M
+auth_verbose_passwords = sha1:6
 service replicator {
   process_min_avail = 1
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e413a4f7..df1c5228e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -454,7 +454,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.60
+      image: mailcow/netfilter:1.61
       stop_grace_period: 30s
       restart: always
       privileged: true

From 16e22e23dcb4bb9accff060503bb85dec478498d Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 17 Feb 2025 14:31:50 +0100
Subject: [PATCH 12/19] sogo: switched apt source to sogo again (supports
 aarch64 now)

---
 data/Dockerfiles/sogo/Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile
index 78da39bec..a749ee80c 100644
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ARG DEBIAN_VERSION=bookworm
-ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
+ARG SOGO_DEBIAN_REPOSITORY=https://packagingv2.sogo.nu/sogo-nightly-debian/
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.17
 ENV LC_ALL=C
@@ -33,9 +33,8 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && gosu nobody true \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
-  && wget http://www.axis.cz/linux/debian/axis-archive-keyring.deb -O /tmp/axis-archive-keyring.deb \
-  && apt install -y /tmp/axis-archive-keyring.deb \
-  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} sogo-v5" > /etc/apt/sources.list.d/sogo.list \
+  && wget -O- https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 | gpg --dearmor | apt-key add - \
+  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} main" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
     sogo-activesync \

From f6dc0b463ff80a5fefb645099c3a466ff17fa637 Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Mon, 17 Feb 2025 14:41:39 +0100
Subject: [PATCH 13/19] Update Rspamd to 3.11.0 and enable SMTPUTF8 for
 outgoing mail (#6216)

* Update Rspamd to 3.11

* Enable SMTPUTF8 and hide it from SMTPD greeting

* Update options.inc

* compose: increased rspamd tag
---
 data/Dockerfiles/rspamd/Dockerfile   | 2 +-
 data/conf/postfix/main.cf            | 5 ++---
 data/conf/rspamd/local.d/options.inc | 1 +
 docker-compose.yml                   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile
index 64376bbd3..564ca2d72 100644
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -2,7 +2,7 @@ FROM debian:bookworm-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.10.2-1~b8a232043
+ARG RSPAMD_VER=rspamd_3.11.0-1~90a175b45
 ARG CODENAME=bookworm
 ENV LC_ALL=C
 
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204cb..07065f045 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -162,10 +162,9 @@ transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre,
   proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
   proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf
 smtp_sasl_auth_soft_bounce = no
-postscreen_discard_ehlo_keywords = silent-discard, dsn, chunking
-smtpd_discard_ehlo_keywords = chunking, silent-discard
+postscreen_discard_ehlo_keywords = chunking, silent-discard, smtputf8, dsn
+smtpd_discard_ehlo_keywords = chunking, silent-discard, smtputf8
 compatibility_level = 3.7
-smtputf8_enable = no
 # Define protocols for SMTPS and submission service
 submission_smtpd_tls_mandatory_protocols = >=TLSv1.2
 smtps_smtpd_tls_mandatory_protocols = >=TLSv1.2
diff --git a/data/conf/rspamd/local.d/options.inc b/data/conf/rspamd/local.d/options.inc
index 99197ff55..f83ddf0fc 100644
--- a/data/conf/rspamd/local.d/options.inc
+++ b/data/conf/rspamd/local.d/options.inc
@@ -3,6 +3,7 @@ dns {
 }
 map_watch_interval = 30s;
 task_timeout = 30s;
+enable_mime_utf = true;
 disable_monitoring = true;
 # In case a task times out (like DNS lookup), soft reject the message
 # instead of silently accepting the message without further processing.
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e413a4f7..09c2781b4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -83,7 +83,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.99
+      image: mailcow/rspamd:2.0
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow

From 4ac541f67143888b16f70154af9b2b9b5ead9977 Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Mon, 17 Feb 2025 15:48:25 +0100
Subject: [PATCH 14/19] [Mariadb] Update to 10.11 (LTS) (#5152)

* [Mariadb] Update to 10.11 (LTS)

* mysql: set default collation to general_ci
---
 data/conf/mysql/my.cnf | 4 ++--
 docker-compose.yml     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/conf/mysql/my.cnf b/data/conf/mysql/my.cnf
index 489b973c4..24d6123bb 100644
--- a/data/conf/mysql/my.cnf
+++ b/data/conf/mysql/my.cnf
@@ -1,7 +1,7 @@
 [mysqld]
 character-set-client-handshake = FALSE
 character-set-server           = utf8mb4
-collation-server               = utf8mb4_unicode_ci
+collation-server               = utf8mb4_general_ci
 #innodb_file_per_table          = TRUE
 #innodb_file_format             = barracuda
 #innodb_large_prefix            = TRUE
@@ -20,7 +20,7 @@ thread_cache_size       = 8
 query_cache_type        = 0
 query_cache_size        = 0
 max_heap_table_size     = 48M
-thread_stack            = 192K
+thread_stack            = 256K
 skip-host-cache
 skip-name-resolve
 log-warnings            = 0
diff --git a/docker-compose.yml b/docker-compose.yml
index 09c2781b4..2cb6b98f1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,7 +17,7 @@ services:
             - unbound
 
     mysql-mailcow:
-      image: mariadb:10.5
+      image: mariadb:10.11
       depends_on:
         - unbound-mailcow
         - netfilter-mailcow

From a567d5dc3193286684fdf0b7cf287817bdfe6581 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 11:03:34 +0100
Subject: [PATCH 15/19] [Nginx] Add support for trusted proxies via env var

---
 data/Dockerfiles/nginx/bootstrap.py             | 3 ++-
 data/conf/nginx/templates/sites-default.conf.j2 | 6 ++++--
 docker-compose.yml                              | 4 +++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index ab95c2a6b..11e6fc202 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -43,10 +43,11 @@ def nginx_conf(env, template_vars):
 def prepare_template_vars():
   ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
   additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")
+  trusted_proxies = os.getenv("TRUSTED_PROXIES", "")
 
   template_vars = {
     'IPV4_NETWORK': ipv4_network,
-    'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
+    'TRUSTED_PROXIES': [item.strip() for item in trusted_proxies.split(",") if item.strip()],
     'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
diff --git a/data/conf/nginx/templates/sites-default.conf.j2 b/data/conf/nginx/templates/sites-default.conf.j2
index 23bce6cea..574bdb052 100644
--- a/data/conf/nginx/templates/sites-default.conf.j2
+++ b/data/conf/nginx/templates/sites-default.conf.j2
@@ -52,10 +52,12 @@ set_real_ip_from 10.0.0.0/8;
 set_real_ip_from 172.16.0.0/12;
 set_real_ip_from 192.168.0.0/16;
 set_real_ip_from fc00::/7;
-{% if not TRUSTED_NETWORK %}
+{% for TRUSTED_PROXY in TRUSTED_PROXIES %}
+set_real_ip_from {{ TRUSTED_PROXY }};
+{% endfor %}
+{% if not NGINX_USE_PROXY_PROTOCOL %}
 real_ip_header X-Forwarded-For;
 {% else %}
-set_real_ip_from {{ TRUSTED_NETWORK }};
 real_ip_header proxy_protocol;
 {% endif %}
 real_ip_recursive on;
diff --git a/docker-compose.yml b/docker-compose.yml
index 2cb6b98f1..cc4ee2b45 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -376,7 +376,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: mailcow/nginx:1.02
+      image: mailcow/nginx:1.03
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -394,6 +394,8 @@ services:
         - RSPAMDHOST=${RSPAMDHOST:-}
         - REDISHOST=${REDISHOST:-}
         - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
+        - NGINX_USE_PROXY_PROTOCOL=${NGINX_USE_PROXY_PROTOCOL:-n}
+        - TRUSTED_PROXIES=${TRUSTED_PROXIES:-}
       volumes:
         - ./data/web:/web:ro,z
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z

From 351f4ce787542b05dab8ad5c39c00429ef02233b Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 11:16:06 +0100
Subject: [PATCH 16/19] [Redis] Add support for masterauth via env var

---
 data/conf/redis/redis-conf.sh | 4 ++++
 docker-compose.yml            | 1 +
 2 files changed, 5 insertions(+)

diff --git a/data/conf/redis/redis-conf.sh b/data/conf/redis/redis-conf.sh
index 89b2a3bab..7e2672a31 100755
--- a/data/conf/redis/redis-conf.sh
+++ b/data/conf/redis/redis-conf.sh
@@ -5,4 +5,8 @@ requirepass $REDISPASS
 user quota_notify on nopass ~QW_* -@all +get +hget +ping
 EOF
 
+if [ -n "$REDISMASTERPASS" ]; then
+  echo "masterauth $REDISMASTERPASS" >> /redis.conf
+fi
+
 exec redis-server /redis.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index cc4ee2b45..3440a99a8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -55,6 +55,7 @@ services:
       environment:
         - TZ=${TZ}
         - REDISPASS=${REDISPASS}
+        - REDISMASTERPASS=${REDISMASTERPASS:-}
       sysctls:
         - net.core.somaxconn=4096
       networks:

From 7bce5d836b2e53a256b8e9c3f40b1942491227da Mon Sep 17 00:00:00 2001
From: Peter <magic@kthx.at>
Date: Tue, 18 Feb 2025 11:20:03 +0100
Subject: [PATCH 17/19] Move sed cmd to remove discontinued DNSBLs (#6315)

* Move sed cmd to remove discontinued DNSBLs

* compose: bump postfix version

---------

Co-authored-by: DerLinkman <niklas.meyer@servercow.de>
---
 data/Dockerfiles/postfix/postfix.sh | 7 ++++---
 docker-compose.yml                  | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh
index 9a4c023f1..e5dbf88fc 100755
--- a/data/Dockerfiles/postfix/postfix.sh
+++ b/data/Dockerfiles/postfix/postfix.sh
@@ -416,10 +416,11 @@ postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
   bl.mailspike.net=127.0.0.[10;11;12]*4
 EOF
 fi
-DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
 
-# Remove discontinued Nixspam DNSBL from existing dns_blocklists.cf
-sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf
+# Remove discontinued DNSBLs from existing dns_blocklists.cf
+sed -i '/ix\.dnsbl\.manitu\.net\*2/d' /opt/postfix/conf/dns_blocklists.cf # Nixspam
+
+DNSBL_CONFIG=$(grep -v '^#' /opt/postfix/conf/dns_blocklists.cf | grep '\S')
 
 if [ ! -z "$DNSBL_CONFIG" ]; then
   echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List...\e[0m"
diff --git a/docker-compose.yml b/docker-compose.yml
index 3440a99a8..6d645c599 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -321,7 +321,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.79
+      image: mailcow/postfix:1.80
       depends_on:
         mysql-mailcow:
           condition: service_started

From 321965adee95aeb417720bee909fa961fdbb6aa3 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 18 Feb 2025 15:05:59 +0100
Subject: [PATCH 18/19] [Netfilter] Fix dovecot password mismatch regex

---
 data/Dockerfiles/netfilter/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 5238d54d9..01878c04f 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,7 +85,7 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'auth: static\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[6] = r'auth: \w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
     f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
     f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))

From 7d356463426fbccdc0c5c868d4cfba19eca0f211 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Mon, 24 Feb 2025 09:20:41 +0100
Subject: [PATCH 19/19] [Netfilter] adjust dovecot failed login regex

---
 data/Dockerfiles/netfilter/main.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py
index 01878c04f..2b332d205 100644
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -85,9 +85,10 @@ def refreshF2bregex():
     f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
     f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
     f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = r'auth: \w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
-    f2bregex[7] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
-    f2bregex[8] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
+    f2bregex[6] = r'\w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): Password mismatch \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[7] = r'\w+\([^,]+,([0-9a-f\.:]+),<[^>]+>\): unknown user \(SHA1 of given password: [a-f0-9]+\)'
+    f2bregex[8] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
+    f2bregex[9] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
     r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
   else:
     try: