[Web] Updated lang.nl-nl.json

Co-authored-by: Tom18314 <tomstokmans5@gmail.com>

.github/workflows/rebuild_backup_image.yml

@@ -19,7 +19,7 @@ jobs:
         uses: docker/setup-qemu-action@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GHCR
         if: github.event_name != 'pull_request'
@@ -30,7 +30,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64

_modules/scripts/new_options.sh

@@ -64,7 +64,7 @@ adapt_new_options() {
 
   sed -i --follow-symlinks '$a\' mailcow.conf
   for option in ${CONFIG_ARRAY[@]}; do
-    if grep -q "^#\?${option}=" mailcow.conf; then
+    if grep -q "${option}" mailcow.conf; then
       continue
     fi
 
@@ -302,7 +302,7 @@ adapt_new_options() {
             ;;
         ACME_DNS_PROVIDER)
             echo '# DNS provider for DNS-01 challenge (e.g. dns_cf, dns_azure, dns_gd, etc.)' >> mailcow.conf
-            echo '# See the dns-01 provider documentation for more information.' >> mailcow.conf
+            echo '# See the dns-101 provider documentation for more information.' >> mailcow.conf
             echo 'ACME_DNS_PROVIDER=dns_xxx' >> mailcow.conf
             ;;
         ACME_ACCOUNT_EMAIL)

data/Dockerfiles/acme/load-dns-config.sh

@@ -7,7 +7,7 @@ else
   __dns_loader_standalone=0
 fi
 
-CONFIG_PATH="${ACME_DNS_CONFIG_FILE:-/etc/acme/dns-01.conf}"
+CONFIG_PATH="${ACME_DNS_CONFIG_FILE:-/etc/acme/dns-101.conf}"
 
 if [[ ! -f "${CONFIG_PATH}" ]]; then
   if [[ $__dns_loader_standalone -eq 1 ]]; then

data/Dockerfiles/acme/obtain-certificate-dns.sh

@@ -12,7 +12,7 @@ CERT_DOMAINS=(${DOMAINS[@]})
 CERT_DOMAIN=${CERT_DOMAINS[0]}
 ACME_BASE=/var/lib/acme
 
-# Load optional DNS provider secrets from /etc/acme/dns-01.conf
+# Load optional DNS provider secrets from /etc/acme/dns-101.conf
 if [[ -f /srv/load-dns-config.sh ]]; then
   source /srv/load-dns-config.sh
   if declare -F log_f >/dev/null; then

data/Dockerfiles/rspamd/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:trixie-slim
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG RSPAMD_VER=rspamd_3.14.3-1~236eb65
+ARG RSPAMD_VER=rspamd_3.14.2-82~90302bc
 ARG CODENAME=trixie
 ENV LC_ALL=C
 

data/Dockerfiles/sogo/Dockerfile

@@ -3,7 +3,7 @@
 # Version: SOGo-5.12.4
 #
 # Applied security patches:
-# -
+# - 16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb: XSS vulnerability in theme parameter
 #
 # To add new patches, modify SOGO_SECURITY_PATCHES ARG below with space-separated commit hashes
 
@@ -12,10 +12,10 @@ FROM debian:bookworm
 LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG SOGO_VERSION=SOGo-5.12.5
-ARG SOPE_VERSION=SOPE-5.12.5
+ARG SOGO_VERSION=SOGo-5.12.4
+ARG SOPE_VERSION=SOPE-5.12.4
 # Security patches to apply (space-separated commit hashes)
-ARG SOGO_SECURITY_PATCHES=""
+ARG SOGO_SECURITY_PATCHES="16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb"
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
 ARG GOSU_VERSION=1.19
 ENV LC_ALL=C

data/Dockerfiles/sogo/acl.diff

@@ -1,5 +1,5 @@
---- /usr/local/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:57.987504204 +0200
-+++ /usr/local/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:35.918291298 +0200
+--- /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:57.987504204 +0200
++++ /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:35.918291298 +0200
 @@ -46,7 +46,7 @@
            </md-item-template>
          </md-autocomplete>

data/conf/nginx/templates/sites-default.conf.j2

@@ -261,19 +261,19 @@ location ~* /sogo$ {
 }
 
 location /SOGo.woa/WebServerResources/ {
-    alias /usr/local/lib/GNUstep/SOGo/WebServerResources/;
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
 }
 
 location /.woa/WebServerResources/ {
-    alias /usr/local/lib/GNUstep/SOGo/WebServerResources/;
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
 }
 
 location /SOGo/WebServerResources/ {
-    alias /usr/local/lib/GNUstep/SOGo/WebServerResources/;
+    alias /usr/lib/GNUstep/SOGo/WebServerResources/;
 }
 
 location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
-    alias /usr/local/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+    alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
 }
 {% endif %}
 

data/web/inc/functions.mailbox.inc.php

@@ -9,10 +9,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
   $_data_log = $_data;
   !isset($_data_log['password']) ?: $_data_log['password'] = '*';
   !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-
-  // Track mailboxes affected by alias operations for incremental SOGo updates
-  $update_sogo_mailboxes = array();
-
   switch ($_action) {
     case 'add':
       switch ($_type) {
@@ -890,17 +886,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('alias_added', $address, $id)
             );
-
-            // Track affected mailboxes for SOGo update
-            if (!empty($goto)) {
-              $gotos = array_map('trim', explode(',', $goto));
-              foreach ($gotos as $g) {
-                if (filter_var($g, FILTER_VALIDATE_EMAIL) &&
-                    !in_array($g, array('null@localhost', 'spam@localhost', 'ham@localhost'))) {
-                  $update_sogo_mailboxes[] = $g;
-                }
-              }
-            }
           }
         break;
         case 'alias_domain':
@@ -1383,8 +1368,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             ), $_extra);
           }
 
-          // Track affected mailboxes for SOGo update
-          $update_sogo_mailboxes[] = $username;
+          try {
+            update_sogo_static_view($username);
+          } catch (PDOException $e) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => $e->getMessage()
+            );
+          }
           $_SESSION['return'][] = array(
             'type' => 'success',
             'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1615,9 +1607,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
             'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
             'msg' => array('resource_added', htmlspecialchars($name))
           );
-
-          // Track affected mailboxes for SOGo update
-          $update_sogo_mailboxes[] = $name;
         break;
         case 'domain_templates':
           if ($_SESSION['mailcow_cc_role'] != "admin") {
@@ -2736,28 +2725,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('alias_modified', htmlspecialchars($address))
             );
-
-            // Track affected mailboxes for SOGo update (both old and new goto addresses)
-            // Old goto: to remove alias from their view
-            if (!empty($is_now['goto'])) {
-              $old_gotos = array_map('trim', explode(',', $is_now['goto']));
-              foreach ($old_gotos as $g) {
-                if (filter_var($g, FILTER_VALIDATE_EMAIL) &&
-                    !in_array($g, array('null@localhost', 'spam@localhost', 'ham@localhost'))) {
-                  $update_sogo_mailboxes[] = $g;
-                }
-              }
-            }
-            // New goto: to add alias to their view
-            if (!empty($goto)) {
-              $new_gotos = array_map('trim', explode(',', $goto));
-              foreach ($new_gotos as $g) {
-                if (filter_var($g, FILTER_VALIDATE_EMAIL) &&
-                    !in_array($g, array('null@localhost', 'spam@localhost', 'ham@localhost'))) {
-                  $update_sogo_mailboxes[] = $g;
-                }
-              }
-            }
           }
         break;
         case 'domain':
@@ -3472,8 +3439,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'msg' => array('mailbox_modified', $username)
             );
 
-            // Track affected mailboxes for SOGo update
-            $update_sogo_mailboxes[] = $username;
+            try {
+              update_sogo_static_view($username);
+            } catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'danger',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => $e->getMessage()
+              );
+            }
           }
           return true;
         break;
@@ -4102,9 +4076,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('resource_modified', htmlspecialchars($name))
             );
-
-            // Track affected mailboxes for SOGo update
-            $update_sogo_mailboxes[] = $name;
           }
         break;
         case 'domain_wide_footer':
@@ -5809,18 +5780,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               continue;
             }
-
-            // Track affected mailboxes for SOGo update (capture before deletion)
-            if (!empty($alias_data['goto'])) {
-              $gotos = array_map('trim', explode(',', $alias_data['goto']));
-              foreach ($gotos as $g) {
-                if (filter_var($g, FILTER_VALIDATE_EMAIL) &&
-                    !in_array($g, array('null@localhost', 'spam@localhost', 'ham@localhost'))) {
-                  $update_sogo_mailboxes[] = $g;
-                }
-              }
-            }
-
             $stmt = $pdo->prepare("DELETE FROM `alias` WHERE `id` = :id");
             $stmt->execute(array(
               ':id' => $alias_data['id']
@@ -6079,14 +6038,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               continue;
             }
 
+            try {
+              update_sogo_static_view($username);
+            }catch (PDOException $e) {
+              $_SESSION['return'][] = array(
+                'type' => 'success',
+                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                'msg' => $e->getMessage()
+              );
+            }
             $_SESSION['return'][] = array(
               'type' => 'success',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('mailbox_removed', htmlspecialchars($username))
             );
-
-            // Track affected mailboxes for SOGo update
-            $update_sogo_mailboxes[] = $username;
           }
           return true;
         break;
@@ -6188,9 +6153,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
               'msg' => array('resource_removed', htmlspecialchars($name))
             );
-
-            // Track affected mailboxes for SOGo update
-            $update_sogo_mailboxes[] = $name;
           }
         break;
         case 'tags_domain':
@@ -6297,21 +6259,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
       }
     break;
   }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource', 'mailbox')) && getenv('SKIP_SOGO') != "y") {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'resource')) && getenv('SKIP_SOGO') != "y") {
     try {
-      if (($_type == 'alias' || $_type == 'resource' || $_type == 'mailbox') && !empty($update_sogo_mailboxes)) {
-        // INCREMENTAL UPDATE: Update only affected mailboxes/resources
-        $update_sogo_mailboxes = array_unique($update_sogo_mailboxes);
-        foreach ($update_sogo_mailboxes as $mailbox) {
-          update_sogo_static_view($mailbox);
-        }
-      }
-      else {
-        // FULL REBUILD: For domain and alias_domain operations or if no tracked mailboxes
-        // Domain operations affect all mailboxes
-        // Alias_domain operations affect entire target domain
-        update_sogo_static_view();
-      }
+      update_sogo_static_view();
     }catch (PDOException $e) {
       $_SESSION['return'][] = array(
         'type' => 'success',

docker-compose.yml

@@ -84,7 +84,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: ghcr.io/mailcow/rspamd:3.14.3-1
+      image: ghcr.io/mailcow/rspamd:3.14.2
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -200,7 +200,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: ghcr.io/mailcow/sogo:5.12.5-1
+      image: ghcr.io/mailcow/sogo:5.12.4-2
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -225,12 +225,12 @@ services:
         - ./data/hooks/sogo:/hooks:Z
         - ./data/conf/sogo/:/etc/sogo/:z
         - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
-        - ./data/conf/sogo/custom-favicon.ico:/usr/local/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
-        - ./data/conf/sogo/custom-shortlogo.svg:/usr/local/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
-        - ./data/conf/sogo/custom-fulllogo.svg:/usr/local/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg:z
-        - ./data/conf/sogo/custom-fulllogo.png:/usr/local/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
-        - ./data/conf/sogo/custom-theme.js:/usr/local/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
-        - ./data/conf/sogo/custom-sogo.js:/usr/local/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
+        - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
+        - ./data/conf/sogo/custom-shortlogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-compact.svg:z
+        - ./data/conf/sogo/custom-fulllogo.svg:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg:z
+        - ./data/conf/sogo/custom-fulllogo.png:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-logo.png:z
+        - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
+        - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
         - mysql-socket-vol-1:/var/run/mysqld/:z
         - sogo-web-vol-1:/sogo_web
         - sogo-userdata-backup-vol-1:/sogo_backup
@@ -449,7 +449,7 @@ services:
         - ./data/web/inc/functions.inc.php:/mailcowauth/functions.inc.php:z
         - ./data/web/inc/functions.auth.inc.php:/mailcowauth/functions.auth.inc.php:z
         - ./data/web/inc/sessions.inc.php:/mailcowauth/sessions.inc.php:z
-        - sogo-web-vol-1:/usr/local/lib/GNUstep/SOGo/
+        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
       ports:
         - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
         - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"

generate_config.sh

@@ -299,7 +299,7 @@ ACME_DNS_CHALLENGE=n
 ACME_DNS_PROVIDER=dns_xxx
 ACME_ACCOUNT_EMAIL=me@example.com
 # You will need to pass provider-specific environment variables to the acme-mailcow container.
-# See the dns-01 provider documentation for more information.
+# See the dns-101 provider documentation for more information.
 # for example for Azure DNS:
 #AZUREDNS_SUBSCRIPTIONID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 #AZUREDNS_TENANTID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

update.sh

@@ -19,48 +19,30 @@ if [ ! -f "${PWD}/mailcow.conf" ]; then
 fi
 BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
-# Check for --dev flag early to skip _modules update
-for arg in "$@"; do
-  if [[ "$arg" == "--dev" || "$arg" == "-d" ]]; then
-    echo -e "\e[32mRunning in Developer mode...\e[0m"
-    DEV=y
-    break
-  fi
-done
-
 MODULE_DIR="${SCRIPT_DIR}/_modules"
-
-if [ ! "$DEV" ]; then
-  # Calculate hash before fetch
-  if [[ -d "${MODULE_DIR}" && -n "$(ls -A "${MODULE_DIR}" 2>/dev/null)" ]]; then
-    MODULES_HASH_BEFORE=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
-  else
-    MODULES_HASH_BEFORE="EMPTY"
-  fi
-
-  echo -e "\e[33mFetching latest _modules from origin/${BRANCH}…\e[0m"
-  git fetch origin "${BRANCH}"
-  git checkout "origin/${BRANCH}" -- _modules
-
-  if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
-    echo -e "\e[31mError: _modules is still missing or empty after fetch!\e[0m"
-    exit 2
-  fi
-
-  # Calculate hash after fetch
-  MODULES_HASH_AFTER=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
-
-  # Check if modules changed
-  if [[ "${MODULES_HASH_BEFORE}" != "${MODULES_HASH_AFTER}" ]]; then
-    echo -e "\e[33m_modules have been updated. Please restart the update script.\e[0m"
-    exit 2
-  fi
+# Calculate hash before fetch
+if [[ -d "${MODULE_DIR}" && -n "$(ls -A "${MODULE_DIR}" 2>/dev/null)" ]]; then
+  MODULES_HASH_BEFORE=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
 else
-  echo -e "\e[33mDeveloper mode: Skipping _modules update from git\e[0m"
-  if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
-    echo -e "\e[31mError: _modules directory is missing or empty!\e[0m"
-    exit 2
-  fi
+  MODULES_HASH_BEFORE="EMPTY"
+fi
+
+echo -e "\e[33mFetching latest _modules from origin/${BRANCH}…\e[0m"
+git fetch origin "${BRANCH}"
+git checkout "origin/${BRANCH}" -- _modules
+
+if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
+  echo -e "\e[31mError: _modules is still missing or empty after fetch!\e[0m"
+  exit 2
+fi
+
+# Calculate hash after fetch
+MODULES_HASH_AFTER=$(find "${MODULE_DIR}" -type f -exec sha256sum {} \; 2>/dev/null | sort | sha256sum | awk '{print $1}')
+
+# Check if modules changed
+if [[ "${MODULES_HASH_BEFORE}" != "${MODULES_HASH_AFTER}" ]]; then
+  echo -e "\e[33m_modules have been updated. Please restart the update script.\e[0m"
+  exit 2
 fi
 
 source _modules/scripts/core.sh
@@ -169,7 +151,8 @@ while (($#)); do
       FORCE=y
     ;;
     -d|--dev)
-      # Already handled at the top of the script before _modules update
+      echo -e "\e[32mRunning in Developer mode...\e[0m"
+      DEV=y
     ;;
     --legacy)
       CURRENT_BRANCH="$(cd "${SCRIPT_DIR}"; git rev-parse --abbrev-ref HEAD)"