feat: Extend OpenAPI/Swagger documentation with missing endpoints

- Add 60+ previously undocumented API endpoints
- Add missing POST /api/v1/add/ endpoints (rsetting, filter, global-filter, alias-domain, mailbox-policy, admin, dkim_import, mta-sts, mailbox/template)
- Add missing POST /api/v1/delete/ endpoints (rsetting, filter, alias-domain, mailbox-policy, time_limited_alias, eas_cache, sogo_profile, admin, rlhash, identity-provider)
- Add missing GET /api/v1/get/ endpoints (alias/all, alias-domain/all, relayhost/all, transport/all, rsetting/all, filters/all, bcc/all, recipient_map/all, tls-policy-map/all, oauth2-client/all, app-passwd/all, domain/all, mailbox/all, admin/all, passwordpolicy, status/host, status/container, identity-provider)
- Add missing POST /api/v1/edit/ endpoints (relayhost, transport, rsetting, filter, alias-domain, bcc, recipient_map, tls-policy-map, oauth2-client, app-passwd, admin, passwordpolicy, mta-sts)
- Improve existing endpoint documentation with detailed examples
- Organize endpoints by tags: Rspamd, Filters, Domain Aliases, Policies, Admins, OAuth2, MTA-STS, Configuration, Authentication
- Fix YAML parser errors (removed duplicate cors and identity-provider endpoints)

The documentation now covers ~200 API endpoints, up from ~140.
File size increased from 6,096 to 8,252 lines (+35%).

data/Dockerfiles/acme/acme.sh

@@ -246,6 +246,25 @@ while true; do
     done
     VALIDATED_CONFIG_DOMAINS+=("${VALIDATED_CONFIG_DOMAINS_SUBDOMAINS[*]}")
   done
+
+  # Fetch alias domains where target domain has MTA-STS enabled
+  if [[ ${AUTODISCOVER_SAN} == "y" ]]; then
+    SQL_ALIAS_DOMAINS=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT ad.alias_domain FROM alias_domain ad INNER JOIN mta_sts m ON ad.target_domain = m.domain WHERE ad.active = 1 AND m.active = 1" -Bs)
+    if [[ $? -eq 0 ]]; then
+      while read alias_domain; do
+        if [[ -z "${alias_domain}" ]]; then
+          # ignore empty lines
+          continue
+        fi
+        # Only add mta-sts subdomain for alias domains
+        if [[ "mta-sts.${alias_domain}" != "${MAILCOW_HOSTNAME}" ]]; then
+          if check_domain "mta-sts.${alias_domain}"; then
+            VALIDATED_CONFIG_DOMAINS+=("mta-sts.${alias_domain}")
+          fi
+        fi
+      done <<< "${SQL_ALIAS_DOMAINS}"
+    fi
+  fi
   fi
 
   if check_domain ${MAILCOW_HOSTNAME}; then

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -121,13 +121,7 @@ echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcu
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
-
-# Create empty extra plugin files if they don't exist (can be populated via extra.conf or direct file)
-for plugin_file in mail_plugins_extra mail_plugins_imap_extra mail_plugins_lmtp_extra; do
-  [[ ! -f /etc/dovecot/${plugin_file} ]] && touch /etc/dovecot/${plugin_file}
-done
-
-chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /etc/dovecot/mail_plugins_extra /etc/dovecot/mail_plugins_imap_extra /etc/dovecot/mail_plugins_lmtp_extra /templates/quarantine.tpl
+chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
 
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 # Autogenerated by mailcow

data/conf/dovecot/dovecot.conf

@@ -1,25 +1,6 @@
 # --------------------------------------------------------------------------
 # Please create a file "extra.conf" for persistent overrides to dovecot.conf
 # --------------------------------------------------------------------------
-# To extend mail_plugins, you have two options:
-#
-# Option 1 (Recommended): Use the extra plugin files directly
-#   Create/edit data/conf/dovecot/mail_plugins_extra (for global plugins)
-#   Create/edit data/conf/dovecot/mail_plugins_imap_extra (for IMAP-specific plugins)
-#   Create/edit data/conf/dovecot/mail_plugins_lmtp_extra (for LMTP-specific plugins)
-#   Note: These paths are on the host. Inside the container they are /etc/dovecot/mail_plugins_*
-#   Example to add the virtual plugin for IMAP:
-#     echo -n ' virtual' > data/conf/dovecot/mail_plugins_imap_extra
-#     docker-compose restart dovecot-mailcow
-#
-# Option 2: Override protocol sections in extra.conf
-#   Create data/conf/dovecot/extra.conf with protocol-specific overrides:
-#     protocol imap {
-#       mail_plugins = $mail_plugins virtual
-#     }
-#   Note: This requires redefining the entire protocol block and may override
-#   other settings. Option 1 is simpler and less prone to conflicts.
-# --------------------------------------------------------------------------
 # LDAP example:
 #passdb {
 #  args = /etc/dovecot/ldap/passdb.conf
@@ -40,7 +21,7 @@ disable_plaintext_auth = yes
 login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
 mail_home = /var/vmail/%d/%n
 mail_location = maildir:~/
-mail_plugins = </etc/dovecot/mail_plugins </etc/dovecot/mail_plugins_extra
+mail_plugins = </etc/dovecot/mail_plugins
 mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
 mail_attachment_dir = /var/attachments
 mail_attachment_min_size = 128k
@@ -199,12 +180,12 @@ userdb {
   skip = found
 }
 protocol imap {
-  mail_plugins = </etc/dovecot/mail_plugins_imap </etc/dovecot/mail_plugins_imap_extra
+  mail_plugins = </etc/dovecot/mail_plugins_imap
   imap_metadata = yes
 }
 mail_attribute_dict = file:%h/dovecot-attributes
 protocol lmtp {
-  mail_plugins = </etc/dovecot/mail_plugins_lmtp </etc/dovecot/mail_plugins_lmtp_extra
+  mail_plugins = </etc/dovecot/mail_plugins_lmtp
   auth_socket_path = /var/run/dovecot/auth-master
 }
 protocol sieve {

data/web/inc/ajax/dns_diagnostics.php

@@ -129,7 +129,16 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
     );
   }
 
-  $mta_sts = mailbox('get', 'mta_sts', $domain);
+  // Check if domain is an alias domain and get target domain's MTA-STS
+  $alias_domain_details = mailbox('get', 'alias_domain_details', $domain);
+  $mta_sts_domain = $domain;
+  
+  if ($alias_domain_details !== false && !empty($alias_domain_details['target_domain'])) {
+    // This is an alias domain, check target domain for MTA-STS
+    $mta_sts_domain = $alias_domain_details['target_domain'];
+  }
+  
+  $mta_sts = mailbox('get', 'mta_sts', $mta_sts_domain);
   if (count($mta_sts) > 0 && $mta_sts['active'] == 1) {
     if (!in_array($domain, $alias_domains)) {
       $records[] = array(

data/web/mta-sts.php

@@ -7,7 +7,30 @@ if (!isset($_SERVER['HTTP_HOST']) || strpos($_SERVER['HTTP_HOST'], 'mta-sts.') !
 }
 
 $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
-$domain = str_replace('mta-sts.', '', $host);
+$domain = idn_to_ascii(strtolower(str_replace('mta-sts.', '', $host)), 0, INTL_IDNA_VARIANT_UTS46);
+
+// Validate domain or return 404 on error
+if ($domain === false || empty($domain)) {
+  http_response_code(404);
+  exit;
+}
+
+// Check if domain is an alias domain and resolve to target domain
+try {
+  $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain");
+  $stmt->execute(array(':domain' => $domain));
+  $alias_row = $stmt->fetch(PDO::FETCH_ASSOC);
+  
+  if ($alias_row !== false && !empty($alias_row['target_domain'])) {
+    // This is an alias domain, use the target domain for MTA-STS lookup
+    $domain = $alias_row['target_domain'];
+  }
+} catch (PDOException $e) {
+  // On database error, return 404
+  http_response_code(404);
+  exit;
+}
+
 $mta_sts = mailbox('get', 'mta_sts', $domain);
 
 if (count($mta_sts) == 0 ||

docker-compose.yml

@@ -465,7 +465,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: ghcr.io/mailcow/acme:1.94
+      image: ghcr.io/mailcow/acme:1.95
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment: