[Web] switch from GET to POST for datatable requests

Co-authored-by: Edgars Andersons <Edgars+Mailcow+Weblate@gaitenis.id.lv>

.github/workflows/close_old_issues_and_prs.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v10.1.1
+        uses: actions/stale@v10.2.0
         with:
           repo-token: ${{ secrets.STALE_ACTION_PAT }}
           days-before-stale: 60

data/conf/postfix/postscreen_access.cidr

@@ -1,6 +1,6 @@
-# Whitelist generated by Postwhite v3.4 on Thu Jan  1 00:24:01 UTC 2026
+# Whitelist generated by Postwhite v3.4 on Sun Feb  1 00:29:33 UTC 2026
 # https://github.com/stevejenkins/postwhite/
-# 2105 total rules
+# 2102 total rules
 2a00:1450:4000::/36	permit
 2a01:111:f400::/48	permit
 2a01:111:f403:2800::/53	permit
@@ -54,8 +54,8 @@
 8.36.116.0/24	permit
 8.39.144.0/24	permit
 12.130.86.238	permit
-13.107.213.38	permit
-13.107.246.38	permit
+13.107.213.51	permit
+13.107.246.51	permit
 13.108.16.0/20	permit
 13.110.208.0/21	permit
 13.110.209.0/24	permit
@@ -2088,11 +2088,6 @@
 2001:748:400:3301::3	permit
 2001:748:400:3301::4	permit
 2404:6800:4000::/36	permit
-2603:1010:3:3::5b	permit
-2603:1020:201:10::10f	permit
-2603:1030:20e:3::23c	permit
-2603:1030:b:3::152	permit
-2603:1030:c02:8::14	permit
 2607:f8b0:4000::/36	permit
 2620:109:c003:104::/64	permit
 2620:109:c003:104::215	permit
@@ -2105,6 +2100,8 @@
 2620:10d:c09c:400::8:1	permit
 2620:119:50c0:207::/64	permit
 2620:119:50c0:207::215	permit
+2620:1ec:46::51	permit
+2620:1ec:bdf::51	permit
 2800:3f0:4000::/36	permit
 49.12.4.251 permit # checks.mailcow.email
 2a01:4f8:c17:7906::10 permit # checks.mailcow.email

data/web/inc/sessions.inc.php

@@ -140,17 +140,32 @@ function session_check() {
     );
     return false;
   }
-  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
-        'type' => 'warning',
-        'msg' => 'session_token'
-      );
-      return false;
+  // Check if this is a POST request (form-encoded or JSON)
+  $is_post_request = !empty($_POST) || (
+    isset($_SERVER['CONTENT_TYPE']) &&
+    strpos($_SERVER['CONTENT_TYPE'], 'application/json') !== false
+  );
+
+  if ($is_post_request) {
+    // Skip CSRF check for DataTables server-side processing endpoints
+    // These are read-only operations (equivalent to GET) authenticated by session
+    $is_search_endpoint = (
+      isset($_GET['query']) &&
+      preg_match('#^search/(domain|mailbox)$#', $_GET['query'])
+    );
+
+    if (!$is_search_endpoint && !empty($_POST)) {
+      if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+        $_SESSION['return'][] = array(
+          'type' => 'warning',
+          'msg' => 'session_token'
+        );
+        return false;
+      }
+      unset($_POST['csrf_token']);
+      $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+      $_SESSION['CSRF']['TIME'] = time();
     }
-    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
   }
   return true;
 }

data/web/js/site/mailbox.js

@@ -471,8 +471,13 @@ jQuery(function($){
         hideTableExpandCollapseBtn('#tab-domains', '#domain_table');
       },
       ajax: {
-        type: "GET",
-        url: "/api/v1/get/domain/datatables",
+        type: "POST",
+        url: "/api/v1/search/domain",
+        contentType: "application/json",
+        processData: false,
+        data: function(d) {
+          return JSON.stringify(d);
+        },
         dataSrc: function(json){
           $.each(json.data, function(i, item) {
             item.domain_name = escapeHtml(item.domain_name);
@@ -898,8 +903,13 @@ jQuery(function($){
         hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table');
       },
       ajax: {
-        type: "GET",
-        url: "/api/v1/get/mailbox/datatables",
+        type: "POST",
+        url: "/api/v1/search/mailbox",
+        contentType: "application/json",
+        processData: false,
+        data: function(d) {
+          return JSON.stringify(d);
+        },
         dataSrc: function(json){
           $.each(json.data, function (i, item) {
             item.quota = {

data/web/json_api.php

@@ -91,6 +91,11 @@ if (isset($_GET['query'])) {
     if ($action == 'delete') {
       $_POST['items'] = $request;
     }
+
+    // search
+    if ($action == 'search') {
+      // placeholder for search, as the request body is already decoded and available in $requestDecoded
+    }
   }
   api_log($_POST);
 
@@ -457,47 +462,6 @@ if (isset($_GET['query'])) {
 
           case "domain":
             switch ($object) {
-              case "datatables":
-                $table = ['domain', 'd'];
-                $primaryKey = 'domain';
-                $columns = [
-                  ['db' => 'domain', 'dt' => 2],
-                  ['db' => 'aliases', 'dt' => 3, 'order_subquery' => "SELECT COUNT(*) FROM `alias` WHERE (`domain`= `d`.`domain` OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = `d`.`domain`)) AND `address` NOT IN (SELECT `username` FROM `mailbox`)"],
-                  ['db' => 'mailboxes', 'dt' => 4, 'order_subquery' => "SELECT COUNT(*) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
-                  ['db' => 'quota', 'dt' => 5, 'order_subquery' => "SELECT COALESCE(SUM(`mailbox`.`quota`), 0) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
-                  ['db' => 'stats', 'dt' => 6, 'dummy' => true, 'order_subquery' => "SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` IN (SELECT `username` FROM `mailbox` WHERE `domain` = `d`.`domain`)"],
-                  ['db' => 'defquota', 'dt' => 7],
-                  ['db' => 'maxquota', 'dt' => 8],
-                  ['db' => 'backupmx', 'dt' => 10],
-                  ['db' => 'tags', 'dt' => 14, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_domain` AS `td` ON `td`.`domain` = `d`.`domain`', 'where_column' => '`td`.`tag_name`']],
-                  ['db' => 'active', 'dt' => 15],
-                ];
-
-                require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';
-                global $pdo;
-                if($_SESSION['mailcow_cc_role'] === 'admin') {
-                  $data = SSP::simple($_GET, $pdo, $table, $primaryKey, $columns);
-                } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
-                  $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns,
-                    'INNER JOIN domain_admins as da ON da.domain = d.domain',
-                    [
-                      'condition' => 'da.active = 1 and da.username = :username',
-                      'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
-                    ]);
-                }
-
-                if (!empty($data['data'])) {
-                  $domainsData = [];
-                  foreach ($data['data'] as $domain) {
-                    if ($details = mailbox('get', 'domain_details', $domain[2])) {
-                      $domainsData[] = $details;
-                    }
-                  }
-                  $data['data'] = $domainsData;
-                }
-
-                process_get_return($data);
-              break;
               case "all":
                 $tags = null;
                 if (isset($_GET['tags']) && $_GET['tags'] != '')
@@ -997,46 +961,6 @@ if (isset($_GET['query'])) {
           break;
           case "mailbox":
             switch ($object) {
-              case "datatables":
-                $table = ['mailbox', 'm'];
-                $primaryKey = 'username';
-                $columns = [
-                  ['db' => 'username', 'dt' => 2],
-                  ['db' => 'quota', 'dt' => 3],
-                  ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"],
-                  ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
-                  ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
-                  ['db' => 'name', 'dt' => 7],
-                  ['db' => 'messages', 'dt' => 20, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
-                  ['db' => 'tags', 'dt' => 23, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
-                  ['db' => 'active', 'dt' => 24],
-                ];
-
-                require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';
-                global $pdo;
-                if($_SESSION['mailcow_cc_role'] === 'admin') {
-                  $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns, null, "(`m`.`kind` = '' OR `m`.`kind` = NULL)");
-                } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
-                  $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns,
-                    'INNER JOIN domain_admins as da ON da.domain = m.domain',
-                    [
-                      'condition' => "(`m`.`kind` = '' OR `m`.`kind` = NULL) AND `da`.`active` = 1 AND `da`.`username` = :username",
-                      'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
-                    ]);
-                }
-
-                if (!empty($data['data'])) {
-                  $mailboxData = [];
-                  foreach ($data['data'] as $mailbox) {
-                    if ($details = mailbox('get', 'mailbox_details', $mailbox[2])) {
-                      $mailboxData[] = $details;
-                    }
-                  }
-                  $data['data'] = $mailboxData;
-                }
-
-                process_get_return($data);
-              break;
               case "all":
               case "reduced":
                 $tags = null;
@@ -1625,6 +1549,136 @@ if (isset($_GET['query'])) {
         }
       }
     break;
+    case "search":
+      function process_search_return($return) {
+        if ($return === false) {
+          echo json_encode(array(
+            'type' => 'error',
+            'msg' => 'Cannot get item'
+          ));
+        }
+        else {
+          echo json_encode($return, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+        }
+      }
+      // only allow POST requests to SEARCH API endpoints
+      if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        http_response_code(405);
+        echo json_encode(array(
+          'type' => 'error',
+          'msg' => 'only POST method is allowed'
+        ));
+        exit();
+      }
+
+      // Load SSP class
+      require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php';
+      global $pdo;
+
+      switch ($category) {
+        case "domain":
+          $table = ['domain', 'd'];
+          $primaryKey = 'domain';
+          $columns = [
+            ['db' => 'domain', 'dt' => 2],
+            ['db' => 'aliases', 'dt' => 3, 'order_subquery' => "SELECT COUNT(*) FROM `alias` WHERE (`domain`= `d`.`domain` OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = `d`.`domain`)) AND `address` NOT IN (SELECT `username` FROM `mailbox`)"],
+            ['db' => 'mailboxes', 'dt' => 4, 'order_subquery' => "SELECT COUNT(*) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
+            ['db' => 'quota', 'dt' => 5, 'order_subquery' => "SELECT COALESCE(SUM(`mailbox`.`quota`), 0) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"],
+            ['db' => 'stats', 'dt' => 6, 'dummy' => true, 'order_subquery' => "SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` IN (SELECT `username` FROM `mailbox` WHERE `domain` = `d`.`domain`)"],
+            ['db' => 'defquota', 'dt' => 7],
+            ['db' => 'maxquota', 'dt' => 8],
+            ['db' => 'backupmx', 'dt' => 10],
+            ['db' => 'tags', 'dt' => 14, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_domain` AS `td` ON `td`.`domain` = `d`.`domain`', 'where_column' => '`td`.`tag_name`']],
+            ['db' => 'active', 'dt' => 15],
+          ];
+
+          if($_SESSION['mailcow_cc_role'] === 'admin') {
+            $data = SSP::simple($requestDecoded, $pdo, $table, $primaryKey, $columns);
+          } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
+            $data = SSP::complex($requestDecoded, $pdo, $table, $primaryKey, $columns,
+              'INNER JOIN domain_admins as da ON da.domain = d.domain',
+              [
+                'condition' => 'da.active = 1 and da.username = :username',
+                'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
+              ]);
+          } else {
+            http_response_code(403);
+            echo json_encode(array(
+              'type' => 'error',
+              'msg' => 'Insufficient permissions'
+            ));
+            exit();
+          }
+
+          if (!empty($data['data'])) {
+            $domainsData = [];
+            foreach ($data['data'] as $domain) {
+              if ($details = mailbox('get', 'domain_details', $domain[2])) {
+                $domainsData[] = $details;
+              }
+            }
+            $data['data'] = $domainsData;
+          }
+
+          process_search_return($data);
+        break;
+
+        case "mailbox":
+          $table = ['mailbox', 'm'];
+          $primaryKey = 'username';
+          $columns = [
+            ['db' => 'username', 'dt' => 2],
+            ['db' => 'quota', 'dt' => 3],
+            ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"],
+            ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"],
+            ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"],
+            ['db' => 'name', 'dt' => 7],
+            ['db' => 'messages', 'dt' => 20, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"],
+            ['db' => 'tags', 'dt' => 23, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']],
+            ['db' => 'active', 'dt' => 24],
+          ];
+
+          if($_SESSION['mailcow_cc_role'] === 'admin') {
+            $data = SSP::complex($requestDecoded, $pdo, $table, $primaryKey, $columns, null,
+              "(`m`.`kind` = '' OR `m`.`kind` = NULL)");
+          } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') {
+            $data = SSP::complex($requestDecoded, $pdo, $table, $primaryKey, $columns,
+              'INNER JOIN domain_admins as da ON da.domain = m.domain',
+              [
+                'condition' => "(`m`.`kind` = '' OR `m`.`kind` = NULL) AND `da`.`active` = 1 AND `da`.`username` = :username",
+                'bindings' => ['username' => $_SESSION['mailcow_cc_username']]
+              ]);
+          } else {
+            http_response_code(403);
+            echo json_encode(array(
+              'type' => 'error',
+              'msg' => 'Insufficient permissions'
+            ));
+            exit();
+          }
+
+          if (!empty($data['data'])) {
+            $mailboxData = [];
+            foreach ($data['data'] as $mailbox) {
+              if ($details = mailbox('get', 'mailbox_details', $mailbox[2])) {
+                $mailboxData[] = $details;
+              }
+            }
+            $data['data'] = $mailboxData;
+          }
+
+          process_search_return($data);
+        break;
+
+        default:
+          http_response_code(404);
+          echo json_encode(array(
+            'type' => 'error',
+            'msg' => 'Invalid search category'
+          ));
+        break;
+      }
+    break;
     case "delete":
       if ($_SESSION['mailcow_cc_api_access'] == 'ro' || isset($_SESSION['pending_mailcow_cc_username']) || !isset($_SESSION["mailcow_cc_username"])) {
         http_response_code(403);

data/web/lang/lang.cs-cz.json

@@ -111,7 +111,8 @@
         "tags": "Štítky",
         "dry": "Simulovat synchronizaci",
         "internal": "Interní",
-        "internal_info": "Interní aliasy jsou přístupné jen z vlastních domén nebo jejich aliasů."
+        "internal_info": "Interní aliasy jsou přístupné jen z vlastních domén nebo jejich aliasů.",
+        "sender_allowed": "Povolit jako alias pro odesílání"
     },
     "admin": {
         "access": "Přístupy",
@@ -304,7 +305,7 @@
         "rspamd_com_settings": "Název nastavení se vygeneruje automaticky, viz ukázky nastavení níže. Více informací viz <a href=\"https://rspamd.com/doc/configuration/settings.html#settings-structure\" target=\"_blank\">Rspamd dokumentace</a>",
         "rspamd_global_filters": "Mapa globálních filtrů",
         "rspamd_global_filters_agree": "Budu opatrný!",
-        "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje různé seznamy povolených a zakázaných serverů",
+        "rspamd_global_filters_info": "Mapa globálních filtrů obsahuje různé seznamy povolených a zakázaných serverů.",
         "rspamd_global_filters_regex": "Názvy stačí k vysvětlení. Položky musejí obsahovat jen platné regulární výrazy ve tvaru \"/vyraz/parametry\" (e.g. <code>/.+@domena\\.tld/i</code>).<br>\n  Každý výraz bude podroben základní kontrole, přesto je možné Rspamd 'rozbít', nebude-li syntax zcela korektní.<br>\n  Rspamd se pokusí po každé změně načíst mapu znovu. V případě potíží <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restartujte Rspamd</a>, aby se konfigurace načetla explicitně.",
         "rspamd_settings_map": "Nastavení Rspamd",
         "sal_level": "Úroveň 'Moo'",
@@ -780,7 +781,9 @@
         "mta_sts_max_age_info": "Doba v sekundách, po niž poštovní servery mohou toho pravidlo držet v mezipaměti bez nutnosti obnovení.",
         "mta_sts_mx": "Server MX",
         "mta_sts_mx_info": "Dovoluje odesílání jen výslovně vypsaným poštovním serverům; odesílající server kontroluje, že server MX určený v DNS odpovídá pravidlu, a povolí doručení jen s platným certifikátem TLS (chrání přes útokem typu MITM).",
-        "mta_sts_mx_notice": "Lze zadat více serverů MX (oddělte čárkou)."
+        "mta_sts_mx_notice": "Lze zadat více serverů MX (oddělte čárkou).",
+        "sender_allowed": "Povolit jako alias pro odesílání",
+        "sender_allowed_info": "Není-li povoleno, lze alias použít jen pro příjem pošty. Lze také obejít v Sender ACL a nastavit konkrétní schránky, jež tento alias mohou používat"
     },
     "fido2": {
         "confirm": "Potvrdit",

data/web/lang/lang.lv-lv.json

@@ -38,7 +38,7 @@
         "alias_domain": "Aizstājdomēni",
         "alias_domain_info": "<small>Tikai derīgi domēna vārdi (komatu atdalīti).</small>",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" etc.)",
-        "backup_mx_options": "Dublējuma MX iespējas",
+        "backup_mx_options": "Releja iespējas",
         "delete1": "Izdzēst no avota pēc pabeigšanas",
         "delete2": "Dzēsiet ziņojumus galamērķī, kas nav avotā",
         "delete2duplicates": "Izdzēst atkārtojošos vienumus galamērķī",
@@ -65,8 +65,8 @@
         "relay_all": "Pārsūtīt visus saņēmējus",
         "relay_all_info": "↪ Ja izvēlies <b>nepārsūtīt</b> visus saņēmējus, tad Tev būs nepieciešams pievienot (\"aklo\") pastkasti katram saņēmējam, kas būtu jāpārsūta.",
         "relay_domain": "Pārsūtīt šo domēnu",
-        "select": "Lūdzu izvēlaties...",
-        "select_domain": "Lūdzu sākumā izvēlaties domēnu",
+        "select": "Lūgums atlasīt…",
+        "select_domain": "Lūgums vispirms atlasīt domēnu",
         "sieve_desc": "Īss apraksts",
         "sieve_type": "Filtra tips",
         "skipcrossduplicates": "Izlaist dublētus ziņojumus pa mapēm (pirmais nāk, pirmais kalpo)",
@@ -153,7 +153,7 @@
         "r_info": "Pelēkie/atspējotie vienumi spēkā esošo ierobežojumu sarakstā mailcow nav zināmi kā derīgi ierobežojumi, un tos nevar pārvietot. Nezināmi ierobežojumi jebkurā gadījumā parādīšanas secībā. <br>Jaunus vienumus var pievienot <code>inc/vars.local.inc.php</code>, lai varētu tos pārslēgt.",
         "recipients": "Adresāts",
         "refresh": "Atsvaidzināt",
-        "regen_api_key": "Reģenerēt API atslēgu",
+        "regen_api_key": "Atkārtoti izveidot API atslēgu",
         "relay_from": "\"No:\" adrese",
         "relay_run": "Palaist testu",
         "relayhosts_hint": "Norādīt no sūtītāja atkarīgas piegādes, lai varētu tos atlasīt domēnu konfigurācijas uzvednē.<br>\n  Piegādes pakalpojums vienmēr ir \"smtp\", tādējādi tiks mēģināts TLS, kad piedāvāts. Iekļautais TLS (SMTPS) netiek atbalstīts. Tiek ņemts vērā lietotāja atsevišķais izejošā TLS nosacījuma iestatījums.<br>\n  Ietekmē atlasītos domēnus, tajā skaitā aizstājdomēnus.",
@@ -185,7 +185,10 @@
         "login_time": "Pieteikšanās laiks",
         "iam_version": "Versija",
         "quarantine_max_age": "Lielākais pieļaujamais vecums dienās<br><small>Vērtībai jābūt vienādai ar vai lielākai par 1 dienu.</small>",
-        "quarantine_max_score": "Atmest paziņojumu, ja e-pasta ziņojuma mēstuļu novērtējums ir augstāks par šo vērtību:<br><small>Noklusējums ir 9999.0</small>"
+        "quarantine_max_score": "Atmest paziņojumu, ja e-pasta ziņojuma mēstuļu novērtējums ir augstāks par šo vērtību:<br><small>Noklusējums ir 9999.0</small>",
+        "options": "Iespējas",
+        "password_reset_settings": "Paroļu atkopes iestatījumi",
+        "password_settings": "Paroļu iestatījumi"
     },
     "danger": {
         "access_denied": "Piekļuve liegta, vai nepareizi dati",
@@ -257,7 +260,7 @@
         "active": "Aktīvs",
         "alias": "Labot aizstājvārdu",
         "automap": "Mēģiniet automatizēt mapes (\"Nosūtītie vienumi\", \"Nosūtītie\" => \"Nosūtītie\" utt.)",
-        "backup_mx_options": "Dublēt MX iespējas",
+        "backup_mx_options": "Retranslācijas iespējams",
         "delete1": "Izdzēst no avota pēc pabeigšanas",
         "delete2": "Dzēsiet ziņojumus galamērķī, kas nav avotā",
         "delete2duplicates": "Izdzēst atkārtojošos vienumus galamērķī",
@@ -558,7 +561,7 @@
         "key_id_totp": "Identifikators Jūsu atslēgai",
         "none": "Deaktivizēt",
         "scan_qr_code": "Lūdzu, skenējiet šo kodu ar savu autentifikācijas lietojumprogrammu vai ievadiet kodu manuāli.",
-        "select": "Lūdzu izvēlaties",
+        "select": "Lūgums atlasīt",
         "set_tfa": "Uzstādīt difi faktoru autentifik;acijas metodi",
         "tfa": "Divpakāpju pieteikšanās",
         "totp": "Uz laiku bāzēta vienreizēja parole (Google Autentifikātors utt.)",

data/web/lang/lang.ru-ru.json

@@ -111,7 +111,8 @@
         "validate": "Проверить",
         "validation_success": "Проверка прошла успешно",
         "internal": "Внутренний",
-        "internal_info": "Внутренние псевдонимы доступны только из самого домена или доменов-псевдонимов."
+        "internal_info": "Внутренние псевдонимы доступны только из самого домена или доменов-псевдонимов.",
+        "sender_allowed": "Разрешить отправку с этим псевдонимом"
     },
     "admin": {
         "access": "Настройки доступа",
@@ -781,7 +782,9 @@
         "mta_sts_max_age_info": "Время в секундах, в течение которого принимающие почтовые серверы могут кэшировать эту политику перед повторной загрузкой.",
         "mta_sts_mx": "Сервер MX",
         "mta_sts_mx_info": "Разрешает отправку только на явно указанные имена хостов почтовых серверов; отправляющий MTA проверяет, соответствует ли DNS-имя MX-хоста списку политик, и разрешает доставку только с подлинным TLS-сертификатом (защита от MITM).",
-        "mta_sts_mx_notice": "Можно указать несколько MX-серверов (через запятую)."
+        "mta_sts_mx_notice": "Можно указать несколько MX-серверов (через запятую).",
+        "sender_allowed": "Разрешить отправку с этим псевдонимом",
+        "sender_allowed_info": "Если отключено, этот псевдоним может только принимать почту. Используйте ACL отправителя, чтобы переопределить и предоставить определенным почтовым ящикам разрешение на отправку."
     },
     "fido2": {
         "confirm": "Подтвердить",

data/web/lang/lang.si-si.json

@@ -111,7 +111,8 @@
         "timeout2": "Časovna omejitev za povezavo do lokalnega gostitelja",
         "dry": "Simuliraj sinhronizacijo",
         "internal": "Notranje",
-        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen."
+        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen.",
+        "sender_allowed": "Dovoli pošiljanje kot ta vzdevek"
     },
     "admin": {
         "access": "Dostop",
@@ -780,7 +781,9 @@
         "mta_sts_mx_info": "Omogoča pošiljanje samo na izrecno navedena imena gostiteljskih strežnikov poštnih strežnikov; pošiljajoči MTA preveri, ali se ime gostitelja DNS MX ujema s seznamom pravilnikov, in dovoljuje dostavo le z veljavnim potrdilom TLS (zaščita pred MITM).",
         "mta_sts_mx_notice": "Določiti je mogoče več strežnikov MX (ločenih z vejicami).",
         "internal": "Notranje",
-        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen."
+        "internal_info": "Notranji vzdevki so dostopni samo iz lastne domene ali vzdevkov domen.",
+        "sender_allowed": "Dovoli pošiljanje kot ta vzdevek",
+        "sender_allowed_info": "Če je onemogočeno, lahko ta vzdevek samo prejema pošto. Za preglasitev in dodelitev dovoljenja za pošiljanje določenim poštnim predalom uporabite seznam za nadzor dostopa pošiljatelja."
     },
     "footer": {
         "restart_container_info": "<b>Pomembno:</b> Eleganten ponovni zagon lahko traja nekaj časa, zato počakajte, da se konča.",

data/web/lang/lang.vi-vn.json

@@ -111,7 +111,8 @@
         "timeout2": "Thời gian chờ kết nối đến máy chủ cục bộ",
         "username": "Tên người dùng",
         "validate": "Xác thực",
-        "validation_success": "Xác thực thành công"
+        "validation_success": "Xác thực thành công",
+        "sender_allowed": "Cho phép gửi dưới bí danh này"
     },
     "admin": {
         "access": "Truy cập",

data/web/lang/lang.zh-tw.json

@@ -24,7 +24,7 @@
         "sogo_access": "管理 SOGo 存取權",
         "sogo_profile_reset": "重設 SOGo 個人資料",
         "spam_alias": "臨時別名",
-        "spam_policy": "黑名單/白名單",
+        "spam_policy": "封鎖名單/允許名單",
         "spam_score": "垃圾郵件分數",
         "syncjobs": "同步任務",
         "tls_policy": "TLS 規則",
@@ -1180,7 +1180,7 @@
         "no_last_login": "沒有最後 UI 登入訊息",
         "no_record": "沒有紀錄",
         "open_logs": "開啟日誌",
-        "open_webmail_sso": "网络邮件",
+        "open_webmail_sso": "網頁信箱",
         "password": "密碼",
         "password_now": "目前密碼 (確認更改)",
         "password_repeat": "密碼 (再次輸入)",